|
Title: The issue of BC.i was not only the repeated-R (others may have the same issue) Post by: bithernet on December 13, 2014, 04:12:33 AM The issue of blockchain.info (Dec. 8th) was not only the repeated-R. Although it showed out as repeated-R, and people could analyze repeated r values to find out the vulnerable addresses.
Since the day before yesterday, Bitcoin users in China asked our team about blockchain.info's problem. So we started digging into the issue and found out: It was not only the repeated-R, and there were more users affected by this event. Some bitcoins on these vulnerable addresses that we found were collected to here: 1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh (https://blockchain.info/address/1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh) Currently we are continuing to evaluate the consequences. After we finish all analysis, we will post more details here and try to return these bitcoins to correct users. Johoe did a great job for saving peoples bitcoins. But we should notice more BC.i users, because we found out that "1xy......"/"1aa......" are still collecting repeated-r bitcoins. UPDATE 20141220: send bitcoins to blockchain.info Contact Blockchain Support: Address : https://blockchain.info/address/1PLn3ru1n7wERPP1BLVV9oAEGGuXUP1eoC Transaction : https://blockchain.info/tx/540c6fb44bb6f008260b88b104bbb1f577d81b79a4393837179b2290a67f4b3d Title: Re: The issue of blockchain.info (Dec. 8th) was not only the repeated-R Post by: bithernet on December 15, 2014, 06:32:57 AM There are other vulnerable addresses related to this issue. It seems not only the blockchain.info but also other online wallet services are affected (although their users are much fewer than BC.i).
We have collected those weak bitcoins to another address : 1824bso2XgKTm7XThA75A2gdMpt3jSxW5M (https://blockchain.info/address/1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh) Title: Re: The issue of blockchain.info (Dec. 8th) was not only the repeated-R Post by: Fernandez on December 15, 2014, 06:35:48 AM The issue of blockchain.info (Dec. 8th) was not only the repeated-R. Although it showed out as repeated-R, and people could analyze repeated r values to find out the vulnerable addresses. ------------ ------------ But we should notice more BC.i users, because we found out that "1xy......"/"1aa......" are still collecting repeated-r bitcoins. Says not only repeated R and then proceeds to find the same only ::) What is the vulnerability, then? Title: Re: The issue of blockchain.info (Dec. 8th) was not only the repeated-R Post by: bithernet on December 15, 2014, 07:18:41 AM Says not only repeated R and then proceeds to find the same only ::) What is the vulnerability, then? You can look into the two addresses that we provided for more details. After all the analysis, we will post more infos here. Title: Re: The issue of BC.i was not only the repeated-R (others may have the same issue) Post by: bithernet on December 15, 2014, 09:24:16 AM Until today, these vulnerable addresses (currently they are not monitored by 1xy/1aa) are still receiving bitcoins. So please tell users (especially miners) to check their wallet ASAP.
Also new txs with problem r-value are still showing. https://i.imgur.com/Swq6bK4.png https://i.imgur.com/C6FjpEG.png |
