banner
Anomaly found in the WalletGenerator website
Anomaly found in the WalletGenerator website
Blockchain

Anomaly found in the WalletGenerator website

By Emanuele Pagliari - 28 May 2019

Chevron down

WalletGenerator, according to the published data, it seems that the private key generator contains some anomalies.

Harry Denley, a researcher in the security department of the well-known wallet MyCrypto.com (a fork of MyEtherWallet), has carried out an in-depth study of a website used to generate paper wallets.

In fact, by performing several tests, the same private keys were generated several times, even on different PCs and browsers.

Private keys of paper wallets at risk of duplication

Harry Denley has found that the tool used to achieve the proper rate of entropy using some of the components derived from the client exhibits some malfunctioning.

In detail, it seems that the system responsible for generating random data has stopped using one of the two sets (the one coming from the client, which is the user’s PC) since August 17th, 2018.

As a result, several private keys have been generated using the same internal set of pseudo-random data, with a high probability that multiple users have obtained the same SEED.

According to the tests carried out, using the tool directly from the Github repository, a thousand different private keys have been correctly generated.

However, using the WalletGenerator website between May 18th and 23rd, 2019, only 120 unique keys were generated out of a thousand attempts.

The tests were performed with different devices, using different VPNs, browsers and locations, but the system only used the internal pseudo-casual data set rather than the client one.

That’s why Harry only got 120 unique SEEDs. The tests were carried out again on May 24th and, strangely enough, no anomalies were recorded. However, it may be a coincidence.

“We’re still considering this highly suspect and still recommending users who generated public/private keypairs after August 17, 2018, to move their funds. We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable”.

Emanuele Pagliari
Emanuele Pagliari

Telecommunications engineer with a strong passion for technology. His adventure in the world of blogging started on GizChina.it in 2014 and then continued on LFFL.org and GizBlog.it. Emanuele is in the world of cryptocurrency as a miner since 2013 and today he follows the technical aspects related to blockchain, cryptography and dApp, also for applications in the Internet of Things.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.