Bitcoin Forum

Economy => Service Discussion => Topic started by: MysteryMiner on April 10, 2013, 05:14:50 PM

Title: wallets compromised - Uninstall Google Chrome spyware right now!
Post by: MysteryMiner on April 10, 2013, 05:14:50 PM
Here is the text file behind the hash I published few days ago in this link

After finding about instawallet hack I was shocked how easy it was and that I did not think about it before someone else found it and made public. In my free time I searched for similar services using similar scheme and was also had similar problems. Found about 950 URLs. I found it too laborous to check each of them and I used Greasemonkey script to harves the URLs. Added my address as dead mans switch that activates after 1 day. Sorry I'm too much excited right now. Typing this as a proof as I cannot access my GPG keys. Check the SHA256



List of compromised web wallets as extracted by greasemonkey.


What happened? Easywallet have the secret URLs leaked to google and showing up in Google searches by searching and choosing to show similar results. I used Greasemonkey script to harvest the urls from google search, manually checked all of them for coins and added my address as a dead mans switch with 1 day activation so any coins deposited there will end up in my wallet. The Google have about 950 URLs in their database but search result returns about 100 of them. This is smaller scale leak compared to Instawallet because Easywallet is less popular. The leak itself most likely is caused by users using Google Chrome that sends everything entered to address bar to Google and then showing up the results in searches. The robots.txt prevents the spidering of secret urls but the leaking of secret url to 3rd party itself is a security fail.

How to prevent it? Don't use Google Chrome at all. It leaks everything You visit to Google. It is worst browser ever, it is often installed as unrequested drive-by install of some freeware such as Skype. They store your browsing history on their servers, incorporate the private data into search results and readily serves the private data to FBI and every other three letter agency douchebags. When using Firefox install this addon and set default behavior to "No referer (3rd party only)" or disable referer sending altogether in Firefox preferences.

I was unable to steal any coins :( Most of addresses were empty or with too small amounts of coins to be withdrawable. Notified owners, got response. They already knew about it. Initially I thought it would be much larger deal as it is now. I expected to grab some coins and expected that other hackers will discover this independently and as a result the Easywallet users will start losing coins in large quantities.

As for Instawallet I think they probably shut down due to other reasons, not similar leak discovered by The Founder.

Thank's to The Founder for his original idea here: