Potentially malicious vulnerability found on WalletGenerator.net

Key generator WalletGenerator.net had a potentially malicious vulnerability introduced in its code in August 2018, MyCrypto has written in a Medium post. The changes in the code, which differed from the one available on github, caused WalletGenerator.net to produce duplicate keys. Moreover, the generated keypairs might have been stored server-side.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Although the code has been since changed, the malicious add-ons could be potentially reintroduced. My Crypto has failed to determine who introduced the changes to the code. “In this strange turn of events, we still have no idea whether the current site owner is the malicious party, if the server is insecure, or both,” MyCrypto writes.

MyCrypto suggests anyone with a public/private key pair generated after Aug. 17, 2018, should move your funds to a new secure address.