A backdoor is found on the popular paper wallet site BitcoinPaperWallet.com.
When user create paper wallets on website, the private keys fell into the hands of cybercriminals, as a result, users lost more than 124 BTC.
The popular site for generating paper wallets BitcoinPaperWallet.com turned out to be vulnerable to a backdoor, because of which attackers gained access to the private keys of the users wallets. Once Bitcoin arrive on these wallets, hackers instantly steal them.
Computer security experts talked about the vulnerability. Usually, when creating a wallet, the user must generate random keys. However, on the BitcoinPaperWallet.com site, the cybercriminals implemented a method called “test keys”. During creation, several test keys were generated and saved on the server. One of these test keys was used to hack wallets, when user complete their wallet creation, and not a user-generated random key, as the hackers had access to these test keys.
On January 7, BitcoinPaperWallet.com user “Nick Wendell” lost 14.5 BTC. He created a paper wallet and transferred Bitcoin to it, but after a few minutes they were stolen.
Within a minute I realized what had happened. I had the feeling that I was falling from a height and would never reach the bottom. I remember walking in circles in shock, the user wrote.
Note that the MetaMask detects BitcoinPaperWallet.com as a phishing site and warns the user about it.
It is critical that the Bitcoin Wallet creation should take place using trusted software and completely offline. It is important to remember that if you lose your private key, attackers can steal all of your savings. said Dustin Dettmer, an independent Bitcoin developer.
In 2019, MyCrypto.com exchange specialists discovered a vulnerability in their Wallet Generator, due to which the same private keys could be generated twice when creating wallets.