(Almost sure)brainwallet.org stole 22BTC from me

[flock123]

22btc BTC was not a little, I guess happens hack in brainwallet.org  

[Holliday]

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

[bitbaby]

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

Exactly, and the all the useless posts that usually accompany such sad events saying the victim should have done this or that, or used this other wallet, or they were foolish for using said wallet, or site, will not change this basic fact. Until a secure wallet can be developed that doesn't take a month of hard core research to figure out all the ins and outs before using, the average Joe will stay away.

Downloading Electrum and installing it doesn't require any hard core research and making offline cold storage wallets with it or with downloaded bitaddress doesn't take any hard core research either, if you're too careless with your money and use online tools to generate addresses or store funds in online wallets than sooner or later you'll get robbed, it's same like keeping your fiat with unknown strangers and expecting that they don't steal it.

Any average Joe who's familiar with Computers and Internet can easily maintain Cold storage wallets for bigger funds and a Hot wallet for day to day expenses, it's not the problem of bitcoin, it's just that people take things too lightly.

[Velkro]

This could be likely, however I just tried loading https://brainwallet.org and it just loads two words: 'Closed Permanently'

Who knows whats happening, but being closed permanently sounds like brainwallet.org is done.

It should be closed permanently long time ago. It was scam written all over it :/
So dangerous way to use secure bitcoin

[Dire]

Is there any way to know the total funds gone from the whole Brainwallet site? Or is this just one instance? Because if it's everyone's Brainwallet then that's just terrible. A big heist in fact.

Is that what this is?

[uknohowwedo]

never heard of brain wallet but its possible this guy just lost the coins and is using this as a sympathy bait for handouts

[LiteCoinGuy]

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security.

Average Joe wont do that  .

Like it or not, we will have bitcoin banks (we already have Coinbase etc but that is just the beginning.)



@ Dire

everyone's Brainwallet. the user is the problem.

[Denker]

Ouch 22 BTC is really no small loss. Hope OP that this hadn't been your complete holdings. Always makes me sad reading threads like this and I feel sorry for OP. Will follow the discussion on reddit about brainwallet.Really bad news.

[NorrisK]

See this as well:
    
"Why I'm releasing a brainwallet cracker at DEFCON 23"
https://bitcointalk.org/index.php?topic=1147035.0


OP, in light of the above link, it is possible that your "phrases" were not complex enough.

How about the brainwallets created by electrum? Or is the method they use secure enough compared to where people can choose their own "random" brainwallet?

[project_aLice]

I feel sorry for you. Maybe it's impossible to take back those bitcoins, that stealer could exchange those btcs into real money, so keep patient and be careful in the next time

[LiteCoinGuy]

Video - Brainwallets:

https://www.youtube.com/watch?v=fBOWAqmS7qY

[tautvilis]

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

[Honeybooboo]

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

IF people use weak passwords then you can say goodbye to the money in your online banking too. People need to really step up their game with security and 2-factor is a must at minimum.

[cellard]

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Maybe someone accessed that notepad with all your keys?
Anyway, i never trusted anything but Bitcoin Core, too paranoid to get on the other stuff until some years from now when everything is more tested and proven.

[tautvilis]

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Maybe someone accessed that notepad with all your keys?
Anyway, i never trusted anything but Bitcoin Core, too paranoid to get on the other stuff until some years from now when everything is more tested and proven.

I don't think he done that because there were(and still is) private keys with even more BTC.

[Blazr]

I have generated most of my wallets through brainwallet.org.But the address that got hacked was the only that I used to create a transaction via brainwallet.I don't remember my passphrase since I was just smashing my keyboard writing random characters for about 10-15 seconds it must have been at least 50(though I think it was more than 100) random nonsense characters.I then just copy the addresses and private keys to a notepad and forget the passphrase forever.I am almost sure it has to do nothing with the passphrase.

Smashing your hand on your keyboard isn't really that random, there are patterns that can be predicted. It is very possible somebody cracked your key, as mentioned in this thread new brainwallet cracking software has recently came out and many people are trying lots of different password lists and keybaord patterns etc. It is possible that the brainwallet.org code was changed and the owner stole the BTC that way (another reason brainwallets are so dumb) but nobody has presented any proof of that. Password cracking techniques are quite advanced, pretty much anything you come up with that you think is random can be predicted. I am always shocked by the kinds of passwords people are able to crack, just because it's long and looks random doesn't mean it is uncrackable at all, I seen someone crack a 120+ character salted hash in a couple of hours..

[deepceleron]

Brainwallet itself is javascript that is in itself pretty inocuous, however it started with piss poor hash-your-passphrase that let many dummies loose their money. Then it also had a very poor random number implementation for generating non "brain" addresses that had to be pointed out to the author. It earned a "not to ever be taken seriously" badge-of-honor almost immediately.

The real danger is when you put it up on the web where the interface or code can be hacked and replaced with anything without the end user knowing. Putting a keygen on the web should never have been done, besides that the addresses and privkeys are also traveling to you through an unsecure pipe and you are getting added to the webserver's logs.


I have some Python code linked in my signature that does just one thing - make you a single good offline bitcoin address that doesn't rely on a user's idea of a secure brain-phrase. I've only advocated that you run it from a live cd, verify the program's hash posted here (would require hacking me in two very different ways to falsify), and unplug from the internet before you generate keys - maybe even unplug your hard drives first just to be idiot-proof.

[jonald_fyookball]

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

To be realistic, no you're not average.  You're quite bright.  On the other hand, the average person may be reasonably responsible, but is relatively ignorant and unmotivated.   Sad but true.

[jonald_fyookball]

This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.

IF people use weak passwords then you can say goodbye to the money in your online banking too. People need to really step up their game with security and 2-factor is a must at minimum.

No.

weak passwords are less dangerous in banking since 1. they cannot be brute forced easily (my bank will lock me out after only THREE bad attempts) 2. fraudulent transactions are often recoverable.

With Bitcoin, extreme brute forcing is possible.  almost no limits on this, which is why super strong supercomputer-resistant passwords are a must...and there is little to zero recourse if you do get breached.

2fa is applicable to third party services which shouldn't be used anyway for big amounts.

[tautvilis]

I seen someone crack a 120+ character salted hash in a couple of hours..

That one seems totally fake.