Paper wallets can also be stolen? Online wallet generation tools cause trouble, leading to losses of nearly 30,000 euros
Cointelegraph reported that a Reddit user claimed to have lost $27,000 worth of Bitcoin even though it was stored in a paper wallet, which was hacked by cybercriminals. Security experts noted that online wallet generators have always been a favorite tool for hackers. Users who have a long-term need to store cryptocurrency are advised to use more reputable cold wallets like Ledger or Trezor.
For more information on different types of wallets: Introduction to Blockchain: What are "Cold Wallets" and "Hot Wallets", and how are they different?
Table of Contents
Are Paper Wallets Trouble?
On July 24th, a user named /jdmcnair posted on Reddit's r/Bitcoin section claiming that they stored their purchased bitcoins in a paper wallet, a relatively secure self-custody method.
However, all their investments were recently stolen, resulting in a loss of approximately $3,600, leading to a setback in their confidence in Bitcoin as a store of value.
Reportedly, the transaction involved the transfer of funds from over 20 other users, all of which were sent to the same Bitcoin wallet address, receiving 0.92 bitcoins worth around $27,000.
/jdmcnair explained:
I generated the key on an offline computer and wrote it down, transferred the bitcoins to that offline wallet, and then threw it all into a safe with a password only I knew. I thought I was keeping them in a safer way.
Reasons Exposed
It was found that the user used the WalletGenerator.net JavaScript wallet generation tool to create the wallet. Even though the wallet generation process was done in an offline environment, there may still be vulnerabilities leading to private key leakage.
According to Cointelegraph, WalletGenerator.net did have code execution issues in May 2019, resulting in the same key being sent multiple times to different wallet owners, causing a theft of 45,000 ETH at that time.
Concerns Remain for Paper Wallets
Hugh Brooks, Security Operations Director at blockchain security company CertiK, stated:
Online wallet generators have long been a favored tool for hackers.
He added that these wallet generation tools could still be used for scams, especially targeting IP addresses closely associated with Russia in data transmission. Users can ensure the tool's security by checking Criminal IPs.
He also warned that serious vulnerabilities have existed in paper wallet generation tools since 2019, and if someone used walletgenerator.net to generate a wallet, their private key might have already been sent to different users.
Brooks mentioned a solution, advising users to use trusted cold wallet providers such as Ledger and Trezor for storing cryptocurrencies.
Nick Percoco, Chief Security Officer at cryptocurrency exchange Kraken, also pointed out that criminals target things that can quickly profit, and cryptocurrencies are currently one of the most valuable assets. Therefore, attention to personal security is crucial in all aspects.
Related
- MEV Scams Evolve: SlowMist Reveals How ChatGPT is Used to Set Up Arbitrage Fraud
- Inventory of Hacking Incidents in the First Half of 2024: Losses Amounted to $1.38 Billion, Doubled from the Same Period Last Year
- TON loses assets? Telegram Wallet rumored to lock funds with 50% annualized coin earning, customer service only responds with canned messages