Bitcoin Forum
November 18, 2024, 10:43:24 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: (Almost sure)brainwallet.org stole 22BTC from me  (Read 7225 times)
flock123
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
August 08, 2015, 06:41:19 AM
 #21

22btc BTC was not a little, I guess happens hack in brainwallet.org   Undecided
Holliday
Legendary
*
Offline Offline

Activity: 1120
Merit: 1012



View Profile
August 08, 2015, 06:54:16 AM
 #22

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

If you aren't the sole controller of your private keys, you don't have any bitcoins.
bitbaby
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1000



View Profile WWW
August 08, 2015, 07:37:13 AM
 #23

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

Exactly, and the all the useless posts that usually accompany such sad events saying the victim should have done this or that, or used this other wallet, or they were foolish for using said wallet, or site, will not change this basic fact. Until a secure wallet can be developed that doesn't take a month of hard core research to figure out all the ins and outs before using, the average Joe will stay away.



Downloading Electrum and installing it doesn't require any hard core research and making offline cold storage wallets with it or with downloaded bitaddress doesn't take any hard core research either, if you're too careless with your money and use online tools to generate addresses or store funds in online wallets than sooner or later you'll get robbed, it's same like keeping your fiat with unknown strangers and expecting that they don't steal it.

Any average Joe who's familiar with Computers and Internet can easily maintain Cold storage wallets for bigger funds and a Hot wallet for day to day expenses, it's not the problem of bitcoin, it's just that people take things too lightly.

Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
August 08, 2015, 07:45:19 AM
 #24


This could be likely, however I just tried loading https://brainwallet.org and it just loads two words: 'Closed Permanently'

Who knows whats happening, but being closed permanently sounds like brainwallet.org is done.

It should be closed permanently long time ago. It was scam written all over it :/
So dangerous way to use secure bitcoin
Dire
Member
**
Offline Offline

Activity: 112
Merit: 10

Crypto-Games.net: DICE and SLOT


View Profile
August 08, 2015, 08:08:18 AM
 #25

Is there any way to know the total funds gone from the whole Brainwallet site? Or is this just one instance? Because if it's everyone's Brainwallet then that's just terrible. A big heist in fact.

Is that what this is?
uknohowwedo
Full Member
***
Offline Offline

Activity: 166
Merit: 100


View Profile
August 08, 2015, 08:11:01 AM
 #26

never heard of brain wallet but its possible this guy just lost the coins and is using this as a sympathy bait for handouts
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
August 08, 2015, 08:11:52 AM
 #27

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security.

Average Joe wont do that  Undecided.

Like it or not, we will have bitcoin banks (we already have Coinbase etc but that is just the beginning.)



@ Dire

everyone's Brainwallet. the user is the problem.

Denker
Legendary
*
Offline Offline

Activity: 1442
Merit: 1016


View Profile
August 08, 2015, 08:24:00 AM
 #28

Ouch 22 BTC is really no small loss. Hope OP that this hadn't been your complete holdings. Always makes me sad reading threads like this and I feel sorry for OP. Will follow the discussion on reddit about brainwallet.Really bad news.
NorrisK
Legendary
*
Offline Offline

Activity: 1946
Merit: 1007



View Profile
August 08, 2015, 08:28:42 AM
 #29

See this as well:
    
"Why I'm releasing a brainwallet cracker at DEFCON 23"
https://bitcointalk.org/index.php?topic=1147035.0


OP, in light of the above link, it is possible that your "phrases" were not complex enough.

How about the brainwallets created by electrum? Or is the method they use secure enough compared to where people can choose their own "random" brainwallet?
project_aLice
Member
**
Offline Offline

Activity: 112
Merit: 10

No Risk No Fun


View Profile
August 08, 2015, 08:31:31 AM
 #30

I feel sorry for you. Maybe it's impossible to take back those bitcoins, that stealer could exchange those btcs into real money, so keep patient and be careful in the next time

▲▼▲▼▲▼▲▼  No.1 Bitcoin Binary Options and Double Dice  ▲▼▲▼▲▼▲▼
████████████████████████████████  sec◔nds trade  ████████████████████████████████
↑↓ Instant Bets ↑↓ Flexible 1~720 minutes Expiry time ↑↓ Highest Reward 190% ↑↓ 16 Assets [btc, forex, gold, 1% edge double dice] ↑↓
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
August 08, 2015, 08:35:16 AM
 #31

Video - Brainwallets:

https://www.youtube.com/watch?v=fBOWAqmS7qY

tautvilis (OP)
Full Member
***
Offline Offline

Activity: 179
Merit: 100


View Profile
August 08, 2015, 10:23:28 AM
 #32

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.
Honeybooboo
Sr. Member
****
Offline Offline

Activity: 354
Merit: 250


View Profile
August 08, 2015, 10:35:36 AM
 #33

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

IF people use weak passwords then you can say goodbye to the money in your online banking too. People need to really step up their game with security and 2-factor is a must at minimum.
cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1252


View Profile
August 08, 2015, 12:43:39 PM
 #34

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Maybe someone accessed that notepad with all your keys?
Anyway, i never trusted anything but Bitcoin Core, too paranoid to get on the other stuff until some years from now when everything is more tested and proven.
tautvilis (OP)
Full Member
***
Offline Offline

Activity: 179
Merit: 100


View Profile
August 08, 2015, 01:06:20 PM
 #35

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Maybe someone accessed that notepad with all your keys?
Anyway, i never trusted anything but Bitcoin Core, too paranoid to get on the other stuff until some years from now when everything is more tested and proven.
I don't think he done that because there were(and still is) private keys with even more BTC.
Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1006



View Profile
August 08, 2015, 01:37:50 PM
 #36

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Smashing your hand on your keyboard isn't really that random, there are patterns that can be predicted. It is very possible somebody cracked your key, as mentioned in this thread new brainwallet cracking software has recently came out and many people are trying lots of different password lists and keybaord patterns etc. It is possible that the brainwallet.org code was changed and the owner stole the BTC that way (another reason brainwallets are so dumb) but nobody has presented any proof of that. Password cracking techniques are quite advanced, pretty much anything you come up with that you think is random can be predicted. I am always shocked by the kinds of passwords people are able to crack, just because it's long and looks random doesn't mean it is uncrackable at all, I seen someone crack a 120+ character salted hash in a couple of hours..

deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
August 08, 2015, 02:11:22 PM
 #37

Brainwallet itself is javascript that is in itself pretty inocuous, however it started with piss poor hash-your-passphrase that let many dummies loose their money. Then it also had a very poor random number implementation for generating non "brain" addresses that had to be pointed out to the author. It earned a "not to ever be taken seriously" badge-of-honor almost immediately.

The real danger is when you put it up on the web where the interface or code can be hacked and replaced with anything without the end user knowing. Putting a keygen on the web should never have been done, besides that the addresses and privkeys are also traveling to you through an unsecure pipe and you are getting added to the webserver's logs.


I have some Python code linked in my signature that does just one thing - make you a single good offline bitcoin address that doesn't rely on a user's idea of a secure brain-phrase. I've only advocated that you run it from a live cd, verify the program's hash posted here (would require hacking me in two very different ways to falsify), and unplug from the internet before you generate keys - maybe even unplug your hard drives first just to be idiot-proof.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
August 08, 2015, 02:24:01 PM
 #38

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

To be realistic, no you're not average.  You're quite bright.  On the other hand, the average person may be reasonably responsible, but is relatively ignorant and unmotivated.   Sad but true.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
August 08, 2015, 02:28:44 PM
 #39

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

IF people use weak passwords then you can say goodbye to the money in your online banking too. People need to really step up their game with security and 2-factor is a must at minimum.

No.

weak passwords are less dangerous in banking since 1. they cannot be brute forced easily (my bank will lock me out after only THREE bad attempts) 2. fraudulent transactions are often recoverable.

With Bitcoin, extreme brute forcing is possible.  almost no limits on this, which is why super strong supercomputer-resistant passwords are a must...and there is little to zero recourse if you do get breached.

2fa is applicable to third party services which shouldn't be used anyway for big amounts.

tautvilis (OP)
Full Member
***
Offline Offline

Activity: 179
Merit: 100


View Profile
August 08, 2015, 02:29:07 PM
 #40

I seen someone crack a 120+ character salted hash in a couple of hours..
That one seems totally fake.
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!