GuyPaddock (OP)
Newbie
 Offline
Activity: 12
Merit: 0
|
 |
December 13, 2013, 04:46:50 PM
Last edit: December 17, 2013, 04:22:02 AM by GuyPaddock |
|
I did a transaction yesterday using http://www.bit2factor.org/ in which I got about 1 BTC total. After the transaction, I used the "sweep key" function on Blockchain.info to transfer the funds into my own wallet, and it looks like it moved it to my oldest address -- 1Gj6ubnVGcHcPMmBEhvGXhcQkpusE4vH85 -- which was originally generated as a brain wallet back in April 2013. Before the transaction, the wallet address had a zero balance. About 4 hours after the sweep, it looks like someone came in and nabbed all the funds and sent them to 1EnuCnYuYadPAp1qTWj8rWxZvb9QQ1vFKz. According to the relay information, that transaction (3a19b0d36c19360cc0794de9b44b2fffd5a1a3a1a0322aed2b033b98f8b957a0) was relayed by 129.132.230.77 which maps to vbitcoin-08.inf.ethz.ch at ETH/UNIZH. My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds. I am 100% positive that this was not the result of a virus or anything on my own machine -- I'm a software dev, very cautious about what I download, running Kaspersky AV, and regular scans. |
|
|
|
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1452
|
|
December 13, 2013, 06:06:02 PM |
|
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
the RNG flaw was only on keys generated by android wallets. |
|
|
|
|
Moebius327
|
|
December 13, 2013, 06:22:43 PM |
|
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.
|
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 13, 2013, 08:06:07 PM |
|
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
the RNG flaw was only on keys generated by android wallets. Not true, the Blockchain RNG vulnerability in August was on the random numbers used to sign transactions. It was using the same R value for multiple transactions with the same private key. |
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 13, 2013, 08:26:41 PM |
|
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.
30 character passphrase. It's a sentence that starts with an uppercase letter, ends with a period, and contains three words separated by spaces. |
|
|
|
|
|
Moebius327
|
|
December 13, 2013, 09:11:49 PM |
|
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.
30 character passphrase. It's a sentence that starts with an uppercase letter, ends with a period, and contains three words separated by spaces. Not by any chance a quote from somewhere? If you find the sentence in google search you have your answer. |
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 13, 2013, 10:07:37 PM |
|
Not intentionally a quote, no. The words themselves do, of course, show up in Google.
|
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 14, 2013, 01:07:22 AM |
|
I will wait to see what Blockchain.info says about it...
|
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 14, 2013, 01:18:27 AM |
|
There, how's that?
Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.
I just hope that at the end of their research / proof of concept, they return the coins...
|
|
|
|
|
|
prezbo
|
|
December 14, 2013, 11:41:12 AM |
|
Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.
Them relaying the transaction doesn't mean they stole your money. I'm 100% sure ETH had nothing to do with this. You should maybe educate yourself what the data you gather actually means before you start throwing such accusations around. |
|
|
|
|
|
Rannasha
|
|
December 14, 2013, 11:47:57 AM |
|
There, how's that?
Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.
I just hope that at the end of their research / proof of concept, they return the coins...
The "relayed by" field on the Blockchain.info website just shows the node that Blockchain.info received the transaction from. And while Blockchain.info is well-connected to the network, the vast majority of nodes are not directly connected to Blockchain.info, so a transaction may pass through several nodes before Blockchain.info sees it. "relayed by" only shows the last hop. The chance that this transaction actually originated from ETH Zurich is rather small. |
|
|
|
|
|
Moebius327
|
|
December 14, 2013, 12:22:36 PM |
|
Instead of blaming people for your faults, you can ask politely who cracked your weak brainwallet password. Some people will return it. Also inform yourself what a strong brainwallet password means.
|
|
|
|
|
|
TheFootMan
|
|
December 15, 2013, 02:33:18 AM |
|
If the info in this thread is correct, "Swiss Federal Institute of Technology Zurich" should be removed from the thread title. If blockchain only shows 'relayed by' and this is the last hop, the chance that "Swiss Federal Institute of Technology Zurich" is the culprint is fairly slim.
|
|
|
|
|
|
CyberMOS
|
|
December 15, 2013, 07:09:41 PM |
|
,... running Kaspersky AV, and regular scans.
answer |
|
|
|
|
|
EuroTrash
|
|
December 15, 2013, 08:13:03 PM |
|
If the info in this thread is correct, "Swiss Federal Institute of Technology Zurich" should be removed from the thread title. If blockchain only shows 'relayed by' and this is the last hop, the chance that "Swiss Federal Institute of Technology Zurich" is the culprint is fairly slim.
+1. OP please fix subject. ETH has a lot of computing power and some very fast relays which do actually strenghten the network. Someone in there did a thesis on bitcoin last year. I think there was a thread on bitcointalk about it. They do not mine but they run full nodes. |
<=== INSERT SMART SIGNATURE HERE ===>
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 17, 2013, 04:22:17 AM |
|
Very well, fixed.
|
|
|
|
|
|
TheFootMan
|
|
December 17, 2013, 04:34:09 AM |
|
Very well, fixed.
I'm sorry about your loss. 1 btc is quite a lot of money.  Did you figure out more details about how things happened, or have you written everything off by now? |
|
|
|
|
GuyPaddock (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
December 17, 2013, 04:35:25 AM |
|
Instead of blaming people for your faults, you can ask politely who cracked your weak brainwallet password. Some people will return it. Also inform yourself what a strong brainwallet password means.
Well, I haven't used a brainwallet since April and don't intend to. Normal private key is, IMO, way more secure. Didn't even realize I had that address still linked with my account until the funds were gone. |
|
|
|
|
Patel
Legendary
Offline
Activity: 1320
Merit: 1007
|
|
December 17, 2013, 05:04:27 AM |
|
Very well, fixed.
the coins are already gone, what was your password? |
|
|
|
|
|
