Show Posts
Quote
It is reported that the website's backend has a backdoor that sends the private keys generated across the Internet to its servers.
This is not correct. Based on this misconception, many people have suggested loading the page, unplugging your network (or disconnecting wifi), and then generating a secure address.
Your money will be stolen.
The way the hack works is fairly simple: search for a variable called sha256_test. It is lazily disguised as some sort of a unit test, but in fact it's just an array of 60 pre-generated public address / private key pairs. To keep from being too obvious, they are encoded with base64 rather than base58check:
Code:
var sha256_test = [{
pub: "MUJ3a0g1cEt5WlN5cWpncERxRjlMV1BZaW5FMjg2Rjl6WA==",
priv: "NUtCaHVra1E4TUxkd0ZIbUpCc3hCMXoxUVhLNWMzalQzUkRoQTZZUjFrZ1F5d00xM3ZG"
}, {
pub: "MUtxcm5ja3BkRktiYktNTGlYTDU1RGJDMVdjMURuVHhDWg==",
priv: "NUpTVEMyOW1OOXJjWXE5a3lnR3pLNXpQNTJIZXVjeW5uRW5xR0RBaGpHR2dzamptYjZo"
}, {
pub: "MUFxVlZrcGpqb2JZM0pYbnRkSGZkeTdmTXRrbThBVW1kZA==",
priv: "NUpTU2ZFVWJiRUZFWUpVc0Q5clo4VlUxc3NLcVNvYUtRYkp2Rlk4NTRxd1k1amlSZ2dw"
// etc
Go to a site like base64decode.org and you can easily see these are addresses and private keys.
These addresses are generated on the server when you load the page. Disconnecting your network won't help -- the server already has all the public/private keys, because it generated them.
The perpetrators just keep a list of all the addresses they've ever handed out, and watch the transaction log. Most of the addresses will never be used, but when one of them gets a big enough balance they clean it out.
