Cryptocurrency

Malicious code added to WalletGenerator.net; claims blockchain firm


Walletgenerator.net, the open-source client side-wallet generator, came under scrutiny after reports of its code being exposed to a malicious vulnerability.

Los Angeles-based blockchain firm, MyCrypto, urged users to move funds to a secure address if a private key was generated on WalletGenerator.net after August 17, 2018. The tweet read,

According to the findings of the open-source blockchain firm, MyCrypto, there were changes to the code being served via WalletGenerator.net that generated “duplicate keypairs” for users on its platform which were potentially stored server-side.

WalletGenerator.net produces Paper wallet interfaces, which generate a private/public key pair for users, are “historically” very unsafe. Once the random number generator is compromised, funds can be easily stolen from the user’s wallet, cited MyCrypto.

The firm noted that the code being served via the WalletGenerator.net URL did not match the code on GitHub which raised suspicion.

When asked how the LA-based firm detect the “subtle difference” in the images, a Twitter user, @sniko_ who also works with MyCrypto, tweeted,

“You get identical keys if you run the generation process with and without refreshing. After x timeframe, your image hash changes so you get different keys. There were differences in the code on the server to GitHub which first raised suspicion, then we investigated”

The official blog post read that the code has been changed and the “malicious behavior” is not currently found as of May 24, 2019, however, it could be reintroduced at any point. MyCrypto also revealed that it is not clear who introduced malicious changes to the code.

The post Malicious code added to WalletGenerator.net; claims blockchain firm appeared first on AMBCrypto.





Source link

Show More

Leave a Reply

Pin It on Pinterest

Share This

Share this post with your friends!