User r/jdmcnair столкнулся with a $3,000 theft in Bitcoin from a paper wallet after using a key generator.
The owner asked experts to explain how this happened.
«I stored non-custodially — generated a private key and printed it on paper on a standalone computer. I placed it in a safe, the key of which only I have. I believed this was one of the safest methods», — the user explained.
The victim of the attackers said he used the walletgenerator.net service. Commentators noted that in the community they pointed to vulnerabilities of the mentioned generator.
In an interview with Cointelegraph CertiK’s Chief Security Officer Hugh Brooks said that users should think twice before using such services.
According to the expert, such online-wallet generators have recently been used as tools for hacking.
«The website mentioned in the report returns an IP address in Russia. The Criminal IP tool says that several reports of abuse have been filed against this resource», — he explained.
Brooks stressed that since 2019, paper-wallet generators have contained serious vulnerabilities. Walletgenerator.net probably issued “the same keys to different users”.
The expert recommended using hardware wallets as an alternative.
In September 2022 the market-maker Wintermute lost $160 million in crypto assets as a result of a hacker attack. The attacker exploited a vulnerability in the Profanity tool.
In the second quarter the crypto industry lost more than $313 million from malicious actions, according to CertiK.