Online cryptocurrency paper wallet creator WalletGenerator.net previously ran on code that caused private key/public key pairs to be issued to multiple users. The vulnerability was described in an official blog post by security research Harry Denley of MyCrypto on May 24.
According to the post, the bad code was in effect by August 2018, and was only recently patched out as of May 23. The live code on the website is reportedly supposed to be open source and audited on GitHub, but there were differences detected between the two. After researching the live code, Denley concluded that the keys were deterministically generated on the live version of the website, not randomly.
In one of MyCrypto’s tests between May 18–23, they attempted to use the website’s bulk generator to make 1,000 keys. The GitHub version returned 1,000 unique keys, but the live code returned 120 keys. Running the bulk generator always reportedly returned 120 unique keys instead of 1,000 even when other factors were tweaked, including browser refreshes, VPN changes, or user changes.
Randomness is needed to generate the key pairings in order for the paper wallets to be secure. As the post puts it:
“ELI5: When generating a key, you take a super-random number, turn it into the private key, and turn that into the public key / address. However, if the ‘super-random' number is always ‘5,’ the private key that is generated will always be the same. This is why it’s so important that the super-random number is actually random…not ‘5.’”
WalletGenerator patched the determinism problem after MyCrypto reached out during the middle of its investigation. WalletGenerator purportedly responded afterward saying that the allegations could not be verified, and even asked the correspondent if MyCrypto was a “phishing website.”
MyCrypto added that users who generated keypairs after August 17, 2018 should immediately move their funds to a different wallet and recommended not to use WalletGenerator.net.