Search ForexCrunch
  • The analysis revolves around WalletGenerator’s original open-source code.
  • The researcher advised removing funds from WalletGenerator-based paper wallets.

Harry Denley, a security researcher from, has recently posted a brief analysis of popular paper wallet site “” The core of the analysis revolves around WalletGenerator’s original open-source code. The online code matched the open-source code and it generated wallets using a client-side technique that took in real random entropy and produced a unique wallet until August 17, 2018.  

As per Denley:

“Approaching from a different angle, we then used the “Bulk Wallet” generator to generate 1,000 keys. In the non-malicious, GitHub version, we are given 1,000 unique keys, as expected.

However, using at various times between May 18, 2019″Š-May 23, 2019, we would only get 120 unique keys per session. Refreshing our browser, switching VPN locations, or having a different party perform the same test would result in a different set of 120 keys being generated.”

Denley highly recommends moving funds off of your WalletGenerator-based paper wallets:

“We’re still considering this highly suspect and still recommending users who generated public/private keypairs after August 17, 2018, to move their funds. We do not recommend using moving forward, even if the code at this very moment is not vulnerable.”