rumbitla
Member
Offline
Activity: 98
Merit: 10
|
|
August 19, 2013, 07:24:24 PM |
|
Looks like your pc is compromised. Scan it .
Rather erase it and reinstall OS and software. Scanning is useless for sophisticated malware.
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
August 19, 2013, 11:15:53 PM |
|
So... can we all finally stop recommending blockchain.info as the easiest wallet? It became obvious that problems were inevitable as soon as StrongCoin revealed the ease with which they redirected someone else's transactions. The model is compromised. There's no way around it. All users, even new ones, need to keep the bulk of their bitcoins in cold storage. That means ON SOMETHING PHYSICAL AND INERT. Yes. Physical and inert, where it takes physical movement beyond a few keypresses to spend it. Paper. A text file burned to CD through a new OS. Whatever. The rest would do well to be contained within a dedicated client app, ideally on a dedicated device. With the number of high-quality clients available today, there is little reason now to do your bitcoin finances through your browser. If you need to handle large amounts of bitcoins away from home, then you should probably spend the money for a laptop or a smartphone. ---------- To the OP: I hate to say it, but your coins are probably beyond hope. But at least the problem might be identified and prevented from recurring. With that in mind, several more (admittedly basic) questions: - What is your home computer's OS? If it's Windows or Mac OS, is it a bootleg copy?
- Do you have a bitcoin client on your home computer? Are there bitcoins in its wallet that have remained untouched?
- Have you accessed your wallet on computers other than your home computer?
- How many characters was your password? Was it in English? If it was in English, was the password all letters?
- Have you imported your keys from another wallet? Have you exported the keys to other wallets?
- Do any of the addresses in your wallet come from "brainwallets" (where a passphrase of some sort was used to create the address?)
- Had you tried to send 221.84 BTC to a different address, only to find that the bitcoins went elsewhere?
Every bit of information helps. I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
millsdmb
|
|
August 19, 2013, 11:18:30 PM |
|
So... can we all finally stop recommending blockchain.info as the easiest wallet? It became obvious that problems were inevitable as soon as StrongCoin revealed the ease with which they redirected someone else's transactions. The model is compromised. There's no way around it. All users, even new ones, need to keep the bulk of their bitcoins in cold storage. That means ON SOMETHING PHYSICAL AND INERT. Yes. Physical and inert, where it takes physical movement beyond a few keypresses to spend it. Paper. A text file burned to CD through a new OS. Whatever. The rest would do well to be contained within a dedicated client app, ideally on a dedicated device. With the number of high-quality clients available today, there is little reason now to do your bitcoin finances through your browser. If you need to handle large amounts of bitcoins away from home, then you should probably spend the money for a laptop or a smartphone. ---------- To the OP: I hate to say it, but your coins are probably beyond hope. But at least the problem might be identified and prevented from recurring. With that in mind, several more (admittedly basic) questions: - What is your home computer's OS? If it's Windows or Mac OS, is it a bootleg copy?
- Do you have a bitcoin client on your home computer? Are there bitcoins in its wallet that have remained untouched?
- Have you accessed your wallet on computers other than your home computer?
- How many characters was your password? Was it in English? If it was in English, was the password all letters?
- Have you imported your keys from another wallet? Have you exported the keys to other wallets?
- Do any of the addresses in your wallet come from "brainwallets" (where a passphrase of some sort was used to create the address?)
- Had you tried to send 221.84 BTC to a different address, only to find that the bitcoins went elsewhere?
Every bit of information helps. I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor. Thinking about https://www.casascius.com/ myself.
|
|
|
|
millsdmb
|
|
August 19, 2013, 11:22:49 PM |
|
It would also be very helpful of the dice folks to provide some info in your assistance, given that it seems just about everywhere Bitcoin is valued as currency and a theft has occurred.
Not sure what the odds are tho.
|
|
|
|
SatoshiDICE_Kat
Newbie
Offline
Activity: 40
Merit: 0
|
|
August 19, 2013, 11:35:01 PM |
|
It would also be very helpful of the dice folks to provide some info in your assistance, given that it seems just about everywhere Bitcoin is valued as currency and a theft has occurred.
Not sure what the odds are tho.
Hi all - heartbroken to see this thread, and I do also see the offending address has played a lot on SD today. Forwarding this on to our team to see what some logical steps might be; really appreciate you tipping me off in the thread that SD is involved. By the way, I also run the Support email ( support@satoshidice.com) - so anytime you know of any suspicious activity, alert me, I'm more than happy to help. Want to keep the community safe and supported; that's first and foremost. Thanks to all of you helping the victim track this down. Kat at SatoshiDICE
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
August 20, 2013, 12:10:27 AM |
|
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.
No, I don't like that idea. The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw. If people are storing substantial coins then they shouldn't mind spending either the time or money necessary to ensure their coins are safe. For about the same cost they can buy a simple dedicated laptop to use with Armory and be assured their coins are safe, including easy paper wallet backups. Blockchain.info should be used as a convenient spending wallet, not storage wallet.
|
|
|
|
Realpra
|
|
August 20, 2013, 05:09:15 AM Last edit: August 20, 2013, 05:19:40 AM by Realpra |
|
I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:
Your post is mostly correct in that by trial and error you can find the private key if transactions exist having used the same random number "k". However it is incorrect to say "... the signature consists of the random number r ...", the number "r" is not random but a result of k*G. This k IS random and may not be revealed. Also on topic: BitAddress.org can be downloaded to an offline USB key with Ubuntu AND you can change the private key MANUALLY under the wallet details tab. This means: No RNG attack whether accidental or malicious, no password cracking, no trojans, no corrupted .DAT files and so on. (Seriously though this is messed up, my grandmother can't take care of this level of security...)
|
|
|
|
btcven
|
|
August 20, 2013, 10:52:45 AM |
|
Don't use Windows...
|
|
|
|
runam0k
Legendary
Offline
Activity: 1092
Merit: 1001
Touchdown
|
|
August 20, 2013, 11:41:45 AM |
|
Don't use Windows...
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft? Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security. For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.
|
|
|
|
aquarius
|
|
August 20, 2013, 11:59:59 AM |
|
the only web wallet I would consider using as of today is inputs.io
|
|
|
|
Andreas Schildbach
|
|
August 20, 2013, 01:05:56 PM |
|
The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw.
AFAIK the Trezor has got no RNG at all. It is seeded with randomness by the host that it is connected to.
|
|
|
|
Nubarius
|
|
August 20, 2013, 01:11:54 PM |
|
It seems that the web-based blockchain.info wallet was also affected by yet another problem with random number generation. This is likely to be what's happened to the OP. User piuk, who runs the site, has said in the technical thread that the problem has been fixed and that affected people will be refunded in full. See: https://bitcointalk.org/index.php?topic=277595.msg2970668#msg2970668
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
August 20, 2013, 02:18:13 PM |
|
It seems that the web-based blockchain.info wallet was also affected by yet another problem with random number generation. This is likely to be what's happened to the OP. User piuk, who runs the site, has said in the technical thread that the problem has been fixed and that affected people will be refunded in full. See: https://bitcointalk.org/index.php?topic=277595.msg2970668#msg2970668Good catch. Still... in the particular case of what happened to the OP, it wouldn't explain why the thief would leave change (with both addresses.) I'm betting that something similar to the StrongCoin shuffle occurred: the thief didn't actually have access to the keys, but rather had the ability to manipulate the transaction before signing.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
August 20, 2013, 02:45:15 PM Last edit: August 20, 2013, 03:01:10 PM by BurtW |
|
I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:
Your post is mostly correct in that by trial and error you can find the private key if transactions exist having used the same random number "k". However it is incorrect to say "... the signature consists of the random number r ...", the number "r" is not random but a result of k*G. This k IS random and may not be revealed. Your post is mostly correct except there is no "trial and error" about it. If the same random value is used in the creation of two different signatures then the private key can be directly and immediately calculated from the information publicly available in the block chain. See my post here for the technical details: https://bitcointalk.org/index.php?topic=271486.msg2910339#msg2910339To say that r is "not a random number" because it is derived from a random number is silly. The mod of the x coordinate of k*G of a random number k is a random number. BTW if anyone wants to calculate the private key the formula is: private key = (z 1*s 2 - z 2*s 1)/(r*(s 1-s 2)) where r is the repeated random number. Well, technically, the identical mod of the x coordinate of k*G of the repeated random number k.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
August 20, 2013, 03:12:58 PM |
|
GOOD NEWS (maybe). If it can be shown that you lost your BTC due to a bug in the blockchain.info wallet it looks like you may get your BTC back from the owner of blockchain.info (nice guy). See: https://bitcointalk.org/index.php?topic=277595.0Specifically this post: Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys. Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client. Chrome extension - v2.85 Fixefox extension - v1.97 Mac client - v0.11 Users of the web interface should clear their browsers cache before next login. Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email help@blockchain.info.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
Valle
|
|
August 20, 2013, 03:43:07 PM |
|
It feels like android phones have the most secure random number generator even with the crippled 64 bits of entropy, compared to this case.
|
|
|
|
faiza1990
Sr. Member
Offline
Activity: 420
Merit: 250
★☆★777Coin★☆★
|
|
August 20, 2013, 04:18:56 PM |
|
I sure hope we can get to the bottom of this
|
|
|
|
btcven
|
|
August 20, 2013, 04:59:51 PM |
|
Don't use Windows...
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft? Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security. For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical. Yeah, there are a lot of idiots running the TOR project who recommend to stay away from Windows too http://threatpost.com/tor-urges-users-to-leave-windows
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
August 20, 2013, 05:12:34 PM |
|
I sure hope we can get to the bottom of this
I think they did. See the link in post #57 above.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
|