A Redditor user with the username /jdmcnair wrote a question on the r/Bitcoin forum questioning how a hacker managed to steal his $3000 worth of Bitcoin from their secure paper wallet, which was even created on an offline computer.
The user explained, “I was practising self-custody, created my key on an offline computer, printed it on paper, moved my BTC to this offline wallet, and held it stored in a safe manner, that only I have the key for.” I believed I was keeping it in the safest manner possible, the guy stated.
The Redditor explained in a follow-up post that they created their wallet’s private keys using the wallet-creation tool walletgenerator.net, which other users pointed out had a history of security flaws.
Hugh Brooks, head of security operations at blockchain security company CertiK, said consumers should exercise caution before utilising a crypto wallet generator. These internet wallet generators have been effective hacking tools for some time now.
Brooks further said, “Some of these wallet creation tools can be obvious frauds. According to the article, the website returns an IP address from Russia. We can observe that the address has a number of abuse reports made against it when using a tool like Criminal IP.”
According to Brooks, since 2019, severe flaws in paper wallet generators have been known to exist and further stated that it’s possible “the same keys have been given to different users” if anyone has created wallets using walletgenerator.net.
A prime example of the Profanity wallet generating exploit, which resulted in the $160 million hack on algorithmic market maker Wintermute in September.
As per Brooks, the answer is straightforward. Users looking to store their cryptocurrency safely should utilise “trusted hardware wallet providers such as Ledger and Trezor.”
One Redditor asked why the exploiter waited more than a year to use the funds, which encouraged another user to provide an appropriate answer.
The guy said, “There is no time to act on reports of the site getting hacked because attackers will wait for sufficient novices to think they created secure private keys, patiently await for them to deposit large amounts, and then one day take all the funds.”
Some analysts speculate that the rapid rise in previously dormant Bitcoin wallets awakening, many of which have funds in the millions, is the result of hacked wallet generators.
The security firm, CertiK reports reveal that over $300 million was stolen by hackers in Q2 2023, a 58% decrease from the same time previous year.
