A Reddit user has become the latest example of why crypto users should be more careful when using wallet generators — after the user lost a few thousand dollars worth of Bitcoin (BTC) from their “secure” paper wallet.
On July 24, a Redditor by the name /jdmcnair posted on the r/Bitcoin subreddit, asking for an explanation on how a hacker could have been able to steal over $3,000 worth of Bitcoin from their supposedly secure paper wallet — which was even generated on an offline computer.
“I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for,” the user wrote.
“I thought I was keeping it in one of the more secure ways possible.”
In an update to his initial post, the Redditor revealed that they used the wallet creation tool walletgenerator.net to create their wallet’s private keys, which some users highlighted have been infamous for vulnerabilities in the past.
Speaking to Cointelegraph, blockchain security firm CertiK’s director of security operations Hugh Brooks said users should think twice before using a crypto wallet generator.
Such online wallet generators have served as a viable hacking tool for a while now, Brooks said:
“Some of these wallet generators could be straight-up scams. The website that the post claims returns an IP address in Russia. When looking at a tool such as Criminal IP we can see that the address has several abuse reports filed against it.”
Paper wallet generators have been known to contain serious vulnerabilities since 2019, Brooks said, adding that if anyone has generated wallets using walletgenerator.net then it’s likely “the same keys have been given to different users.”
The solution is simple, according to Brooks. Users wanting safe crypto storage should use a “trusted hardware wallet provider such as Ledger and Trezor.”
The Redditor was baffled as to why the exploiter waited over 12 months to exploit the funds, prompting another to offer a possible explanation.
“[The hackers] wait for enough noobs to think they generated…