chrysophylax
Legendary
Offline
Activity: 2828
Merit: 1091
--- ChainWorks Industries ---
|
|
August 02, 2015, 01:59:32 PM |
|
Sorry , I misunderstood , The Hack weren't trough Axiom's miner , it was elsewhere..
o ok ... and im assuming this is windows ... again ... :| ... #crysx
|
|
|
|
mitchellmint
Legendary
Offline
Activity: 1139
Merit: 1000
TRUSTplus Dev
|
|
August 02, 2015, 02:31:10 PM |
|
I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...
not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area. Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.
getting closer? make sure you add this to your conf file rpcallowip=127.0.0.1 There are people out there that ping the nodes and try the blogged username and passwords. It only takes a couple seconds before you loose everything once they have RPC access.
|
Buy TRUSTplus. We are building a Financial Platform.
|
|
|
ozboy2014
|
|
August 02, 2015, 02:39:28 PM |
|
I don't have a .conf in my directory... still getting 55 connections and staking though.. is ther aneed for the config file?
|
|
|
|
hashbrown9000
|
|
August 02, 2015, 02:49:18 PM |
|
I take it the minerd from the original post is still safe?
|
Pinkcoin: ETH: VTC: BTC:
|
|
|
ozboy2014
|
|
August 02, 2015, 03:05:33 PM |
|
I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...
not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area. Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.
getting closer? make sure you add this to your conf file rpcallowip=127.0.0.1 There are people out there that ping the nodes and try the blogged username and passwords. It only takes a couple seconds before you loose everything once they have RPC access. So binding the above ip and using alphanumeric user name and password should be sufficient?
|
|
|
|
jc12345
Legendary
Offline
Activity: 1638
Merit: 1013
|
|
August 02, 2015, 03:05:51 PM |
|
Even with that, can't some hacker just generate a rainbow table? They would compare their rainbow table to the blockchain, and when they get a match, just import the private key into their wallet and steal those coins? Or would that be too unwieldy?
http://directory.io <-- bitcoin http://buttcoins.com <-- bitcoin, clamcoin, dogecoin, litecoin Start searching. Those websites contain every possible address and private key. Those sites are probably fake or maybe contains only a tiny fraction of the keyspace. It is not possible to create a rainbow table for Bitcoin with today's technology. It will take too much time and energy and storage space. There are so many links to quote where people have already answered why this is not possible at this point. Just google it. Ill past a few: Link 1Link 2Link 3Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan. You dont have a clue what you are talking about regarding public/private key cryptography do you? I guess this also applies to you. Are you sure you have no signs of a trojan on your system? Upload your wallet and minerd again and compare the virustotal hashes. https://bitcointalk.org/index.php?topic=1135151.msg12024102#msg12024102
|
|
|
|
keesdewit
|
|
August 02, 2015, 03:23:11 PM Last edit: August 02, 2015, 03:45:12 PM by keesdewit |
|
Sorry , I misunderstood , The Hack weren't trough Axiom's miner , it was elsewhere..
Did you had the RPC or P2P port exposed to the internet? What address were the coins sent to?
|
|
|
|
keesdewit
|
|
August 02, 2015, 03:27:26 PM |
|
I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...
not so long i lost all my crave and various ppl are reporting of different hack on different coins getting stolen. funny thing is i believe there is some sort of 0day exploit as recently malwarebyte blocked one IP trying to remote control axoim running wallet. maybe someone with skills could explore that area. Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan.
getting closer? I have the same thoughts. Somehow the axiom wallet has a vulnerability but I am not sure what. Looking through the sourcecode now to see if I can find unchecked buffers or other vulnerabilities.
|
|
|
|
keesdewit
|
|
August 02, 2015, 03:30:29 PM Last edit: August 02, 2015, 03:48:56 PM by keesdewit |
|
Even with that, can't some hacker just generate a rainbow table? They would compare their rainbow table to the blockchain, and when they get a match, just import the private key into their wallet and steal those coins? Or would that be too unwieldy?
http://directory.io <-- bitcoin http://buttcoins.com <-- bitcoin, clamcoin, dogecoin, litecoin Start searching. Those websites contain every possible address and private key. Those sites are probably fake or maybe contains only a tiny fraction of the keyspace. It is not possible to create a rainbow table for Bitcoin with today's technology. It will take too much time and energy and storage space. There are so many links to quote where people have already answered why this is not possible at this point. Just google it. Ill past a few: Link 1Link 2Link 3Rainbow tables can still be usefull for weak private keys. As I have read the private key can be a sha256 hash of every possible (non zero) input. Now if you take a dictionary of common words there is a change of hitting a valid private key. Like for example 'sausage' if you hash the string 'sausage' and import the (base58 encoded) outcome in your bitcoin wallet you will see that it was used. They are als usefull for keys generated with weak random number generators (like in Android or Java). I investigated the hack where I lost my coins and I do not think it was done with a trojan. My geuss is that the axiom wallet rpc interface is vulnerble for buffer overflow or maybe it uses a weak random generator. I am still investigating it, but my network logging does not show signs of a trojan. You dont have a clue what you are talking about regarding public/private key cryptography do you? I guess this also applies to you. Are you sure you have no signs of a trojan on your system? Upload your wallet and minerd again and compare the virustotal hashes. https://bitcointalk.org/index.php?topic=1135151.msg12024102#msg12024102I do know what I am talking about regarding cryptography, it is part of my daily job. Explain to me what is wrong with my explanation if you know it better. Let me explain the sausage example (all uncompressed): SHA256(sausage) = 30caae2fcb7c34ecadfddc45e0a27e9103bd7cfc87730d7818cc096b1266a683 BASE58(30caae2fcb7c34ecadfddc45e0a27e9103bd7cfc87730d7818cc096b1266a683) = 5JBmuBc64pVrKLyDc8ktyXJmAeEwKQogn6jsk6taeq8zRMtGZrE Now the derived public key will be 1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ Check the block explorer: https://blockchain.info/address/1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZThe result, a public and private key based on the word 'sausage': 1TnnhMEgic5g4ttrCQyDopwqTs4hheuNZ 5JBmuBc64pVrKLyDc8ktyXJmAeEwKQogn6jsk6taeq8zRMtGZrE Now tell me, where am I wrong?
|
|
|
|
cyberspacemonkey
Legendary
Offline
Activity: 1288
Merit: 1002
|
|
August 02, 2015, 03:33:21 PM |
|
So many people have gotten hacked . Good thing I run my miner on a different computer than my wallet and I always encrypt no matter what.
|
|
|
|
Anonyme
|
|
August 02, 2015, 03:37:42 PM |
|
So the dumper at trex is hacker not whale?
|
|
|
|
jc12345
Legendary
Offline
Activity: 1638
Merit: 1013
|
|
August 02, 2015, 03:44:27 PM Last edit: August 02, 2015, 03:57:00 PM by jc12345 |
|
I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.
Ok, answer the following for me: 1) Can you tell me the key length of the private key of a wallet? 2) Can you tell me who "chooses" the private key - the "wallet" or the user? 3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing if he actually decides to encrypt his wallet? 4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key by using the wallet password if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to? My question in point 4 is what you are in fact saying is possible in your argument.
|
|
|
|
go6ooo1212
Legendary
Offline
Activity: 1512
Merit: 1000
quarkchain.io
|
|
August 02, 2015, 03:47:36 PM |
|
It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...
EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...
|
|
|
|
antonio8
Legendary
Offline
Activity: 1386
Merit: 1000
|
|
August 02, 2015, 03:50:32 PM |
|
It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...
EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...
For myself, just curious, and others who might want to know. Did you get the name of the trojan? EDIT: It might others who were infected also.
|
If you are going to leave your BTC on an exchange please send it to this address instead 1GH3ub3UUHbU5qDJW5u3E9jZ96ZEmzaXtG, I will at least use the money better than someone who steals it from the exchange. Thanks
|
|
|
ajw7989
Legendary
Offline
Activity: 924
Merit: 1000
|
|
August 02, 2015, 03:52:11 PM |
|
All this wallet hacking got my nervous I just encrypted my wallet and added the local rpc. I run mine off a server right now for staking purposes and to have the wallet on 24/7.
|
|
|
|
go6ooo1212
Legendary
Offline
Activity: 1512
Merit: 1000
quarkchain.io
|
|
August 02, 2015, 03:54:09 PM |
|
It was definitely a troyan to me, I found it and cleaned it , but it was too late. It have been archived almost every single wallet.dat in my appdata folder. I moved the unharmed coins to brand new wallet.dat encrypted files...
EDIT: Yes I had rpc ports exposed to the network for solo mining , of course ...
For myself, just curious, and others who might want to know. Did you get the name of the trojan? EDIT: It might others who were infected also.
|
|
|
|
MickGhee
Legendary
Offline
Activity: 1386
Merit: 1000
Fucker of "the system"
|
|
August 02, 2015, 03:55:49 PM |
|
I got hacked today through one of axioms CPU miners. Beware mates , all the appdata content were downloaded...
thats why i dl only from op sad to say but you risk a lot when u trust a stranger from the internet
|
Last night, while you were sleeping. I fucked the system!
|
|
|
keesdewit
|
|
August 02, 2015, 03:56:55 PM Last edit: August 02, 2015, 04:48:56 PM by keesdewit |
|
I do know what I am talking about regarding cryptography, it is my job. Explain to me what is wrong with my explanation if you know it better.
Ok, answer the following for me: 1) Can you tell me the key length of the private key of a wallet? 2) Can you tell me who "chooses" the private key - the "wallet" or the user? 3) At which point does the redundancy of the language come into play - a) upon private key generation or b) when a user decides to encrypt his wallet with a password of his choosing? 4) After you have explained 1-3 can you explain the relevance of the users wallet password and redundancy of a language to the private key in the wallet and how you will derive the private key of the private/public key pair from the public key if you happen to obtain the users wallet password from a rainbow table of some sorts that you are referring to? Sure I can: 1) The lenght is 256 bit or 32 bytes if you like, which results in 16^64 or 2^256 possibilities. 2) The input for the hash function that produces the private key can be from human input or from a (strong) random generator (that is built into the wallet) 3) If I understand this question right (bit of a language barrier): In both situations 4) It is not about getting the users wallet password with a rainbow table. See answer 2 where it is possible to have human input (so called brain wallet) for the hash function that results in the private key. Those can be brute forced with a rainbow table. Also see the details of the sausage example.
|
|
|
|
go6ooo1212
Legendary
Offline
Activity: 1512
Merit: 1000
quarkchain.io
|
|
August 02, 2015, 04:02:39 PM |
|
The strange thing to me was that one of the stollen wallets was unlocked only for staking. IDK how the thief got that one - it was fully encrypted ...
|
|
|
|
MemberCount+1
|
|
August 02, 2015, 04:04:01 PM Last edit: August 02, 2015, 04:17:23 PM by MemberCount+1 |
|
which miner? from the first page https://mega.co.nz/#!MQ8nkA7C!geDKX8ROONKzQrDYL96KLfJTwPNI3AK5SdtPxjz5E-8 ?
|
|
|
|
|