Bitcoin Forum

Bitcoin => Press => Topic started by: hjbuell on March 28, 2014, 03:45:50 PM



Title: [2014-03-28] Bitcoin Vanity Addresses Hacked
Post by: hjbuell on March 28, 2014, 03:45:50 PM
http://www.financegirl.co.uk/bitcoin-vanity-addresses-hacked/

I know it's old news, but it took a day to get published. Such is the life of a writer. No offense to those who lost BTC due to the hack / scam - but then, vanity addresses (like the one I had) are about as unique as fingerprints. They all look the same, but every one is different.


Title: Re: [2014-03-28] Bitcoin Vanity Addresses Hacked
Post by: TheRealSteve on March 28, 2014, 03:59:41 PM
* vanity address generation website hacked

tl;dr: A website that generated vanity addresses using a Split-Key setup (which should be safe) allowed users to use a key pair generated on that site itself (uh oh), the generation part of which got hacked (derp), so anybody not providing their own public key (come on, people!) effectively handed over the keys to the kingdom. Also, something about beards :)

Though the article itself doesn't really seem to go into the detail that there was security failings on both sides: the site for letting themselves get hacked, and the users for trusting keys generated at that site itself.


Title: Re: [2014-03-28] Bitcoin Vanity Addresses Hacked
Post by: hjbuell on March 28, 2014, 04:24:40 PM
Haha, exactly. The beards part FTW!

I know you, and the rest of the folks here, know about the details, but I didn't think the audience was (or is) ready for full on immersion into why the two part key bits are bad.

Rather, I thought to focus on the fact that the site was a risk (and got hacked), and that a vanity address isn't at all like a vanity phone number or license plate. There are so many random combinations that every single person in the world could have the same 4 to 6 letter start to their vanity address - so what's the point.

Oh yeah, and the beards. Got to watch those shady buggers.

Mostly supposed to be good for a laugh, while easing some more Bitcoin lore into those who have not yet been assimilated.  :)


Title: Re: [2014-03-28] Bitcoin Vanity Addresses Hacked
Post by: TheRealSteve on March 28, 2014, 05:54:27 PM
Maybe something for a follow-up - which could easily segway into other multikey applications, escrow, all that :)

Oh yeah, and the beards. Got to watch those shady buggers.
Hey! I resemble that remark! ;)

And yes, I enjoy reading your articles :)