The Anti-Guide to Setting Up a Crypto Wallet
A Reddit user shared a cautionary tale about setting up a cold crypto wallet, which ultimately led to thieves stealing all their accumulated assets a year later.
The user in question used JavaScript on a dedicated website, but without any internet connection, to generate a private key. Following this, they cleared their browser's cache and cookies and then printed out the generated data. However, despite adhering to the recommended security practices, thieves still managed to steal over $3,000 from their wallet. This unexpected theft prompted the user to seek assistance from the online community to figure out what went wrong.
”I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for,”the anonymous Reddit user explained.
The user believed that the leak might have occurred when they transmitted the file to a network printer, but it's more probable that the vulnerability resided elsewhere. It's conceivable that they initially obtained compromised data due to malicious JavaScript code, particularly since this website had been implicated in similar incidents in the past.
It appears the developers had merely devised a deceptive process for generating private keys. In essence, wallets were either created using a constrained cryptographic algorithm or selected from a pre-arranged list. However, for scammers, it's much more beneficial to construct code with a subtly concealed flaw, thereby tricking even the more seasoned users.
In any event, the perpetrators had masterminded the crime meticulously: their wallet instantaneously received twenty large transfers. It's highly plausible that they were awaiting individuals with significant capital and transferred the heftiest assets when cybersecurity professionals began expressing apprehensions about the application. After scrutinizing the IP address, one user discovered that the site had recently accumulated several negative feedbacks.
This narrative once again underscores a critical message to all cryptocurrency users: even if you're confident in adhering to cybersecurity guidelines, there's always the potential risk of running into difficulties. For example, a spokesperson from CertiK views private key generators as one of the riskiest tools for creating a cryptocurrency wallet, but people persist in using them. Hence, it's essential to meticulously inspect each step and place trust only in vetted decentralized applications that operate on open-source code.