The Crypto Times
Image default
News

MyCrypto Researcher Discovers Wallet Weakness That Issued One Key to Numerous Users

A vulnerability on a code running on wallet creator WalletGenerator.net was discovered by Harry Denley, a security researcher for MyCrypto. Denley explained in a recent blog post how the online crypto paper wallet creator ran on a code that caused pairs of private and public keys to be issued to numerous users.

Code Discrepancies

Denley said the code was reportedly running by August 2018 and was only fixed by May 23. The live code on the company’s site was alleged to be designed as open source and should be audited on GitHub. However, there were discrepancies found between them.

MyCrypto’s security researcher went over the live code and determined that the keys were created deterministically instead of randomly on the website’s live version.

120 out of 1,000 Unique Keys

In a test conducted May 18 to 23, MyCrypto tried to utilize WalletGenerator’s bulk generator to create 1,000 keys. The GitHub version came back with 1,000 distinct keys while the live code only returned with 120 keys. They ran the generator several times and it always returned with 120 keys instead of the expected 1,000 unique keys even after other factors were changed, including the user, VPN and browser refreshes.

Randomness is required to create the unique pairings needed to ensure the security of the paper wallets.

WalletGenerator has reportedly resolved the determinism issue after MyCrypto discussed the problem with the company even while it was still in the midst of its research. The wallet creator was said to have claimed that MyCrypto’s allegations couldn’t be verified and even asked if the company was a “phishing website.”

Related posts

Binance Riding High as BNB Token Sets New Record

Sierra Sanders

New York Man Sentenced to 20 Years for Facebook Crypto Scam

Viena Abdon

UAE Launches Competition to Encourage Development of Blockchain-Powered Social Apps

Viena Abdon

CEOs of Leading Banks Testify at US Congress on Blockchain and Cryptocurrency

Viena Abdon

US CFTC and SEC Heads Testifies to Need for Literacy in Blockchain Tech and Digital Assets

Sierra Sanders

40 Central Banks Exploring Digital Currencies

Viena Abdon