Bitcoin Forum
December 12, 2017, 01:29:55 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Damn $500 lost due to wallet compromised in Burst Wallet  (Read 325 times)
puremage111
Hero Member
*****
Offline Offline

Activity: 630


★★ SalPay★★ ICO


View Profile
May 09, 2017, 12:42:14 PM
 #1



Guess the reason why is due to i didn't use the randomize password instead put an easy one.
Forgot to change even everytime it notify me.

Don't think my pc is infected with anything as other coins are still safe

If am not mistaken, he actually bruteforced over the account and yeah

I just put a very easy password instead of putting a passphrase

4 Letter word x 4 in a row

Lesson learned here, $500 for a big lesson damn

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513042195
Hero Member
*
Offline Offline

Posts: 1513042195

View Profile Personal Message (Offline)

Ignore
1513042195
Reply with quote  #2

1513042195
Report to moderator
Lorenzo
Sr. Member
****
Offline Offline

Activity: 406



View Profile
May 09, 2017, 01:44:40 PM
 #2

I've never used BURST before but I have some coins on Poloniex and am familiar with the hard drive mining concept.

I believe BURST works in the same way as NXT (which it is based on) in that the passphrase is basically the private key.

A private key is all you need to "own" an account so anyone has access to the Bitcoin wallet with the private key corresponding to the letter "a" for example or for single dictionary words like "cat" or "dog", and putting coins into these publicly known addresses would instantly result in someone detecting it and sweeping them to an address that only they control.

There are people out there who have enormous lists of such Bitcoin addresses with easily guessable private keys. Likewise with NXT, there are people who have enormous lists of NXT addresses with such passphrases. They continuously look for incoming transactions and will try to snatch the coins into their own wallets before anyone else does.

You probably weren't targeted specifically. Even if you have top-notch security, if you have an easy-to-guess passphrase then eventually someone will find your coins and take them.

I'm surprised that someone has gone through the trouble of doing the same for BURST though, since its market cap is so low. I suppose it's possible that there was a manual passphrase collision as well - i.e. someone else somewhere in the world chose the exact same passphrase as yours but given the small size of the BURST community and the fact that the coins were taken immediately afterwards, that's probably quite unlikely.

12 random words from the dictionary is a good passphrase and is what NXT uses. A 35+ character passphrase with letters, numbers, symbols, and upper and lower case characters should also be safe. When in doubt, it's probably best to just use the passphrase that the wallet automatically generates for you.
puremage111
Hero Member
*****
Offline Offline

Activity: 630


★★ SalPay★★ ICO


View Profile
May 09, 2017, 02:02:25 PM
 #3

I've never used BURST before but I have some coins on Poloniex and am familiar with the hard drive mining concept.

I believe BURST works in the same way as NXT (which it is based on) in that the passphrase is basically the private key.

A private key is all you need to "own" an account so anyone has access to the Bitcoin wallet with the private key corresponding to the letter "a" for example or for single dictionary words like "cat" or "dog", and putting coins into these publicly known addresses would instantly result in someone detecting it and sweeping them to an address that only they control.

There are people out there who have enormous lists of such Bitcoin addresses with easily guessable private keys. Likewise with NXT, there are people who have enormous lists of NXT addresses with such passphrases. They continuously look for incoming transactions and will try to snatch the coins into their own wallets before anyone else does.

You probably weren't targeted specifically. Even if you have top-notch security, if you have an easy-to-guess passphrase then eventually someone will find your coins and take them.

I'm surprised that someone has gone through the trouble of doing the same for BURST though, since its market cap is so low. I suppose it's possible that there was a manual passphrase collision as well - i.e. someone else somewhere in the world chose the exact same passphrase as yours but given the small size of the BURST community and the fact that the coins were taken immediately afterwards, that's probably quite unlikely.

12 random words from the dictionary is a good passphrase and is what NXT uses. A 35+ character passphrase with letters, numbers, symbols, and upper and lower case characters should also be safe. When in doubt, it's probably best to just use the passphrase that the wallet automatically generates for you.


Yeah, i underestimated it as all over 22 year, i am a very security concern person, i dont simply download harmful links, do malware checks

My passphrase is to easy to get bruteforce

awerawerawerawer

Yeah, i am making a real big mistakes here

Anyhow, really thanks for the help and explanation here

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!