A backdoor has been found on the popular paper wallet site BitcoinPaperWallet.com. When the wallet was created, the private keys fell into the hands of cybercriminals, as a result, users lost more than 124 BTC.
Bitcoin paper wallets are a way to “cold” store cryptocurrencies. The user simply prints out the public and private keys and can transfer bitcoins to this wallet for storage.
As it turned out, the popular site for generating paper wallets BitcoinPaperWallet.com was vulnerable to a backdoor, which allowed attackers to gain access to the private keys of at least some of the wallets created by users. Once bitcoins arrive on these wallets, hackers instantly steal them.
Computer security experts talked about the vulnerability: usually, when creating a wallet, the user must move the mouse to generate a random key. However, on the site BitcoinPaperWallet.com, the cybercriminals implemented a method called “test_keys” – during creation, several test keys were generated and saved on the server. One of these keys was used when the creation was completed, not a user-generated random key. And the hackers had access to these test keys.
At the same time, there is no such method in the original BitcoinPaperWallet code posted by the creator on the GitHub portal. Accordingly, someone specifically “upgraded” the code to steal keys from users’ wallets.
On January 7, BitcoinPaperWallet.com user under the pseudonym “Nick Wendell” lost 14.5 BTC. He created a paper wallet and transferred bitcoins to it, but after a few minutes they were stolen. Subsequently, bitcoins were listed on the Binance exchange. At the current exchange rate, this is more than $ 700,000.
“Within a minute I realized what had happened. I had the feeling that I was falling from a height and would never reach the bottom. I remember walking in circles around the kitchen in shock, “the user wrote.
Note that the MetaMask extension for popular browsers detects BitcoinPaperWallet.com as a phishing site and warns the user about it.
“It is critically important that the creation of the wallet takes place using trusted software and completely offline. It is important to remember that if the private key is lost, attackers can steal all of your savings, ”- said independent Bitcoin developer Dustin Dettmer.
In 2019, MyCrypto.com specialists discovered a vulnerability in the Wallet Generator, due to which the same private keys could be generated when creating wallets.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.