Share this article
Researcher Discovers Serious Vulnerability in Paper Crypto Wallet Site
If you have cryptocurrency in a paper wallet from WalletGenerator.net you'd best pull it off.
By John Biggs
Updated Sep 13, 2021, 9:14 a.m. Published May 27, 2019, 5:00 p.m.
A security researcher from MyCrypto.com, Harry Denley, has posted a detailed – and damning – analysis of paper wallet site WalletGenerator.net.
The core of the analysis hinges on WalletGenerator's original open-source code, available here. Until August 17, 2018 the online code matched the open-source code and the entire project generated wallets using a client-side technique that took in real random entropy and produced a unique wallet. But sometime after that date the two sets of code stopped matching.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
The result? The very real possibility that WalletGenerator is giving the same keys to multiple users. To test this, MyCrypto's researcher ran the generator in bulk and got some odd results.
"Approaching from a different angle, we then used the “Bulk Wallet” generator to generate 1,000 keys. In the non-malicious, GitHub version, we are given 1,000 unique keys, as expected.
However, using WalletGenerator.net at various times between May 18, 2019 — May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated."
While the odd behavior was not found as of last Friday (May 24), it could be return at any time.
"We’re still considering this highly suspect and still recommending users who generated public / private keypairs after August 17, 2018, to move their funds," the researcher says. "We do not recommend using WalletGenerator.net moving forward, even if the code at this very moment is not vulnerable."
You can read the entire report here, but Denley recommends moving funds off of your WalletGenerator-based paper wallets. As there is no clear way to contact the "two random guy [sic] having fun with a side project" who apparently run the site, we can safely recommend you avoid the site altogether.
Code image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Filecoin Declines 7%, Breaking Below $1.43 Support
The token now has support at the $1.37 level and resistance at $1.43.
What to know:
- FIL slumped from $1.48 to $1.38, breaking key support with an 85% volume spike
- The technical breakdown confirms a trend reversal from the December highs near $1.55.
Top Stories
