Vanitygen is one of the most well-known Bitcoin (BTC) wallet generators on the internet, but the service has come under serious accusations. According to users who used it, Vanitygen would be accessing the wallets and withdrawing the BTC stored in the addresses. At least two users took to the Reddit forum and complained about the case. The topic was also discussed on the Morning Crypto program, presented every morning by Edilson Osório. In a conversation with CriptoFácil, the computer scientist and founder of OriginalMy explained the case.
understand the problem
Wallet generators are used to generate BTC or Ether (ETH) addresses. These generators create traditional random addresses, but allow for the creation of a non-random string of letters. In this way, the user can create a more personalized address, something somewhat exclusive. For example, if someone named Paulo wants to put his name in an address, he can do that using a generator. So, the address would be something like 1pauLOy27TK1YyrJuYxPvRparcf5HKuxs (merely illustrative address). According to Osório, these addresses need to be generated on the blockchain, which can take some time. The more non-random letters the key has, the longer this time. After a series of calculations, the generator manages to find the private key that is associated with the address. Once this process is done, the generator delivers the wallet’s private key to the user and then destroys the copy of the key, so that it is not stored in the generator. However, Vanitygen is an online generator, that is, connected to the Internet, and therefore the private keys generated on the site would not be deleted.
“Some platforms promised to hand over the wallet’s private keys and in fact they did. They also promised to erase the keys from their database, but that part was not fulfilled. In the case of Vanitygen, the BTC of those who had the private key generated there were stolen. The site says it was targeted by hackers, which there is no way to prove. But the fact is that they kept copies of the wallets’ private keys, which made theft possible, whoever stole it”, explains Osório.
cases on reddit
Suspicions of this type are not a new fact, as there have been accusations of this type of procedure since 2014. At least two users had their funds stolen precisely through wallets generated by Vanitygen. One of them thought it was an error in his backup, but found that all addresses were generated in Vanitygen. Another reported an address that reportedly received over 14 BTC in funds stolen from Vanitygen’s wallet. There are more than BRL 2.6 million at the current price of the cryptocurrency. For Osório, the wallet generators are not the problem in themselves, but the programs that work online. The scientist highlights that Vanitygen has a totally closed one, without transparency and with complaints of lack of support on social networks. And now, I suspect keeping copies of the keys. So it’s not a site people should stay away from for anything that manipulates passwords or private keys. Instead, Osório warns against using other types of systems.
“Online generators could be hacked at some point, or they could steal their funds themselves and say they were hacked. The best way to create a wallet is to use recognized, official software on your computer or smartphone that generates the private keys on a device under your control. Then, you must keep this private key on paper or, preferably, on a metal plate”, warns Osório.
Read also: Survey: 63% of Brazilians want to make payments with cryptocurrencies in their stores Read also: Brazilian eSports team Furia receives BRL 15 million sponsorship from FTX Read also: Bitcoin Core developer promotes soft fork on BTC to create quantum resistance