Bitcoin Forum

Other => Meta => Topic started by: Stedsm on January 18, 2018, 01:42:32 PM



Title: Signed message by me: IMPORTANT!
Post by: Stedsm on January 18, 2018, 01:42:32 PM
Friends,
I've recently used my private key being online over a website named segwitaddress.org
Though, it's not a phishing site by any means (as it's an open-source project and is in the list of supporting entities of SegWit), I believe that my address 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv has been compromised and that, I think that someone might misuse the information (private key) to sign message and/or hack my account here. So, I am signing a message with that address with something important:



Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is Stedsm. I used private key of my address 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv at segwitaddress.org and believe that my private key is now compromised. So, before believing anyone claiming to be me, send me a PM at Bitcointalk.
-----BEGIN SIGNATURE-----
Bitcoin address: 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv
Signature: IMn6s9+lC7E/jRRIGnXnqsQOst3uYTeODJag+hJkmdj6Inp2XIqX/1FSeqfhT4ZC8dLGUo4b5tn9/dsZqW0UEjE=
-----END BITCOIN SIGNED MESSAGE-----


Title: Re: Signed message by me: IMPORTANT!
Post by: ibminer on January 18, 2018, 04:08:40 PM
Friends,
I've recently used my private key being online over a website named segwitaddress.org
Though, it's not a phishing site by any means (as it's an open-source project and is in the list of supporting entities of SegWit), I believe that my address 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv has been compromised and that, I think that someone might misuse the information (private key) to sign message and/or hack my account here. So, I am signing a message with that address with something important:



Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is Stedsm. I used private key of my address 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv at segwitaddress.org and believe that my private key is now compromised. So, before believing anyone claiming to be me, send me a PM at Bitcointalk.
-----BEGIN SIGNATURE-----
Bitcoin address: 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv
Signature: IMn6s9+lC7E/jRRIGnXnqsQOst3uYTeODJag+hJkmdj6Inp2XIqX/1FSeqfhT4ZC8dLGUo4b5tn9/dsZqW0UEjE=
-----END BITCOIN SIGNED MESSAGE-----

Message verified.

However, if your private key is compromised, I wouldn't really know if it's actually you signing this message and not the person who may have your private key. I guess I can accept the fact that the password hasn't been changed on your bitcointalk account yet as reasonable logic that your account is probably not compromised, but if you really think your private key is compromised, you may want to move to a new wallet and sign a message showing your prior address & new address of your new wallet.

I'm curious if you used the offline options of this website or not? 
The site is created by coinableS (https://bitcointalk.org/index.php?action=profile;u=359727) and the code looks legitimate so far but I haven't been through all of the JS. I'd still never put my private key on a website, and would take every precaution (at least shut off internet access) if attempting to use the "offline" version.

A good general rule to follow: Never enter your private key on a website


Title: Re: Signed message by me: IMPORTANT!
Post by: Stedsm on January 18, 2018, 05:53:19 PM
Code:
-----BEGIN BITCOIN SIGNED MESSAGE-----
This is Stedsm, confirming that this address is mine and I've created this thread to let everyone know that I believe 19RidcN96xgXkWi8gDwxcmbjjdjfrxpxvv's privkey has been compromised.
-----BEGIN SIGNATURE-----
Bitcoin address: bc1qw9jzfa0wyjflxlq9e9cuyy6gj32hwcmzsxftn5
Signature: IIC0WbRF61Y/gcxtxJ+ZK0XWJxduZrluxGj3pBCzw+/tQxjeO3hRO/ZEnI6aNY6mvXZ4nF5x+UNKNmVOrir+aLw=
-----END BITCOIN SIGNED MESSAGE-----

Use Electrum to successfully verify it, as I've signed it through an Electrum wallet.
Hope this helps. :)


Title: Re: Signed message by me: IMPORTANT!
Post by: marlboroza on January 18, 2018, 07:01:58 PM
However, if your private key is compromised, I wouldn't really know if it's actually you signing this message and not the person who may have your private key.
True but:
but if you really think your private key is compromised, you may want to move to a new wallet and sign a message showing your prior address & new address of your new wallet.
Hm, how is that going to prove anything?


Can you sign message from one of these:

Code:
13CZj5mHbrh3mAyjBZ3yCfKKeFUsfsrDC9	
1N9Gy36yfizztr6bK6VnQNp8GBJvaZxFaY
1LrRhhJUYyxgYGW5pkoYkGvBhMce4Nami9
18Z2WZfmzCpCN1uNJ8eXJCfJXF77UxHxYk

Or better, can you sign message from here:

Code:
0x8AdD01DABcDFAD3a64A2e2EAf25D4bd1d97af301


Title: Re: Signed message by me: IMPORTANT!
Post by: Stedsm on January 18, 2018, 07:25:07 PM
However, if your private key is compromised, I wouldn't really know if it's actually you signing this message and not the person who may have your private key.
True but:
but if you really think your private key is compromised, you may want to move to a new wallet and sign a message showing your prior address & new address of your new wallet.
Hm, how is that going to prove anything?


Can you sign message from one of these:

Code:
13CZj5mHbrh3mAyjBZ3yCfKKeFUsfsrDC9	
1N9Gy36yfizztr6bK6VnQNp8GBJvaZxFaY
1LrRhhJUYyxgYGW5pkoYkGvBhMce4Nami9
18Z2WZfmzCpCN1uNJ8eXJCfJXF77UxHxYk

Or better, can you sign message from here:

Code:
0x8AdD01DABcDFAD3a64A2e2EAf25D4bd1d97af301


Those were my elder brother's addresses, not mine.
Mine is 0x3599645090EFC014A5963E53906E98D38a51dEb0, check the given link below:
https://bitcointalk.org/index.php?topic=2047474.msg20505791#msg20505791

Code:
{
  "address": "0x3599645090efc014a5963e53906e98d38a51deb0",
  "msg": "This is stedsm, confirming its my address.",
  "sig": "0x91d331abc5bd03f04890a5d354acbc5f0d2e869cde236796f77fac135818f5390842833a19b9830a0b142f504ecb0c33a61022c8992f5e6c26058e0b3588bce71c",
  "version": "2"
}

Hope I won't need anything more to prove that it's still me. ;)


Title: Re: Signed message by me: IMPORTANT!
Post by: marlboroza on January 18, 2018, 08:38:16 PM
Those were my elder brother's addresses, not mine.
You said your address has been compromised and that address is part of your elder's brother wallet https://www.walletexplorer.com/wallet/2000677ee99cbe15/addresses so I thought it would be OK to sign message from address which is part of that wallet.


Code:
{
  "address": "0x3599645090efc014a5963e53906e98d38a51deb0",
  "msg": "This is stedsm, confirming its my address.",
  "sig": "0x91d331abc5bd03f04890a5d354acbc5f0d2e869cde236796f77fac135818f5390842833a19b9830a0b142f504ecb0c33a61022c8992f5e6c26058e0b3588bce71c",
  "version": "2"
}
Anyway, message verified.


Title: Re: Signed message by me: IMPORTANT!
Post by: ibminer on January 18, 2018, 09:44:39 PM
However, if your private key is compromised, I wouldn't really know if it's actually you signing this message and not the person who may have your private key.
True but:
but if you really think your private key is compromised, you may want to move to a new wallet and sign a message showing your prior address & new address of your new wallet.
Hm, how is that going to prove anything?

Not proving anything, that 2nd piece was more advice on moving to a new private key and then signing a message here to show the move to others... under the assumption that his account here has not been compromised. It would at least show the move to a new wallet and could possibly be used later if his account somehow gets compromised, or handed over to someone claiming the account is hacked and claims to be the original account owner by signing a message using the old wallet. One would still have to accept that the owner of the account, as of right now, is the original owner, in order to accept the signed message as a move to a new wallet/key.