Redditor's hacked Bitcoin is a lesson on the hidden dangers of paper wallets

A Reddit idiosyncratic has go the latest illustration of wherefore crypto users should beryllium much cautious erstwhile utilizing wallet generators — aft the idiosyncratic mislaid a fewer 1000 dollars worthy of Bitcoin (BTC) from their "secure" insubstantial wallet.

On July 24, a Redditor by the sanction /jdmcnair posted on the r/Bitcoin subreddit, asking for an mentation connected however a hacker could person been capable to steal over $3,000 worthy of Bitcoin from their supposedly unafraid insubstantial wallet — which was adjacent generated connected an offline computer.

The Redditor's Bitcoin wallet code shows an outgoing transaction of 0.12 BTC. Source: Blockchain.com

“I was doing self-custody, generated my cardinal and printed it connected insubstantial connected an offline computer, transferred my BTC to this offline wallet, and kept it stored successful a harmless that lone I person the cardinal for,” the idiosyncratic wrote.

“I thought I was keeping it successful 1 of the much unafraid ways possible.”

In an update to his archetypal post, the Redditor revealed that they utilized the wallet instauration instrumentality walletgenerator.net to make their wallet’s backstage keys, which immoderate users highlighted have been infamous for vulnerabilities successful the past. 

Speaking to Cointelegraph, blockchain information steadfast CertiK's manager of information operations Hugh Brooks said users should deliberation doubly earlier utilizing a crypto wallet generator. 

Such online wallet generators person served arsenic a viable hacking instrumentality for a portion now, Brooks said:

“Some of these wallet generators could beryllium straight-up scams. The website that the station claims returns an IP code successful Russia. When looking astatine a instrumentality specified arsenic Criminal IP we tin spot that the code has respective maltreatment reports filed against it.”

Paper wallet generators person been known to incorporate superior vulnerabilities since 2019, Brooks said, adding that if anyone has generated wallets utilizing walletgenerator.net past it's apt “the aforesaid keys person been fixed to antithetic users.”

The Profanity wallet generator exploit was a textbook illustration of this security vulnerability which led to the $160 cardinal hack connected algorithmic marketplace shaper Wintermute successful September.

The solution is simple, according to Brooks. Users wanting harmless crypto retention should usage a “trusted hardware wallet supplier specified arsenic Ledger and Trezor.”

Related: Almost $1M successful crypto stolen from vanity code exploit

The Redditor was baffled arsenic to wherefore the exploiter waited implicit 12 months to exploit the funds, prompting different to connection a imaginable explanation.

“[The hackers] hold for capable noobs to deliberation they generated unafraid backstage keys, hold for them to deposit important amounts, and then, 1 day, swipe each the funds, truthful determination is nary clip to respond to reports of the tract being compromised.”

With a abrupt summation successful long-dormant Bitcoin wallets waking up — galore with funds successful the millions — immoderate pundits deliberation it’s owed to wallet generators being hacked.

Unpopular crypto opinion: the information that wallet generators tin beryllium cracked and radical tin suffer their funds with nary recourse is terrifying. I’m going to archer you what I judge to beryllium the answer, and I cognize the “make everything decentralized” unit volition hatred it

— Jesse Hynes (@jesse_hynes) April 25, 2023

Hackers managed to snatch implicit $300 cardinal successful Q2 2023, according to CertiK, a 58% diminution from the aforesaid play past year.

Magazine: $3.4B of Bitcoin successful a popcorn tin — The Silk Road hacker’s story