Harry Denley, a security researcher from MyCrypto.com, has posted a detailed analysis of paper wallet site called WalletGenerator.net.
The main aim of the analysis hinges on WalletGenerator’s original open-source code. The online code matched the open-source code and the whole project generated wallets using a client-side technique which took in real random entropy and as well produced a unique wallet till August 17, 2018.
Then later, sometime after August 2018 the two code stopped matching.
Now there is every possibility that WalletGenerator is giving the same keys to multiple users. Now to confirm this information , MyCrypto’s researcher got some odd results as they ran the generator in bulk.
Checking from a different angle, in the non-malicious, GitHub version, we used the “Bulk Wallet” generator to generate 1,000 keys and we are given 1,000 unique keys, as expected.
However, “using WalletGenerator.net at various times between May 18, 2019 — May 23, 2019, we could only get 120 unique keys per session. Then having a different party , refreshing our browser , switching VPN locations and carry out the same test would result in a different set of 120 keys being generated.”
Though the odd character and experience was not found as at last Friday May 24th 2019, it could return at any time.
“We’re still considering this highly suspect and still recommending users who generated public / private keypairs after August 17, 2018, to move their funds,” the researcher says. We do not recommend using WalletGenerator.net moving forward,
Despite the code at this very moment is not vulnerable, we are still not down with WalletGenerator.net as we still consider this as highly suspicious and informing users who generated public/ private key pairs afrer August 17th 2019 , to move their funds as we don’t trust them.
Since there is no clear way to contact the two random guy who apparently run the site, we can safely recommend you avoid the site altogether. Denley therefore, recommends moving funds out of your WalletGenerator-based paper wallets.
Credits; John Briggs, Harry DenleyJOIN OUR COMMUNITY