Hacked Bitcoin: Reddit User Falls Victim to Wallet Generator

Baffled crypto investor is trying to find clues on how his BTC evaporated a year after the wallet creation.

Reddit character on a laptop with hacked screen shouting and waving in glitch motion.
Created by Kornelija Poderskytฤ— from DailyCoin
  • A Reddit member seeks clarification regarding his offline wallet hack.
  • Blockchain security firm CertiK explains why wallet generators are unsafe.
  • Crypto paper wallet generators have been deemed vulnerable since 2019.

A Redditor has been left puzzled and dismayed after discovering that the Bitcoin wallet he created a year ago has been completely drained. The confused crypto enthusiast posted a thread explaining the unfortunate situation.

Firstly, the user, who goes by the name r/jdmcnair, generated his key on a computer not connected to the internet and then transferred the BTC stash to an offline wallet stored in a physical vault.

Sponsored

Secondly, the unfortunate crypto enthusiast ensured the private key on paper was folded without exposure in a tamper-proof container. While this procedure is deemed one of the safest ways to store crypto, the weak link in this plan turned out to be the wallet generator.

A year later, the cold wallet was completely drained, but in an unusual way for modern-day fraudsters, with 20 transactions simultaneously sending the rightful ownerโ€™s funds to different wallets.

How to Spot Vulnerabilities

The disgruntled Reddit user continued to analyze possible scenarios and confirmed that there was no way that somebody would have physically broken into the vault and copied the private keys. However, the crypto community member later disclosed that heโ€™d generated the wallet key using walletgenerator.net, which runs on JavaScript.

According to the victim, the page was loaded with the client, and the computer was disconnected from the internet moments after. Then, the user generated the private keys, exported them into PDF, and sent them to the in-house printer. Besides, while the printer spooler was identified as a likely vulnerability, the victim was surprised that the hack happened over a year after the creation.

However, the main issue here is the wallet generator. Online paper wallet generators tend to run on vulnerable code, giving the same private keys to multiple, sometimes tens or even hundreds of users. 

This was discovered back in 2019 by numerous security researchers. In particular, Harry Denley investigated the walletgenerator.net website in May 2019, discovering that the bulk generator returns just 120 unique keys instead of 1000.

How to Stay Safe

Faulty code is not the only reason more experienced crypto aficionados stay away from paper wallet key generators. For instance, the blockchain security firm CertiK director of security operations Hugh Brooks alerted that โ€œsome of these wallet generators could be straight-up scams.โ€

Indeed, the aforementioned websiteโ€™s IP address returns a location in the Russian Federation and points to a lengthy list of abuse reports. Brooks highlighted the possibility that the same private keys had been given to different users.

According to CertiK, crypto scammers managed to loot over $300 million in crypto funds in Q2 of 2023. One clear solution to this problem is using a highly reputable cold wallet provider, such as Trezor or Ledger.

While online wallet generators are best to avoid, other security measures should include keeping your private keys physically safe – itโ€™s not recommended to have email backups because any digital device can be hacked.

On the Flipside

  • Some cybersecurity specialists conclude that the only way to remove this vulnerability would be โ€œto have controls that can only be utilized in dire times of need.โ€
  • This brings a huge dilemma for DeFi advocates – having a regulated entity as a trustee would defeat the purpose of decentralization.

Why This Matters

Cryptocurrency hacks and scams were on the rise throughout 2022 – most cases could be prevented by educating crypto investors upfront about the luring scam techniques.

Check out DailyCoinโ€™s latest crypto news:

800M USTC Burn: LUNC Communityโ€™s Solution to Kwonโ€™s Missteps

Crypto Bills Approved by Congress for Regulatory Clarity

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Tadas Klimasevskis

Tadas Klimaลกevskis is a DailyCoin Journalist, covering memecoins & latest developments. Tadas has moderate holdings in SHIB, HBAR, LTC, MATIC and a selection of low-cap meme currencies.

Read more