Remember: Wallet encryption is only good if you don't have keyloggers!

[SgtSpike]

Be careful out there...

Reposting this because I think this needs to be addressed as an exploit.

Last night around 9PM PDT, I clicked a link to go to CoinChat[.]freetzi[.]com - and I was prompted to run java. I did (thinking this was a legitimate chatoom), and nothing happened. I closed the window and thought nothing of it.

I opened my bitcoin-qt wallet approx 14 minutes later, and saw a transaction that I did NOT approve go to wallet 1Es3QVvKN1qA2p6me7jLCVMZpQXVXWPNTC for almost my entire wallet (2.07 BTC).

I had something like 2.07225 BTC.

This is an exploit that was able to steal BTC from an encrypted wallet without having my password - how is this possible? I thought for the most part that bitcoin-qt was safe against these types of attacks as long as the wallet is encrypted.

This legitimately happened to me and I think this exploit needs to be given some attention, please do not downvote as I want to figure out why this exploit was able to access my encrypted wallet without having my password.

So, /r/bitcoin - what happened here?

More info: Browser - Chrome OS - Windows Wallet Version - 0.8.0beta

http://www.reddit.com/r/Bitcoin/comments/1cokps/java_exploit_stole_all_my_btc/

[justusranvier]

No wallet that is connected to a computer with internet access is safe from hacking. Wallet encryption is only slightly better than no protection at all.

[cypherdoc]

somethings fishy about that post.  from the OP:

"I didn't enter my password when I opened my wallet..."

that isn't possible if his wallet was encrypted. 

[DeathAndTaxes]

There is no backdoor to the encryption.

So there are a couple of possibilities:
a) user's wallet was not encrypted or was unlocked (recent transaction) - unlikely but possible
b) user's wallet had a weak password
c) user's computer was infected with malware keylogger
d) user re-used password on another site (which was compromised)
e) user re-used password on another site and it was stored in a password utility like lastpass which itself wasn't encrypted

I am thinking c is the most likely but without specific details we may never know.

I do think it would be a good idea if the bitcoin program directory (not to be confused w/ datadir) had a file (say paths.conf) with two options:

Code:

datadir=
walletdir=

This would allow someone for example to put the datadir (everything but wallet.dat) in one location and the wallet.dat in another location (like removable usb drive).  

Code:

datadir="D:\bitcoin-data"
walletdir="E:\"

These values should also be able to set from the GUI. 

A cautious user could physically remove the usb drive when not conducting transactions.  This would require some refactoring of the QT client such that it can "run" (connect to network, download blocks, relay transactions, etc) without access to the wallet.dat.  When access to wallet.dat is restored (user inserts usb drive) the client would need to be smart enough to recheck recent blocks in an intelligent manner.

[Mike Christ]

Cold storage. Nobody ever said bitcoin-qt was secure via encryption; it is still susceptible to key loggers etc.

[DeathAndTaxes]

somethings fishy about that post.  from the OP:

"I didn't enter my password when I opened my wallet..."

that isn't possible if his wallet was encrypted. 

Not necessarily.  The QT client only prompts for password when performing an action which requires access to the private keys (normally signing a message or sending bitcoins).  This is intentional to reduce scope where password can be grabbed.  Launching the client to check your balance for example doesn't require access to the private keys and thus the client won't prompt to decrypt the wallet.

[BTC Books]

Interesting.

My immediate thought is that this user backed up his wallet right after installing bitcoin-qt (which is common), to somewhere on the operating system hard drive.  And that he did so before encrypting it (which is also common) - and that the backup wallet was not re-named to some name other than 'wallet' (which is also very common) - so if this javascript searched his drive the unencrypted backup wallet could be found easily.

My next thought is to wonder if it was a fresh install - or an upgrade from an unencryptable version of bitcoin, like 0.3.21.  Backups from the original installation could still be on his hard drive.

My last thought is that this could easily be intentional FUD.  I've noticed that the longer I've been involved with bitcoin, the less charitable I've become in that regard.

[SgtSpike]

Good points all!  I'm changing the title.

[Icon]

Well one thing is using Java (not java script) is a cesspool of hacks/exploits/everything in the middle. If you want to get hacked please keep running  Java. Java is constantly being updated/hacked  on a daily basis.
Also what is the encryption method being used to secure the wallet.dat file in Bitcon QT?

Anyone know the cipher key size 128 bit/256 bit? And the method being used for the encryption?
 

[cypherdoc]

Well one thing is using Java (not java script) is a cesspool of hacks/exploits/everything in the middle. If you want to get hacked please keep running  Java. Java is constantly being updated/hacked  on a daily basis.
Also what is the encryption method being used to secure the wallet.dat file in Bitcon QT?

Anyone know they cipher key size 128 bit/256 bit? And the method being used for the encryption?
 

just what is a Windows user to do?

it is annoying as heck having to constantly update Java for fear of an exploit.  linux devs need to enable those of us using proprietary Windows programs to run them on linux.  no, virtual box doesn't do the trick.  nor Wine...

[DeathAndTaxes]

Well one thing is using Java (not java script) is a cesspool of hacks/exploits/everything in the middle. If you want to get hacked please keep running  Java. Java is constantly being updated/hacked  on a daily basis.
Also what is the encryption method being used to secure the wallet.dat file in Bitcon QT?

Agreed I have long since given up on Java.  I won't install it on any machine and won't use any site/app which requires it.  Until Oracle starts taking security seriously it is too much of a vulnerability.  Java + bitcoin = "please steal my coins".

Anyone know they cipher key size 128 bit/256 bit? And the method being used for the encryption?

The encryption method is AES with a 256 bit symetric key.  The key is derived from the password by hashing the password with SHA512 a dynamic number of times (~10,000 on average 2012 computer system) using the EVP_BytesToKey function from the OpenSSL library. The number of iterations varies because the wallet will do a quick benchmark first a pick a high number of rounds that can still be completed in <1 second.  The faster your computer the more rounds are used in the key derivative function.  Every time you change the password the wallet will run the benchmark again.  This ensure the algorithm will keep up with the effects of Moore's law.  If you get a new faster system for maximum security change your password.

[Icon]

Well one thing is using Java (not java script) is a cesspool of hacks/exploits/everything in the middle. If you want to get hacked please keep running  Java. Java is constantly being updated/hacked  on a daily basis.
Also what is the encryption method being used to secure the wallet.dat file in Bitcon QT?

Anyone know they cipher key size 128 bit/256 bit? And the method being used for the encryption?
 

just what is a Windows user to do?

it is annoying as heck having to constantly update Java for fear of an exploit.  linux devs need to enable those of us using proprietary Windows programs to run them on linux.  no, virtual box doesn't do the trick.  nor Wine...

Well one thing running Java on any platform not just Windows has the same or very close the same exploits, seeing Java was designed to be cross platform.

One of the most secure things you can do now is to uninstall Java unless you absolutely need it. If installed make sure you use the disable Java from running in the browser option.

[blockbet.net]

I know Java is considered unsafe, but damn, it can steal files from your hard drive?

Another question, isn't virus/malware protection supposed to prevent keyloggers and malicious Java apps from running? I guess there are always exceptions that can work around those, but as a general rule?

[Timo Y]

I do all my web browsing, pdf&word file opening, etc. from inside a Virtualbox virtual machine.  I recommend the same for all hot wallet users.

[DeathAndTaxes]

I know Java is considered unsafe, but damn, it can steal files from your hard drive?

Another question, isn't virus/malware protection supposed to prevent keyloggers and malicious Java apps from running? I guess there are always exceptions that can work around those, but as a general rule?

Most "defense" software (anti virus, anti malware) work on signatures.  It is a constant battle between hackers exploiting new vulnerabilities and anti-malware software adding those new malware to their detection libraries.  No defense software is 100% effective against 0-day threats.  Never had and never will be.  Now you should still use it but it should be the last line of defense not the first.

Regarding java.  Yes it is horribly horribly insecure.  If you run an untrusted java app the attacker can do just about anything he could do if logged in directly on your computer.  If you have java uninstall it completely now.

[Timo Y]

it is annoying as heck having to constantly update Java for fear of an exploit.  

Java itself isn't a huge problem, as long as you only use Java applications that you trust. The problem is the Java browser plugin. Just disable it.

[virtualmaster]

Wallet encryption is good but is not intended to protect against keyloggers.
You most use for your transactions a clean computer, best a linux, and not one where you try all games from the internet.
But if you cannot avoid to use an insecure computer for bitcoin then at least you should use some keylogger protection when you type in the password.
( http://www.aplin.com.au/ - Neo's SafeKeys for windows)

[Luckybit]

Be careful out there...

Reposting this because I think this needs to be addressed as an exploit.

Last night around 9PM PDT, I clicked a link to go to CoinChat[.]freetzi[.]com - and I was prompted to run java. I did (thinking this was a legitimate chatoom), and nothing happened. I closed the window and thought nothing of it.

I opened my bitcoin-qt wallet approx 14 minutes later, and saw a transaction that I did NOT approve go to wallet 1Es3QVvKN1qA2p6me7jLCVMZpQXVXWPNTC for almost my entire wallet (2.07 BTC).

I had something like 2.07225 BTC.

This is an exploit that was able to steal BTC from an encrypted wallet without having my password - how is this possible? I thought for the most part that bitcoin-qt was safe against these types of attacks as long as the wallet is encrypted.

This legitimately happened to me and I think this exploit needs to be given some attention, please do not downvote as I want to figure out why this exploit was able to access my encrypted wallet without having my password.

So, /r/bitcoin - what happened here?

More info: Browser - Chrome OS - Windows Wallet Version - 0.8.0beta

http://www.reddit.com/r/Bitcoin/comments/1cokps/java_exploit_stole_all_my_btc/

That is why you should never run Java and that is why you should use caution when storing your coins. Why put them all in one place?