Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: mayax on January 16, 2015, 01:20:11 PM



Title: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 01:20:11 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Madness on January 16, 2015, 01:23:43 PM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Blazr on January 16, 2015, 01:26:39 PM
Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 01:26:55 PM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."

Sorry, I was faster. It happens to me so often(I am modest too)   haha

Well, of course it is not comfortable to know that your funds can disappear any time. You wanna bet that some people will say:

"neah, it cannot happen to me"  EVEN so there are many hacking reports daily.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: qwk on January 16, 2015, 01:27:31 PM
TL;DR of the news:
if you're able to install software on someone else's computer or modify the code he compiles, you can steal his coins.
Duh.


You should read the news before you post something like:
Your funds are not safe neither in "cold storage". Read:


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Kazimir on January 16, 2015, 01:30:07 PM
many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)
Complete nonsense. This requires a backdoor being built into the software you're using to sign your transactions. I.e. using a compromised wallet.

Well duh, if I'm using compromised wallet software, then obviously my coins aren't safe to begin with.

FUD.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 01:30:54 PM
Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Madness on January 16, 2015, 01:32:26 PM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."

Sorry, I was faster. It happens to me so often(I am modest too)   haha

Well, of course it is not comfortable to know that your funds can disappear any time. You wanna bet that some people will say:

"neah, it cannot happen to me"  EVEN so there are many hacking reports daily.


Rofl :o I don't wanna bet because I just said the same thing to my self to be honest . I never got hacked in my life and planning to stay that way  ::) but Everything have a first  :'(


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Puppet on January 16, 2015, 01:33:17 PM
Yeah, title is nonsensical and sensationalist. If you created the cold wallet on a compromised PC, of course its not going to be secure and there are 100x easier ways to steal the coins from such wallet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 01:33:21 PM
Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.

How do you know that it was not hacked?

Hacking reports are daily including with the exchangers.

What the article wants to say is that the cold storage is not safe at all.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 01:40:22 PM
Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.

How do you know that it was not hacked?

Hacking reports are daily including with the exchangers.

What the article wants to say is that the cold storage is not safe at all.

Only reports of hacks are of the online, hot wallet variety.

Cold storage is perfectly safe if you take the proper precautions.  From the article:

Quote
Conventional wisdom has it that coins in cold storage are safe from attacks because the private keys never come in contact with the Internet or any other network.

In general, this is true. Even if the cold storage device could be compromised by malware, stolen private keys would fail to be transmitted to a thief because it isn't connected to the Internet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BaselessBitcoin on January 16, 2015, 01:51:25 PM
Until we see this theorized exploit in action you have no reason to believe cold storage wasn't as safe it was yesterday.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: lucasjkr on January 16, 2015, 02:06:04 PM
If cold storage is vulnerable, then it would stand to reason that every wallet is vulnerable?

But my reading of the coinbase article leads me to believe that the attacker would need to have installed a compromised version of Bitcoin on the airgapped machine? Or else the upstream version of Bitcoin would need to be compromised? Or Armory, Electrum, etc, whichever wallet software the user is using. Am I wrong?

So, yes, if malicious actors gain commit privileges on the Bitcoin source, then offline wallets are compromisable, as are every other wallet. And if a malicious actor gains access to your airgapped machine in order to replace your binaries, you're also vulnerable. That's my interpretation. Doesn't seem like it's too much a worry, honestly. I mean, if an attacker gains such access, then it's game over regardless of which method of attack they use.

Or am I missing something?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Meuh6879 on January 16, 2015, 02:10:26 PM
Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection',

are you release what you say ... ?
you ONLY can do that when you install corrupted version of bitcoin core highly modified with this.
even in P2P file sharing client ... this sort of thing don't exist.


or for dumb people : DON'T DOWNLOAD official client from others places than https://bitcoin.org/bin


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Guido on January 16, 2015, 02:12:11 PM
media do a horrible job on stories so if they get hold of this (when), price will dump


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 02:23:56 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 16, 2015, 02:26:33 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)

That is true for any open source project, even the Linux kernel.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: RadBrad on January 16, 2015, 02:27:55 PM
Misleading title this has always been known....cold storage is safe if you take the correct precautions.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: 1Referee on January 16, 2015, 02:28:18 PM
media do a horrible job on stories so if they get hold of this (when), price will dump

Nothing new...

If people read that article, and I mean READ that article, then it's more funny than being informative.

Average joe might think Bitcoin is hacked, broken, exploded, killed, etc. That's the sort of group of people who do believe these articles.

In a nutshell : Nothing is 100% safe.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: RainVein on January 16, 2015, 02:29:28 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: qwk on January 16, 2015, 02:30:14 PM
what you it seems that you do not understand or you do not want to say is that :
[...]
These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked. :)
You seem to have little to zero experience with large collaborative software projects.
The specific attack we're talking about would require changing the code of a subroutine that's probably not been touched for years, since it's basically part of the fundamental core of the system.
With version control systems, such things don't go unnoticed.

It's like waving a red flag with the words "hey, I'm going to do something incredibly stupid and/or important" and hoping no one will notice.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Meuh6879 on January 16, 2015, 02:30:29 PM
These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

False, very false ... we have revision display system to view the only added code (followed by name of author and reputation).
And even with this, the contribution are not allowed "like easy added" on the bitcoin core.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ebliever on January 16, 2015, 02:30:37 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)

You don't seem to understand that the hack has to be performed on the software the Bitcoin user uses to generate private keys. It can't be done after the fact. So you are entirely wrong and sensationalist in claiming that everyone's cold wallets are at risk. They are only at risk if they did in fact create their wallet using a criminal's hacked code. This is a risk, but not in the way you are shouting.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ebliever on January 16, 2015, 02:33:38 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 02:34:06 PM
I'm shocked and horrified, next you'll be telling me that opening stuff in my spam folder "Your friend Joe, attachment:Photo.exe" isn't safe.

Then, oh horrors of the slippery slope, next they'll say that if I leave my front door open just a very small crack, I'll get random strangers taking my stuff, where does it all end????


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 02:36:08 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)

That is true for any open source project, even the Linux kernel.

TRUE. Also, remember Heartbleed bug and the vulnerability in the "bash" shell for Linux and Unix, Shellshock :)



Title: Re: Bitcoin cold storage - HACKED easily
Post by: Rich Tsunami on January 16, 2015, 02:37:01 PM
This is so obvious...of course if someone has modified the code of a wallet and you downloaed it without verfiying where it came from and if its actually safe by checking its pgp then you are going to lose your coins thats pretty obvious...thats why you always make sure the check sum or pgp is exact.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 02:37:47 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"


Title: Re: Bitcoin cold storage - HACKED easily
Post by: bornil267645 on January 16, 2015, 02:38:48 PM
I think this theory is only applicable when your next door neighbor is peeping through your window to get a peek at your password or been compromised in that sort of way.

other than that, cold storage is still the safest bet. I hope so.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: RKZ72 on January 16, 2015, 02:40:30 PM
sorry for being dumb but if someone has modifed the code and you run it in a offline computer how does the hacker gain your information? how is it sent to him becase there is no internet connection to send the data or he cant remote control your computer because theres no internet access.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ropbat on January 16, 2015, 02:41:33 PM
I think op was trying to scare everyone and people would start panic selling again..nice try mate.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 16, 2015, 02:43:43 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"
bitcoin.org is added by you. The article was talking about hardware wallets like Trezor or Bitsafe, and that is a valid concern.
If you're concerned about the precompiled binaries on bitcoin.org not matching the source, just compile it yourself.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ebliever on January 16, 2015, 02:43:53 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"

And maybe my smartphone has secret code from the CIA that is recording all my conversations and has super-secret hardware that can perform a keystroke log on any computer within 5' of it, so they have access to all my accounts and activities and can haul me off for thinking bad thoughts at any moment. Sometimes you just have to accept that the world is not an absolute locked-down perfect place no matter how hard you try to make it.

It remains the case that the hack can't be performed after the fact, which is what you've been shouting.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: SaltyRainbow on January 16, 2015, 02:44:54 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

Where do you keep your Bitcoin? Blockchain.info? Cold storage is the safest and always will be.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 16, 2015, 02:45:47 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"

And maybe my smartphone has secret code from the CIA that is recording all my conversations and has super-secret hardware that can perform a keystroke log on any computer within 5' of it, so they have access to all my accounts and activities and can haul me off for thinking bad thoughts at any moment. Sometimes you just have to accept that the world is not an absolute locked-down perfect place no matter how hard you try to make it.

It remains the case that the hack can't be performed after the fact, which is what you've been shouting.
Don't laugh. The whole reason phones have pulse oximeters now isn't for measuring heartrate. It's so that the CIA can track your thoughts. I read it on the internet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ebliever on January 16, 2015, 02:45:57 PM
sorry for being dumb but if someone has modifed the code and you run it in a offline computer how does the hacker gain your information? how is it sent to him becase there is no internet connection to send the data or he cant remote control your computer because theres no internet access.

The idea is that you downloaded software from the hacker and use it to generate your wallet. Since he designed it to produce specified outputs, it generates private keys that he can recognize in the blockchain. So it doesn't matter that your cold wallet generating system is offline.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 02:47:24 PM
To the OP,

You should change the thread title to Bitcoin cold storage -   HACKED DIFFICULTLY WHERE ATTACKER NEEDS ACCESS TO AIR GAPPED PC OR WALLET AND HAS TO INSTALL BACKDOOR WALLET VERSION ONE COLD WALLET AT A TIME

The original post and title very misleading, and causes FUD to the Noobs.

Thanks,

Bitcointalk Community


P.S. - You keep saying the manufacturer and link to Bitcoin.org....reread the article, dude.  The context is if hardware wallet manufacturers like say Trezor or Ledger have the compromised software installed.  Not software wallets like Bitcoin Core or Electrum or Armory.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 02:49:41 PM
I think op was trying to scare everyone and people would start panic selling again..nice try mate.

Yah, he's been in alarm and despair mode for the last week, just trying a little "too" hard now for us to continue to regard him as genuine.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 16, 2015, 02:53:59 PM
Ok, back to serious questions to knowledgeable people.

Am I correct in reading that this vector only allow the attacker to determine the private key of an address that has been used to sign a transaction? IE, if you use all the inputs of an address in the transaction and not reusing any addresses even a compromised ECDSA module would only net the attacker your now empty address.

Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: qwk on January 16, 2015, 03:04:11 PM
Am I correct in reading that this vector only allow the attacker to determine the private key of an address that has been used to sign a transaction? IE, if you use all the inputs of an address in the transaction and not reusing any addresses even a compromised ECDSA module would only net the attacker your now empty address.
Well, the paper isn't really published yet, but as far as I can tell, this seems to be the case.
Honestly, the whole issue is interesting, but not much more.

All it really shows is that you can actually use the transaction signing part of cold storage to get information out of an otherwise sealed system.
Then again, that's more or less Captain Obvious speaking ;)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: freequant on January 16, 2015, 03:05:54 PM
Title is wrong and FUD'y: it should read "compromised bitcoin client coldstorage hacked easily". This is a complete non-news, it was already possible to do the same thing by using a custom random generator that would generate numbers in a reduced subset of the integer space.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 03:11:29 PM
Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.

If you're D/Ling compromised binaries period, your Nest thermostat is going to kill you from hypothermia in your sleep, or your cellphone is deliberately trying to give you brain cancer by going full power on all radios any time you pick it up, and so on.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Razick on January 16, 2015, 03:17:10 PM
You have to be using a compromised wallet for this to work.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dsattler on January 16, 2015, 03:21:47 PM
I think nowadays most of the people only read the headlines!  :(

But not all of them go straight to btt and spread FUD!  >:(


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 16, 2015, 03:22:08 PM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: qwk on January 16, 2015, 03:25:26 PM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. ::)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 16, 2015, 03:27:27 PM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. ::)
That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 03:28:56 PM
Not if you turn up the heat remotely on the Nest to make them smarter :D


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 03:30:20 PM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. ::)

You guys are definitely all wrong.  Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops.  Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him:

http://media0.giphy.com/media/7q3By1tKdxjJ6/giphy.gif

Only then can the attacker upload the compromised version of the wallet software.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: uvt9 on January 16, 2015, 03:54:44 PM
not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 16, 2015, 04:16:25 PM
well, i hope blockchain wallet not going hacked  :'(
is blockchain ever hacked once ?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Blazr on January 16, 2015, 04:18:50 PM
well, i hope blockchain wallet not going hacked  :'(
is blockchain ever hacked once ?

You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 04:21:12 PM
well, i hope blockchain wallet not going hacked  :'(
is blockchain ever hacked once ?

Yes, but it is a white hat Hacker and he returned all coins lost:

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

If you keep most of your funds online, you're pretty much asking to get hacked.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: freequant on January 16, 2015, 04:37:05 PM
I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 16, 2015, 04:54:04 PM
OP mostly FUD but good that people are aware of all the attack vectors. 
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 06:55:38 PM
OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? :)  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: cheekychap on January 16, 2015, 06:57:25 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 06:58:05 PM
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 16, 2015, 07:00:43 PM
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 07:06:13 PM
My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: sgravina on January 16, 2015, 07:09:24 PM
If it is easy then give it a try.

This attach won't work if the input address is not reused.  It gives the hacker the input private key but if that address is spent in the transaction and not reused then it can't be spent again by the attacker.

A simpler version of this attack would be to give the user a wallet which generates knowable private keys.  The attacker then watches all of addresses he has victims generate until he finds bitcoins.  This would work with any wallet the attacker was able to distribute.  Has this been attempted before?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 16, 2015, 07:21:50 PM
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. :)

Now you're cooking!

Why use Bitcoin when you can use fiat.

http://www.volusiasheriff.org/press/2011press_releases/january/110001_1_lg.jpg

Oh...you can get robbed at gunpoint...nevermind.


Oh yea, but we can use payment processors like credit cards AMEX, VISA, and Mastercard right?

Maybe go shopping at Target and...WHAT?!!?

http://cdn2.hubspot.net/hub/73316/file-512672903-png/Target_Breach_Impacted_Customers.png?t=1414187724952

http://blogs-images.forbes.com/anthonykosner/files/2014/06/target-question-venn.jpg

http://ecryptinc.com/wp-content/uploads/2014/03/Effects-of-2013-Target-Data-Breach-Infographic.jpg

Man that shit's no joke.

Damn I though you had a compelling reason, mayax, but just like this thread, very misleading...


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 16, 2015, 08:37:26 PM
OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? :)  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.



I don't have all the answers...  I assume that in the future, as
cryptocurrency becomes more popular, people will know how
to do basic things like run python scripts, similar to how most
people know how to check the oil in their car... Either that
or hire a trusted security consultant.

 


Title: Re: Bitcoin cold storage - HACKED easily
Post by: girb16 on January 16, 2015, 09:04:32 PM
Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 16, 2015, 10:57:09 PM
Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!

Do you deny they invented Tetris? Well then, hackers everywhere  ;)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: iGotSpots on January 16, 2015, 11:34:44 PM
There seems to be a lot of confusion in this thread about what is actually cold storage


Title: Re: Bitcoin cold storage - HACKED easily
Post by: infobel on January 16, 2015, 11:41:04 PM
Idiotic article/thread...

You can't actually call a not-"cold" storage, a cold storage.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: infobel on January 16, 2015, 11:46:38 PM
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. :)


Or, I can use Bitcoin just because I can, without making some old fat fart very reach for processing my Western Union transfer and taking tons of money as a fee for transferring some bytes of data over the internet.
Stop being so stubborn. I just bought 2 Steam Gift Cards with Bitcoin, just because I can, and I'm not giving my credit card information or personal information all over the internet for some small thing like those.

YOU on the other hand are the one using Bitcoin just to speculate, right now you're also very angry cause you're not rich already.

You should try using Bitcoin, it feels nice.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: deployuser on January 17, 2015, 01:02:12 AM
What steps should people take to make sure you are 100% safe when dealing with cold storage?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: cryptworld on January 17, 2015, 01:10:37 AM
I'd like to get a word from a person with knowledge,  is this really dangerous for bitcoin, or is just a theoretic xploit impossible to make real?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 17, 2015, 01:12:07 AM
What steps should people take to make sure you are 100% safe when dealing with cold storage?

get an offline wallet maybe with good antivirus and security.
only this can u do ?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 17, 2015, 01:13:19 AM
What steps should people take to make sure you are 100% safe when dealing with cold storage?

No such thing as "100% safe" in computer security, but this gets you close as possible IMO.

1. Only use hardware that has never been connected to the internet and never will be.

2a. Only use trusted wallet software

2b. even safer:  ...that you compiled yourself from source and compared the executable hash to PGP signed executables

2c. safer still: ...that you also code reviewed.

3. bonus paranoid security:  use dice, coins, or cards to generate the entropy yourself rather than relying on the computer for randomness.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: Q7 on January 17, 2015, 01:32:59 AM
I think it makes complete sense to use only wallet that you trust is safe. If you are using android system and just a quick browse on google play using "bitcoin wallet" keyword, you will find a long list of wallets. Some are yet to be submitted to github, so that is the first warning bell.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Sarthak on January 17, 2015, 03:32:00 AM
Thanks For sharing This!
If cold storage isn't safe then where do we store our coins securely? ???


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 17, 2015, 03:34:50 AM
Thanks For sharing This!
If cold storage isn't safe then where do we store our coins securely? ???

0 Kelvin storage, of course


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Sarthak on January 17, 2015, 03:37:31 AM
Quote
0 Kelvin storage, of course

What's 0 Kelvin Storage? Never Heard of it before!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 17, 2015, 03:38:34 AM
What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Sarthak on January 17, 2015, 03:40:05 AM
What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero


Lol i thought it was some wallet system and googled it  :P


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ranochigo on January 17, 2015, 03:40:15 AM
The chances of a cold storage getting hacked is fairly low if you compile it yourself, use trusted wallet software's and don't download any suspicious software. Remember to review source code and download from the trusted source and you will be fine.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 17, 2015, 04:04:49 AM
What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero


haha nice one man lel.
celcius fahrenheit bla bla bla.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Envrin on January 17, 2015, 05:05:41 AM

Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 17, 2015, 05:13:53 AM

Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.



haha who is he dude ?
scammer people ?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 17, 2015, 12:12:53 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ranochigo on January 17, 2015, 12:27:46 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 17, 2015, 05:53:50 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer. :)

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 17, 2015, 08:06:59 PM
What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer. :)

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...
https://github.com/bitcoin/bitcoin/graphs/contributors


Title: Re: Bitcoin cold storage - HACKED easily
Post by: grendel25 on January 17, 2015, 08:18:01 PM
I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 17, 2015, 09:47:10 PM
I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: spazzdla on January 17, 2015, 10:14:11 PM
Use paper wallets, many of them.  Once you import the private keys from them destroy that wallet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 17, 2015, 10:38:29 PM
I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: rax on January 18, 2015, 12:09:29 AM
Easily. Because fuck yeah.

http://i.imgur.com/0pYfwnF.png


Title: Re: Bitcoin cold storage - HACKED easily
Post by: tokeweed on January 18, 2015, 12:17:12 AM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

http://i.imgur.com/lzk5eHm.jpg


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rz20 on January 18, 2015, 12:19:39 AM
If it is so easy why don't you get the funds from primedice or from bitstamp?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: SargeR33 on January 18, 2015, 12:25:23 AM
Seems like a load of bull. This is open source, sure people can sneak code into it but it will be picked up. I'm also sure most people here now have found a wallet they trust and tested and will stick to it. I have no reason to swap wallets. I am happy with the wallet I am using and I can trust it and trust the machine I use.

If in doubt, use offline files from paper wallet websites, check the code and generate cold storage that way. If the code is clean, it is impossible for the hacker to obtain any private key since the machine used is offline, there is no leaked data and only you can have this information. Then just transfer your btc to that and store them in a safe.

This is why people don't use BTC. People who don't know what they're doing will probably get stung by a dodgy wallet or website and be deterred from bitcoin forever. Bitcoin is not user friendly.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 18, 2015, 12:28:35 AM
being "open source" is much more vulnerable than any other centralized e-currency.

True, coz nobody would put that open source linux shit on teh interwebs servers for same reason  ::)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Rum152 on January 18, 2015, 12:33:09 AM
I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.
This is not true. Having something open source means that many people can and will audit the code to ensure that it is secure. When you have something closed source and centralized you have one central point of failure and do not get this kind of testing - at least not until it is too late


Title: Re: Bitcoin cold storage - HACKED easily
Post by: tokeweed on January 18, 2015, 12:35:15 AM
If it is so easy why don't you get the funds from primedice or from bitstamp?

yup.  or hack satoshi's wallet/s.  duh.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: RoadStress on January 18, 2015, 12:57:10 AM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: newIndia on January 18, 2015, 01:00:17 AM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: smoothie on January 18, 2015, 01:07:45 AM
OP is obviously not painting a complete picture. Obviously a compromised pc or set of code can be hacked because in essence it is already hacked by it being compromised with a backdoor etc.

Problem with this guy's post is he doesn't paint a clear picture of the security that exists when code that is reviewed by the public (many parties) and how that secures people's funds from a software standpoint.

Better open sourced than closed. But oh let's not bring that up buddy lol


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Flashman on January 18, 2015, 01:45:13 AM
OP is obviously not painting a complete picture.

Well to be fair, he has neither a full set of paints, nor all the bristles still in his brush.  ;)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Agestorzrxx on January 18, 2015, 02:21:29 AM
Well, nothing is absolutely safe.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 18, 2015, 02:44:18 AM
Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ranochigo on January 18, 2015, 02:47:33 AM
Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: M28MmickT on January 18, 2015, 02:55:45 AM
zzzZZZZzzzZZZ Hacked easily  ;D i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 18, 2015, 04:23:24 AM
I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.


Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.
http://i3.kym-cdn.com/entries/icons/original/000/008/301/christian_bale_american_psycho_patrick_bateman_axe_10989289_RE_PwnzElite_has_declared_war_on_Grammar_Nazis-s400x300-173837.jpg


Title: Re: Bitcoin cold storage - HACKED easily
Post by: rio3232 on January 18, 2015, 04:29:16 AM
Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: muhrohmat on January 18, 2015, 10:22:40 AM
i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Kprawn on January 18, 2015, 11:50:28 AM
A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it} 


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Duke Of Bitcoin on January 18, 2015, 11:53:01 AM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 18, 2015, 03:35:08 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm :)

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? :)

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol




Title: Re: Bitcoin cold storage - HACKED easily
Post by: ranochigo on January 18, 2015, 03:45:46 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm :)

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? :)

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol



Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: RoadStress on January 18, 2015, 04:42:50 PM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 18, 2015, 05:40:25 PM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.



Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 18, 2015, 05:48:43 PM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Walsoraj on January 18, 2015, 05:53:39 PM
“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Klestin on January 18, 2015, 06:17:55 PM
My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: qwk on January 18, 2015, 06:29:37 PM
My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins. ;)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 18, 2015, 07:07:44 PM
Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Razick on January 18, 2015, 07:20:49 PM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 :D

http://imgs.xkcd.com/comics/security.png


Title: Re: Bitcoin cold storage - HACKED easily
Post by: seriouscoin on January 18, 2015, 10:04:41 PM
This thread sum up OP's IQ. Hint : well below 60, in "Special" zone



Title: Re: Bitcoin cold storage - HACKED easily
Post by: GrandmaJean on January 19, 2015, 06:43:24 AM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 :D

http://imgs.xkcd.com/comics/security.png
I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker


Title: Re: Bitcoin cold storage - HACKED easily
Post by: promojo on January 19, 2015, 07:07:53 AM
I will have to read this.  Thanks for the infos.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Remember remember the 5th of November on January 19, 2015, 07:12:49 AM
These articles, OP's thread tell us nothing new, it's just the same song sang differently.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dsattler on January 19, 2015, 07:39:37 AM
This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that...

As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Furio on January 19, 2015, 07:41:54 AM
Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that ;D


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Razick on January 20, 2015, 01:28:42 AM
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 :D

http://imgs.xkcd.com/comics/security.png

Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Nrcewker on January 20, 2015, 02:29:03 AM
gold, hold dollars, let us leave bitcoins..


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 20, 2015, 02:05:46 PM
Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dsattler on January 20, 2015, 02:22:33 PM
Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

I second this!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: thelibertycap on January 20, 2015, 02:33:52 PM
news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 20, 2015, 10:00:48 PM
news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan :)

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/



Title: Re: Bitcoin cold storage - HACKED easily
Post by: physicsdude on January 20, 2015, 10:15:25 PM
Yes, massive news flash: If you have hacked software on your machine your coins aren't safe.  Thanks for the enlightenment.  This article is a huge piece of FUD.

"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."


Title: Re: Bitcoin cold storage - HACKED easily
Post by: thelibertycap on January 20, 2015, 10:41:00 PM
news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan :)

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/



"The attacker must first create a compromised version of ECDSA."

so what is it about? if i use a proper binary of my wallet, my system is not compromised.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dlowings on January 20, 2015, 10:48:28 PM
Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 20, 2015, 11:16:59 PM
How can you install a backdoor in my paper wallet? I really want to know.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 21, 2015, 01:55:45 AM
How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 21, 2015, 02:03:10 AM
How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

The article has been read thoroughly by many of us who are knowledgeable and competent.
Anyone who does their due diligence to set up a cold storage wallet properly is not
going to use a compromised version of ECDSA.
 
Your trolling attempts are rather goofy, because although Bitcoin isn't perfect,
having your cold storage keys stolen is one of the LEAST likely things to happen. 


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 21, 2015, 02:07:56 AM
How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

“It's not about a backdoor”

*article title includes the words “install backdoor”*


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Ingatqhvq on January 21, 2015, 04:12:07 AM
That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ABitNut on January 21, 2015, 04:15:48 AM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 21, 2015, 01:04:50 PM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 21, 2015, 01:15:55 PM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   :D

Please lock this thread.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: turvarya on January 21, 2015, 01:44:39 PM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.
If it is so easy, than explain the steps, to get the compromissed code in any of the currently used programs. You can pick every program you like.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BillyBobZorton on January 21, 2015, 02:24:41 PM
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Unbelive on January 21, 2015, 02:55:48 PM
Every solution has a problem and every problem has a solution.

It will just go on and on. And only progress gains.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jonald_fyookball on January 21, 2015, 03:07:36 PM
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.

Agree that its not mainstream, but its not THAT hard. 
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS. 


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dsattler on January 21, 2015, 04:01:32 PM
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.

Agree that its not mainstream, but its not THAT hard. 
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS. 

Or wait for this:

https://www.indiegogo.com/projects/mycelium-entropy (https://www.indiegogo.com/projects/mycelium-entropy)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 21, 2015, 05:56:08 PM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   :D

Please lock this thread.

many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: turvarya on January 21, 2015, 07:00:41 PM
The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   :D

Please lock this thread.

many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too :)

MtGox cold wallet was just hacked, because Mark accidentally looked at it


Title: Re: Bitcoin cold storage - HACKED easily
Post by: thompete on January 21, 2015, 08:09:40 PM
Why does the title say Hacked Easily ?
I don't think that is the case. Even cold wallets which have not many transactions are rather safe.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Anillos2 on January 21, 2015, 09:04:27 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D
I don't believe that.

I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.

How someone could know my mouse movements if I type some random letters between moves.

How many paperwallets (with enough entropy) have been stolen?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: turvarya on January 23, 2015, 08:04:32 AM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D
I don't believe that.

I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.

How someone could know my mouse movements if I type some random letters between moves.

How many paperwallets (with enough entropy) have been stolen?
The whole thing is just theoretical.
A year ago or so, we got instant payment(so without PIN) via NFC for our Bank cards in Austria. There where also a theory about how to route the signal through a smartphone so a thief could pay with his smartphone on the other end.
Also not very likely to execute and a lot of effort for € 25. I just bought a protective cover that blocks the signal(and also protects my card from e.g. a magnetic field) and was done with that.
So, it might be nice, that there are people theorizing about such things, but they don't really work in the real world.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MithrilMan on January 23, 2015, 10:40:39 AM
putting the sourcecode of the critical parts of code into blockchain, and let a "smart client" compile it when downloaded, could be a way to secure a client.
a CRC checked compiled version could be used too instead of downloading and compiling (because often code rely on external references)

the trust problem is something real for bitcoin clients, there isn't a perfect solution, even downloading from the official site could be insecure and not decentralized anyway, and people who compile on their machine doesn't have to assume that since they have compiled then the client is secure, because if they rely on other dependencies (like QT libraries) then they should check that even that dll isn't compromised

i think that a good way to secure clients would be to implement a sanity check between nodes: every client should implement a protocol to find other peers that share the same client (and match the version) so they can cross check that they are using the same version and that every file match (of course this check couldn't be cross platform, every platform has its own set of files) and if the version doesn't match, then a warning should popup on the client that has less consensus over the network

I haven't thought yet about details, but I think that this could work, the network should be its own supervisor to keep behaving as decentralized (would be easy to create a service where you upload your client files and it returns if they are fine, but this would be a 3rd party service, so centralized)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: pooya87 on January 23, 2015, 03:32:37 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BADecker on January 23, 2015, 03:54:11 PM
what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. :)
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking

I'm not checking. Are you checking? Maybe the other guy is checking.

:)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Wendigo on January 23, 2015, 03:58:20 PM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BADecker on January 23, 2015, 04:16:56 PM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport.  It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.

:)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 23, 2015, 05:17:11 PM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport.  It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.

:)

Yes, the cost is be prohibitive for any small-medium company :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: freebit13 on January 23, 2015, 05:21:22 PM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 23, 2015, 06:19:12 PM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

or you don't use Bitcoin for storing your funds. you convert it to cash and you can only keep a small amount just for speculating it :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Beliathon on January 23, 2015, 08:20:45 PM
OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 23, 2015, 10:37:22 PM
OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

well, you can say that you do not agree with me but why am I stupid? because I quoted a very intelligent man, Verbücheln?

yes, anything can be backed including the shit cold wallet. this my opinion. Of course, I can have an opinion regarding to you, Beliathon too but I prefer to not say it in public :)

Verbücheln said VERY clear how it can be done.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: moriartybitcoin on January 23, 2015, 10:49:34 PM
this is of course total bullshit


Title: Re: Bitcoin cold storage - HACKED easily
Post by: HarmonLi on January 23, 2015, 10:51:53 PM
Not a real concern! It only affects systems whose way of generating the keys is already flawed! If you take a real entropy and solid hashing functions of deriving the private key, you're completely safe!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: cheekychap on January 23, 2015, 11:34:46 PM
Are all cold storages equally vulnerable or only the ones with the transactions ?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 23, 2015, 11:56:24 PM
Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: PaulPierce on January 24, 2015, 01:13:46 AM
Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

Yeah..!! turns into hot wallet I guess.!! Im not sure how the cold storage was hacked.!! some say they had left the key to it or something.!


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 24, 2015, 04:26:36 AM
Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ranochigo on January 24, 2015, 04:47:09 AM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: R2D221 on January 24, 2015, 07:33:33 AM
Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe :)

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid (https://bitcointalk.org/index.php?topic=919430.0)), how will you hack it? Please give me all the details.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: TCM on January 24, 2015, 08:27:27 AM

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid (https://bitcointalk.org/index.php?topic=919430.0)), how will you hack it? Please give me all the details.

Since he doesn't even understand the article he linked to, that question should be viewed as purely rhetorical.

"If you try all possible private keys, you can clean out ALL WALLETS IN EXISTENCE!!1 News at 11!"


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Medow on January 24, 2015, 08:58:05 AM
Hi:

Do you think that a 64 letter password phrase wallet is better than cold storage?

Is it possible to extract a private key or import my wallet to any program if i secure it with that kind of password?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: TCM on January 24, 2015, 09:00:38 AM
The length of your password doesn't matter if you have a keylogger on your machine. Nothing is more secure than a cold wallet. The key is using trusted software for the cold wallet.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: XeloriA on January 24, 2015, 11:09:41 AM
huhu..thanks for the information :D


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 26, 2015, 02:28:13 AM
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

the online wallets are not safe


Title: Re: Bitcoin cold storage - HACKED easily
Post by: campycoin on January 26, 2015, 03:48:21 AM
You need to create cold storage wallets and put maybe a bitcoin in each wallet.  You do this when you are not connected to the internet of course. So, yes, you might need 10 wallets with 1btc each. Then when you need to spend, dump the entire 1btc into an online wallet and use it as pocket change or spending money.

It says in the OP that hackers get the info from one pay transaction... the thing is... you don't ever want to make more than one trx from your cold storage, otherwise yeah, you could get nipped.  It is kinda like saying if you go to the ATM 6x a day, you probably have a better chance of getting robbed then if you went just once, right before you bought something


Title: Re: Bitcoin cold storage - HACKED easily
Post by: dsyahputera on January 26, 2015, 04:31:26 PM
How about deep cold storage like this one provided by Xapo? Any comments?

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process.  But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems.  The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: MrTeal on January 26, 2015, 04:53:20 PM
How about deep cold storage like this one provided by Xapo? Any comments?

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process.  But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems.  The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.
That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Lauda on January 26, 2015, 05:54:53 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 26, 2015, 06:43:20 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 26, 2015, 06:58:05 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude. 

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: sethminer14 on January 26, 2015, 07:34:53 PM
So what everybody needs to realize is that if you don't have the common sense to take proper precautions, you will get hacked.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 29, 2015, 05:36:39 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude. 

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.

who established ? :) 


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 29, 2015, 05:46:17 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude. 

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.

who established ? :) 

Carlos Rienzi, head of Security at Xapo:

https://blog.xapo.com/xapo-responds-to-coindesk-article-on-susceptibility-to-backdoor-attack/

Your myth has been debunked.

BUSTED!     ;D


Title: Re: Bitcoin cold storage - HACKED easily
Post by: mayax on January 29, 2015, 05:49:53 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude.  

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.

who established ? :)  

Carlos Rienzi, head of Security at Xapo:

https://blog.xapo.com/xapo-responds-to-coindesk-article-on-susceptibility-to-backdoor-attack/

Your myth has been debunked.

BUSTED!     ;D

final words : "we believe that our deep cold storage architecture offers the highest levels of bitcoin storage security available by any bitcoin company."

why do you show me ADVERTING? :)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ChuckBuck on January 29, 2015, 06:12:02 PM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude.  

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.

who established ? :)  

Carlos Rienzi, head of Security at Xapo:

https://blog.xapo.com/xapo-responds-to-coindesk-article-on-susceptibility-to-backdoor-attack/

Your myth has been debunked.

BUSTED!     ;D

final words : "we believe that our deep cold storage architecture offers the highest levels of bitcoin storage security available by any bitcoin company."

why do you show me ADVERTING? :)


Not sure what ADVERTING is, but whatever Xapo is selling, I'm buying.   ::)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: koelen3 on January 31, 2015, 06:50:57 PM
So i read the whole post and to find out here afterwards that it was fake  :'(
THough it is good that it was fake , would have costed me lot of work to make them more safe


Title: Re: Bitcoin cold storage - HACKED easily
Post by: SargeR33 on February 01, 2015, 10:21:08 AM
Since getting into bitcoin, I have never seen anything so full of made up FUD just to try push people out.

This is the same as when a new player joins an online game. He is bulled, threatened and made to feel weak until they eventually leave the game.

The problem I see with bitcoin is there are too many people who's intention is to push people away from bitcoin.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BitNerd on February 01, 2015, 10:39:40 AM
there are many hacking reports daily.


Where can we see those reports?


Title: Re: Bitcoin cold storage - HACKED easily
Post by: piramida on March 17, 2015, 03:52:02 PM
there are many hacking reports daily.


Where can we see those reports?

In OPs heavily hallucinating brain :) I guess it's scary to live your life when you don't understand anything you read, as is the case with OP. To him, most probably reading an article that "eating dangerous substances can sometimes lead to death" equals to a summary of "eat = die". I feel sorry for him.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: kingofbitcoin on January 27, 2016, 07:59:59 AM
I just want to share with you guys my story which is also in my avatar.
First I learned about bitcoin in early 2013 and immediately fall in love with it.
I kept all my BTC in blockchain wallet, an online wallet. My bad as I opened it even in my work PC (full of spyware or viruses) so I was stolen my private key from some hacker ,trojan, or backdoor program.

I immediately after then, started using MULTIBIT CLASSIC in LINUX (not a single problem from more than 1 year) I just upgraded yesterday to a new laptop with LINUX mint latest and MULTIBIT HD which has better security.

Whats the risk of my BTC and private keys to be stolen? I think its low ,but what are they in % (using LINUX adds a lot of chances to not getting hacked easily , still possible though) ???


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Lauda on January 27, 2016, 08:04:01 AM
I kept all my BTC in blockchain wallet, an online wallet. My bad as I opened it even in my work PC (full of spyware or viruses) so I was stolen my private key from some hacker ,trojan, or backdoor program.
Whats the risk of my BTC and private keys to be stolen? I think its low ,but what are they in % (using LINUX adds a lot of chances to not getting hacked easily , still possible though) ???
Even though you kind of made a relevant post, you still revived a very old threads for no good reason. Nobody can tell you a chance in %; exact chances in these cases can not be calculated to the high amount of variables. It is certainly possible to get hacked but is rather improbable. It depends solely on you, not anyone else. If you want to be even more sure then use a system solely for running Bitcoin.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: racquemis on January 27, 2016, 09:17:21 AM
I just want to share with you guys my story which is also in my avatar.
First I learned about bitcoin in early 2013 and immediately fall in love with it.
I kept all my BTC in blockchain wallet, an online wallet. My bad as I opened it even in my work PC (full of spyware or viruses) so I was stolen my private key from some hacker ,trojan, or backdoor program.

I immediately after then, started using MULTIBIT CLASSIC in LINUX (not a single problem from more than 1 year) I just upgraded yesterday to a new laptop with LINUX mint latest and MULTIBIT HD which has better security.

Whats the risk of my BTC and private keys to be stolen? I think its low ,but what are they in % (using LINUX adds a lot of chances to not getting hacked easily , still possible though) ???

Opening your online wallet on a PC full of viruses isn't the smartest thing to do... i never use any online wallet though. I only use software wallets, password protected.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: kingofbitcoin on January 27, 2016, 09:24:25 AM
Thats why I bought a HP PAVILION DV 7 with only LINUX and only WALLETS in it. Don't intend to use it for anything else. Thanks for your answers.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: elizabethqueen on January 27, 2016, 02:34:37 PM
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. :)

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    ;D
talk about bitcoin most secure storage,i think its depending how we secure our device too,cold storage maybe not safest way to keep your bitcoin,but i think its better than use only online wallet to store your big mount of your bitcoin.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: jethrorn99 on January 27, 2016, 03:42:58 PM
How's that could happened ?

It's going to happen only if there's malware or other program that could do that.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: BellaBitBit on January 27, 2016, 03:49:03 PM
So the only truly safe to store Bitcoin is on paper wallet?  Storage of Bitcoin is one of my least favorite parts about Bitcoin, some of it is over the head of the average user that is not super technical.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: NorrisK on January 27, 2016, 04:12:35 PM
If that was the case than why aren't the exchanges hacked more often? Or large holders keeping their coins safe on paper?

Maybe it is time for everybody to switch to hardware wallets though.


Title: Re: Bitcoin cold storage - HACKED easily
Post by: ABitNut on January 27, 2016, 11:42:30 PM
This topic should not have been resurrected. There was little useful discussion in it to start with and it only got worse.

https://i.imgflip.com/y5cy1.jpg (https://imgflip.com/i/y5cy1)


Title: Re: Bitcoin cold storage - HACKED easily
Post by: russian_pete on January 27, 2016, 11:52:43 PM
"Nevertheless, the possibility that one of the core cryptographic algorithms underpinning bitcoin could be cunningly compromised, allowing a thief to pick the lock of even the most secure addresses, presents a chilling scenario."

OMG

Isn't there any way around this flaw??


Title: Re: Bitcoin cold storage - HACKED easily
Post by: Windpower on January 27, 2016, 11:57:25 PM
Well what do you say is safer than cold storage? Oh yeah, put all your Bitcoins in an online wallet. This is just stupid.