Bitcoin Forum
June 25, 2019, 06:52:27 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Have I been hacked? how?  (Read 11501 times)
haimcn
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
July 07, 2013, 07:38:39 PM
 #21

Though, big money transfers are being done with marked bills, which gives the option to catch the thief.
You can catch the thief, but you can't confiscate them from a third party if he was uninvolved and just happened to be paid with one such bills.

And you can already try to do that with bitcoin: the ledger is public and you can look at the path that those coins will follow, eventually hitting a known address.
Which might or might not be related with the thief.
It likely won't.

First, it is only an idea that I don't know how to resolve all the problems with it.

What I thought of is to block the address of the thief, that way he won't be able to pay anyone so there is no problem with confiscating money from uninvolved party.
Take the theft from MT.Gox, the addresses are known and the coins are untouched, so if miners will refuse to mine transactions from these addresses only the thief will be harmed, it won't get the coins back but it will reduce the incentive from stealing.
As I wrote before, now someone needs to find a way to prove that it is really a theft.

Mine RVN and with 0% mining fees and get paid in BTC, ETH, XMR or RVN.

www.cudominer.com Get Cudo Miner
Auto coin switching, third-party miners, overclocking and remote management (Win/Linux)
Run from a USB stick or install from an ISO image (Linux)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Lohoris
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Bitgoblin


View Profile
July 07, 2013, 08:04:58 PM
 #22

First, it is only an idea that I don't know how to resolve all the problems with it.

What I thought of is to block the address of the thief, that way he won't be able to pay anyone so there is no problem with confiscating money from uninvolved party.
[...]
As I wrote before, now someone needs to find a way to prove that it is really a theft.
This makes no sense.
Again, cash is cash is cash.
If you appoint some "higher authority" to decide that some cash is no longer cash, the whole currency becomes worthless.

Again, this is not a problem that has yet to be solved, this is a problem that cannot be solved.
It is not a problem with no known solution, it is a problem which is known to have no solution.

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
Mr.Dreamanonym
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
July 07, 2013, 08:05:07 PM
 #23

Hi

I'm not that newbie, or at least i thought so, but I think I have been hacked and I wondered if someone can hint on how.

I used my account in blockchain.info for satoshidice gambling from address 16io8zfbhStqe9WVdHN3JLzc29D73okaoy.
On Saturday, 45 minutes after a the last satoshidice transactions, an unknown transaction emptied my wallet.

First, I assume I have nothing to do with it and the coins were lost, correct?
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.

Thanks, Haim

What the fuck !
Lohoris
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Bitgoblin


View Profile
July 07, 2013, 08:12:48 PM
 #24

That said, your coins are sitting here, and this is quite a strange address.
Created in march with two big (20, 24 BTC) transactions, fueled with some more strange transactions (with the same input address appearing multiple times in the same transaction), no outgoing transactions ever.

Also, I'm not sure how the blockchain.info taint analysis works, but I find it quite odd that your source address appears with a count of 108, instead of 1 as I would have expected.

Are you sure you have been robbed and you aren't trolling us all?
Anyone who knows how that taint analysis works care to shed some light?

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 2352
Merit: 1064


Bitcoin is antisemitic


View Profile
July 07, 2013, 08:18:27 PM
 #25

Maybe is better to be careful with BTC on smartphones:
'Master key' to Android phones uncovered
http://www.bbc.co.uk/news/technology-23179522
haimcn
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
July 07, 2013, 08:21:38 PM
 #26

Are you sure you have been robbed and you aren't trolling us all?
I wish!!
I don't really have what to gain by that...
Pastelarts
Newbie
*
Offline Offline

Activity: 42
Merit: 0



View Profile
July 07, 2013, 08:30:12 PM
 #27

Maybe is better to be careful with BTC on smartphones:
'Master key' to Android phones uncovered
http://www.bbc.co.uk/news/technology-23179522

ARF !
meekstav876
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
July 07, 2013, 09:50:02 PM
 #28

I don't think you will get return your coins.  Sad
xenog
Newbie
*
Offline Offline

Activity: 38
Merit: 0



View Profile WWW
August 05, 2013, 03:16:04 PM
 #29

My friend has an Android phone with Andreas Schildbach Android Wallet in it. Last night it sent all the bitcoins in the phone to that same Bitcoin address. We don't understand how it got hacked yet. We're investigating. This is the transaction:

https://blockchain.info/tx/211c135e58dc55bcce4c71dc02eae2dffc5a55387c29e8144bf1cd1e8878e52e
TradeFortress 🏕
VIP
Legendary
*
Offline Offline

Activity: 1176
Merit: 1023


View Profile
August 05, 2013, 03:35:02 PM
 #30

FYI, Inputs.io has much stronger security features. An attacker signing in from a remote location would need to also compromise your email and PIN which is very difficult to keylog.
xenog
Newbie
*
Offline Offline

Activity: 38
Merit: 0



View Profile WWW
August 05, 2013, 04:16:47 PM
 #31

haimcn, was your wallet generated using the Android Blockchain.info app or was it generated from a regular PC using the web browser interface to Blockchain.info?
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 141


View Profile
August 08, 2013, 10:48:38 AM
 #32

Hello,

The problem is that the bitcoin application generates bad signatures, reusing random numbers. In this case this transaction was the culprit:

https://blockchain.info/de/tx/54ac98e2301b9c7fdab5cfe93907032cc1248f9d5995cee70f38e98ba93d2d7f

Can you confirm that the transaction (sending 0.02 BTC to 1DzUV...) was generated by the android app?  You should send a bug report to the author of the app you used to generate this transaction.  The problem is that it uses the same r-value b8e6c364b50eada68923eb07930b294411826e6068f0dcbe7514154881d75812 twice in the signature, which is enough to break the ECDSA signature scheme and reveal the public key (5HrE9sgmeWu6mW...). Everyone can break the key with this information.

This problem occurs more and more frequently in recent times.  Usually there is a transaction to the 1Hkywx.. address within a few hours after the bad transaction, so it seems someone has a script that monitors this problem. 

At the moment there are 147 exposed keys.  The recent ones usually have a lot of transactions before the problem occurs, so it seems to occur rarely, but it occurs several times a month (worldwide).

I hope this post sheds some light into the problem.

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 141


View Profile
August 08, 2013, 12:55:52 PM
 #33

@Xeno-Genesis

For you the bad transactions were
https://blockchain.info/tx/b6350f4339a59faf09bfc2a4086c2261598f46f257517ce53785145c964799bc
https://blockchain.info/tx/38fbb8a3ff718dd7c8006feb6aa9ed6add1772522781b0db95abb350a859220b

which use the same R-value in the signature.  It is strange that the same random number was generated in two transactions that are four days apart.  This doesn't fit the usual pattern. Which bitcoin client do you use?

The stealing transaction occured less then five hours after the transaction that reused the R-value.


Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Bitcoinnoob420
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
August 08, 2013, 02:39:55 PM
 #34

this happened to me recently they removed the funds from my gambling account.
winter
Legendary
*
Offline Offline

Activity: 1532
Merit: 1000



View Profile
August 08, 2013, 05:10:30 PM
 #35

crazy that it seems to be the android app
BurtW
Legendary
*
Offline Offline

Activity: 2478
Merit: 1044

All paid signature campaigns should be banned.


View Profile WWW
August 10, 2013, 03:09:03 PM
 #36

crazy that it seems to be the android app

So far 55.82152538 BTC have been taken (see https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj)

If what johoe says is true then this bug of every once in a while reusing the same random number may exist in both the blockchain.info android wallet and the Andreas Schildbach Android Wallet.

Perhaps they both use the same faulty random number generation library?  It would be very interesting to look at all the libraries used by both applications and focus on the crypto libraries used by both applications.

A third point of reference might be this:

this happened to me recently they removed the funds from my gambling account.

Bitcoinnoob420:  please give us as many details as you can on your case.  Did the gambling client in question use the android phone?

johoe:  can you give us more details please?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1008


View Profile
August 10, 2013, 06:52:49 PM
 #37

The version of Android you're on would also be useful.
wrend
Member
**
Offline Offline

Activity: 76
Merit: 10


View Profile
August 12, 2013, 12:12:39 AM
 #38

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----

winter
Legendary
*
Offline Offline

Activity: 1532
Merit: 1000



View Profile
August 19, 2013, 04:28:07 PM
 #39

seems like its at it again 1.8BTC was placed in that address

https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj
Girzzzz
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
August 19, 2013, 07:50:05 PM
 #40

Blockchain keeps wallet keys on hard drive. Do you have any friends familiar with BTC with access to your computer? It is a moment to copy wallet.dat Smiley
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!