BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds

faebi · on Feb 24, 2021

How old is the hack? I used it years ago for half a bitcoin which I hope I still own.

Edit: If I remember right, I used it in 2016 and I opened a private window, disconnected the Wifi, created the wallet, closed the window and reconnected. Meanwhile I think I watched the devtools too. I still wonder if some data got queued in some web workers and was sent via websockets even after closing the private chrome tab. Back then browsers have been less privacy focused.

Udik · on Feb 25, 2021

It seems the hack started in 2018, so you should be safe. Note that all the procedure of incognito tab, disconnecting from the internet, etc., wouldn't have helped you, as the key has been generated on the server before you loaded the page :(.

lxgr · on Feb 27, 2021

The exfiltration method used seems to have changed from an active private key upload to a passive one (predictable entropy).

The latter puts users at risk even when going offline before generating fake entropy.

doggosphere · on Feb 24, 2021

Why would you take any risk by not moving your funds right now?

faebi · on Feb 24, 2021

Stupidly I lost it in my home and the next copy is about 100km away. But thanks, you are right, tomorrow.

doggosphere · on Feb 25, 2021

If you happen to know the public address key you can check if the balance is still there

tootahe45 · on Feb 25, 2021

Are you sure you didn't use bitaddress.org? that was the popular one IIRC and my funds are still safe after using that.

ccapo · on Feb 25, 2021

When I came across the site years ago, I saved a copy of it so I could run it locally in my browser. Only later did I realize there was a GitHub repo: https://github.com/cantonbecker/bitcoinpaperwallet