Bitcoin Forum
December 07, 2016, 08:35:13 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: The 0.4.0 encrypted wallet has been exploited - for sure  (Read 3719 times)
piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 06:17:38 PM
 #1

Since I encrypted my wallet with 0.4.0 I have been doing daily backups to my dropbox account, simply by coping wallet.dat to a dropbox folder.

Then after 0.5.0 was released and the security issue was announced:
Quote
The wallet encryption feature introduced in Bitcoin version 0.4.0 did not sufficiently secure the private keys. An attacker who managed to get a copy of your encrypted wallet.dat file might be able to recover some or all of the unencrypted keys and steal the associated coins.
... I did what it said: generated new addresses and moved all my funds there.
Nothing had been stolen.

But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it... Smiley

And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.

So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.

This post is only to warn you - no comments necessary.

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
1481099713
Hero Member
*
Offline Offline

Posts: 1481099713

View Profile Personal Message (Offline)

Ignore
1481099713
Reply with quote  #2

1481099713
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481099713
Hero Member
*
Offline Offline

Posts: 1481099713

View Profile Personal Message (Offline)

Ignore
1481099713
Reply with quote  #2

1481099713
Report to moderator
1481099713
Hero Member
*
Offline Offline

Posts: 1481099713

View Profile Personal Message (Offline)

Ignore
1481099713
Reply with quote  #2

1481099713
Report to moderator
notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
April 19, 2012, 06:29:26 PM
 #2

Since I encrypted my wallet with 0.4.0 I have been doing daily backups to my dropbox account, simply by coping wallet.dat to a dropbox folder.

Then after 0.5.0 was released and the security issue was announced:
Quote
The wallet encryption feature introduced in Bitcoin version 0.4.0 did not sufficiently secure the private keys. An attacker who managed to get a copy of your encrypted wallet.dat file might be able to recover some or all of the unencrypted keys and steal the associated coins.
... I did what it said: generated new addresses and moved all my funds there.
Nothing had been stolen.

But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it... Smiley

And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.

So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.

This post is only to warn you - no comments necessary.

My dropbox backup is wrapped in a trucrypt volume.  I recommend doing the same with any sensitive information you are thinking about uploading anywhere.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 06:31:30 PM
 #3

My dropbox backup is wrapped in a trucrypt volume.  I recommend doing the same with any sensitive information you are thinking about uploading anywhere.
Oh, I don't think I will be using dropbox anymore, for anything.
I don't like people sniffing into my pants - even if they were encrypted Smiley

I have 2 PCs running 24/7, with 3 different disks at home, plus my phone accessible via ssh - this should be enough for a backup.
Screw dropbox if it screws you! Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
April 19, 2012, 06:34:04 PM
 #4

Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)

Easy for that to have happened.  Hard to prove though,

But yes, reusing old keys either from before encryption or when the encryption was still flawed is something of a concern and was brought up here:
 - http://bitcoin.stackexchange.com/questions/1243/can-i-force-my-wallet-to-only-have-news-keys-post-encryption

And if you'ld rather not have all your funds joined together when transferring to a new wallet, there's this method:
- http://bitcoin.stackexchange.com/questions/1272/how-can-i-transfer-all-funds-to-new-keys


piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 06:40:16 PM
 #5

Easy for that to have happened.  Hard to prove though
Indeed - I cannot prove it.

But if someone would have hacked into my PC, he would obviously install a trojan there to steal much more. I have Windows XP using Administrator account - wouldn't be too hard.

I was also doing backups to my gmail account, but that file in the email was PGP encrypted with a key stored at dropbox.

So dropbox is pretty much most likely.

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
notme
Legendary
*
Offline Offline

Activity: 1526


View Profile
April 19, 2012, 06:41:24 PM
 #6

My dropbox backup is wrapped in a trucrypt volume.  I recommend doing the same with any sensitive information you are thinking about uploading anywhere.
Oh, I don't think I will be using dropbox anymore, for anything.
I don't like people sniffing into my pants - even if they were encrypted Smiley

I have 2 PCs running 24/7, with 3 different disks at home, plus my phone accessible via ssh - this should be enough for a backup.
Screw dropbox if it screws you! Smiley

Meh... I still prefer an offsite backup.  You know, in case of meteor strike.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 06:48:00 PM
 #7

Meh... I still prefer an offsite backup.  You know, in case of meteor strike.
I don't leave my home, without a phone, that often - in such case I'd probably die together with my bitcoins Tongue

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2282


I support freedom of choice


View Profile WWW
April 19, 2012, 08:05:02 PM
 #8

www.wuala.com
It encrypts everything before leaving your computer Wink

Eternity Wall: Messages lasting forever - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
April 19, 2012, 08:20:08 PM
 #9

https://www.cyphertite.com/why-cyphertite.php

they also do free encrypted backup storage and is run by two openbsd developers
still wouldn't trust any cloud backup, just encrypt it yourself in harmless looking container and backup
MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
April 19, 2012, 08:22:35 PM
 #10

I was thinking about providing dropbox-like services on my servers. The obvious pros over Dropbox are that I'm the only one who can access your files excluding yourself! And I will never ever cooperate with any 3 letter agency under any circumstances, so your CP collection or plans to attack Pentagon with exploding camels will be kept confidential.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 19, 2012, 08:34:47 PM
 #11

I use trucrypt with 30 chars password and store the file on dropbxOx. Also monthly dumps to an usb key.
piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 08:35:35 PM
 #12

I agree that encrypting the data stored is the best way.

But I should say that I was never assuming that the wallet I store at dropbox is not going to be looked at.
Maybe I just didn't expect to discover it actually happening so quickly Smiley
There are probably hundreds of people out there who can look and browse through the actual users data.
Employers, window cleaners, hackers, gov agencies - each of them doing a lazy job, dreaming about doing a profitable private project...
Of course they are going to look into all the wallet.dat files - the first, the better.

What surprises me though is that someone actually finds it profitable enough to invest into a software that:
1) extracts private keys from stolen wallets
2) steals in a real time each transaction going to such a compromised address.
And btw, good job! Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
April 19, 2012, 08:38:18 PM
 #13

Use Boxcryptor on top of DropBox.

If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
April 19, 2012, 08:38:25 PM
 #14

Dropbox has had plenty of problems
http://nakedsecurity.sophos.com/2011/06/21/dropbox-lets-anyone-log-in-as-anyone/
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
April 19, 2012, 08:39:29 PM
 #15

2) steals in a real time each transaction going to such a compromised address.
Why not send a few Satoshis to that address to see whether it really is being emptied out automatically, or whether something else is happening.
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 1862


Revolution will be decentralized


View Profile WWW
April 19, 2012, 08:47:58 PM
 #16

A point in favor of Wuala, who does automatic encryption on your side, so no one on their side can steal you anything.

piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 08:52:50 PM
 #17

2) steals in a real time each transaction going to such a compromised address.
Why not send a few Satoshis to that address to see whether it really is being emptied out automatically, or whether something else is happening.
I'm not spending any more money on it, but feel free to try it.

The address is: 1LQYFx7cHQcrmMHTQo8jwv4K6PE5zc7mFt
And the private key: 5JTxrzfhgNqx7XhMiZz26EyYstQ8dMCHgBDRzFsbFTjMgmDqqvw

Try to beat him by sending some money there and getting it forwarded to your wallet first Smiley
I'm pretty sure you will see his transaction anyway.
Id'd suggest leaving some fee - he was mean, so minders should prefer your transaction. But we never know until someone tries Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Inaba
Legendary
*
Offline Offline

Activity: 1260



View Profile WWW
April 19, 2012, 08:55:25 PM
 #18

Wuala is a major pain in the ass to use.  I wanted to like it, but it's a) Java based, so it's a piece of shit from the start, b) A resource hog, C) kind of flakey, D) Slow as dirt.

Using Truecrypt or BoxCryptor on top of DropBox is perfectly safe, and if there's one thing Dropbox does better than anyone else, is the convenience factor of their sync software.  Wuala can't match it, SpiderOak can't match it... both are more secure, but far more cumbersome to use.  Anything that forces someone to install a Java VM to run already has a really huge uphill battle to become a useful piece of software.  


If you're searching these lines for a point, you've probably missed it.  There was never anything there in the first place.
piotr_n
Legendary
*
Offline Offline

Activity: 1498


aka tonikt


View Profile WWW
April 19, 2012, 08:58:20 PM
 #19

I read google is coming with some online drive solution soon.
If they want to win the market, the best move would be to encrypt the data on the client side, with a locally stored password.
Like LastPass does.
Also for the company - by this they get rid of any liabilities.
Unless they have an actual interest in looking into the content of this data - then they wouldn't do it Smiley

Check out gocoin - my original project of a bitcoin client written in Go, with some unique features.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
April 19, 2012, 09:39:14 PM
 #20

There are probably hundreds of people out there who can look and browse through the actual users data.
Employers, window cleaners, hackers, gov agencies - each of them doing a lazy job, dreaming about doing a profitable private project...
Of course they are going to look into all the wallet.dat files - the first, the better.

Quote
Privacy: Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). However, they may have  a small number of employees who must be able to access user data. Dropbox has strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, they employ a number of physical and electronic security measures to protect user information from unauthorized access. You should also note that Dropbox will cooperate with law enforcement if needed and will release your data in unencrypted form in these cases.

 - http://www.kimpl.com/1297/secure-online-backup-file-sync-service

Discussed here as well:
 - http://bitcointalk.org/index.php?topic=1679.msg29488#msg29488
 - https://www.dropbox.com/help/27

Incidentally, that Kimpl review stated that Spider Oak was more secure than Wuala (2nd place), Dropbox, and SugarSync.
 - http://www.spideroak.com

But that also says "for even better security you should encrypt" using TrueCrypt.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!