Bitcoin Forum
November 18, 2024, 10:35:48 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
Author Topic: (Almost sure)brainwallet.org stole 22BTC from me  (Read 7225 times)
ransomer
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
August 09, 2015, 01:39:19 PM
 #61

It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

.........

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

First of all, you are unlikely to be an average person. All of us in here are likely to be interested in bitcoin and perhaps even technology more than the average person.

.......

I think some people need to consider that just because they are average among their peers - they might be far from average compared to the rest of the world.


Bitcoin is far far far from ready for mass adoption because of security issues.


the good part:

that is the reason why are have bitcoin at 250 USD and not 25.000 USD  Wink

True Smiley
bitcoinmasterlord
Legendary
*
Offline Offline

Activity: 1148
Merit: 1006


View Profile
August 09, 2015, 03:48:22 PM
 #62

That is uncool. Sorry for your loss.

But i don't like brainwallet.org being down now permanently. It was a nice and easy way to check signatures. Sad
tygeade
Legendary
*
Offline Offline

Activity: 2296
Merit: 1061



View Profile
August 09, 2015, 03:55:09 PM
 #63

OP, sorry for loss.  Undecided


That is uncool. Sorry for your loss.

But i don't like brainwallet.org being down now permanently. It was a nice and easy way to check signatures. Sad

You can easy check signatures on http://www.coinig.com/.



bitcoinmasterlord
Legendary
*
Offline Offline

Activity: 1148
Merit: 1006


View Profile
August 09, 2015, 03:56:06 PM
 #64

If you're using a brainwallet, move your coins - NOW!

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.


https://rya.nc/defcon-brainwallets.html

http://de.reddit.com/r/Bitcoin/comments/3g7bpa/brainwallet_shut_down_permanently_due_to/

SHA256 your passphrase IMMEDIATELY and move your coins to trezor, electrum, etc.

But electrum has a mnemonic passphrase that serves as a seed. And brainwallets are mostly a similar list of words.

So what i wonder, is this fast brainwallet hacker able to put together enough random words fast enough to hack electrum mnemonic passphrases too?
FlipperBTC
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
August 09, 2015, 03:56:46 PM
 #65

From now and on, please use those which are open sourced and could be run locally.
Generating a private key on a website is a big no..
this would apply too to those vanity address provider..
we should always consult back to the basic law.. there is a very good reason it was called a private key..

This website was open-sourced, and it was made with github pages. This means that it's impossible to backdoor the site without people seeing that change on the github.com repository - in other words, it's OP's fault, not the site's.
bitcoinmasterlord
Legendary
*
Offline Offline

Activity: 1148
Merit: 1006


View Profile
August 09, 2015, 03:57:58 PM
 #66

OP, sorry for loss.  Undecided


That is uncool. Sorry for your loss.

But i don't like brainwallet.org being down now permanently. It was a nice and easy way to check signatures. Sad

You can easy check signatures on http://www.coinig.com/.




Thank you, but i liked the simple brainwallet.org verification. You only needed to enter the block of code that included message and all and it verified it for you. On coinig.com you have to copy paste tree things each time.

Isn't there another website with such tool?

From now and on, please use those which are open sourced and could be run locally.
Generating a private key on a website is a big no..
this would apply too to those vanity address provider..
we should always consult back to the basic law.. there is a very good reason it was called a private key..

This website was open-sourced, and it was made with github pages. This means that it's impossible to backdoor the site without people seeing that change on the github.com repository - in other words, it's OP's fault, not the site's.

If you are right then i hope at least some features will be hosted on another domain now.
zero01
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
August 09, 2015, 04:02:27 PM
 #67

I was the fault of the system brainwallet.org, try to send a message to the email admin
tygeade
Legendary
*
Offline Offline

Activity: 2296
Merit: 1061



View Profile
August 09, 2015, 04:10:27 PM
 #68

OP, sorry for loss.  Undecided


That is uncool. Sorry for your loss.

But i don't like brainwallet.org being down now permanently. It was a nice and easy way to check signatures. Sad

You can easy check signatures on http://www.coinig.com/.




Thank you, but i liked the simple brainwallet.org verification. You only needed to enter the block of code that included message and all and it verified it for you. On coinig.com you have to copy paste tree things each time.

Isn't there another website with such tool?


Idk.
If you find it, post it here.  Smiley

btcspry
Member
**
Offline Offline

Activity: 132
Merit: 17


View Profile
August 09, 2015, 10:16:43 PM
 #69

People are having problems with BrainWallet.org.  If you would like to learn more about why it closed, and its current safety in the community, please refer to this post here: https://bitcointalk.org/index.php?topic=1148611.0

If you have coins in a BrainWallet and would like to withdrawal them, please go to http://brainwallet.bitforwarder.com and use the generator hosted there to get the private key and send the transaction, as the original BrainWallet site is now closed down.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
August 10, 2015, 12:29:40 AM
 #70

People are having problems with BrainWallet.org.  If you would like to learn more about why it closed, and its current safety in the community, please refer to this post here: https://bitcointalk.org/index.php?topic=1148611.0

If you have coins in a BrainWallet and would like to withdrawal them, please go to http://brainwallet.bitforwarder.com and use the generator hosted there to get the private key and send the transaction, as the original BrainWallet site is now closed down.

you want people to use YOUR site to get their private key?  hope no one is stupid enough to do that.

btcspry
Member
**
Offline Offline

Activity: 132
Merit: 17


View Profile
August 10, 2015, 01:25:40 AM
 #71

People are having problems with BrainWallet.org.  If you would like to learn more about why it closed, and its current safety in the community, please refer to this post here: https://bitcointalk.org/index.php?topic=1148611.0

If you have coins in a BrainWallet and would like to withdrawal them, please go to http://brainwallet.bitforwarder.com and use the generator hosted there to get the private key and send the transaction, as the original BrainWallet site is now closed down.

you want people to use YOUR site to get their private key?  hope no one is stupid enough to do that.

I'm a litle bit insulted that you'd suggest we're going to steal people's bitcoins if they use our site.  We strongly suggest that people use the "Download ZIP" button at the bottom of the page, and generate the private key offline as they should know to do for larger amounts of bitcoin.  You can do a comparison of our code on our website with the code from the second most recent commit on the BrainWallet GitHub (the most recent commit before the code was removed), and you'll clearly see that it is the exact same (except for some minor changes in the index.html file).  If you have any other questions or comments, please let us know!
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
August 10, 2015, 01:52:18 AM
 #72

People are having problems with BrainWallet.org.  If you would like to learn more about why it closed, and its current safety in the community, please refer to this post here: https://bitcointalk.org/index.php?topic=1148611.0

If you have coins in a BrainWallet and would like to withdrawal them, please go to http://brainwallet.bitforwarder.com and use the generator hosted there to get the private key and send the transaction, as the original BrainWallet site is now closed down.

you want people to use YOUR site to get their private key?  hope no one is stupid enough to do that.

I'm a litle bit insulted that you'd suggest we're going to steal people's bitcoins if they use our site.  We strongly suggest that people use the "Download ZIP" button at the bottom of the page, and generate the private key offline as they should know to do for larger amounts of bitcoin.  You can do a comparison of our code on our website with the code from the second most recent commit on the BrainWallet GitHub (the most recent commit before the code was removed), and you'll clearly see that it is the exact same (except for some minor changes in the index.html file).  If you have any other questions or comments, please let us know!

No need to be insulted.  Thanks for clarifying. Your first post said "use the generator there and send the transaction".

btcspry
Member
**
Offline Offline

Activity: 132
Merit: 17


View Profile
August 10, 2015, 02:09:19 AM
 #73

People are having problems with BrainWallet.org.  If you would like to learn more about why it closed, and its current safety in the community, please refer to this post here: https://bitcointalk.org/index.php?topic=1148611.0

If you have coins in a BrainWallet and would like to withdrawal them, please go to http://brainwallet.bitforwarder.com and use the generator hosted there to get the private key and send the transaction, as the original BrainWallet site is now closed down.

you want people to use YOUR site to get their private key?  hope no one is stupid enough to do that.

I'm a litle bit insulted that you'd suggest we're going to steal people's bitcoins if they use our site.  We strongly suggest that people use the "Download ZIP" button at the bottom of the page, and generate the private key offline as they should know to do for larger amounts of bitcoin.  You can do a comparison of our code on our website with the code from the second most recent commit on the BrainWallet GitHub (the most recent commit before the code was removed), and you'll clearly see that it is the exact same (except for some minor changes in the index.html file).  If you have any other questions or comments, please let us know!

No need to be insulted.  Thanks for clarifying. Your first post said "use the generator there and send the transaction".

Totally fair, always better safe than sorry.  The goal was just to help the panicking noobs with getting their 0.01 BTC out of their BrainWallet.  Of course if you're an investor and have $10k in a BrainWallet, get some help transferring it to a Trezor.
mookid
Sr. Member
****
Offline Offline

Activity: 446
Merit: 251



View Profile WWW
August 10, 2015, 04:20:45 AM
 #74

RIP. Use electrum or something else. Web-based wallets are so insecure.
btcspry
Member
**
Offline Offline

Activity: 132
Merit: 17


View Profile
August 10, 2015, 04:26:12 AM
 #75

RIP. Use electrum or something else. Web-based wallets are so insecure.

No, you're completely missing the point.  The problem is not that it's insecure.  There are web-based implementations of Electrum (not called Electrum, but exact same technology).  The problem is that the key generation method for a BrainWallet is completely flawed (in both theory and implementation).  It doesn't matter that it's web based.  Yes, web based wallets are less secure.  But a well-implemented web wallet can beat out a shitty desktop wallet any day.  Green Wallet is a great example of a great implementation, because their code is very JS-based, and very little actually happens server-side.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
August 10, 2015, 01:19:31 PM
 #76

RIP. Use electrum or something else. Web-based wallets are so insecure.

No, you're completely missing the point.  The problem is not that it's insecure.  There are web-based implementations of Electrum (not called Electrum, but exact same technology).  The problem is that the key generation method for a BrainWallet is completely flawed (in both theory and implementation).  It doesn't matter that it's web based.  Yes, web based wallets are less secure.  But a well-implemented web wallet can beat out a shitty desktop wallet any day.  Green Wallet is a great example of a great implementation, because their code is very JS-based, and very little actually happens server-side.

And then when the website is hacked to look the same, but it is replaced with an address logger, etc? Or the site operator goes rogue and installs a background decrypter to a "secure" wallet and then cashes everyone out?

Lesson, don't put more bitcoin in a web wallet, exchange, or web-generated address than you can afford to lose. The same warning can even be made for regular bitcoin wallets if they are used on your virused keylogged rootkitted backdoored RATted Java, PDF, and Flash 0-day Internet browsing machine.

Here's a foreshadowing quote I made that amuses me:

...
I echo the sentiment that it is not worth developing any kind of "brain" based wallet, and that people who trust people to make their own passphrases are not people to be trusted with people's passphrases.

I had contemplated making a brainphrase-to-deterministic-wallet creator, but even if it used ten minutes of GPU time hashing through various combined key derivation functions per passphrase, it still could not be secure, being limited by the unbounded inventiveness of dummies using easily guessable passwords.
VirosaGITS
Legendary
*
Offline Offline

Activity: 1302
Merit: 1068



View Profile
August 10, 2015, 02:21:13 PM
 #77

There are so many varied opinion and arguments here, but the facts remain, there's a new article about people losing money to a web wallet, or a service, or such every other day.

Isin't it about time people start learning that coalescing BTC to centralized security is just lowering the security of (and probably theirs) Bitcoin?


                      ▄▄█████▄▄
                    ▐████████████▄
                   ▄█▀▀▀▀▀▀▀██████▌
             █▄  ▄█▀           ▀▀█
              ▀▀▀███▄▄▄▄▄▄▄▄▄▄   █▄   ▄

               ▄▀▀         ▀▀▀▀▀▀▀██▀▀▀
         ▄▄▄▄▄█▄▄ ▄▀▀▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄█▄▄▄▄
         ████▒▒███    ████▒▒████▌
    ▀█▄ ▀
███████▄ ███▒▒███      ██▒▒█████       ▀█▄
 ███████ ▀█▒▒████     ▄█▒▒█████▀         ▀█ ▄  ▄▄
  ██████  ▌▀▀█████▄▄▄███████▀▀            ███▄███▌
 █████████  █████▀▀█▀▀██████▌             ██████▀
 ▀█████████ ███▄  ███   ▐███▌ ▄██       ▄█████▀
     ▀▀    ▀▀███████████████▄▄████▄▄▄▄█▀▀▀▀▀
               ▀▀▀███▀▀▀      ██████▄
                               ▀▀▀▀▀

▄█████████████████████████████▄
███████████████████████████████
███████████████████████████████
███████████████████████████████
█████████▀▀█████████▀▀█████████
███████ ▄▀▀         ▀▀▄ ███████
██████                   ██████
█████▌     ▄▄     ▄▄     ▐█████
█████     ████   ████     █████
█████      ▀▀     ▀▀      █████
█████▄   ▀▄▄▄     ▄▄▄▀   ▄█████
████████▄▄▄█████████▄▄▄████████
███████████████████████████████
███████████████████████████████
███████████████████████████████
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ █
█ █
█ █
█ █
█ █
ANEES
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
August 10, 2015, 02:58:31 PM
 #78

There are so many varied opinion and arguments here, but the facts remain, there's a new article about people losing money to a web wallet, or a service, or such every other day.

Isin't it about time people start learning that coalescing BTC to centralized security is just lowering the security of (and probably theirs) Bitcoin?

It was not the problem of Brainwallet.org. It was hacked obviously because the passphrase was weak. Regardless, I don't understand why are you mentioning centralized when it is about Brainwallet.org. Please don't spam!
VirosaGITS
Legendary
*
Offline Offline

Activity: 1302
Merit: 1068



View Profile
August 10, 2015, 03:05:40 PM
 #79

There are so many varied opinion and arguments here, but the facts remain, there's a new article about people losing money to a web wallet, or a service, or such every other day.

Isin't it about time people start learning that coalescing BTC to centralized security is just lowering the security of (and probably theirs) Bitcoin?

It was not the problem of Brainwallet.org. It was hacked obviously because the passphrase was weak. Regardless, I don't understand why are you mentioning centralized when it is about Brainwallet.org. Please don't spam!

As far as i know, Brainwallet.org is a web resource, which is centralizing your Bitcoin (your security is being weakened and made more easily attackable because of).
Web resources are constantly getting hacked, so yes, even though a web resource can be properly secured and maybe Brainwallet.org was, it still has the big vulnerability of coalescing BTC into one vulnerable environment.

Then again maybe it wasn't. I can't personally vouch that Brainwallet.org's deterministic algorithm was secure, or that there was no security vulnerability on their side, or exploits, or was legit.

So yes this is centralizing your Bitcoin security/vulnerability.



                      ▄▄█████▄▄
                    ▐████████████▄
                   ▄█▀▀▀▀▀▀▀██████▌
             █▄  ▄█▀           ▀▀█
              ▀▀▀███▄▄▄▄▄▄▄▄▄▄   █▄   ▄

               ▄▀▀         ▀▀▀▀▀▀▀██▀▀▀
         ▄▄▄▄▄█▄▄ ▄▀▀▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄█▄▄▄▄
         ████▒▒███    ████▒▒████▌
    ▀█▄ ▀
███████▄ ███▒▒███      ██▒▒█████       ▀█▄
 ███████ ▀█▒▒████     ▄█▒▒█████▀         ▀█ ▄  ▄▄
  ██████  ▌▀▀█████▄▄▄███████▀▀            ███▄███▌
 █████████  █████▀▀█▀▀██████▌             ██████▀
 ▀█████████ ███▄  ███   ▐███▌ ▄██       ▄█████▀
     ▀▀    ▀▀███████████████▄▄████▄▄▄▄█▀▀▀▀▀
               ▀▀▀███▀▀▀      ██████▄
                               ▀▀▀▀▀

▄█████████████████████████████▄
███████████████████████████████
███████████████████████████████
███████████████████████████████
█████████▀▀█████████▀▀█████████
███████ ▄▀▀         ▀▀▄ ███████
██████                   ██████
█████▌     ▄▄     ▄▄     ▐█████
█████     ████   ████     █████
█████      ▀▀     ▀▀      █████
█████▄   ▀▄▄▄     ▄▄▄▀   ▄█████
████████▄▄▄█████████▄▄▄████████
███████████████████████████████
███████████████████████████████
███████████████████████████████
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ █
█ █
█ █
█ █
█ █
Muhammed Zakir
Hero Member
*****
Offline Offline

Activity: 560
Merit: 509


I prefer Zakir over Muhammed when mentioning me!


View Profile WWW
August 10, 2015, 04:31:33 PM
 #80

There are so many varied opinion and arguments here, but the facts remain, there's a new article about people losing money to a web wallet, or a service, or such every other day.

Isin't it about time people start learning that coalescing BTC to centralized security is just lowering the security of (and probably theirs) Bitcoin?

It was not the problem of Brainwallet.org. It was hacked obviously because the passphrase was weak. Regardless, I don't understand why are you mentioning centralized when it is about Brainwallet.org. Please don't spam!

As far as i know, Brainwallet.org is a web resource, which is centralizing your Bitcoin (your security is being weakened and made more easily attackable because of).
Web resources are constantly getting hacked, so yes, even though a web resource can be properly secured and maybe Brainwallet.org was, it still has the big vulnerability of coalescing BTC into one vulnerable environment.

Then again maybe it wasn't. I can't personally vouch that Brainwallet.org's deterministic algorithm was secure, or that there was no security vulnerability on their side, or exploits, or was legit.

So yes this is centralizing your Bitcoin security/vulnerability.

It is a website of a bundle of tools which can also be used locally. You can download it and run it offline locally. You can also load it online and then turn off internet connection. This is not a online wallet or something. Brainwallets are hacked because of the poor/weak passphrases used.

If using a tool is centralizing Bitcoin's security, then I am sorry for you!

From now and on, please use those which are open sourced and could be run locally.
Generating a private key on a website is a big no..
this would apply too to those vanity address provider..
we should always consult back to the basic law.. there is a very good reason it was called a private key..
Especially never put anything over half a coin on a web wallet that has the private key and you don't. It is ridiculous this keeps happening.

If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

Pages: « 1 2 3 [4] 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!