Redditor's hacked Bitcoin is a lesson on the hidden dangers of paper wallets

cointelegraph.com:

A Reddit user has become the latest example of why crypto users should be more careful when using wallet generators — after the user lost a few thousand dollars worth of Bitcoin (BTC) from their "secure" paper wallet.

On July 24, a Redditor by the name /jdmcnair posted on the r/Bitcoin subreddit, asking for an explanation on how a hacker could have been able to steal over $3,000 worth of Bitcoin from their supposedly secure paper wallet — which was even generated on an offline computer.

“I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for,” the user wrote.

In an update to his initial post, the Redditor revealed that they used the wallet creation tool walletgenerator.net to create their wallet’s private keys, which some users highlighted have been infamous for vulnerabilities in the past. 

Speaking to Cointelegraph, blockchain security firm CertiK's director of security operations Hugh Brooks said users should think twice before using a crypto wallet generator. 

Such online wallet generators have served as a viable hacking tool for a while now, Brooks said:

Paper wallet generators have been known to contain serious vulnerabilities since 2019, Brooks said, adding that if anyone has generated wallets using walletgenerator.net then it's likely “the same keys have been given to different users.”

The Profanity wallet generator exploit was a textbook example of this security vulnerability which led to the $160 million hack on algorithmic market maker Wintermute in September.

The solution is simple, according to Brooks. Users wanting safe crypto storage should use a “trusted hardware wallet provider