Bitcoin Forum
May 22, 2018, 02:54:34 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
Author Topic: Reused R values again  (Read 119021 times)
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000



View Profile
December 08, 2014, 10:05:51 PM
 #61

Here is one BCI user who claims to have lost 99 BTC which were not moved to the Good Samaritan's address:

http://www.reddit.com/r/Bitcoin/comments/2oo72b/victim_100_bitcoins_stolen_from_blockchaininfo/

The destination address got two other inputs; perhaps other ursers?
https://blockchain.info/address/1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ


Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
1526957674
Hero Member
*
Offline Offline

Posts: 1526957674

View Profile Personal Message (Offline)

Ignore
1526957674
Reply with quote  #2

1526957674
Report to moderator
1526957674
Hero Member
*
Offline Offline

Posts: 1526957674

View Profile Personal Message (Offline)

Ignore
1526957674
Reply with quote  #2

1526957674
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526957674
Hero Member
*
Offline Offline

Posts: 1526957674

View Profile Personal Message (Offline)

Ignore
1526957674
Reply with quote  #2

1526957674
Report to moderator
1526957674
Hero Member
*
Offline Offline

Posts: 1526957674

View Profile Personal Message (Offline)

Ignore
1526957674
Reply with quote  #2

1526957674
Report to moderator
gully
Jr. Member
*
Offline Offline

Activity: 43
Merit: 0


View Profile
December 08, 2014, 11:31:39 PM
 #62

http://www.reddit.com/r/Bitcoin/comments/2oonu2/well_i_was_part_of_the_00002/
This is my thread, I can confirm that and I can confirm that the BTC address is mine also.
Please PM me. I lost $650 that I was saving up for a car. I am only 17 man, I really need this money.
https://blockchain.info/address/1NDmX336zK4ntTLDqbpK9dWk8qNB81z2Q6

BTC Address: 183Xc7SsqFvsekMYbdNwmR1iZREkQQS4MJ
itod
Legendary
*
Offline Offline

Activity: 1232
Merit: 1013


einc.io


View Profile
December 09, 2014, 12:03:46 AM
 #63

I don't think that he is a good samaritan unless he eventually gives me the coins he stole back. I also sent an email to blockchain so hopefully I can get refunded or something...this is retarded.

Here's the explanation how to sign the message, it's for two wallets but the procedure is pretty much the same for all other wallets:

http://support.bitcoin.cz/Knowledgebase/Article/View/36/0/how-to-sign-a-message-using-a-bitcoin-client

Just sign the message to prove you are not trying to steal somebody else's coins, and PM that signature to johoe, he promised to return the coins to their rightful owners. IMHO it is very honorable thing if he fulfills the promise, if he haven't collected the coins a real thief could have done it and you would never see your coins back.

TheRealSteve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

FUN > ROI


View Profile
December 09, 2014, 12:06:37 AM
 #64

Here's the explanation how to sign the message

Just to note:

If you can convince me that they belong to you (signing a message with the address is obviously not enough; the private key is already known),  I will send the funds back.

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1708
Merit: 1001

Reverse engineer from time to time


View Profile
December 09, 2014, 12:15:04 AM
 #65

Here's the explanation how to sign the message

Just to note:

If you can convince me that they belong to you (signing a message with the address is obviously not enough; the private key is already known),  I will send the funds back.
Just sign the previous address from which the funds were transferred from(their outputs)

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
itod
Legendary
*
Offline Offline

Activity: 1232
Merit: 1013


einc.io


View Profile
December 09, 2014, 12:17:30 AM
 #66

Here's the explanation how to sign the message

Just to note:

If you can convince me that they belong to you (signing a message with the address is obviously not enough; the private key is already known),  I will send the funds back.
Just sign the previous address from which the funds were transferred from(their outputs)

Good idea. This is definitely proof the coins are yours, no question about it.

TheRealSteve
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

FUN > ROI


View Profile
December 09, 2014, 12:28:41 AM
 #67

The only problem is people who might have sent the original owner these coins might attempt to scam by pretending to be him.
Well, that's not the only problem.  Signing a message with the key associated with the address the funds were sent from - and this would of course have to be an unaffected address as well - does work well... if you can do so.  If you are not the owner of that address - e.g. you purchased Bitcoin from a service, you're mining at a pool, any case where the coins were sent to you by a third party - you would be SOL, at least as far as this approach goes.

In the mean time, it looks like blockchain.info is intending to make affected people whole again.  Perhaps some people will effectively double their returns as a result Wink

migovision
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 09, 2014, 02:16:06 AM
 #68

Here is one BCI user who claims to have lost 99 BTC which were not moved to the Good Samaritan's address:

http://www.reddit.com/r/Bitcoin/comments/2oo72b/victim_100_bitcoins_stolen_from_blockchaininfo/

The destination address got two other inputs; perhaps other ursers?
https://blockchain.info/address/1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ


I am the other user with the adress 1LDpUmrwVKSFyXy2czE423dH8yd4K9R9WW. If the user with the 99BTC will read this. pls write me a messeage.

 
molecular
Donator
Legendary
*
Offline Offline

Activity: 2520
Merit: 1006



View Profile
December 09, 2014, 07:20:24 AM
 #69

Can someone point me to the actual commit that introduced this bug?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
sunkawakan
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 09, 2014, 07:42:17 AM
 #70

Can someone point me to the actual commit that introduced this bug?
"Improvments to RNG":
https://github.com/blockchain/My-Wallet/commit/98d5a7ca59ef04d06ac6aee468634b12975a0f5c
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000



View Profile
December 09, 2014, 08:07:50 AM
 #71

I suppose that they generated one number with the new code, and it looked random allright.  Tongue

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 103


View Profile
December 09, 2014, 10:56:09 AM
 #72

I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.

To avoid double reimbursement, I want coordinate this with the blockchain.info people.  They should, hopefully, be able to check whether claims are valid or not.  If you lost funds due to this bug, contact the blockchain support, not me.  I cannot answer all PMs regarding this problem.

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
cr1776
Legendary
*
Offline Offline

Activity: 1890
Merit: 1002


View Profile
December 09, 2014, 11:13:08 AM
 #73

I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.

To avoid double reimbursement, I want coordinate this with the blockchain.info people.  They should, hopefully, be able to check whether claims are valid or not.  If you lost funds due to this bug, contact the blockchain support, not me.  I cannot answer all PMs regarding this problem.


Just remember, no good deed goes unpunished. Perhaps this should be in a new thread too.
yakuza699
Hero Member
*****
Offline Offline

Activity: 935
Merit: 1000


View Profile
December 09, 2014, 01:00:59 PM
 #74

Most of the coins were saved (216BTC) the remeaning ones went to this address https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd

▄▄▄▄▄▄▄▄
▄▄▄▄▄▄
▄▄▄▄
BTC BitDice.me 
.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000



View Profile
December 09, 2014, 01:41:07 PM
 #75

Most of the coins were saved (216BTC) the remeaning ones went to this address https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd

Someone claimed to have lost 99 BTC
http://www.reddit.com/r/Bitcoin/comments/2oo72b/victim_100_bitcoins_stolen_from_blockchaininfo/

They ended up here:
https://blockchain.info/address/18MFgZkAqcBLJcQof81xLFzAQ4r4XLS6sn

Only a tiny amount from them ended up at https://blockchain.info/address/1xyWYGDStMKVmNH4hivbfhJZa5xWFVWfd

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
flipperfish
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251


Dolphie Selfie


View Profile
December 09, 2014, 07:10:21 PM
 #76


Is it the unconditional use of Math.random() after the use of the Crypto API (if available), that lead to the bug? Or is there some other problem, I don't see?
Why isn't there a fixing commit, yet?
Initscri
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


PHP/Python Web Developer. PM for Info.


View Profile
December 09, 2014, 08:59:07 PM
 #77

I just want to say that I contacted the blockchain.info support, but I haven't heard back from them, yet.

To avoid double reimbursement, I want coordinate this with the blockchain.info people.  They should, hopefully, be able to check whether claims are valid or not.  If you lost funds due to this bug, contact the blockchain support, not me.  I cannot answer all PMs regarding this problem.


In my support ticket with them, I mentioned you. Hopefully this may elevate /escalate the priority.

PHP / Python developer. PM for more information.
itod
Legendary
*
Offline Offline

Activity: 1232
Merit: 1013


einc.io


View Profile
December 10, 2014, 12:46:33 AM
 #78


Is it the unconditional use of Math.random() after the use of the Crypto API (if available), that lead to the bug? Or is there some other problem, I don't see?
Why isn't there a fixing commit, yet?

zootreeves added a note an hour ago:
Quote
For those interested. The bug was caused by missing line 29 and not initialising rng_pptr to 0. This commit was force pushed over.

johoe
Full Member
***
Offline Offline

Activity: 217
Merit: 103


View Profile
December 10, 2014, 12:57:10 AM
Merited by Woshib (3)
 #79

The money has been returned to blockchain.info.  Please write to blockchain support to claim refund.

Quote
From: Ben Reeves <...@blockchain.info>
If you could return the funds to address 15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP that would be fantastic.

I should also add if that using our admin tools, if users supply us with the correct wallet information, we are able to accurately determine which refund claims are valid and which are not. So far we have processed over 30 refund requests and will be processing more over the rest of this week.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

15tXHJCjehqCEL6zRCkGwvuDY6YzZV5sKP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJUh5AdAAoJEP3NqDUC96SQqH0H/3pTTawCXZWfWAwIoVQPkSYa
DgpioEvHLDHXegfAfXyo8X9vc50kEseQVeZ5FAvoeC3Hy76gNIgEDllP5o6FUXL2
HsEj7qcafY5AxlxMgRRG9p1OcbeJS6mlbZrjB78BD+zrtzZaLFoSAf4+lw3YZHg5
xvA0WyNoHE1Hzg8+pdPbg1PPN6dHT38+PCyqFgYIjkjq07UbxxtyyWs8KIQqSuTe
4XIh0gjd73Wqtxm4CAHtnwy0PA5Pi/lE7v0d6qqF2l86SlxDkT6067asMw9Te0JJ
WgnFM8fePrM8HU980n0xvamae7J71zlFMN2/RYfj2t/pTIEWz25ZI2iVS0MGg14=
=9MGK
-----END PGP SIGNATURE——

PGP key is available from https://blockchain.info/security.txt



https://blockchain.info/tx/ea8fa447d59000843910932a42bf7a28915772d97a006e97714d026b78885754

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
theymos
Administrator
Legendary
*
expert
Offline Offline

Activity: 3024
Merit: 3118


View Profile
December 10, 2014, 01:14:15 AM
 #80

The money has been returned to blockchain.info.  Please write to blockchain support to claim refund.

That's very ethical of you. I hope they gave you a substantial reward.

HOWEYCOINS   ▮      Excitement and         ⭐  ● TWITTER  ● FACEBOOK   ⭐       
  ▮    guaranteed returns                 ●TELEGRAM                         
  ▮  of the travel industry
    ⭐  ●Ann Thread ●Instagram   ⭐ 
✅    U.S.Sec    ➡️
✅  approved!  ➡️
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!