The website bitcoinpaperwallet[.]com generates and prints paper wallet for cold storing your bitcoins.
Unfortunately the site is running a scam (it use to be good before 2018 when it was sold and now has new owners) and has a backdoor in the code that generates the wallets. All generated wallets are stored and accessible by the website owner.
People are loosing millions in BTC (stored in paper wallets) generated by the website.
According to security researchers, BitcoinPaperWallet.com sends a copy of every private key it generates on behalf of its users to the site’s servers. Whoever has access to the BitcoinPaperWallet’s back end can then access these keys and steal the funds associated with wallets generated on the site.
In May of 2020, Ethereum wallet provider MyCrypto released a video and tweet thread warning about a “vulnerability” in BitcoinPaperWallet which creates “a back door that leaves you at risk of your funds being stolen.”
The Aulds brothers mention that the code for this particular exploit no longer exists in BitcoinPaperWallet’s build. But something new has replaced it and people are still losing money because “someone is actively changing [the back door] once the current exploit is published widely,” Bryan Aulds told CoinDesk.