BlocksInform
According to the post, the wrong code was in force in August 2018, and was not finalized until recently on May 23. The live code on the website is reportedly supposed to be open source and audited on GitHub, but there were differences detected between the two. There were differences between them.
After reviewing the code on-line, Denley concluded that the keys were generated in a deterministic manner on the live version of the website, not randomly. In one of the mycrypto tests between May 18 and May 23, they tried to use the mass generator on the website to make 1,000 keys. Github release returned 1000 unique keys.
Actual code has returned 120 keys. As the post puts it:
“ELI5: When generating a key, you take a super-random number, turn it into the private key, and turn that into the public key / address. Random is needed to generate key matches to ensure the security of paper portfolios. This is why it’s so important that the super-random number is actually random…not ‘5.’”
WalletGenerator patched the determinism problem after MyCrypto reached out during the middle of its investigation. Random is required to generate key matches to ensure the security of paper portfolios.
As the post says:"ELI5: When generating a key, you take a superrandom number, transform it into a private key, and transform it into a public key/address.
As previously reported by Cointelegraph, a so-called “blockchain bandit” made off with around 45,000 ether () by guessing weak private keys on the Ethereum blockchain.
