Bitcoin Forum
June 15, 2024, 05:01:56 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Bitaddress.org bug?? private key mismatch  (Read 2258 times)
ArpFlush (OP)
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500


View Profile
November 25, 2014, 03:41:04 PM
 #1

Hi all,

When using the paper wallet via bitaddress.org, I advice you to check the public address first in blockchain.info.

Reason: I created a new paper wallet, then checked the pub address and there is 1 BTC on it! Strangely enough, the corresponding private key didn't match!! This means that you better always  double check the private key before sending funds to your paper wallet.

"Panic Selling is not an Investment Strategy"
DannyHamilton
Legendary
*
Offline Offline

Activity: 3430
Merit: 4658



View Profile
November 25, 2014, 04:18:08 PM
 #2

Although it might be possible that there is a bug in bitaddress.org, it is far more likely that you have malware on your computer that changed the bitcoin address. Or that you simply made a mistake and that the address that bitaddress.org generated is not the address that you looked up.
ArpFlush (OP)
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500


View Profile
November 25, 2014, 05:41:54 PM
 #3

Although it might be possible that there is a bug in bitaddress.org, it is far more likely that you have malware on your computer that changed the bitcoin address. Or that you simply made a mistake and that the address that bitaddress.org generated is not the address that you looked up.
No, I checked it multiple times. I also extracted the public key from the private key (via Armory) and it results in a different public address. Malware, well, in these days of APT's you never know but normally my machine should be clean.

"Panic Selling is not an Investment Strategy"
KIRAZ
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
November 25, 2014, 05:53:37 PM
 #4

Wow, that's really strange i made one last month from their. Why don't you report this bug/issue to them - maybe they dig deep in it
and tell ya what's the mess up is about.
ArpFlush (OP)
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500


View Profile
November 25, 2014, 06:00:09 PM
 #5

Wow, that's really strange i made one last month from their. Why don't you report this bug/issue to them - maybe they dig deep in it
and tell ya what's the mess up is about.
I'm on it  Wink

"Panic Selling is not an Investment Strategy"
yayayo
Legendary
*
Offline Offline

Activity: 1806
Merit: 1024



View Profile
November 25, 2014, 06:42:08 PM
 #6

If true this could be devastating, because Bitaddress is used to such a great extent. It also may have gone unnoticed for a long time, because the main use of this service is cold storage.

I'm no JavaScript expert. But could it be caused by a malicious script injection?

(Posting here to remind me.)

ya.ya.yo!


.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
cr1776
Legendary
*
Offline Offline

Activity: 4060
Merit: 1303


View Profile
November 25, 2014, 07:41:19 PM
 #7

If you want more insight, it would be useful to post both the keys you are discussing AFTER, and only AFTER, you have moved any coins, had a good number of confirmations and made sure you aren't sending any coins there.

tzortz
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
November 25, 2014, 11:10:27 PM
 #8

Nice thread.

Thanks to know all these.

All is Mine!

1H7LUdfx9AFTMSXPsCBror3RDk57zgnc2R
Cryptopher
Legendary
*
Offline Offline

Activity: 1789
Merit: 1008


Keep it dense, yeah?


View Profile
November 25, 2014, 11:28:19 PM
 #9

Further to DannyHamilton's response, I too wonder if it is a case of an isolated incident.

Have you tried to create more paper wallets since? Did you observe the same problem?

Could you not share any details on the keys seeing as you will presumably not be using it?

The change log doesn't show any updates since April, so if there is a bug then it will have been around for a while. I would have expected to hear more reports into this.

Good job that you checked though - think that it is good practice to check things and then check again before going ahead with it when it comes to crypto.

Sign up to Revolut and do the Crypto Quiz to earn $15/£14 in DOT
ArpFlush (OP)
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500


View Profile
November 26, 2014, 07:28:52 PM
 #10

Well, here's an update.

I scanned both QR's with my phone. The left one (public key) doesn't match the written BTC address below the QR. The private key QR was correct.

In other words: the left part of the page (Bitcoin address) > QR code doesn't match BTC address below the QR. As I used my desktop machine I copy/pasted the btc address in blockchain.info > result: 1BTC on this address (felt like I won the lottery)

Conclusion: Both QR codes match each other, both keys printed in clear text don't match. Check before using you must  Cool
Luckily I didn't send BTC to this address!

"Panic Selling is not an Investment Strategy"
twister
Hero Member
*****
Offline Offline

Activity: 672
Merit: 502



View Profile WWW
November 26, 2014, 07:58:29 PM
 #11

If this bug is real it can make people lose a lot of bitcoin. People make paper wallets and send moeny to them and never check if the key matches the address or not. How do one check the key offline?

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
DaveF
Legendary
*
Offline Offline

Activity: 3514
Merit: 6347


Crypto Swap Exchange


View Profile WWW
November 26, 2014, 11:01:24 PM
 #12

If this bug is real it can make people lose a lot of bitcoin. People make paper wallets and send moeny to them and never check if the key matches the address or not. How do one check the key offline?

Download Electrum on a machine that has never had it installed before & unplug machine from internet.
Run Electrum and then Wallet --> Private keys --> Import [type in the private key and make sure it brings up the correct address.]
Then delete all the info from the proper locations on your PC to be sure that there is no record of the private key.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
yayayo
Legendary
*
Offline Offline

Activity: 1806
Merit: 1024



View Profile
November 27, 2014, 12:47:52 AM
 #13

Well, here's an update.

I scanned both QR's with my phone. The left one (public key) doesn't match the written BTC address below the QR. The private key QR was correct.

In other words: the left part of the page (Bitcoin address) > QR code doesn't match BTC address below the QR. As I used my desktop machine I copy/pasted the btc address in blockchain.info > result: 1BTC on this address (felt like I won the lottery)

Conclusion: Both QR codes match each other, both keys printed in clear text don't match. Check before using you must  Cool
Luckily I didn't send BTC to this address!

Well then it's serious. What browser do you use?

Any response from the bitaddress team?

They should take down the site until they have identified and solved the error.

ya.ya.yo!

.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
twister
Hero Member
*****
Offline Offline

Activity: 672
Merit: 502



View Profile WWW
November 27, 2014, 04:17:11 AM
 #14

If this bug is real it can make people lose a lot of bitcoin. People make paper wallets and send moeny to them and never check if the key matches the address or not. How do one check the key offline?

Download Electrum on a machine that has never had it installed before & unplug machine from internet.
Run Electrum and then Wallet --> Private keys --> Import [type in the private key and make sure it brings up the correct address.]
Then delete all the info from the proper locations on your PC to be sure that there is no record of the private key.

-Dave


Gr8 idea! I will do this prior to sending any amount to any paper wallet. Thx for this. +1

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
lontivero
Full Member
***
Offline Offline

Activity: 164
Merit: 128

Amazing times are coming


View Profile
November 27, 2014, 04:39:33 AM
 #15

Folks, I tested it by myself and keys are okay.
TheButterZone
Legendary
*
Offline Offline

Activity: 3010
Merit: 1031


RIP Mommy


View Profile WWW
November 27, 2014, 04:41:43 AM
 #16

Open issue: https://github.com/pointbiz/bitaddress.org/issues/90

Saying that you don't trust someone because of their behavior is completely valid.
lontivero
Full Member
***
Offline Offline

Activity: 164
Merit: 128

Amazing times are coming


View Profile
November 27, 2014, 04:50:50 AM
 #17

@ArpFlush could you post an image with the key pair? It is not useful for you, isn't it? I would like to see it by myself.
TheButterZone
Legendary
*
Offline Offline

Activity: 3010
Merit: 1031


RIP Mommy


View Profile WWW
November 27, 2014, 04:57:27 AM
 #18

I wouldn't reveal anything publicly yet. First, import both the uncompressed and compressed private keys that Bitaddress generated. Each type of private key corresponds to a different address.

Saying that you don't trust someone because of their behavior is completely valid.
lontivero
Full Member
***
Offline Offline

Activity: 164
Merit: 128

Amazing times are coming


View Profile
November 27, 2014, 04:59:02 AM
 #19

Please take a look at the Bitaddress' IP address that you get because someone could modify your local DNS, proxy or any other record in the LAN. If that is posible then you could be accessing to a fake Bitaddress.org site.  
ArpFlush (OP)
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500


View Profile
November 27, 2014, 08:14:59 AM
 #20

@ArpFlush could you post an image with the key pair? It is not useful for you, isn't it? I would like to see it by myself.
Sure: (sorry for the upside/down)


"Panic Selling is not an Investment Strategy"
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!