Bitcoin Forum
November 15, 2019, 06:12:47 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
Author Topic: (Almost sure)brainwallet.org stole 22BTC from me  (Read 6734 times)
kingcolex
Legendary
*
Offline Offline

Activity: 2016
Merit: 1214


First 100% Liquid Stablecoin Backed by Gold


View Profile
August 10, 2015, 03:06:27 PM
 #81

From now and on, please use those which are open sourced and could be run locally.
Generating a private key on a website is a big no..
this would apply too to those vanity address provider..
we should always consult back to the basic law.. there is a very good reason it was called a private key..
Especially never put anything over half a coin on a web wallet that has the private key and you don't. It is ridiculous this keeps happening.

The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504


I prefer Zakir over Muhammed when mentioning me!


View Profile WWW
August 10, 2015, 04:31:33 PM
 #82

There are so many varied opinion and arguments here, but the facts remain, there's a new article about people losing money to a web wallet, or a service, or such every other day.

Isin't it about time people start learning that coalescing BTC to centralized security is just lowering the security of (and probably theirs) Bitcoin?

It was not the problem of Brainwallet.org. It was hacked obviously because the passphrase was weak. Regardless, I don't understand why are you mentioning centralized when it is about Brainwallet.org. Please don't spam!

As far as i know, Brainwallet.org is a web resource, which is centralizing your Bitcoin (your security is being weakened and made more easily attackable because of).
Web resources are constantly getting hacked, so yes, even though a web resource can be properly secured and maybe Brainwallet.org was, it still has the big vulnerability of coalescing BTC into one vulnerable environment.

Then again maybe it wasn't. I can't personally vouch that Brainwallet.org's deterministic algorithm was secure, or that there was no security vulnerability on their side, or exploits, or was legit.

So yes this is centralizing your Bitcoin security/vulnerability.

It is a website of a bundle of tools which can also be used locally. You can download it and run it offline locally. You can also load it online and then turn off internet connection. This is not a online wallet or something. Brainwallets are hacked because of the poor/weak passphrases used.

If using a tool is centralizing Bitcoin's security, then I am sorry for you!

From now and on, please use those which are open sourced and could be run locally.
Generating a private key on a website is a big no..
this would apply too to those vanity address provider..
we should always consult back to the basic law.. there is a very good reason it was called a private key..
Especially never put anything over half a coin on a web wallet that has the private key and you don't. It is ridiculous this keeps happening.

If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
August 10, 2015, 04:41:59 PM
 #83

Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504


I prefer Zakir over Muhammed when mentioning me!


View Profile WWW
August 10, 2015, 04:54:10 PM
 #84

Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

If you use a strong passphrase for your brainwallet, then it is definitely better than Xapo. Well, if you are taking about Brainwallet.org, then still, I am firm with my words! I have used it many times! It may not be secure enough to use Brainwallet.org online though.

Btw, Brainwallet.org and brainwallet are two different things. So please do specify correctly when you are talking!

VirosaGITS
Legendary
*
Offline Offline

Activity: 1190
Merit: 1063



View Profile
August 10, 2015, 05:09:20 PM
 #85

If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

That's why i called it a web resource. It's a bit like using vanity gen. Even if the software is 100% legit, the address generated is inherently less secure than a completely random one. And the common mortal is not apt to judge whether what they are doing is safe or not.

The second you use anything from a 3rd party, you're foregoing a certain level of security for whatever you are gaining.

Is there a proof that the online tools were in fact as legit as the maybe legit bundle you were able to use offline? Well maybe, if it was really a scam, a lot more people would have lost BTC, but you can never really trust something 100%.
manselr
Legendary
*
Offline Offline

Activity: 854
Merit: 1000


Trusted Seller


View Profile
August 10, 2015, 05:24:25 PM
 #86

Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

If you use a strong passphrase for your brainwallet, then it is definitely better than Xapo. Well, if you are taking about Brainwallet.org, then still, I am firm with my words! I have used it many times! It may not be secure enough to use Brainwallet.org online though.

Btw, Brainwallet.org and brainwallet are two different things. So please do specify correctly when you are talking!
Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.

Telegram; @bitcointalkaccseller
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
August 10, 2015, 05:52:56 PM
 #87

Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

If you use a strong passphrase for your brainwallet, then it is definitely better than Xapo. Well, if you are taking about Brainwallet.org, then still, I am firm with my words! I have used it many times! It may not be secure enough to use Brainwallet.org online though.

Btw, Brainwallet.org and brainwallet are two different things. So please do specify correctly when you are talking!
Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.

and it is insured by well known insurance companies etc etc.

i guess in the future most people have to use services like this. easy and secure. the average joe cant keep hunderds of dollars on his crappy pc or phone  Undecided

spazzdla
Legendary
*
Offline Offline

Activity: 1568
Merit: 1000


View Profile
August 10, 2015, 06:53:28 PM
 #88

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

You are not the average person one bit.

The average person thinks password1234 is safe.
Brad Harrison
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
August 10, 2015, 07:00:41 PM
 #89

OP sad to hear that man

BrianM
Hero Member
*****
Offline Offline

Activity: 546
Merit: 510



View Profile
August 10, 2015, 07:05:20 PM
 #90

I am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR here are proves
Code:
I tautvilis am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR
HNC22GYmWi19BFHQa7iH54WLIWGk4RqczGkkJM0BScfP5dtXepwU5hjHXdLClOHhq1f8Lpmsg95FCLrW9ANkOto=
Recently someone stole 22BTC from that address.I am 100% I haven't downloaded any malware I haven't entered any suspicious sites I haven's used tor or did anything unusual.But what I did was I used brainwallet(only with that address luckily) I haven't suspected it but today when I wanted to use it I seen it is down and I want to know if someone else lost funds due to this.If you are a hacker and you are watching this please kindly return the coins to 1NcA77gqawRSsi9ara5omk2ajKS5bJLZM7

Did you really store 22 BTC at brianwallet? That is the same as walking around with a big sign "STEAL MY MONEY". Sorry for your loss. I am sure you eventually will recover. Keep the spirit up Smiley
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
August 10, 2015, 10:36:37 PM
 #91

I am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR here are proves
Code:
I tautvilis am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR
HNC22GYmWi19BFHQa7iH54WLIWGk4RqczGkkJM0BScfP5dtXepwU5hjHXdLClOHhq1f8Lpmsg95FCLrW9ANkOto=
Recently someone stole 22BTC from that address.I am 100% I haven't downloaded any malware I haven't entered any suspicious sites I haven's used tor or did anything unusual.But what I did was I used brainwallet(only with that address luckily) I haven't suspected it but today when I wanted to use it I seen it is down and I want to know if someone else lost funds due to this.If you are a hacker and you are watching this please kindly return the coins to 1NcA77gqawRSsi9ara5omk2ajKS5bJLZM7

Did you really store 22 BTC at brianwallet? That is the same as walking around with a big sign "STEAL MY MONEY". Sorry for your loss. I am sure you eventually will recover. Keep the spirit up Smiley

Brian wallet . lol.  guilty consciounce eh

luciann
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
August 11, 2015, 01:34:39 AM
 #92

So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.

btcspry
Member
**
Offline Offline

Activity: 132
Merit: 16


View Profile
August 11, 2015, 01:39:12 AM
 #93

So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.

No, Brainwallets are pretty much completely unsafe.  Doesn't matter the password, they're just a bad way of storing bitcoin.  Use a WarpWallet with a big passphrase or something that takes more effort to generate.  The Brainflayer program really proves this.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
August 11, 2015, 03:13:05 AM
 #94

So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.

20 random characters is strong but that wouldn't be an easy to recall phrase.

I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

btcspry
Member
**
Offline Offline

Activity: 132
Merit: 16


View Profile
August 11, 2015, 04:08:54 AM
 #95

I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.
malzahar
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
August 11, 2015, 04:41:10 AM
 #96

I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.

I wouldnt do 20 id wouldnt be able to remember it.

I probably do a unique of 8 characters mix with 1 capital letter, and 1 # though thats similar to my ebay password login.

Not the best idea, but I find that these situations are rare.
Xandrah
Sr. Member
****
Offline Offline

Activity: 266
Merit: 260


DeltaPool Owner https://deltapool.net


View Profile WWW
August 11, 2015, 11:09:46 AM
 #97

I think people should stop using web/online wallets altogether,
spazzdla
Legendary
*
Offline Offline

Activity: 1568
Merit: 1000


View Profile
August 11, 2015, 12:45:18 PM
 #98

I think people should stop using web/online wallets altogether,

They're great for a daily wallet.  People need to stop storing mass amounts on them.
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 560
Merit: 504


I prefer Zakir over Muhammed when mentioning me!


View Profile WWW
August 11, 2015, 01:00:42 PM
 #99

If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

That's why i called it a web resource. It's a bit like using vanity gen. Even if the software is 100% legit, the address generated is inherently less secure than a completely random one. And the common mortal is not apt to judge whether what they are doing is safe or not.

The second you use anything from a 3rd party, you're foregoing a certain level of security for whatever you are gaining.

Is there a proof that the online tools were in fact as legit as the maybe legit bundle you were able to use offline? Well maybe, if it was really a scam, a lot more people would have lost BTC, but you can never really trust something 100%.

Yes, you are right and what you said* is true for all wallets and tools including Bitcoin Core.

* Except web resource.

Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.

Yeah! That' why, PBMining and Mt. Gox has repaid all customers! Undecided

and it is insured by well known insurance companies etc etc.

i guess in the future most people have to use services like this. easy and secure. the average joe cant keep hunderds of dollars on his crappy pc or phone  Undecided

Secure? How? I can't believe you are saying people to store Bitcoin in an online wallet which does not even give access to private keys instead of a PC or phone.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
August 11, 2015, 05:23:30 PM
 #100

I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.

Its still not that complicated.  This is like 8th grade probability stuff.  Are people idiots?  What's going on here?

Pages: « 1 2 3 4 [5] 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!