Bitcoin Forum
January 17, 2022, 07:29:49 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 3 4 [All]
  Print  
Author Topic: Blockchain.info security [FUNDS STOLEN]  (Read 27875 times)
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 19, 2013, 03:27:16 PM
 #1

I used Blockchain.info online wallet for small transactions on my Windows 7 64-bit PC with strong password kept in KeePass.
Today I noticed that about 1.8 BTC was stolen from one of the addresses (which used for Anonymous Ads earnings), but funds from other addresses in this wallet were not affected.
This leads me on thoughts that Blockchain.info or Firefox may have some weakness in random number generator like the vulnerability was recently found in the Android.

TXID with my funds gone: https://blockchain.info/tx/975412ecc21a0ad949deba3f47c6ac41e42fb7bd3f7eeb36cc071f151003d8c9

1642404589
Hero Member
*
Offline Offline

Posts: 1642404589

View Profile Personal Message (Offline)

Ignore
1642404589
Reply with quote  #2

1642404589
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1642404589
Hero Member
*
Offline Offline

Posts: 1642404589

View Profile Personal Message (Offline)

Ignore
1642404589
Reply with quote  #2

1642404589
Report to moderator
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
August 19, 2013, 03:37:08 PM
 #2

https://bitcointalk.org/index.php?topic=271486.msg2907468#msg2907468

Same address, are you sure that you never used wallet on android cell?
I mean same identifier etc.
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 19, 2013, 03:40:05 PM
 #3

Same address, are you sure that you never used wallet on android cell?
I mean same identifier etc.
Newer used on Android. Only on Windows 7 and few times on Linux Mint.

P.S. Does it mean that all Blockchain.info addresses are vulnerable and funds from them could be stolen at any time? Huh
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 3640
Merit: 5978



View Profile
August 19, 2013, 06:40:37 PM
 #4

Were any of the keys imported / brainwallets / or vanity?
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1039


View Profile
August 19, 2013, 09:15:46 PM
 #5

We need the tool that scans for re-used R values.
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 19, 2013, 09:19:10 PM
 #6

Were any of the keys imported / brainwallets / or vanity?
No one address was ever imported. All generated into the browser (mostly Chrome, few times Firefox).
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 19, 2013, 11:14:12 PM
 #7

Your transaction with the repeated signature R values is this one:

https://blockchain.info/tx/e05d98ee17d4610eb4e63cf27dd4e63f7128dc28187ae73588ca5562d9391bb8

Inputs 0 and 2 specifically.  If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.

The 'k' value was 0x7f561ff2d0a848480f575773dd8b72f17cabc9f202951d9c7392b331b0565f28

I have a tool that can find these things and solve for the private keys but it's a total kludge and I don't use it to snatch funds nor run it on a rolling basis.   However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.

... since the guy currently exploiting this at the moment https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj is just cleaning em up and I'm not holding out hope he has plans to return anything.
Luke-Jr
Legendary
*
Offline Offline

Activity: 2534
Merit: 1108



View Profile
August 19, 2013, 11:27:58 PM
 #8

However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.
I'd suggest just requiring the signature of the key itself, plus verifying a name/address.
Then share the name/address with others signing for it and let the legit party sue the fraudulent claimee(s) in court. Smiley

smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
August 19, 2013, 11:59:35 PM
 #9

I'm thinking of augmenting it so that it snatches weak funds immediately
The legal risk is too high.
On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

Of course I gave you bad advice. Good one is way out of your price range.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 3640
Merit: 5978



View Profile
August 20, 2013, 12:11:06 AM
 #10

FWIW, My logs show someone was complaining at one point a while back their new wallet under chrome had someone elses coin in it. They dropped out before I could extract useful information from them. May be related.

One thing that has long really frightened me about all these webwallets is that if they fail to read from the secure rng they just use some snake oil "randomness" (the mouse position) that has practically no entropy.
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 12:22:16 AM
 #11

I'm thinking of augmenting it so that it snatches weak funds immediately
The legal risk is too high.
On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.

Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it?  Any lawyers out there?
millsdmb
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 20, 2013, 12:36:37 AM
 #12

Another blockchain.info wallet here loss https://bitcointalk.org/index.php?topic=277601.0

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
August 20, 2013, 12:44:21 AM
 #13

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.
I'm eager to refresh my math skills and play with modern cryptography a bit. Looks like RNGs are good target to try bit diffusion methods. But if such attempt will succeed, touching any weak address by myself would be both unethical and legally risky. And by publishing research results I'll shift all such problems to someone else Smiley
Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it?  Any lawyers out there?
The only way I can see under Russian Federation laws to get to such third party is deriving private key from something protected by copyright. OK, IANAL and that's offtopic here.

Of course I gave you bad advice. Good one is way out of your price range.
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 20, 2013, 12:44:26 AM
 #14

If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.
I created this address in April 2013 with Google Chrome on Windows 7 64-bit.

P.S. This hacker stole 0.02 BTC again from the same address right after I received earnings from Anonymous Ads!
https://blockchain.info/tx/edf891400feba38339738910aeb40545a77e7c69ad9ff58ab208999df3d6db4f
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 20, 2013, 12:49:12 AM
 #15

The only way I can see under Russian Federation laws to get to such third party is deriving private key from something protected by copyright. OK, IANAL and that's offtopic here.
According to Russian criminal code it seems to be fraud (article 159 applies to any property, not only fiat money).
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 3640
Merit: 5978



View Profile
August 20, 2013, 12:52:43 AM
 #16

I created this address in April 2013 with Google Chrome on Windows 7 64-bit.
We need to know what system created the transactions that were linked above as reusing R values.

Though the sudden reports suggests to me that this was a product of recent bc.i code changes, not the browsers.
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 20, 2013, 12:58:19 AM
 #17

We need to know what system created the transactions that were linked above as reusing R values.
Do you mean that need to know what was hacker's system?
smolen
Hero Member
*****
Offline Offline

Activity: 524
Merit: 500


View Profile
August 20, 2013, 01:03:37 AM
 #18

The only way I can see under Russian Federation laws to get to such third party is deriving private key from something protected by copyright. OK, IANAL and that's offtopic here.
According to Russian criminal code it seems to be fraud (article 159 applies to any property, not only fiat money).
It would be rather article 158 or freshly minted 159.6. But the Bitcoin should pass tests defined in article 128 of Civil Code first. When (and if) it will be deemed as some kind of property, the advances in tax planning art would be astounding!

Of course I gave you bad advice. Good one is way out of your price range.
giantdragon
Legendary
*
Offline Offline

Activity: 1582
Merit: 1002



View Profile
August 20, 2013, 01:11:36 AM
 #19

It would be rather article 158 or freshly minted 159.6. But the Bitcoin should pass tests defined in article 128 of Civil Code first. When (and if) it will be deemed as some kind of property, the advances in tax planning art would be astounding!
In Russia class-action lawsuits are impossible, but individual litigation is too time-consuming and just not worth.
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 01:25:07 AM
Last edit: August 20, 2013, 03:06:44 AM by Jesse James
 #20

Holy shit ... I just re-examined my research on all repeated R-values in signatures made in July/Aug.  

I now suspect blockchain.info was responsible for all of these R repeats except the last .... (note this data is through today - block 253081).



The more serious of the 2 android SecureRandom bugs as detailed by the commenter Nikolay Elenkov, only could cause repeated R's across application invocations (and not in the same transaction), thus one would expect to see a R repeat from an android client spaced in time (across transactions) and not relayed directly through blockchain.info.  This fits the pattern of the last example.  

All the other R repeats happen within the same transaction and the transactions are relayed directly through blockchain.info.  Being relayed directly though blockchain.info means it was likely submitted by their wallet (or less likely but also possible ... another wallet that uses their API).  

Edit 1: Updated research to include repeats from recent blocks.
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
August 20, 2013, 01:31:45 AM
 #21

I'm thinking of augmenting it so that it snatches weak funds immediately
The legal risk is too high.
On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.

Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it?  Any lawyers out there?


In the USA?
You have a civil claim of course.  And for criminal, Wire Fraud.  If interstate or international, Federal rules apply:
http://www.law.cornell.edu/uscode/text/18/1343

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 07:17:40 AM
Last edit: August 20, 2013, 08:29:10 AM by Jesse James
 #22

After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment.  I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first.  Stay tuned.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1039


View Profile
August 20, 2013, 09:25:55 AM
 #23

My understanding is that b.i uses the "web crypto" APIs when available, and they should be more or less a direct path through to the platform crypto RNG.

However if the browser does not support those APIs then it basically just invents its own RNG. I recall bringing this issue up before, a long time ago, but I don't remember what became of it.
VTC
Member
**
Offline Offline

Activity: 83
Merit: 14



View Profile
August 20, 2013, 09:47:31 AM
 #24

After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment.  I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first.  Stay tuned.

Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet?  Is the blockchain wallet safe to make transactions with manual key rotation?
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 10:16:12 AM
 #25

After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment.  I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first.  Stay tuned.

Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet?  Is the blockchain wallet safe to make transactions with manual key rotation?

If you are feeling careful, IMHO it would be wise to move to a non-javascript wallet for the time being ... and when you move, do it with a single transaction ... that way even if your signature(s) expose the private key you're moving from, they'll be nothing there left to spend.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 3640
Merit: 5978



View Profile
August 20, 2013, 10:21:48 AM
 #26

Careful with that "move all at once". If your move transaction reveals your private key it may be the case that people are attacking in realtime now and might beat you w/ a double spend.

I would prefer to move the keys into something that doesn't have known DSA nonce concerns and send that movement transaction from there, if at all possible.
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1001



View Profile WWW
August 20, 2013, 11:11:40 AM
 #27

Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.

Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.

Chrome extension - v2.85
Fixefox extension - v1.97
Mac client - v0.11

Users of the web interface should clear their browsers cache before next login.

Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email help@blockchain.info.

🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1260
Merit: 1036

👻


View Profile
August 20, 2013, 11:22:35 AM
 #28

Nice speedy fix Smiley

Could you push out the source code changes to https://github.com/blockchain/My-Wallet-Chrome-Extension ? It hasn't been updated for 3 months.
Gaff
Hero Member
*****
Offline Offline

Activity: 924
Merit: 502


View Profile
August 20, 2013, 01:01:56 PM
 #29

Is it possible for a bitcoin wallet to scan all previous transactions to check that the r value isn't being reused before broadcasting the new transaction? I appreiciate it might be expensive to calculate if you have a lot of transactions in your wallet O(n^2)? but for most wallets that's a small enough number I'd have thought?
lenny_
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000


DARKNETMARKETS.COM


View Profile WWW
August 20, 2013, 01:14:28 PM
 #30

I've been using blockchain.info wallet directly in my Firefox, without installing any browser extension. Am I vulnerable to this bug?

DARKNET MARKETS >> https://DARKNETMARKETS.COM
Mushoz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Bitbuy


View Profile WWW
August 20, 2013, 03:06:51 PM
 #31

I've been using blockchain.info wallet directly in my Firefox, without installing any browser extension. Am I vulnerable to this bug?

You are vulnerable, yes. But since no funds were stolen from you (I presume?), the bug luckily wasn't triggered (it didn't use the same R value twice) as it seems some people are actively scanning the blockchain and stealing whenever the bug happens. The bug is already fixed according to Piuk. Just clear your browser cache and you should be safe again.

www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1086

All paid signature campaigns should be banned.


View Profile WWW
August 20, 2013, 03:11:26 PM
 #32

Can someone please run the script on these two addresses and determine if this theft was caused by the bad signatures and comment in this thread:

https://bitcointalk.org/index.php?topic=277601.0

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Marko Schmid
Newbie
*
Offline Offline

Activity: 8
Merit: 0



View Profile
August 20, 2013, 03:14:08 PM
 #33

Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.

Chrome extension - v2.85
Fixefox extension - v1.97
Mac client - v0.11

Here's how to manually force the update in Chrome.

1. Go to "chrome://extensions"
2. Select "developer mode"
3. Click "update extensions now"
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1086

All paid signature campaigns should be banned.


View Profile WWW
August 20, 2013, 03:25:26 PM
 #34

However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.
I believe that if you can prove that change was sent to the address in a transaction from an address you can prove ownership to (by signing a message) then that should good enough.  However, this obviously does not work if no change was ever sent to the address in question.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
guitarplinker
Legendary
*
Offline Offline

Activity: 1694
Merit: 1024



View Profile WWW
August 20, 2013, 03:38:46 PM
 #35

I have a few questions:
1. I've only used Google Chrome with my blockchain wallet, and haven't installed the blockchain extensions, only used the website. I've also cleared my cache just a minute ago, am I vulnerable?
2. Were paper wallets at risk with this? Like, just an imported public address, with no private key.
3.) After clearing my cache, is there anything else I should do to make sure I'm secure?
Jouke
Sr. Member
****
Offline Offline

Activity: 426
Merit: 250



View Profile WWW
August 20, 2013, 03:40:36 PM
 #36

Can someone please run the script on these two addresses and determine if this theft was caused by the bad signatures and comment in this thread:

https://bitcointalk.org/index.php?topic=277601.0

afaik these addresses were not compromised by non-random numbers. But my script is not really sophisticated, so I might be wrong.

Koop en verkoop snel en veilig bitcoins via iDeal op Bitonic.nl
dc81
Member
**
Offline Offline

Activity: 109
Merit: 100


View Profile
August 20, 2013, 04:25:42 PM
 #37

Nice speedy fix Smiley

Could you push out the source code changes to https://github.com/blockchain/My-Wallet-Chrome-Extension ? It hasn't been updated for 3 months.

looks like the commit has been pushed now - https://github.com/blockchain/My-Wallet-Chrome-Extension/commit/a1fbd4a5ac14a188f1dc1144397446fb6ec6cdbf

nubbins
Legendary
*
Offline Offline

Activity: 1554
Merit: 1004



View Profile
August 20, 2013, 04:25:54 PM
 #38

All affected users will be refunded in full, please PM me or email help@blockchain.info.

Customer service win!

No longer buying/selling Casascius coins. Beware scammers.
My OTC Web of Trust ratings / What's a PGP chain of custody?
kyledrake
Newbie
*
Offline Offline

Activity: 7
Merit: 0



View Profile WWW
August 20, 2013, 04:37:17 PM
 #39

Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.

Was this an issue related to a problem with window.crypto.getRandomValues when webworkers are used? If so, please inform so that I can make Firefox aware of the problem.

I am working on Coinpunk, which is (like blockchain.info) using bitcoinjs-lib as a sort-of ancestor of the current code base. After the Android vulnerability was disclosed, I started looking at the existing RNG code and I was not impressed: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/jsbn/rng.js

You can see where the RNG gets fed in here: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/ecdsa.js#L237

I wanted to split the RNG code out into something that would use the best-available approach for its platform, so I put this together, which is the current development version, and has tests you can run in the browser: https://github.com/kyledrake/randjs.

I would really appreciate an audit and feedback on this code, as I intend to eventually use this in production. My e-mail is kyledrake@gmail.com if you want to IM/email me directly. Thanks!
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 06:11:39 PM
 #40

Was this an issue related to a problem with window.crypto.getRandomValues when webworkers are used? If so, please inform so that I can make Firefox aware of the problem.

window.crypto.getRandomValues is not available in webworkers because the window object doesn't exist in webworkers (by design).


I am working on Coinpunk, which is (like blockchain.info) using bitcoinjs-lib as a sort-of ancestor of the current code base. After the Android vulnerability was disclosed, I started looking at the existing RNG code and I was not impressed: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/jsbn/rng.js

You can see where the RNG gets fed in here: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/src/ecdsa.js#L237

I wanted to split the RNG code out into something that would use the best-available approach for its platform, so I put this together, which is the current development version, and has tests you can run in the browser: https://github.com/kyledrake/randjs.

I would really appreciate an audit and feedback on this code, as I intend to eventually use this in production. My e-mail is kyledrake@gmail.com if you want to IM/email me directly. Thanks!
IMHO, it's worth looking at puik's modifications to bitcoinjs-lib that he's maintaining in his branch ... he's made fixes to the RNG in particular.

Honestly, if I were doing JS crypto my approach would be to just mainline randomness directly from window.crypto.getRandomValues and bail if it's not available.  If you need randomness from the context of a webworker, you have no choice but to message pass it into the worker from the foreground.

I don't have time at the moment to do a comprehensive audit, sorry Sad   ... but javascript honestly isn't really my bag baby so I'm not sure I would be the best person to look at it.
kyledrake
Newbie
*
Offline Offline

Activity: 7
Merit: 0



View Profile WWW
August 20, 2013, 06:46:21 PM
 #41

This information was very helpful.. thank you! It looks like they did something similar to what I'm working on here. I'm warm to your idea of only supporting the window.crypto.getRandomValues browsers for the release version of Coinpunk, or at least warning users that they should upgrade their web browsers.

I wanted to ask you what your thoughts were on my skipping Arcfour (RC4) for window.crypto.getRandomValues. The blockchain.info implementation appears to still use the RC4 code (it uses window.crypto.getRandomValues for the seeding of RC4), but I didn't see why it was necessary here if I can just always get a nice random number from the newer browsers. Is this what you meant by mainlining?

Cheers! And thanks again. Smiley
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 07:03:53 PM
 #42

I wanted to ask you what your thoughts were on my skipping Arcfour (RC4) for window.crypto.getRandomValues. The blockchain.info implementation appears to still use the RC4 code (it uses window.crypto.getRandomValues for the seeding of RC4), but I didn't see why it was necessary here if I can just always get a nice random number from the newer browsers. Is this what you meant by mainlining?

Yep,  that's what I meant.
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 20, 2013, 07:10:24 PM
 #43

I have a friend with a blockchain info wallet who had 170 btc emptied... how can I determine if this theft is a result of the same thing ?

This is the tree of his theft: https://blockchain.info/tree/74475039

Your friend's private key was never exposed due to a signature nonce collision.

Here's every address that has been exposed from genesis through block 253081 ... obviously only a few of these are due to blockchain.info:

121Zna8Dy9W2qDvsJEH2ALeHQkteXaeGng
12CkZeZvwDwiTvFm5H8bABpEqQHXJ6gWc1
12JDjmk2fGMPRK9GaT98vBFDc3MDHoPV9r
12RFNoJK2MSiWfXt3fFG7F4urUpLGnTBxh
12WhvZTWMv9XLfyM2g7XFSUgpwzuQUX5Mq
12a7gpjZDQBDhVSknfQzL3ygcASNQcocnd
12c1XuVdjQwyftTbqnWMT94CYW6vKFknwm
12ekVy8duhBMLGd1JhxcgxrTN1fchmVcTo
138VcLyoAb5sdjo3cDw7d14fUGLKRwQ9VK
13CWujDi4g6DWB9bWDXT3TfRU635NPJdPF
13GXRxeyR9UTDQojZYv9NZ1j3VA6Butc9U
13LRBbvgCSXsUs4JNmYhzHRo3re8vYVDid
13ds2bCrxe68w8WD4R7bWSjGq4uK7XbzWH
13fZF8aZcSjpxhukHkyVtHsLnPnVszQaLm
13oCG1VNMAGtNp9RcAmUieRf8NayAJ7xj7
13x6i5itrvR8Rf75xP8PZaPtNTNxZLReLe
143CugrdSngLmDaLWoLrWJzb4AU1xLMqoY
1494Wwkf8QN4nC3gSYz3qjZVNuVZSHw2zi
14FguDL7teNFCctazjUxCxCfZtssycq11h
14RJsWTjq9q2a9tNQSdpxbMaViWoXxRbjt
14ih1qxbcFmwLm8Hc7qTr3BhzdmWTWRmpC
14reTqqg8r4qriHozsYoydugzLjYtpVoMZ
154nELZtftuW951oQY7erHnN4L196c98Wp
15E8CUjvHDVj8mBzhkNHErXtz4AeEHycpH
15GieELLKTruUdzmTDVYP1TsjnzNRDg8Qa
15p65cNbtB3bQYf9GB78edRo5Ppux3uaU3
16He3EDsvTKYRSQGsZeoooTbYAjy9fiLoQ
16NCxA48LPKdSr5fACPnrLxgkrFnDJAzLp
16SchApeKZEc86CVJCc1vLQ17TEJCRJNef
16UkUnbqW8PXRrwgxRdb2UTivbgNnBYqwC
16io8zfbhStqe9WVdHN3JLzc29D73okaoy
16y2wAieZE9VknMK29J7EAhC8fmRtdLy8p
17AHXAodFQ33A4DqFENVHCG59qiaRNbhcq
17HHdLh4oXncuTejALwC6fgArVqPUxh2Sr
17Lq1nrktyEFV3AVPAbsbDXWuWoUNMhws8
17Vjk88w6fy5YRVUGD6Aa9w545UA6K4tYZ
17gDnz5TU8T16Pgzo93M7Dm1j5HS3UuS2Q
17sDdDiW2dNRQvTu2NkwwCbfXNFxVCpbZW
18KZdcnGaqaXnHiRPb8rVGCztyA4jJPKtS
18mmzMizs5CHtLJwchtPMuiYqVqWjw3rLe
18pqzCLA17hdnzxFnf5Cad2feA1RHKtW2P
18yDksipyvWEX14KTd4DHvj6ZDcXvNqtpB
196SL6bZEvBT8A9z46df54zE3rzZfXzwe8
19DcmnrhqpLgn8L6Exay1sJiKZPtYUAw1Y
19cRkXQfonjdJT9K8TMuDxV1PKLSdHZtPh
19qnLpn9it7csR9sEay1XrFyfAmUNoXYk4
19yCy4mFWJVsdJbgtG79VwHGxQpcx4uhcr
1A8TY7dxURcsRtPBs7fP6bDVzAgpgP4962
1ALsXt19tBxMr29WfM2Zd7EU8HwzooLGHx
1AgVauV4U1tt3KbRiehht56NoZeKprLUXe
1AnFEpvs8a41T3ZpfPtXBENvkL5oatQ64D
1AyTNQRvz6fo7EvebGpKfJB7jJeppxY4yc
1B8vhS5umMNKvwQFHJ3Hgres4NJeoe8U7Y
1BFhrfTTZP3Nw4BNy4eX4KFLsn9ZeijcMm
1BMzWp77j7x3GKDYNbCP3df7YG3UEw1vVE
1BRwmguCycCWSbueTcpn1vSJddMJXEhyjH
1BvQyALiTSgKwVYzDL3ANoqmdWaoyRZazS
1C3G6y8Cyi7ECDaaDhG34sLzrv1dd7Xo33
1C8x2hqqgE2b3TZPQcFgas73xYWNh6TK9W
1CFVxqxX3i9L9dm6Gw2QKJ2fH18HSJ9H8k
1CNHzFKNCkCwYecVUfmahmqDFrn5uuRzsU
1CRcBxVoXCqL7cEiq7b7rTYQyMhUrCu5Mf
1CozShbCQwFqa3iw2AUE3zn7Pp1f3HR3D
1CqEdApNprZzgqUsuyLocXKH5yMdFTnTJQ
1CxZGXpNLDmr7eDmgMiGc1n1gAyE6LKBig
1DHmu7BvzjpQQxbKEuqTU2zSvZmgZBBrne
1DQK1Xb1gKBRXLi4PEegWCZ1giELgBqhq7
1DWhHeTnoZAFPehoM1W6S37hn7nVjZLrQN
1DY5YvRxSwomrK7nELDZzAidQQ6ktjRR9A
1DcNJeexQV2kM78AdMKSzmsQ8DeNMHLTJ1
1Df8hDiS6RSeu9WDUqUtBpBmBoepzo24pD
1Dka5AAYwdZkrPJZHjKmdZkaVATnwYeSqG
1E67dSKMyrEoqfAjSsE1SNpeeau4pmyc5j
1E9ffsnXjMnZxmJaqCLXWhqWzKqx1sZXP9
1ECvZ9ojebv5TVWySf2roXRP4XyQb5rNCy
1EFET6LSLabV5KR55XqRzzhQ1rBUGTD1SQ
1ENrnLCxp9srcWCCE3kQFNqHRGDijespb9
1EPXZfTX6TD3L7TQdRu2nqMT8mrAAPSTST
1EUDdSvFGmZCa5zUXSXFSQD7r2qBZaSWJU
1F48AGnDGLBbDr5Uk7DfUhrhe8U14eHKaH
1F9tB2p9NWsGEt1TjiGAa3WEEGs9Wc779R
1FPSVbypWa7rBWbciKHJ983YWcucBn7aUQ
1FPgs8ZaxXUAp61jkd53U7zWj9NQq8yM34
1FX2xLHNxcT77bxLZXHzet6e8kMSS53uDK
1FY4Ny2ZTvDGDHshB1Rpp5Di9x6Q9GVd5a
1FYXLjfFJ1qsngiArLsrBVEGRaKkV15FGV
1Fcj89eqk1xCe6PqkMpaUuWCaK7MUXeYbZ
1FwbYs6UL2fzB9crvhWNCZyr9oqNjEXzcu
1FxWoGvwzjWGKk69vFumyoBaUCqzsndVck
1G3BjSLWsWH6tbPYs29fYMYaz9k8EStQM
1G4TqNcKTRRuQ3brQSv85Fohf3jQiaGAbL
1GTFFqbHGp6xwcKVmLkbLqHiauUbKT7jxs
1GUqD7UATGzbEBrMjweP5GCTQeU51TsZbj
1GYRDPaCm3hrzUcgfT49w7mcvoQu2Y4MmX
1GjDS84eNBx6QQoo7dBddvgYArSttxLYdk
1GysfXJbf5FREeJetrwuANNZi8pcz4n1v6
1HWEyVbuyPmXfR9eBnrh4v2Npjnp9UJQCw
1HWYEGYNgVc7bc28RCAa8mCJPv9eEnHieR
1HXSnvNGK8oYQCyLDkpHNZ2sWPvFsYQcFU
1HmJh2b8iS64WgX5snSzKYrNXqbnKkuBvE
1J8THH46JdkjiGYLQyPQDHVk4gtftahDUx
1JCMAUG9P8X4PHM7rF4ywDFHaAK2FMRrkN
1JFMHv7ijwXDQYQrehhSxn6u9bTfkGCmK
1JNC3iaxA95NbWrSro5me2BM27wohuucKD
1JNMvqdUYP9eDR3mEkxxCne4BYabc93Nwh
1JZ5NjZCDrnj84mZnv2fuAmAb7w4v5LiEu
1JjcWuJDRNkw3XcMfE7khhRg1UCxU8eKua
1JmMcWWy1mFuubbsBRPuVXdjFdtM2ENJXE
1JnqZ6Djhncs9YHe74CbkLaXXAbA1phsTU
1Js2D8Fj1AWQ2aB7TMtmJ6rn4bYDFtcjgF
1K5CgovB1c4vX22MvUq8cfRsuctG86Jmx5
1KSFgqcm6mc4Aaq6EsR6Awfr65S6RmVeHh
1L8DFt7yYA3iZsr6RA3d1mpf4J7TgBsYF
1L9a8dXMgq2xWV1zaDUGje2FAbzCG18QQh
1LKu5b7jUoM7MJzeuTCmvDWsJrBgBhcvhb
1LnBTt9TYRMt4aABcDYSoaMQ9jV8Qgajkx
1Lr9tUFz4mypFzc3PYitgGU1dTg21ubM9p
1LspNcTjkzFQRrsr4iGGxD5RSKehB5fHnA
1M5edBFjjFJhQhgSuCUQnX3uytcskgnqQB
1Mjwi2LnE6oz3p8dNFXWgMpAPBs6ZpPPA2
1N2aQiQ5LjNQ3C3cKCmHHnnq65RH3zRD9B
1NCRgUAgJnzBGcLNX7iQD1d9Cn9ZyKF2PC
1NEb41nDgxWwVzhHSsk4obURJ13KauJRsF
1NRtYCGVo2vR7WmYVussK6sVva2wZsYTep
1NSLj5xdCyRmMYVtM7bwZxZarYLm6EGZJf
1NSnZPRR32mrfAADxNJcPRP647gseqEMyj
1NuSEboWF7YJ3bozo5H1JDpH5yc7zyHZm8
1NvfCyqRh6cuh8dCQDJmboriifg1eaYDnV
1PUv3XNWWCDmEK6o9VerPK81qVfo4Wtvv2
1PWTFonhiXCdTZ4Nd2J726rqWnNsTVeVMY
1PXU5aD3fzgAm2E56o2VSaHpVe4bhe3d2m
1Pbt1LGM2JNgMjtnEscEmntsSrcYofeaoa
1Pde4CbEitkdPiwwKvd6s3znWw7EXZMYjD
1Pq6Ygv3kdMVX2TdNhUSPadxaShiGJUAoS
1YWwSaXTESKgDpitb6Rp8bteXzUR6hjDg
1ZBRXLZEzSukVDEDDJjtHYmrpkEGH94nS
1kJwZbv3dhUowPyRHcxJMknoJpPYfwaGf
1kMEr9W4YeAnzFcuSWwj3ShYGANdLHSxG
1szVke6ThJtfdUTi6Y5AAMDMePM4Ha8vK
1yiQRuB3KRxZTrSHBNZK9NdjbyJskHiVs
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 191


View Profile
August 20, 2013, 09:05:38 PM
 #44

Jesse James, you missed a few addresses:

16mWzkk6iznyJQ3sKQRYxQ1Zr8xWpGMFWi
1B2wqabcETtQxPuacB5whni7GUjDn1oQQX
1BH4hyBMH8NoiscwiPngP23fVNN8wpJwrT
1HRhPdTXhTDMTM8C9C3Y8FGD1EKszkPGv
1K5XZhjCwbLYHwys86FvepaHt6tFiWb35T
1LfuyRkm9MrEXTz72hzpPsL46mzHEXfqWj
1MmE9r9QTN2GnP1TF7JhZSKPsubuXguJkb
1NujNX3cvbikAZMnKtETgSd7kvw7o93MRg
1PCrHhXxS8ZotDvgSA5WxpmtC1qNQchrPr
1Q4VVTsx6vgYth7iD9WnAgHvAj239PMaoL
1rPAkJSXWgnLFEiCzv3APUFLsi8Kzv3pX

Only one of these addresses is very recent.  Maybe my script finds more keys, because I also catch an addresses when the R-value was used only once as long as the same R-value was used on another address twice.

Moreover, the two addresses 1Q8eetJs5wRpqR3b5FT9EHe6GD8Bges9Hm and 195Tycz7nVhV7aKw98nq74FdVYtyYyE1K7 are endangered by this transaction:
https://blockchain.info/tx/127da3144a02f16e1a5ccb67778a2f5f9924023ce9aa20c1c4d08be576cbb0b9
I think it is not exploitable but as soon as one of the private keys is revealed, the other is also revealed.


Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
manic
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
August 21, 2013, 12:54:07 AM
 #45

Jesse James,

While I appreciate your efforts with this,  I think deleting the reply to johoe is more questionable than the way you replied..
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 21, 2013, 01:39:24 AM
 #46

Jesse James,

While I appreciate your efforts with this,  I think deleting the reply to johoe is more questionable than the way you replied..

I don't follow?  My reply simply acknowledged I had overlooked the cases he pointed out.  I deleted it because I thought it prudent to double check his additions first.
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 21, 2013, 03:05:33 AM
Last edit: August 21, 2013, 03:31:56 AM by Jesse James
 #47

Jesse James, you missed a few addresses:

16mWzkk6iznyJQ3sKQRYxQ1Zr8xWpGMFWi
1B2wqabcETtQxPuacB5whni7GUjDn1oQQX
1BH4hyBMH8NoiscwiPngP23fVNN8wpJwrT
1HRhPdTXhTDMTM8C9C3Y8FGD1EKszkPGv
1K5XZhjCwbLYHwys86FvepaHt6tFiWb35T
1LfuyRkm9MrEXTz72hzpPsL46mzHEXfqWj
1MmE9r9QTN2GnP1TF7JhZSKPsubuXguJkb
1NujNX3cvbikAZMnKtETgSd7kvw7o93MRg
1PCrHhXxS8ZotDvgSA5WxpmtC1qNQchrPr
1Q4VVTsx6vgYth7iD9WnAgHvAj239PMaoL
1rPAkJSXWgnLFEiCzv3APUFLsi8Kzv3pX

Only one of these addresses is very recent.  Maybe my script finds more keys, because I also catch an addresses when the R-value was used only once as long as the same R-value was used on another address twice.

Moreover, the two addresses 1Q8eetJs5wRpqR3b5FT9EHe6GD8Bges9Hm and 195Tycz7nVhV7aKw98nq74FdVYtyYyE1K7 are endangered by this transaction:
https://blockchain.info/tx/127da3144a02f16e1a5ccb67778a2f5f9924023ce9aa20c1c4d08be576cbb0b9
I think it is not exploitable but as soon as one of the private keys is revealed, the other is also revealed.

I reran my script to try to catch the special case you mentioned but oddly was only able to confirm a subset of the ones you reported.

1BH4hyBMH8NoiscwiPngP23fVNN8wpJwrT
1HRhPdTXhTDMTM8C9C3Y8FGD1EKszkPGv
1MmE9r9QTN2GnP1TF7JhZSKPsubuXguJkb
1NujNX3cvbikAZMnKtETgSd7kvw7o93MRg

Checking my logic ...

Edit 1: My bad ... I think the discrepancy is caused by my parser ignoring transactions with non-canonical signatures (which stopped being allowed a while ago).  

On an unrelated note I also just checked if there was any overlap between the set of signature r-values and the set of public key x coordinates ... ∅ ... if there were any that would have indicated the potential for more RNG issues.
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1051
Merit: 1055



View Profile WWW
August 21, 2013, 03:14:01 AM
 #48

Can someone explain where the source of this issue with the RNG came from?

Was it the RNG in:

1. Blockchain.info's browser plugin code?
2. The Browser's code?  (Firefox, Chrome, etc)
3. The OS itself?  (Windows, OSX, etc)
4. Something else?

Thank you for the clarification.

dchou
Member
**
Offline Offline

Activity: 97
Merit: 10


View Profile
August 21, 2013, 04:46:54 AM
 #49

My account was hacked on Aug 1st.

https://bitcointalk.org/index.php?topic=266500.0

Someone was able to empty out my blockchain.info account.

Transaction id here:

https://blockchain.info/tx/1174e27cd6de043ec081a68b52f455ba1548f35949c2ba2ddd3abc60f5a29840

I've found no evidence that my email was compromised, and was using two-factor authentication at the time.

How can I determine if this was caused by the rng exploit?  I was using Chrome at the time.

Thanks!
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
August 21, 2013, 06:50:18 AM
 #50

This is quite important information, and it immediately makes me question the security of bitaddress.org generated addresses, anyone with more knowledge about this care to comment?


more or less retired.
Nagan
Member
**
Offline Offline

Activity: 100
Merit: 10

Bitcoin is physical


View Profile
August 21, 2013, 09:00:51 AM
 #51

I've just locked out 7 BTC yesterday while fiddling with blockchain.info app on iPhone. Their database glitch forced to reenter the password, which blanked from my mind after several months of cached usage. I did a mistake by trying too soon, would I have waited for a few hours for service to come up, the cached password/database could still work. I felt this may come some day, just the timing was quite nasty.

What I have left now is AES encrypted blockchain.info wallet, and there's a hope to crack it via dictionary with bits and pieces from my memory. If someone already had an experience with bruteforcing it with speed optimized solutions would you please share the know-how?

Actually I like the blockchain.info, it's so far one of the cleanest services out there for small transactions, just some additional safety net in these cases would be a great thing.


It's hard to trust blockchain.info. I came across a glitch that almost cost me thousands. Account passwords created with my iphone don't work. It was several months before I got logged off and had to re-enter my password. Luckily I had a backup of my phone from a time when I was still logged in. I've tried recreating accounts on ios several times and confirmed that the passwords never work. They seem to work fine if you create the account on another OS and then open with ios.

I had backups of backups of my wallet and had no idea I was sitting on a time bomb. I wouldn't recommend putting anything on blockchain account you can't afford to lose.

Bitcoin is physical.
VTC
Member
**
Offline Offline

Activity: 83
Merit: 14



View Profile
August 21, 2013, 11:41:18 AM
 #52

I've just locked out 7 BTC yesterday while fiddling with blockchain.info app on iPhone. Their database glitch forced to reenter the password, which blanked from my mind after several months of cached usage. I did a mistake by trying too soon, would I have waited for a few hours for service to come up, the cached password/database could still work. I felt this may come some day, just the timing was quite nasty.

What I have left now is AES encrypted blockchain.info wallet, and there's a hope to crack it via dictionary with bits and pieces from my memory. If someone already had an experience with bruteforcing it with speed optimized solutions would you please share the know-how?

Actually I like the blockchain.info, it's so far one of the cleanest services out there for small transactions, just some additional safety net in these cases would be a great thing.

Try this service
https://bitcointalk.org/index.php?topic=240779.0
manic
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
August 21, 2013, 11:46:55 AM
 #53

Jesse James,

While I appreciate your efforts with this,  I think deleting the reply to johoe is more questionable than the way you replied..

I don't follow?  My reply simply acknowledged I had overlooked the cases he pointed out.  I deleted it because I thought it prudent to double check his additions first.

I was referring to the fact that you posted the reply as hyperreal
nubbins
Legendary
*
Offline Offline

Activity: 1554
Merit: 1004



View Profile
August 21, 2013, 12:51:37 PM
 #54

Jesse James,

While I appreciate your efforts with this,  I think deleting the reply to johoe is more questionable than the way you replied..

I don't follow?  My reply simply acknowledged I had overlooked the cases he pointed out.  I deleted it because I thought it prudent to double check his additions first.

I was referring to the fact that you posted the reply as hyperreal

 Cheesy

No longer buying/selling Casascius coins. Beware scammers.
My OTC Web of Trust ratings / What's a PGP chain of custody?
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
August 21, 2013, 02:57:51 PM
 #55

I'm thinking of augmenting it so that it snatches weak funds immediately
The legal risk is too high.
On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.

Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it?  Any lawyers out there?



"Conversion, theft and unjust enrichment."
-Msantori
millsdmb
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
August 21, 2013, 08:27:29 PM
 #56

All affected users will be refunded in full, please PM me or email help@blockchain.info.

Customer service win!

I applaud you, Blockchain.info. Great service.

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
Aajo
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 21, 2013, 09:55:07 PM
 #57

Hello, my blockchain.info wallet was cleaned in April - back then there was a wave of stolen coins but only a speculation about the reason having to do with the alias and offline copies.

can someone check my old address / transactions with the script?
https://blockchain.info/address/1N2ctCxet8zjeyQMQngfmkvC2h9qzF3c6k

Back then I used to do alot of outgoing transactions with Blockchain on Firefox..
watertech666
Member
**
Offline Offline

Activity: 61
Merit: 10



View Profile WWW
August 22, 2013, 03:05:41 AM
 #58

After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment.  I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first.  Stay tuned.
Jesse James. I'm so sad. I lose 263.84btc total from 2 difference address in blockchain.info on 29th Aug. 2013. Details Please check  https://bitcointalk.org/index.php?topic=277601.0

Can you help me to check it's because of bug?

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 22, 2013, 08:34:26 AM
 #59

After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment.  I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first.  Stay tuned.
Jesse James. I'm so sad. I lose 263.84btc total from 2 difference address in blockchain.info on 29th Aug. 2013. Details Please check  https://bitcointalk.org/index.php?topic=277601.0

Can you help me to check it's because of bug?

@watertech666: Sorry for your loss.  However, neither of your victimized addresses 1 2 appears on my published list nor in johoe's additions to it so neither of your addresses was specifically effected by the repeated signature nonce issue. 

Also, it's clear the thief knows the private key for 1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn, so you should remove it from your forum signature.  He could steal from either address in the future at any time.

Hello, my blockchain.info wallet was cleaned in April - back then there was a wave of stolen coins but only a speculation about the reason having to do with the alias and offline copies.

can someone check my old address / transactions with the script?
https://blockchain.info/address/1N2ctCxet8zjeyQMQngfmkvC2h9qzF3c6k

Back then I used to do alot of outgoing transactions with Blockchain on Firefox..

@Aajo: Sorry for your loss as well, but your victimized address is not listed either.
watertech666
Member
**
Offline Offline

Activity: 61
Merit: 10



View Profile WWW
August 22, 2013, 09:01:27 AM
 #60

@Jesse James
If there are any possible? I keep 4 backup file in same fold. 2 address lose and 2 address still there. And I use 2 FA. If thief stole backup file. Must 4 address all lose. Am I right?

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
Dougie
Full Member
***
Offline Offline

Activity: 211
Merit: 100


You are not special.


View Profile
August 22, 2013, 09:11:50 AM
 #61

Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email help@blockchain.info.
That is very good of you. I feel very comfortable using blockchain.info. I think google should refund all affected users too.

Interesting that this is going further than the android problem. Perhaps someone should update the announcement to include refreshing the blockchain.info version.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
neoranga
Newbie
*
Offline Offline

Activity: 50
Merit: 0


View Profile
August 22, 2013, 10:28:42 AM
 #62

Are blockchain.info paper wallets with already signed transactions in Firefox vulnerable?
How can we check?
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
August 22, 2013, 10:42:32 AM
 #63

@Jesse James
If there are any possible? I keep 4 backup file in same fold. 2 address lose and 2 address still there. And I use 2 FA. If thief stole backup file. Must 4 address all lose. Am I right?

It's hard to speculate.  Assuming this is due to a stolen wallet backup file, it would make sense for the thief to sweep all addresses in the wallet simultaneously.  However, you don't know how many keys were in the wallet when the thief may have had access to it ...  he/she might have waited a long time for funds to accumulate before swooping in.

I did some transaction following and it appears your thief is accumulating loot in the address 1HackerRpwYH7F6uGu8422dScNxaHAtWYz ... which currently has 647 BTC. 
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
August 22, 2013, 07:44:57 PM
 #64

... in the address 1HackerRpwYH7F6uGu8422dScNxaHAtWYz ... which currently has 647 BTC. 

Which apparently donated some here?
http://www.btcfans.com/donate

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
AAleron
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
August 24, 2013, 12:18:23 AM
 #65

I had my Blockchain Wallet drained on aug12 I posted about it on the forum.

Can someone tell me if this wallet was on the list

1Cqfi7gKrbGgQuWNpGrziDzmaNoY2cGGjV

I don't use that wallet anymore and am worried about using Blockchain.info until I know how my account was drained while I was logged in and how someone else logged in to my account from Australia at the same time without my knowledge.
 
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1086

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2013, 01:52:40 PM
 #66

I had my Blockchain Wallet drained on aug12 I posted about it on the forum.

Can someone tell me if this wallet was on the list

1Cqfi7gKrbGgQuWNpGrziDzmaNoY2cGGjV

I don't use that wallet anymore and am worried about using Blockchain.info until I know how my account was drained while I was logged in and how someone else logged in to my account from Australia at the same time without my knowledge.
 
I simply did a search of this entire thread and no, this address did not appear on any of the lists posted in this thread.

Here's every address that has been exposed from genesis through block 253081 ... obviously only a few of these are due to blockchain.info:

121Zna8Dy9W2qDvsJEH2ALeHQkteXaeGng
...
1yiQRuB3KRxZTrSHBNZK9NdjbyJskHiVs
So, unless your account was drained after block 253081 it does not look like this was the method used.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
AAleron
Newbie
*
Offline Offline

Activity: 22
Merit: 0


View Profile
August 24, 2013, 11:24:36 PM
Last edit: August 25, 2013, 02:39:35 AM by AAleron
 #67

Thanks for doing that. I'll keep digging. Having not had anything stolen before online, this theft has made me very cautious of bitcoin wallets, its clear they are not safe and while you could have any sort of online account broken into, its coloured my view on the safety of bitcoins for the average user.
2weiX
Legendary
*
Offline Offline

Activity: 2030
Merit: 1003

this space intentionally left blank


View Profile
August 26, 2013, 06:23:11 AM
 #68

All affected users will be refunded in full, please PM me or email help@blockchain.info.

Customer service win!

If only they'd refund other bugs as well^^
CoinGames
Newbie
*
Offline Offline

Activity: 44
Merit: 0



View Profile WWW
September 18, 2013, 01:52:36 PM
 #69

We also had some coins stolen, and I would like to know how I can find out if it was due to this blockchain.info security flaw.

In fact the attackers took only 4 BTC from us, but over 200BTC from several other addresses. So I'm pretty sure there are many other victims out there.

See these transactions Hacker https://blockchain.info/address/16oP8up3f8ePer1vfBPhypRqkUnsA9ZfYM

See more details here:   https://bitcointalk.org/index.php?topic=246328.0

We would appreciate any help corroborating that it was indeed this security flaw that was to blame.
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 191


View Profile
September 18, 2013, 06:07:45 PM
 #70

Hello,

I just reran my script and no 1cup addresses appears in the list.  So the cause is not a double R-value.

The fact that all addresses were compromised at the same time suggests that someone got hold of the private keys via breaking into the server or some other computer and got hold of the wallet.dat or the output of the vanity address generator.  I see that you still advertise these addresses.  You should really change them as it is quite likely that they are compromised.

Here are all addresses that were compromised since mid-August due to the double R-value bug:

12RqykuRC9esWxtJL3T9WiwsPb8gdPpdDR
17AHXAodFQ33A4DqFENVHCG59qiaRNbhcq
17YujH47nJqYDF91P9GfKbQYap9MdQP7cS
19qnLpn9it7csR9sEay1XrFyfAmUNoXYk4
1HgRa96fuHCde6Rie4nwhaz1hZR694X4wj
1M7UUR1QhTMwoEiVVWf88Dy4in23RjYdic
1NSnZPRR32mrfAADxNJcPRP647gseqEMyj
1P3wCaQNk438cXKsC2YYvpecWa6kZKGCKC
1PCrHhXxS8ZotDvgSA5WxpmtC1qNQchrPr

  Johoe

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 17, 2013, 06:02:39 AM
 #71

Just had a similar problem! 10 BTC ripped off from my Wallet without my consent! Please Help!
https://bitcointalk.org/index.php?topic=373612.new#new

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
educatedwarrior
Full Member
***
Offline Offline

Activity: 221
Merit: 100


View Profile
March 04, 2014, 02:26:47 PM
 #72

I just got 16 BTC stolen from Blockchain.info


I learned my lesson.  Never using Blockchain again.

Cryptoculture Mining Pools - http://cryptoculture.net      Follow us on Twitter - https://twitter.com/cryptoculture
film2240
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000


Freelance videographer


View Profile WWW
March 04, 2014, 04:41:45 PM
 #73

This isn't looking good.I think now would be a good time to find a local bitcoin wallet for my android phone (as the only one I have now is blockchain.info at the moment) that works whereas the official android wallet seems to make my funds disappear.

Maybe that's what my mac's for,store them away from online services.Any options?

[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
[This signature is available for rent.BTC/ETH/LTC or £50 equivalent a month]
leopard2
Legendary
*
Offline Offline

Activity: 1372
Merit: 1011



View Profile
March 04, 2014, 04:58:23 PM
 #74

We need better legislation for Bitcoin theft. Unbelievable how much dirt is out there  Angry Shocked

Similar to horse theft in the Wild West, which was so critical that capital punishment was the only way to go.

I suggest something like Sharia or Codex Hammurabi.  Angry Angry One finger cut off, per Bitcoin stolen, is a good start.

Scum of the earth scammer dirt, will have trouble typing with their hands cut off.

Truth is the new hatespeech.
educatedwarrior
Full Member
***
Offline Offline

Activity: 221
Merit: 100


View Profile
June 26, 2017, 12:09:26 PM
 #75

Hi I know this is an old post.  

I just found the address that stole the bitcoin and laundered the money.   They stole the bitcoin and spit up the coins into to address (mixed the coins) then merged back into 1 address later down the blockchain.

  • Bitcoin address the assets were stolen from was 1376AFc3gfic94o9yK1dx7JMMqxzfbssrg  and went to 1AkcY9NLEBH8Esyxwnwu9HiFQaSUjfDooa.    Here is a visual node diagram - https://blockchain.info/tree/51585845
    Bitcoins were laundered and then merged back into address 1L7YRcL9h7tc5B4gWKikdz7UvwrxtBDPWp
    The coins were then transfered to  1BGZohKS9QboP9gwCs4jw7vUXEvyPEs3FL  on 4/14/2014 where they stayed until   2/24/2016..  After that looks like this one person started profit taking of 10 btc converting into fiat.

I just need to found out who owns 1BGZohKS9QboP9gwCs4jw7vUXEvyPEs3FL.   Should be a depositor address at one of the exchanges.  Looks like 1L7YRcL9h7tc5B4gWKikdz7UvwrxtBDPWp was the hackers person wallet address.

Cryptoculture Mining Pools - http://cryptoculture.net      Follow us on Twitter - https://twitter.com/cryptoculture
erikalui
Legendary
*
Offline Offline

Activity: 2422
Merit: 1094



View Profile WWW
June 26, 2017, 04:10:34 PM
 #76

Hi I know this is an old post. 

I just found the address that stole the bitcoin and laundered the money.   They stole the bitcoin and spit up the coins into to address (mixed the coins) then merged back into 1 address later down the blockchain.

  • Bitcoin address the assets were stolen from was 1376AFc3gfic94o9yK1dx7JMMqxzfbssrg  and went to 1AkcY9NLEBH8Esyxwnwu9HiFQaSUjfDooa.    Here is a visual node diagram - https://blockchain.info/tree/51585845
    Bitcoins were laundered and then merged back into address 1L7YRcL9h7tc5B4gWKikdz7UvwrxtBDPWp
    The coins were then transfered to  1BGZohKS9QboP9gwCs4jw7vUXEvyPEs3FL  on 4/14/2014 where they stayed until   2/24/2016..  After that looks like this one person started profit taking of 10 btc converting into fiat.

I just need to found out who owns 1BGZohKS9QboP9gwCs4jw7vUXEvyPEs3FL.   Should be a depositor address at one of the exchanges.  Looks like 1L7YRcL9h7tc5B4gWKikdz7UvwrxtBDPWp was the hackers person wallet address.

My funds too went in a similar way. It got stolen on 7th June by this address: 1PTKJsu66KFAYmaKTFv7h9d38enhtdxdCf  and then was sent to multiple addresses which I was unable to track and the final address had some 10 btc in it from multiple addresses (including my coins). It was about 0.057 btc that was stolen. Anyways to track the hacker?

Pages: 1 2 3 4 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!