The Crypto Times
Image default
News

MyCrypto Researcher Discovers Wallet Weakness That Issued One Key to Numerous Users

A vulnerability on a code running on wallet creator WalletGenerator.net was discovered by Harry Denley, a security researcher for MyCrypto. Denley explained in a recent blog post how the online crypto paper wallet creator ran on a code that caused pairs of private and public keys to be issued to numerous users.

Code Discrepancies

Denley said the code was reportedly running by August 2018 and was only fixed by May 23. The live code on the company’s site was alleged to be designed as open source and should be audited on GitHub. However, there were discrepancies found between them.

MyCrypto’s security researcher went over the live code and determined that the keys were created deterministically instead of randomly on the website’s live version.

120 out of 1,000 Unique Keys

In a test conducted May 18 to 23, MyCrypto tried to utilize WalletGenerator’s bulk generator to create 1,000 keys. The GitHub version came back with 1,000 distinct keys while the live code only returned with 120 keys. They ran the generator several times and it always returned with 120 keys instead of the expected 1,000 unique keys even after other factors were changed, including the user, VPN and browser refreshes.

Randomness is required to create the unique pairings needed to ensure the security of the paper wallets.

WalletGenerator has reportedly resolved the determinism issue after MyCrypto discussed the problem with the company even while it was still in the midst of its research. The wallet creator was said to have claimed that MyCrypto’s allegations couldn’t be verified and even asked if the company was a “phishing website.”

Related posts

Cryptocurrency Enthusiasts Wanted

Hootie

Cryptos Have Rough Week due to Market Manipulation

Miles

EEA Announces Publication of Use Cases for Blockchain in Telecoms

Viena Abdon

Crypto Platform Bakkt Looks to the Future, May Apply for BitLicense

Viena Abdon

JPMorgan to Be the First-Ever U.S. Bank to Introduce its Own Cryptocurrency

Sierra Sanders

US Election Commission Gives Tentative Blessing to Omar Reyes Campaign Token

Viena Abdon