The Crypto Times
Image default
News

MyCrypto Researcher Discovers Wallet Weakness That Issued One Key to Numerous Users

A vulnerability on a code running on wallet creator WalletGenerator.net was discovered by Harry Denley, a security researcher for MyCrypto. Denley explained in a recent blog post how the online crypto paper wallet creator ran on a code that caused pairs of private and public keys to be issued to numerous users.

Code Discrepancies

Denley said the code was reportedly running by August 2018 and was only fixed by May 23. The live code on the company’s site was alleged to be designed as open source and should be audited on GitHub. However, there were discrepancies found between them.

MyCrypto’s security researcher went over the live code and determined that the keys were created deterministically instead of randomly on the website’s live version.

120 out of 1,000 Unique Keys

In a test conducted May 18 to 23, MyCrypto tried to utilize WalletGenerator’s bulk generator to create 1,000 keys. The GitHub version came back with 1,000 distinct keys while the live code only returned with 120 keys. They ran the generator several times and it always returned with 120 keys instead of the expected 1,000 unique keys even after other factors were changed, including the user, VPN and browser refreshes.

Randomness is required to create the unique pairings needed to ensure the security of the paper wallets.

WalletGenerator has reportedly resolved the determinism issue after MyCrypto discussed the problem with the company even while it was still in the midst of its research. The wallet creator was said to have claimed that MyCrypto’s allegations couldn’t be verified and even asked if the company was a “phishing website.”

Related posts

European Central Bank Member Demands Fast Action to Counter Development of Libra

Viena Abdon

Crypto Firm BitMex Gives Financial Assistance to MIT for Bitcoin and Crypto-Related Research

Viena Abdon

Swiss Watchmaker Unveils Luxury Timepiece with Bitcoin Wallet Function

Viena Abdon

BitPay and Refundo Partner to Give Taxpayers a Bitcoin Option for Their Refunds

Viena Abdon

Hacked Crypto Exchange Finds its Stolen Tokens on Overseas Platforms

Viena Abdon

Blockchain-Backed Art Registry Raises $7 Million in Funding, Receives Big Boost From Spotify Investor

Viena Abdon