Bitcoin Forum

Since the R-Value problem, I had an bci account with only about 0.5 coins in it.  The gmail account that it was registered with was shut down too by google without warning.

Now when I try log in to BCI I get an message saying I have to check my email.  Sigh.

I have the original passphrase.  Is BCI a HD wallet?  Can I just import my pass phrase into another HD wallet app?  Its not the end of the world, but I wouldn't mind getting that half a coin out.

No.


If you have the .aes backup anywhere (usually in your emails), you can decrypt that using your password, no 2FA needed.

If you have the handle and the password, write to their support, explain to them that you no longer have access to your email address and ask them to assign another. I know someone who had similar problem and they helped him out.

I logged in the other day, after the first R value thread, but now shes locked.  Ill try emailing them tonight.  Thanks.

There where in gmail, but that's closed now.

ur best option is to try contacting support and providing valid information and change ur email.

Did you have 2FA enabled? If you didn't, there's some chance your wallet is still cached in your browser (unless you've logged into it successfully in the last few weeks -- BC.i disabled caching a few weeks ago).

To find out if you do have it cached, visit the login page (don't try to log in), press F12 to open the debugging tools, choose the Console tab at the top of the debugging tools, and in the console window type (depending on the browser, the console field where you can type things may be at the bottom of the console window):


If you get something back in the console besides "undefined", copy the entire thing into a text file for safe keeping in case BC.i support can't/won't restore your access.

No I didn't have 2fa enabled.  Ok, this is odd.  Following your advice, I thought id try in a different machine (Windows FF).  I get the error as soon as I navigate to the wallet page.

http://i58.tinypic.com/4tkrio.png

Looks like the site is making a json call with a different wallet identifier

https://blockchain.info/wallet/ce07adb1-[removed]?format=json&resend_code=false&ct=1420505310923

You need to fill out the form at https://blockchain.info/wallet/reset-two-factor and wait a few days.

As I'm sure you've guessed, BC.i requires each browser/OS combination to be email-authenticated (just once, unless you nuke your cookies regularly) for all accounts that have a registered email address, even those which haven't enabled 2FA. This is a fairly recent change (a few weeks ago).

If you don't have a backup, and can't locate a browser with a cached copy, your only choice is to open a support request as others have already pointed out....

I have the original pass phrase, but created addresses since then.  Thank, 2fa reset form submitted.

what you've sent an email to his CS, which is used to check email from the your identifier  ..

If you have the backup (they are named "wallet.aes.json") and the passphrase, simply visit https://blockchain.info/wallet/import-wallet and use it to create a new wallet from your backup.

I would be very grateful if someone could explain what is this R-Value problem I am reading about.

Understanding the "R-Value" problem requires understanding the technical details of how an ECDSA signature is created and verified.

Assuming that you aren't interested in that level of technical detail, the basic idea is that an ECDSA digital signature requires you to choose a number that nobody knows (and is essentially impossible to guess) and perform some calculations with that number.  As long as you use a new number every time that you create a new signature (and as long as nobody guesses the number you used) it isn't possible for anyone to calculate your private key from the signature.

However, if you re-use the number for two different signatures (or if you are choosing your number from a very small set of numbers so that it becomes possible for someone to figure out which one you are using), then it becomes possible to use the information to calculate your private key.

Thanks for the explanation Danny!
Well I can tell you that I am certainly not interested in that level of technical detail. ;D
However, since I use a strong password + 2-factor login authentication at blockchain in addition to having 2-factor login authentication on my e-mail account, I think that I shouldn't have anything to worry about.

I recently had a blockchain issue where my ip address was changed from my modem and I had ip security authentication enabled and got blocked from my account. I contacted support with my details and they reinstated my account 2 weeks later. 8)

Every time you send a bitcoin transaction from your blockchain.info wallet, the blockchain.info software needs to use a private key to sign that transaction.  If the signature has a re-used R value from a previous transaction, and you are re-using the same bitcoin address in your blockchain.info wallet for multiple transactions, then attackers that monitor the bitcoin network will be able to compute the private key.  They won't need your "strong" password, and they won't need your 2-factor login.  The hacker can simply create and broadcast a transaction that empties your wallet.

Should such an event take place, shouldn't Blockchain.info be held liable?
After all, it's their system that would have caused the screw-up!

Liability doesn't get you your money back if they don't have anything left to pay you with (just ask MtGox about that).

Liability also often doesn't help you much if the business you are "holding liable" is based in a country that doesn't cooperate with your desire to get your money back.

Well, it seems that this situation is going to be resolved soon. ;)
They will certainly secure their site from this flaw and avoid a repeat of this incident again in the future. :)

Right, because if there's one thing human beings are very good at, it's avoiding making the same mistake more than once.