Can Bitcoin be hacked and what will be the result if it happens?

[jabo38]

the protocol itself is pretty safe

all the third parties running on it, not so much

[Btcvilla]

the protocol itself is pretty safe

all the third parties running on it, not so much

Thats why I always say to trust only your self with your Bitcoin, its only a matter of time till Coinbase or Circle gets hacked.

[ZeroTheGreat]

So Bitcoin system can be called as the triumph of maths and cryptography?

Nope. Cryptocurrencies can. Bitcoin — just first and so far most popular and "big" product of technology with its own strengths and weaknesses

[lucasjkr]

I understand a lot of things. Like that public key encryption depends on random number generators. And that random number generators can either be hardware or in software. A VM, without a paravirtualized driver to access a hardware RNG, needs to depend on a software RNG. And entropy can be a real issue for virtual machines.

Your video explains how secure bitcoin can be by virtue of the large keyspace, where a random number generator helps you generate a key from anywhere within that keyspace. But it doesn't address my question, where keys are generated on a platform that might not have access to true random numbers.

From: http://log.amitshah.net/2013/01/about-random-numbers-and-virtual-machines/

On a system without any special hardware, Linux seeds its entropy pool from sources like keyboard and mouse input, disk IO, network IO, and any other sources whose kernel modules indicate they are capable of adding to the kernel’s entropy pool.

For servers, keyboard and mouse inputs are rare (most don’t even have a keyboard / mouse connected).  This makes getting true random numbers difficult: applications requesting random numbers from /dev/random have to wait for indefinite periods to get the randomness they desire (like creating ssh keys, typically during firstboot.).
...
Virtual machines are similar to server setups: there is very little going on in a VM’s environment for the guest kernel to source random data.  A server that hosts several VMs may still have a lot of disk and network IO happening as a result of all the VMs it hosts, but a single VM may not be doing much to itself generate enough entropy for its applications.  One solution, therefore, to sourcing random numbers in VMs is to ask the host for a portion of the randomness it has collected, and feed them into the guest’s entropy pool.  A paravirtualized hardware random number generator exists for KVM VMs.  The device is called virtio-rng, and as the name suggests, the device sits on top of the virtio PV framework.  The Linux kernel gained support for virtio-rng devices in kernel 2.6.26 (released in 2008).  The QEMU-side device was added in the recent 1.3 release.

Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.

My question is still open.

[BillyBobZorton]

Bitcoin within itself cannot be hacked, theoretically yes, practically no. What can be hacked tho, is people's computer if they don't take care of it. That's how Bitcoins get stolen. The system itself is bulletproof.

[Klestin]

Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.
My question is still open.

Cryptographically secure random numbers are used in a wide variety of computer security systems.  It really isn't rocket science to do it correctly.  The developers in question simply didn't do their job correctly.  If you'd like to be even more stringent, there are several deterministic wallet solutions that use real-world (physical) entropy for the random seed.  

[galbros]

the protocol itself is pretty safe

all the third parties running on it, not so much

I think this is a pretty good summary.  Sites like directory.io, which creep me out even though it has been discredited, suggests there's some potential issues that we haven't seen yet.  But overall Bitcoin is pretty solid.

[lucasjkr]

Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.
My question is still open.

Cryptographically secure random numbers are used in a wide variety of computer security systems.  It really isn't rocket science to do it correctly.  The developers in question simply didn't do their job correctly.  If you'd like to be even more stringent, there are several deterministic wallet solutions that use real-world (physical) entropy for the random seed.  

Yea. Wee still passing the buck, though. "Developed weren't strungent". YaDa yada yada. Point being that random numbers are only as random as the computer has random inputs; virtual machines are terrible entropy wise.

Yes, implemented correctly, Bitcoin is very strong. But an attaxker wnt attack the strongest point, they'll attack the weakest; I'd wager that any implementation running on a VM is going to have a lot more potential vulnerabilities, whether it's memory dumps or recreating the pool of entropy sources in order to "back into" the private keys.

That goes for services running in VM's, VMs that people create as pseudo cold storage devices or even (and ill have to read up more) keys generated on Tails live Cd's now that electrum is included.

It's easy to look at the reference white papers and say "implemented correctly, Bitcoin is as close to 100% secure as is possible", but know that no attacker will attack the strongest point. We need to review examine and discuss all of the weakest links and see how vulnerable those point are, and bring those to peoples attention so they know to avoid those.

The android RNG flaw for example; everyone assumed that Googke wouldn't release shoddy code like that, so android was trusted, people only looked above that later, it was inly after a lot of coins went missing that people realized that the platform itself was the problem.