haimcn (OP)
Newbie
 Offline
Activity: 15
Merit: 0
|
 |
July 07, 2013, 07:38:39 PM |
|
Though, big money transfers are being done with marked bills, which gives the option to catch the thief.
You can catch the thief, but you can't confiscate them from a third party if he was uninvolved and just happened to be paid with one such bills. And you can already try to do that with bitcoin: the ledger is public and you can look at the path that those coins will follow, eventually hitting a known address. Which might or might not be related with the thief. It likely won't. First, it is only an idea that I don't know how to resolve all the problems with it. What I thought of is to block the address of the thief, that way he won't be able to pay anyone so there is no problem with confiscating money from uninvolved party. Take the theft from MT.Gox, the addresses are known and the coins are untouched, so if miners will refuse to mine transactions from these addresses only the thief will be harmed, it won't get the coins back but it will reduce the incentive from stealing. As I wrote before, now someone needs to find a way to prove that it is really a theft. |
|
|
|
|
|
|
|
|
|
|
|
The forum strives to allow free discussion of any ideas. All policies are built around this principle. This doesn't mean you can post garbage, though: posts should actually contain ideas, and these ideas should be argued reasonably.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
Lohoris
|
|
July 07, 2013, 08:04:58 PM |
|
First, it is only an idea that I don't know how to resolve all the problems with it.
What I thought of is to block the address of the thief, that way he won't be able to pay anyone so there is no problem with confiscating money from uninvolved party.
[...]
As I wrote before, now someone needs to find a way to prove that it is really a theft.
This makes no sense. Again, cash is cash is cash. If you appoint some "higher authority" to decide that some cash is no longer cash, the whole currency becomes worthless. Again, this is not a problem that has yet to be solved, this is a problem that cannot be solved. It is not a problem with no known solution, it is a problem which is known to have no solution. |
|
|
|
Mr.Dreamanonym
Newbie
Offline
Activity: 56
Merit: 0
|
|
July 07, 2013, 08:05:07 PM |
|
Hi I'm not that newbie, or at least i thought so, but I think I have been hacked and I wondered if someone can hint on how. I used my account in blockchain.info for satoshidice gambling from address 16io8zfbhStqe9WVdHN3JLzc29D73okaoy. On Saturday, 45 minutes after a the last satoshidice transactions, an unknown transaction emptied my wallet. First, I assume I have nothing to do with it and the coins were lost, correct? Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone. Thanks, Haim What the fuck ! |
|
|
|
|
|
Lohoris
|
|
July 07, 2013, 08:12:48 PM |
|
That said, your coins are sitting here, and this is quite a strange address. Created in march with two big (20, 24 BTC) transactions, fueled with some more strange transactions (with the same input address appearing multiple times in the same transaction), no outgoing transactions ever. Also, I'm not sure how the blockchain.info taint analysis works, but I find it quite odd that your source address appears with a count of 108, instead of 1 as I would have expected. Are you sure you have been robbed and you aren't trolling us all? Anyone who knows how that taint analysis works care to shed some light? |
|
|
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 08:21:38 PM |
|
Are you sure you have been robbed and you aren't trolling us all?
I wish!! I don't really have what to gain by that... |
|
|
|
|
Pastelarts
Newbie
Offline
Activity: 42
Merit: 0
|
|
July 07, 2013, 08:30:12 PM |
|
|
|
|
|
|
meekstav876
Newbie
Offline
Activity: 28
Merit: 0
|
|
July 07, 2013, 09:50:02 PM |
|
I don't think you will get return your coins.  |
|
|
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
August 05, 2013, 03:35:02 PM |
|
FYI, Inputs.io has much stronger security features. An attacker signing in from a remote location would need to also compromise your email and PIN which is very difficult to keylog.
|
|
|
|
|
xenog
Jr. Member
Offline
Activity: 38
Merit: 1
|
|
August 05, 2013, 04:16:47 PM |
|
haimcn, was your wallet generated using the Android Blockchain.info app or was it generated from a regular PC using the web browser interface to Blockchain.info?
|
|
|
|
|
|
johoe
|
Hello, The problem is that the bitcoin application generates bad signatures, reusing random numbers. In this case this transaction was the culprit: https://blockchain.info/de/tx/54ac98e2301b9c7fdab5cfe93907032cc1248f9d5995cee70f38e98ba93d2d7fCan you confirm that the transaction (sending 0.02 BTC to 1DzUV...) was generated by the android app? You should send a bug report to the author of the app you used to generate this transaction. The problem is that it uses the same r-value b8e6c364b50eada68923eb07930b294411826e6068f0dcbe7514154881d75812 twice in the signature, which is enough to break the ECDSA signature scheme and reveal the public key (5HrE9sgmeWu6mW...). Everyone can break the key with this information. This problem occurs more and more frequently in recent times. Usually there is a transaction to the 1Hkywx.. address within a few hours after the bad transaction, so it seems someone has a script that monitors this problem. At the moment there are 147 exposed keys. The recent ones usually have a lot of transactions before the problem occurs, so it seems to occur rarely, but it occurs several times a month (worldwide). I hope this post sheds some light into the problem. |
Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
|
|
|
|
|
Bitcoinnoob420
Newbie
Offline
Activity: 9
Merit: 0
|
|
August 08, 2013, 02:39:55 PM |
|
this happened to me recently they removed the funds from my gambling account.
|
|
|
|
|
winter
Legendary
Offline
Activity: 1338
Merit: 1000
|
|
August 08, 2013, 05:10:30 PM |
|
crazy that it seems to be the android app
|
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1130
All paid signature campaigns should be banned.
|
crazy that it seems to be the android app
So far 55.82152538 BTC have been taken (see https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj) If what johoe says is true then this bug of every once in a while reusing the same random number may exist in both the blockchain.info android wallet and the Andreas Schildbach Android Wallet. Perhaps they both use the same faulty random number generation library? It would be very interesting to look at all the libraries used by both applications and focus on the crypto libraries used by both applications. A third point of reference might be this: this happened to me recently they removed the funds from my gambling account.
Bitcoinnoob420: please give us as many details as you can on your case. Did the gambling client in question use the android phone? johoe: can you give us more details please? |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1128
|
|
August 10, 2013, 06:52:49 PM |
|
The version of Android you're on would also be useful.
|
|
|
|
|
wrend
Member
Offline
Activity: 76
Merit: 10
|
|
August 12, 2013, 12:12:39 AM |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 http://bitcoin.org/en/alert/2013-08-11-androidWe recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet. In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one. If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup. Updates for other wallet apps should be released shortly. Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.orgiQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74 svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7 lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24= =AFBd -----END PGP SIGNATURE----- |
|
|
|
|
winter
Legendary
Offline
Activity: 1338
Merit: 1000
|
|
August 19, 2013, 04:28:07 PM |
|
|
|
|
|
|
Girzzzz
Newbie
Offline
Activity: 5
Merit: 0
|
|
August 19, 2013, 07:50:05 PM |
|
Blockchain keeps wallet keys on hard drive. Do you have any friends familiar with BTC with access to your computer? It is a moment to copy wallet.dat  |
|
|
|
|
|
