- A Reddit user lost $3,000 in Bitcoin to an online wallet generator scam.
- CertiK warns about the risks of online wallet generators, recommending hardware wallets.
- The incident coincides with a rise in Bitcoin wallet activity and a separate Reddit breach.
In a recent incident that underscores the risks associated with cryptocurrency storage, a Reddit user lost over $3,000 worth of Bitcoin from their supposedly secure paper wallet. The user, known as /jdmcnair, had generated their wallet’s private keys using the online tool walletgenerator.net, a platform that has been flagged for vulnerabilities in the past.
Hugh Brooks, the director of security operations at blockchain security firm CertiK, warned about the dangers of using such online wallet generators in a recent interview. He stated that these platforms could serve as a potential hacking tool, and some might even be outright scams. Hugh Brooks explained:
Some of these wallet generators could be straight-up scams. The website that the post claims returns an IP address in Russia. When looking at a tool such as Criminal IP we can see that the address has several abuse reports filed against it.
Brooks further explained that paper wallet generators have been known to contain serious vulnerabilities since 2019. He added that if anyone has generated wallets using walletgenerator.net, it’s likely that the same keys have been given to different users. This was exemplified by the Profanity wallet generator exploit, which led to the $160 million hack on algorithmic market maker Wintermute in September.
The Reddit user was puzzled as to why the hacker waited over 12 months to exploit the funds. Another user suggested that hackers often wait for enough users to deposit significant amounts before swiping all the funds, leaving no time to react to reports of the site being compromised.
In a separate incident earlier this year, a cybercriminal group known as BlackCat threatened to release 80GB of data stolen from Reddit during a security breach in February 2023. The group demanded a ransom of $4.5 million and the reversal of recent API pricing changes, likely to be paid in cryptocurrency.
Meanwhile, according to a CertiK report, in Q2 2023, hackers managed to snatch over $300 million, a 58% decline from the same period last year. This comes amidst a surge in long-dormant Bitcoin wallets waking up, many with funds in the millions, leading some to speculate that it’s due to wallet generators being hacked.
These incidents highlight the importance of secure cryptocurrency storage. As Brooks suggested, users wanting safe crypto storage should use a trusted hardware wallet provider such as Ledger or Trezor.