Bitcoin Forum
December 11, 2024, 06:47:47 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Easywallet.org wallets compromised - Uninstall Google Chrome spyware right now!  (Read 3495 times)
MysteryMiner (OP)
Legendary
*
Offline Offline

Activity: 1526
Merit: 1049


Death to enemies!


View Profile
April 10, 2013, 05:14:50 PM
 #1

Here is the text file behind the hash I published few days ago in this link https://bitcointalk.org/index.php?topic=169865.0

Code:
After finding about instawallet hack I was shocked how easy it was and that I did not think about it before someone else found it and made public. In my free time I searched for similar services using similar scheme and Easywallet.org was also had similar problems. Found about 950 URLs. I found it too laborous to check each of them and I used Greasemonkey script to harves the URLs. Added my address as dead mans switch that activates after 1 day. Sorry I'm too much excited right now. Typing this as a proof as I cannot access my GPG keys. Check the SHA256

2013-07-Apr

MysteryMiner

List of compromised web wallets as extracted by greasemonkey.

Code:
https://easywallet.org/w/2CYxA6fR1JHEgvkHazrxwY
https://easywallet.org/w/9X4vDgYAkU6AFn8b8fEnyD
https://easywallet.org/w/LdQLGuGiL4wiTXbaMFpQvx
https://easywallet.org/w/6F5ehrxfSb2imExdzuTgcS
https://easywallet.org/w/17osgC3m7kByNs27PqM1HK
https://easywallet.org/w/5P3ERncD8WnnaTEvU2QtuB
https://easywallet.org/w/SctJRqNJwzNugSbqFywKCS
https://easywallet.org/w/V5nXe9KYEHAnx5zs2LmMrs
https://easywallet.org/w/GzzVBfCeNXz6ThpjCq18Fi
https://easywallet.org/w/JMdTRQV7UgvZ86mP2SHzTA
https://easywallet.org/w/HfTPz7phGMpXTg68Rgsmnq
https://easywallet.org/w/H9NmM75mDin8DEeHZ77Yun
https://easywallet.org/w/2c8gvsgcBttf4BvQoTBsMF
https://easywallet.org/w/WxpLggqZx6S56yoQbzA2jr
https://easywallet.org/w/LxSdwYKaGNLc1AdwbWEH7U
https://easywallet.org/w/RsZH8GNk8CQMY83GpyTRKQ
https://easywallet.org/w/PMYkD6B5Vzr7A28Gs9f5y5
https://easywallet.org/w/GBfHNtdM2mvkmd15seURSi
https://easywallet.org/w/Cm7wGdp6EfMW2zSB6gbNa5
https://easywallet.org/w/T1XXSN57vgwQgk7peLKfMY
https://easywallet.org/w/Y7T18K2ZdwHAB5NDkuLSK8
https://easywallet.org/w/NEQn6XoGdvW9sSBVcssjir
https://easywallet.org/w/AtkrFkribH1jgD19rdj7RC
https://easywallet.org/w/JK5HsxHGBHhZ73nxtVfcMa
https://easywallet.org/w/EZDCNaVg2v1T7mqKSpQ6T8
https://easywallet.org/w/9aXJTQExvQFwac8YRuXrcS
https://easywallet.org/w/9inDSPEUjark4wC58gfadR
https://easywallet.org/w/9Wz7qFy7TFnRqmWYp83SGp
https://easywallet.org/w/JqNpqamcprybY7WoCLLUdE
https://easywallet.org/w/XL4prvzpnKmXr65YeXQ4Gk
https://easywallet.org/w/6oNknLWbS3BwC1Aqj1UewK
https://easywallet.org/w/PJThPGtBSAAcYPtvSdiQLd
https://easywallet.org/w/R6wDRK1hsfBPZDT2QXYAcA
https://easywallet.org/w/MBjc3NrBcZ1i7zcC8TU4U
https://easywallet.org/w/DkbeZzAGyKG9QaKYqU2fSd
https://easywallet.org/w/5kihHhfZJ8Pk5Z9pGxGR9P
https://easywallet.org/w/PEH9MarVRCpxW4kjwBp11q
https://easywallet.org/w/RxuS8d1uNnFNPmNKo8fgu7
https://easywallet.org/w/BmJN8YXBBNzZEEp6puWysG
https://easywallet.org/w/KawJtk9fTf3ERsodof5cqQ
https://easywallet.org/w/SLq1v26Bfe8e73DGkgStrX
https://easywallet.org/w/TYJ5RBidCRMZG6F7aALpXQ
https://easywallet.org/w/eUzCzecwNQiyTkgzMiaz2
https://easywallet.org/w/QWGqFgDddZm1wuoUvSPnKr
https://easywallet.org/w/RHq6VR3Pm27pynsQ1bsE8h
https://easywallet.org/w/SckTd1rYTGxkKJRpVBBNNK
https://easywallet.org/w/9xgrHnMhqpPm5uDAfDaMjz
https://easywallet.org/w/CQTTa44D6xWLVA3V3ySLDZ
https://easywallet.org/w/EMGGFgm7CtXWL3orXkoESx
https://easywallet.org/w/6mPi7JiPTMsX2pNwPCxMB2
https://easywallet.org/w/8UiMwKRKPaonNNcXuHj5HB
https://easywallet.org/w/DRaU8fdtfRTdJtcm96VKRt
https://easywallet.org/w/BUBQ8BKcNbuyybN9UwoJN6
https://easywallet.org/w/BQHiDYzyWsuDivhDW7NKb4
https://easywallet.org/w/5uXPc3itHtJiwAoDQG8fKd
https://easywallet.org/w/DcX2V93ykCpuwb2YfqKpPG
https://easywallet.org/w/XpRFd3qxJDMVu49KmxHCc6
https://easywallet.org/w/YKuFcEVc6MKeWSjsE6N8Gr
https://easywallet.org/w/X4rurV1B8czzp82rkRicCF
https://easywallet.org/w/HdNTaCA1EDMAP6uFnQwSp3
https://easywallet.org/w/Ch9WtCn628AH9ZE6GpjiwG
https://easywallet.org/w/X54Fe2GeySBfjQXHdLkXrb
https://easywallet.org/w/ECMBMFGGUAu497yka1aD3h
https://easywallet.org/w/2iEdkedwgvpd7Fp6Ned2Ao
https://easywallet.org/w/6fjaDMd3RBQiAwr2RpQrB3
https://easywallet.org/w/Lq9jX9EJQS2hmroXzEL9nL
https://easywallet.org/w/6eZxQBoCKUhsTduhj1PSux
https://easywallet.org/w/WpqShPhyiV9LMMgfSmiHDv
https://easywallet.org/w/7pL3snyeLzKhNz7qpyHrvU
https://easywallet.org/w/X3tPmDJptW9Ku6ffkFiJzs
https://easywallet.org/w/3koLGn5T5j8XJSLQQAnLyw
https://easywallet.org/w/UFgnxjuKkFuoUAHGngZGeM
https://easywallet.org/w/6onMTooCuYfSb6U4Sjqmvu
https://easywallet.org/w/6JrLHMPaiAarrPbvpWVhJ4
https://easywallet.org/w/PSkjH1htGQTe2AomoKYPkb
https://easywallet.org/w/8CUavWqLjc52C9fX4bnfmT
https://easywallet.org/w/PzZMAyaaGzBztPYfifvm4r
https://easywallet.org/w/ASVN9bfRcdEwR7zJmCaRCL
https://easywallet.org/w/X1P3GS9jWpxZfGrRf3PjFa
https://easywallet.org/w/D32hX5o34DWrw5ZRa83kz7
https://easywallet.org/w/84rKaJ7Qz6JBCkMrsiDvwJ
https://easywallet.org/w/FGXM8AQxQLvVB1KABuYJXC
https://easywallet.org/w/GqxYAt6AjXj8z6zD6xbQon
https://easywallet.org/w/5q6nHdiLUzqFqasMZuqBne
https://easywallet.org/w/HCDX4J9meDNEmCdzkvJfzi
https://easywallet.org/w/GKt9xyi6ozN5DS9NBX3KPP
https://easywallet.org/w/DSRLCyeRmZxw24CNNxanjR
https://easywallet.org/w/XhNMoSLYV4AnhCxxPbzdZ
https://easywallet.org/w/N4Q91ohNshBMDsZTvBRQMC
https://easywallet.org/w/LKJe79yBWZV4Bu9EPH9LTx
https://easywallet.org/w/CFDM42w943mUnKQ1y3sNbb
https://easywallet.org/w/C6waQar7xCh9BfPcjAHUh9
https://easywallet.org/w/Jvh7M7HRiHw65fKkGpTdYh
https://easywallet.org/w/RDbPmmuoGkC56grEfWsZ9m
https://easywallet.org/w/BqBaMvuwyHGVPo1vzcnmTn
https://easywallet.org/w/XNjgWDXSg8r2Gf3gHJcuTc
https://easywallet.org/w/74mymMsiUB17RV72Xtde3M
https://easywallet.org/w/Jf5QjxDbLZAQP65zYcsVHa
https://easywallet.org/w/K23PFmadbk1mdDEfdcSsA1
https://easywallet.org/w/EpkHRVs2wUSqNnWbCX5iGN
https://easywallet.org/w/67xJREzpQ8cicRTwaSGHH1
https://easywallet.org/w/4rpiUXK9hHrHJZvm4cJnx7
https://easywallet.org/w/67rGZsBuFjrbasRZaEPr6a
https://easywallet.org/w/2h3YK8Xue8xG3dkv5cr1u8

What happened? Easywallet have the secret URLs leaked to google and showing up in Google searches by searching site:easywallet.org/w/ and choosing to show similar results. I used Greasemonkey script to harvest the urls from google search, manually checked all of them for coins and added my address as a dead mans switch with 1 day activation so any coins deposited there will end up in my wallet. The Google have about 950 URLs in their database but search result returns about 100 of them. This is smaller scale leak compared to Instawallet because Easywallet is less popular. The leak itself most likely is caused by users using Google Chrome that sends everything entered to address bar to Google and then showing up the results in searches. The robots.txt prevents the spidering of secret urls but the leaking of secret url to 3rd party itself is a security fail.

How to prevent it? Don't use Google Chrome at all. It leaks everything You visit to Google. It is worst browser ever, it is often installed as unrequested drive-by install of some freeware such as Skype. They store your browsing history on their servers, incorporate the private data into search results and readily serves the private data to FBI and every other three letter agency douchebags. When using Firefox install this addon https://addons.mozilla.org/en-US/firefox/addon/refcontrol/?src=search and set default behavior to "No referer (3rd party only)" or disable referer sending altogether in Firefox preferences.

I was unable to steal any coins Sad Most of addresses were empty or with too small amounts of coins to be withdrawable. Notified owners, got response. They already knew about it. Initially I thought it would be much larger deal as it is now. I expected to grab some coins and expected that other hackers will discover this independently and as a result the Easywallet users will start losing coins in large quantities.

As for Instawallet I think they probably shut down due to other reasons, not similar leak discovered by The Founder.

Thank's to The Founder for his original idea here: https://bitcointalk.org/index.php?topic=159025.0

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!