This website is known to steal Bitcoins for almost as long as I can remember! That's not just a rookie mistake, it's plain negligence. A simple forum search would have brought you to
Disclosure: Key generation vulnerability found on WalletGenerator.net (in 2019). Using compromised software offline doesn't make it safe.
We didn’t realize walletgenerator has an issue.
That can only mean you didn't even search for it, otherwise you'd have found many warnings signs.
From that medium article you posted in (2019):
'At this time, the code on GitHub is not malicious nor vulnerable, nor has it been malicious or vulnerable previously.'
Last checkin for that code on github appears to be 7 years ago.
Even if that code was compromised, if it was on an air gapped system theres no way it could have communicated the keys back to the malicious actors.
Something doesnt smell right here.
There's another paper wallet website that turned into stealing Bitcoins after the site was sold, and even offline it produces compromised keys. See
this post. There's no need to use potentially compromised software, there's more than enough legit software out there.
Coin refunds should absolutely unequivocally be above just load value, anything less is a slap in the face and bullshit, period.
I'm not into collectibles (for privacy, and for "verify, don't trust"), but as far as I know the value of collectibles comes from scarcity, and age. Buyers pay more than just the Bitcoin value when they buy them, which means refunding just the Bitcoin amount is less than the damage done when it got compromised. Even replacing it with a new one removes the "age" of the coin, so doesn't fully fix the value. And that's even ignoring the fact that being compromised even once makes all future coins lose their credibility.
So yes we were incompetent. Yes we have made a mistake.
~
Please stay a little supportive and positive.
In my country, we have these sayings:
- Trust comes on foot and goes on horseback
- A donkey doesn't hit the same stone twice