Bitcoin Forum
May 22, 2018, 05:23:17 AM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 [All]
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12357 times)
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 01:20:11 PM
 #1

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1526966597
Hero Member
*
Offline Offline

Posts: 1526966597

View Profile Personal Message (Offline)

Ignore
1526966597
Reply with quote  #2

1526966597
Report to moderator
1526966597
Hero Member
*
Offline Offline

Posts: 1526966597

View Profile Personal Message (Offline)

Ignore
1526966597
Reply with quote  #2

1526966597
Report to moderator
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 16, 2015, 01:23:43 PM
 #2


Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."

Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1000



View Profile
January 16, 2015, 01:26:39 PM
 #3

Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 01:26:55 PM
 #4


Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."

Sorry, I was faster. It happens to me so often(I am modest too)   haha

Well, of course it is not comfortable to know that your funds can disappear any time. You wanna bet that some people will say:

"neah, it cannot happen to me"  EVEN so there are many hacking reports daily.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1764
Merit: 1197



View Profile
January 16, 2015, 01:27:31 PM
 #5

TL;DR of the news:
if you're able to install software on someone else's computer or modify the code he compiles, you can steal his coins.
Duh.


You should read the news before you post something like:
Your funds are not safe neither in "cold storage". Read:

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
Kazimir
Legendary
*
Offline Offline

Activity: 1148
Merit: 1000



View Profile
January 16, 2015, 01:30:07 PM
 #6

many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley
Complete nonsense. This requires a backdoor being built into the software you're using to sign your transactions. I.e. using a compromised wallet.

Well duh, if I'm using compromised wallet software, then obviously my coins aren't safe to begin with.

FUD.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 01:30:54 PM
 #7

Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
Madness
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


My goal is becaming a billionaire.


View Profile WWW
January 16, 2015, 01:32:26 PM
 #8


Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Are you a mind reader or something , haha.
I was just reading the same thing on Coindesk and planning to share it here => http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
Anyway , to be honest . that's really dosen't make me comfortable , those hackers always find a way to screw things up.

"The attacker only has to watch the blockchain until two [compromised] signatures appear ... the affected signatures are not detectable by anyone other than the attacker."

Sorry, I was faster. It happens to me so often(I am modest too)   haha

Well, of course it is not comfortable to know that your funds can disappear any time. You wanna bet that some people will say:

"neah, it cannot happen to me"  EVEN so there are many hacking reports daily.


Rofl Shocked I don't wanna bet because I just said the same thing to my self to be honest . I never got hacked in my life and planning to stay that way  Roll Eyes but Everything have a first  Cry

Puppet
Legendary
*
Offline Offline

Activity: 966
Merit: 1000


View Profile
January 16, 2015, 01:33:17 PM
 #9

Yeah, title is nonsensical and sensationalist. If you created the cold wallet on a compromised PC, of course its not going to be secure and there are 100x easier ways to steal the coins from such wallet.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 01:33:21 PM
 #10

Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.

How do you know that it was not hacked?

Hacking reports are daily including with the exchangers.

What the article wants to say is that the cold storage is not safe at all.
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 01:40:22 PM
 #11

Read the article just now also.  This is in theory only, and hasn't actually been executed on any wallets.

The attacker would have to install the backdoor software on your PC or offline wallet device to extract the private keys.

Basically, if you don't take the proper precautions on your PC or network, then yes you can get hacked.

According to article, this attack is unable to be performed at scale, so only one wallet at a time could be targeted.

How do you know that it was not hacked?

Hacking reports are daily including with the exchangers.

What the article wants to say is that the cold storage is not safe at all.

Only reports of hacks are of the online, hot wallet variety.

Cold storage is perfectly safe if you take the proper precautions.  From the article:

Quote
Conventional wisdom has it that coins in cold storage are safe from attacks because the private keys never come in contact with the Internet or any other network.

In general, this is true. Even if the cold storage device could be compromised by malware, stolen private keys would fail to be transmitted to a thief because it isn't connected to the Internet.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
BaselessBitcoin
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
January 16, 2015, 01:51:25 PM
 #12

Until we see this theorized exploit in action you have no reason to believe cold storage wasn't as safe it was yesterday.
lucasjkr
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
January 16, 2015, 02:06:04 PM
 #13

If cold storage is vulnerable, then it would stand to reason that every wallet is vulnerable?

But my reading of the coinbase article leads me to believe that the attacker would need to have installed a compromised version of Bitcoin on the airgapped machine? Or else the upstream version of Bitcoin would need to be compromised? Or Armory, Electrum, etc, whichever wallet software the user is using. Am I wrong?

So, yes, if malicious actors gain commit privileges on the Bitcoin source, then offline wallets are compromisable, as are every other wallet. And if a malicious actor gains access to your airgapped machine in order to replace your binaries, you're also vulnerable. That's my interpretation. Doesn't seem like it's too much a worry, honestly. I mean, if an attacker gains such access, then it's game over regardless of which method of attack they use.

Or am I missing something?
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile
January 16, 2015, 02:10:26 PM
 #14

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection',

are you release what you say ... ?
you ONLY can do that when you install corrupted version of bitcoin core highly modified with this.
even in P2P file sharing client ... this sort of thing don't exist.


or for dumb people : DON'T DOWNLOAD official client from others places than https://bitcoin.org/bin
Guido
Legendary
*
Offline Offline

Activity: 1047
Merit: 1001


View Profile
January 16, 2015, 02:12:11 PM
 #15

media do a horrible job on stories so if they get hold of this (when), price will dump
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 02:23:56 PM
 #16

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 16, 2015, 02:26:33 PM
 #17

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley

That is true for any open source project, even the Linux kernel.

An economy based on endless growth is unsustainable.
RadBrad
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 16, 2015, 02:27:55 PM
 #18

Misleading title this has always been known....cold storage is safe if you take the correct precautions.
1Referee
Legendary
*
Offline Offline

Activity: 1512
Merit: 1093


View Profile
January 16, 2015, 02:28:18 PM
 #19

media do a horrible job on stories so if they get hold of this (when), price will dump

Nothing new...

If people read that article, and I mean READ that article, then it's more funny than being informative.

Average joe might think Bitcoin is hacked, broken, exploded, killed, etc. That's the sort of group of people who do believe these articles.

In a nutshell : Nothing is 100% safe.

RainVein
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
January 16, 2015, 02:29:28 PM
 #20

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?
qwk
Donator
Legendary
*
Offline Offline

Activity: 1764
Merit: 1197



View Profile
January 16, 2015, 02:30:14 PM
 #21

what you it seems that you do not understand or you do not want to say is that :
[...]
These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked. Smiley
You seem to have little to zero experience with large collaborative software projects.
The specific attack we're talking about would require changing the code of a subroutine that's probably not been touched for years, since it's basically part of the fundamental core of the system.
With version control systems, such things don't go unnoticed.

It's like waving a red flag with the words "hey, I'm going to do something incredibly stupid and/or important" and hoping no one will notice.

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
Meuh6879
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000



View Profile
January 16, 2015, 02:30:29 PM
 #22

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

False, very false ... we have revision display system to view the only added code (followed by name of author and reputation).
And even with this, the contribution are not allowed "like easy added" on the bitcoin core.
ebliever
Legendary
*
Offline Offline

Activity: 1540
Merit: 1010


View Profile
January 16, 2015, 02:30:37 PM
 #23

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley

You don't seem to understand that the hack has to be performed on the software the Bitcoin user uses to generate private keys. It can't be done after the fact. So you are entirely wrong and sensationalist in claiming that everyone's cold wallets are at risk. They are only at risk if they did in fact create their wallet using a criminal's hacked code. This is a risk, but not in the way you are shouting.

Luke 12:15-21

Ephesians 2:8-9
ebliever
Legendary
*
Offline Offline

Activity: 1540
Merit: 1010


View Profile
January 16, 2015, 02:33:38 PM
 #24

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Luke 12:15-21

Ephesians 2:8-9
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 02:34:06 PM
 #25

I'm shocked and horrified, next you'll be telling me that opening stuff in my spam folder "Your friend Joe, attachment:Photo.exe" isn't safe.

Then, oh horrors of the slippery slope, next they'll say that if I leave my front door open just a very small crack, I'll get random strangers taking my stuff, where does it all end?Huh

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 02:36:08 PM
 #26

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

with other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley

That is true for any open source project, even the Linux kernel.

TRUE. Also, remember Heartbleed bug and the vulnerability in the "bash" shell for Linux and Unix, Shellshock Smiley

Rich Tsunami
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 16, 2015, 02:37:01 PM
 #27

This is so obvious...of course if someone has modified the code of a wallet and you downloaed it without verfiying where it came from and if its actually safe by checking its pgp then you are going to lose your coins thats pretty obvious...thats why you always make sure the check sum or pgp is exact.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 02:37:47 PM
 #28

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"
bornil267645
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250


AltoCenter.com


View Profile WWW
January 16, 2015, 02:38:48 PM
 #29

I think this theory is only applicable when your next door neighbor is peeping through your window to get a peek at your password or been compromised in that sort of way.

other than that, cold storage is still the safest bet. I hope so.

RKZ72
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
January 16, 2015, 02:40:30 PM
 #30

sorry for being dumb but if someone has modifed the code and you run it in a offline computer how does the hacker gain your information? how is it sent to him becase there is no internet connection to send the data or he cant remote control your computer because theres no internet access.
ropbat
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 16, 2015, 02:41:33 PM
 #31

I think op was trying to scare everyone and people would start panic selling again..nice try mate.
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 16, 2015, 02:43:43 PM
 #32

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"
bitcoin.org is added by you. The article was talking about hardware wallets like Trezor or Bitsafe, and that is a valid concern.
If you're concerned about the precompiled binaries on bitcoin.org not matching the source, just compile it yourself.
ebliever
Legendary
*
Offline Offline

Activity: 1540
Merit: 1010


View Profile
January 16, 2015, 02:43:53 PM
 #33

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"

And maybe my smartphone has secret code from the CIA that is recording all my conversations and has super-secret hardware that can perform a keystroke log on any computer within 5' of it, so they have access to all my accounts and activities and can haul me off for thinking bad thoughts at any moment. Sometimes you just have to accept that the world is not an absolute locked-down perfect place no matter how hard you try to make it.

It remains the case that the hack can't be performed after the fact, which is what you've been shouting.

Luke 12:15-21

Ephesians 2:8-9
SaltyRainbow
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 16, 2015, 02:44:54 PM
 #34

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

Where do you keep your Bitcoin? Blockchain.info? Cold storage is the safest and always will be.
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 16, 2015, 02:45:47 PM
 #35

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

The only risk from what I see in the article is that if you use software to originally set up your wallet that actually originated from a criminal trying to steal your coins with this method, they could steal any coins you subsequently deposit.

They cannot hack a wallet that is secure. They can only put a backdoor in it when it was first created. And only if you use software that is not open-source and vetted by anyone besides the criminal.

Please re-read : "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?"

And maybe my smartphone has secret code from the CIA that is recording all my conversations and has super-secret hardware that can perform a keystroke log on any computer within 5' of it, so they have access to all my accounts and activities and can haul me off for thinking bad thoughts at any moment. Sometimes you just have to accept that the world is not an absolute locked-down perfect place no matter how hard you try to make it.

It remains the case that the hack can't be performed after the fact, which is what you've been shouting.
Don't laugh. The whole reason phones have pulse oximeters now isn't for measuring heartrate. It's so that the CIA can track your thoughts. I read it on the internet.
ebliever
Legendary
*
Offline Offline

Activity: 1540
Merit: 1010


View Profile
January 16, 2015, 02:45:57 PM
 #36

sorry for being dumb but if someone has modifed the code and you run it in a offline computer how does the hacker gain your information? how is it sent to him becase there is no internet connection to send the data or he cant remote control your computer because theres no internet access.

The idea is that you downloaded software from the hacker and use it to generate your wallet. Since he designed it to produce specified outputs, it generates private keys that he can recognize in the blockchain. So it doesn't matter that your cold wallet generating system is offline.

Luke 12:15-21

Ephesians 2:8-9
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 02:47:24 PM
 #37

To the OP,

You should change the thread title to Bitcoin cold storage -   HACKED DIFFICULTLY WHERE ATTACKER NEEDS ACCESS TO AIR GAPPED PC OR WALLET AND HAS TO INSTALL BACKDOOR WALLET VERSION ONE COLD WALLET AT A TIME

The original post and title very misleading, and causes FUD to the Noobs.

Thanks,

Bitcointalk Community


P.S. - You keep saying the manufacturer and link to Bitcoin.org....reread the article, dude.  The context is if hardware wallet manufacturers like say Trezor or Ledger have the compromised software installed.  Not software wallets like Bitcoin Core or Electrum or Armory.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 02:49:41 PM
 #38

I think op was trying to scare everyone and people would start panic selling again..nice try mate.

Yah, he's been in alarm and despair mode for the last week, just trying a little "too" hard now for us to continue to regard him as genuine.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 16, 2015, 02:53:59 PM
 #39

Ok, back to serious questions to knowledgeable people.

Am I correct in reading that this vector only allow the attacker to determine the private key of an address that has been used to sign a transaction? IE, if you use all the inputs of an address in the transaction and not reusing any addresses even a compromised ECDSA module would only net the attacker your now empty address.

Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1764
Merit: 1197



View Profile
January 16, 2015, 03:04:11 PM
 #40

Am I correct in reading that this vector only allow the attacker to determine the private key of an address that has been used to sign a transaction? IE, if you use all the inputs of an address in the transaction and not reusing any addresses even a compromised ECDSA module would only net the attacker your now empty address.
Well, the paper isn't really published yet, but as far as I can tell, this seems to be the case.
Honestly, the whole issue is interesting, but not much more.

All it really shows is that you can actually use the transaction signing part of cold storage to get information out of an otherwise sealed system.
Then again, that's more or less Captain Obvious speaking Wink

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
freequant
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
January 16, 2015, 03:05:54 PM
 #41

Title is wrong and FUD'y: it should read "compromised bitcoin client coldstorage hacked easily". This is a complete non-news, it was already possible to do the same thing by using a custom random generator that would generate numbers in a reduced subset of the integer space.
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 03:11:29 PM
 #42

Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.

If you're D/Ling compromised binaries period, your Nest thermostat is going to kill you from hypothermia in your sleep, or your cellphone is deliberately trying to give you brain cancer by going full power on all radios any time you pick it up, and so on.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Razick
Legendary
*
Offline Offline

Activity: 1134
Merit: 1002


DIW - Security Decentralized, Life Revolutionized


View Profile
January 16, 2015, 03:17:10 PM
 #43

You have to be using a compromised wallet for this to work.

          ▄▄
        ▄█▀▀█▄
      ▄█▀ ▄▄ ▀█▄
      ▀ ▄████▄ ▀
   ▄▀ ▄ ▀████▀ ▄ ▀▄
 ▄▀ ▄███▄ ▀▀ ▄███▄ ▀▄
█  ███████  ███████  █
 ▀▄ ▀███▀ ▄▄ ▀███▀ ▄▀

   ▀▄ ▀ ▄████▄ ▀ ▄▀
      ▄ ▀████▀ ▄
      ▀█▄ ▀▀ ▄█▀
        ▀█▄▄█▀
          ▀▀
███████████████████████████████████████████████████████████████████
██████▀▀▀▀▀▀▀▀▀▀▀██████████▀▀▀▀▀████▀▀▀▀▀█████▀▀▀▀█████▀▀▀▀▀███████
██████            ▀████████     ████     █████    █████     ███████
██████     ▄▄▄▄▄    ▀██████     █████    ████      ████    ████████
██████     ██████▄    █████     █████    ▀██▀  ▄▄  ▀██▀    ████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████     █   ██   █     █████████
██████     █████▀    ██████     ███████       ████       ██████████
██████     ▀▀▀▀▀    ▄██████     ████████     ██████     ███████████
██████            ▄████████     ████████     ██████     ███████████
██████▄▄▄▄▄▄▄▄▄▄▄██████████▄▄▄▄▄█████████▄▄▄▄██████▄▄▄▄████████████
███████████████████████████████████████████████████████████████████
.DIWtoken.com.
▄██████████████████▄
███       ▀███████
███       █████████
███       █████████
███       █████████
███              ██
███   ▄▄▄▄▄▄▄▄   ███
███   ▄▄▄▄▄▄▄▄   ███
███              ███
███▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
██████████████████▀

▄██████████████████▄
███████████▀ ███████
█████████▀   ███████
███████▀     ██▀ ███
███ ▀▀       █▄▄████
███          █▀▀▀▀██
███ ▄▄       ███████
██████▄     █▄ ▀███
█████████▄   ███▄███
███████████▄ ███████
▀██████████████████▀

▄██████████████████▄
████████████████████
███████████████▀▀ ██
█████████▀▀     ███
████▀▀     ▄█▀   ███
███▄    ▄██      ███
█████████▀      ▄██
█████████▄     ████
█████████████▄ ▄████
████████████████████
▀██████████████████▀
......SECURITY DECENTRALIZED...
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
January 16, 2015, 03:21:47 PM
 #44

I think nowadays most of the people only read the headlines!  Sad

But not all of them go straight to btt and spread FUD!  Angry

Bitcointalk member since 2013! Smiley
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 16, 2015, 03:22:08 PM
 #45

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1764
Merit: 1197



View Profile
January 16, 2015, 03:25:26 PM
 #46

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 16, 2015, 03:27:27 PM
 #47

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes
That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 03:28:56 PM
 #48

Not if you turn up the heat remotely on the Nest to make them smarter Cheesy

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 03:30:20 PM
 #49

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes

You guys are definitely all wrong.  Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops.  Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him:



Only then can the attacker upload the compromised version of the wallet software.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
uvt9
Sr. Member
****
Offline Offline

Activity: 300
Merit: 250


View Profile
January 16, 2015, 03:54:44 PM
 #50

not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 16, 2015, 04:16:25 PM
 #51

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?
Blazr
Hero Member
*****
Offline Offline

Activity: 882
Merit: 1000



View Profile
January 16, 2015, 04:18:50 PM
 #52

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.

ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 04:21:12 PM
 #53

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

Yes, but it is a white hat Hacker and he returned all coins lost:

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

If you keep most of your funds online, you're pretty much asking to get hacked.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
freequant
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
January 16, 2015, 04:37:05 PM
 #54

I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 16, 2015, 04:54:04 PM
 #55

OP mostly FUD but good that people are aware of all the attack vectors. 
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.

mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 06:55:38 PM
 #56

OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? Smiley  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

cheekychap
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
January 16, 2015, 06:57:25 PM
 #57

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.

Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 06:58:05 PM
 #58

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 16, 2015, 07:00:43 PM
 #59

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 07:06:13 PM
 #60

My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
sgravina
Sr. Member
****
Offline Offline

Activity: 449
Merit: 250



View Profile
January 16, 2015, 07:09:24 PM
 #61

If it is easy then give it a try.

This attach won't work if the input address is not reused.  It gives the hacker the input private key but if that address is spent in the transaction and not reused then it can't be spent again by the attacker.

A simpler version of this attack would be to give the user a wallet which generates knowable private keys.  The attacker then watches all of addresses he has victims generate until he finds bitcoins.  This would work with any wallet the attacker was able to distribute.  Has this been attempted before?
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 16, 2015, 07:21:50 PM
 #62

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley

Now you're cooking!

Why use Bitcoin when you can use fiat.



Oh...you can get robbed at gunpoint...nevermind.


Oh yea, but we can use payment processors like credit cards AMEX, VISA, and Mastercard right?

Maybe go shopping at Target and...WHAT?!!?







Man that shit's no joke.

Damn I though you had a compelling reason, mayax, but just like this thread, very misleading...

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 16, 2015, 08:37:26 PM
 #63

OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? Smiley  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.



I don't have all the answers...  I assume that in the future, as
cryptocurrency becomes more popular, people will know how
to do basic things like run python scripts, similar to how most
people know how to check the oil in their car... Either that
or hire a trusted security consultant.

 

girb16
Jr. Member
*
Offline Offline

Activity: 36
Merit: 0


View Profile
January 16, 2015, 09:04:32 PM
 #64

Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 16, 2015, 10:57:09 PM
 #65

Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!

Do you deny they invented Tetris? Well then, hackers everywhere  Wink

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
iGotSpots
Legendary
*
Offline Offline

Activity: 1624
Merit: 1001


The Trust Rating Below is Bullshit


View Profile WWW
January 16, 2015, 11:34:44 PM
 #66

There seems to be a lot of confusion in this thread about what is actually cold storage

infobel
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0


View Profile
January 16, 2015, 11:41:04 PM
 #67

Idiotic article/thread...

You can't actually call a not-"cold" storage, a cold storage.

Don't buy Trezor! Not an Open Source project anymore!
infobel
Jr. Member
*
Offline Offline

Activity: 42
Merit: 0


View Profile
January 16, 2015, 11:46:38 PM
 #68

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley


Or, I can use Bitcoin just because I can, without making some old fat fart very reach for processing my Western Union transfer and taking tons of money as a fee for transferring some bytes of data over the internet.
Stop being so stubborn. I just bought 2 Steam Gift Cards with Bitcoin, just because I can, and I'm not giving my credit card information or personal information all over the internet for some small thing like those.

YOU on the other hand are the one using Bitcoin just to speculate, right now you're also very angry cause you're not rich already.

You should try using Bitcoin, it feels nice.


Don't buy Trezor! Not an Open Source project anymore!
deployuser
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 17, 2015, 01:02:12 AM
 #69

What steps should people take to make sure you are 100% safe when dealing with cold storage?
cryptworld
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
January 17, 2015, 01:10:37 AM
 #70

I'd like to get a word from a person with knowledge,  is this really dangerous for bitcoin, or is just a theoretic xploit impossible to make real?
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 17, 2015, 01:12:07 AM
 #71

What steps should people take to make sure you are 100% safe when dealing with cold storage?

get an offline wallet maybe with good antivirus and security.
only this can u do ?
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 17, 2015, 01:13:19 AM
 #72

What steps should people take to make sure you are 100% safe when dealing with cold storage?

No such thing as "100% safe" in computer security, but this gets you close as possible IMO.

1. Only use hardware that has never been connected to the internet and never will be.

2a. Only use trusted wallet software

2b. even safer:  ...that you compiled yourself from source and compared the executable hash to PGP signed executables

2c. safer still: ...that you also code reviewed.

3. bonus paranoid security:  use dice, coins, or cards to generate the entropy yourself rather than relying on the computer for randomness.


Q7
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile WWW
January 17, 2015, 01:32:59 AM
 #73

I think it makes complete sense to use only wallet that you trust is safe. If you are using android system and just a quick browse on google play using "bitcoin wallet" keyword, you will find a long list of wallets. Some are yet to be submitted to github, so that is the first warning bell.

Sarthak
Hero Member
*****
Offline Offline

Activity: 532
Merit: 501

Error 404: there seems to be nothing here.


View Profile
January 17, 2015, 03:32:00 AM
 #74

Thanks For sharing This!
If cold storage isn't safe then where do we store our coins securely? Huh

R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 17, 2015, 03:34:50 AM
 #75

Thanks For sharing This!
If cold storage isn't safe then where do we store our coins securely? Huh

0 Kelvin storage, of course

An economy based on endless growth is unsustainable.
Sarthak
Hero Member
*****
Offline Offline

Activity: 532
Merit: 501

Error 404: there seems to be nothing here.


View Profile
January 17, 2015, 03:37:31 AM
 #76

Quote
0 Kelvin storage, of course

What's 0 Kelvin Storage? Never Heard of it before!

R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 17, 2015, 03:38:34 AM
 #77

What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero

An economy based on endless growth is unsustainable.
Sarthak
Hero Member
*****
Offline Offline

Activity: 532
Merit: 501

Error 404: there seems to be nothing here.


View Profile
January 17, 2015, 03:40:05 AM
 #78

What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero


Lol i thought it was some wallet system and googled it  Tongue

ranochigo
Legendary
*
Offline Offline

Activity: 1442
Merit: 1056



View Profile WWW
January 17, 2015, 03:40:15 AM
 #79

The chances of a cold storage getting hacked is fairly low if you compile it yourself, use trusted wallet software's and don't download any suspicious software. Remember to review source code and download from the trusted source and you will be fine.

(                                   ▄▀▀▀▄
████▄          ▄█████████████████▄ ▄▀▀▀▄
██████▄      ▄█████████      ▀████▀▄▄▄▀
████▀██ ████ ██▀████▄▄▄▄▄     ▄████
████  ▀ ▀▀▀▀   █████████ ███████▀
███            ████▀▀▀▀▀     ▀███▄
███            ███████      ▄████
███            ██████████████████▀
▀▀▀            ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                              ▀
                ▄▀▀▀▀▄ ▄▀▀▀▀▄ █ █▀▀▀▀▄
                █      █    █ █ █    █
                ▀▄▄▄▄▀ ▀▄▄▄▄▀ █ █    █
)     MB8Coin       .                           
     The new fuel for an existing........
     Loyalty Rewards Network...........
(   WEBSITE   ) (   FACEBOOK   ) (   TWITTER   )
.
(       WHITEPAPER      ) (      ANN THREAD       )
────────────────────────────────────────── 
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 17, 2015, 04:04:49 AM
 #80

What's 0 Kelvin Storage? Never Heard of it before!

Well, it's sarcastic. 0 Kelvin is the coldest temperature posible:

http://en.wikipedia.org/wiki/Absolute_zero


haha nice one man lel.
celcius fahrenheit bla bla bla.
Envrin
Sr. Member
****
Offline Offline

Activity: 318
Merit: 250



View Profile
January 17, 2015, 05:05:41 AM
 #81


Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.

rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 17, 2015, 05:13:53 AM
 #82


Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.



haha who is he dude ?
scammer people ?
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 17, 2015, 12:12:53 PM
 #83

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
ranochigo
Legendary
*
Offline Offline

Activity: 1442
Merit: 1056



View Profile WWW
January 17, 2015, 12:27:46 PM
 #84

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

(                                   ▄▀▀▀▄
████▄          ▄█████████████████▄ ▄▀▀▀▄
██████▄      ▄█████████      ▀████▀▄▄▄▀
████▀██ ████ ██▀████▄▄▄▄▄     ▄████
████  ▀ ▀▀▀▀   █████████ ███████▀
███            ████▀▀▀▀▀     ▀███▄
███            ███████      ▄████
███            ██████████████████▀
▀▀▀            ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                              ▀
                ▄▀▀▀▀▄ ▄▀▀▀▀▄ █ █▀▀▀▀▄
                █      █    █ █ █    █
                ▀▄▄▄▄▀ ▀▄▄▄▄▀ █ █    █
)     MB8Coin       .                           
     The new fuel for an existing........
     Loyalty Rewards Network...........
(   WEBSITE   ) (   FACEBOOK   ) (   TWITTER   )
.
(       WHITEPAPER      ) (      ANN THREAD       )
────────────────────────────────────────── 
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 17, 2015, 05:53:50 PM
 #85

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer. Smiley

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...
MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 17, 2015, 08:06:59 PM
 #86

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?


"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer. Smiley

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...
https://github.com/bitcoin/bitcoin/graphs/contributors
grendel25
Legendary
*
Offline Offline

Activity: 1120
Merit: 1006



View Profile
January 17, 2015, 08:18:01 PM
 #87

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

       ▄▄█████████▄▄
    ▄██████▀███▀██████▄
  ▄███████ ▀▀ ████████▄
 ▄██████         ▀██████▄
▄██████   ▄▄███▄▄ ▄███████▄
██████   ▄█████████████████
██████   ████  ▀  █████████
██████   ▀███  ▄███████████
▀██████   ▀▀███▀ ▀███████▀
 ▀██████▄         ▄██████▀
  ▀████████ ▄▄▄ ████████▀
    ▀██████▄███▄██████▀
       ▀▀█████████▀▀
.CriptoReal.██
██
██
██
██
██
██
██
██

██
██

██
██
██
██
██
██
██
██
██
██
██

██
██

██
██
       ▄█▄  ▄  ▄
   ██▄██████████▄
   ▀████████████████▄
 ▄███████████████████████▄
▀█████████▄▄▄▄▄▄▀▀▀████████
  ▀▀▀ ▀█████▀█▄█▀██▄▀████▀
         █████▄███▄█████
          ▀███▄█▄█████

           ███████████▀
             █████▀▀
              ███
            ▄███▀
              █
..FACEBOOK    TWITTER..
..
DISCORD    TELEGRAM..

▬▬▬▬▬▬▬▬▬▬▬▬▬▬
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 17, 2015, 09:47:10 PM
 #88

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.
spazzdla
Legendary
*
Offline Offline

Activity: 1512
Merit: 1000


View Profile
January 17, 2015, 10:14:11 PM
 #89

Use paper wallets, many of them.  Once you import the private keys from them destroy that wallet.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 17, 2015, 10:38:29 PM
 #90

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.


rax
Member
**
Offline Offline

Activity: 85
Merit: 10


View Profile
January 18, 2015, 12:09:29 AM
 #91

Easily. Because fuck yeah.

tokeweed
Legendary
*
Offline Offline

Activity: 1764
Merit: 1017


Life, Love and Laughter...


View Profile
January 18, 2015, 12:17:12 AM
 #92

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin


.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
rz20
Hero Member
*****
Offline Offline

Activity: 966
Merit: 1000



View Profile
January 18, 2015, 12:19:39 AM
 #93

If it is so easy why don't you get the funds from primedice or from bitstamp?

          ▄▄█▀▀▀█▄▄           
     █  █▀ ▄▄▄▄▄▄▄ ▀█▄ █▄     
 ▄  █▌ █  █▀ ▄▄▄  ▀▄ █▄ █  ▐▄
 █ ▐█ █▌ █  █ ▄ ▀█ █ ▐█ █▌ ▐▌
 ▀██  █  █ ▐▌ █ ▐█ █  █▄ ▀█▀ 
    ▄█  █  █ ▐█ █▌ █ ▄ ▀█▄   
  ▀▀ ▄█▀ ▄█ ▄█ ▄█ █▌ ▀█▄▄  ▀ 
  ▀▀▀  ▄█▀ █▀ ▄▀ █▀ ▀█▄▄ ▀▀   
   ▀▀▀▀ ▄█▀ ▄█  █▀ ▀█▄  ▀▀▀   
    ▐▀▀▀ ▄█▀  ▄   ▀▄▄ ▀▀▀     
      █▀▀  ▄█▀ ▀█▄▄  ▀▀▀     
        ▀▀▀▄▄▀▀▀█▄▄▀▀▀       
          ▀  ▄▄▄▄ ▀           
.KYC.
..LEGAL..
.Blockchain Identity Verification.
▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅
             ━━━━━━━━━  ━━━━━     ━━━━━━━━━━   ━━━━━━━━   ━━━━━━━━━━━━

   ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
   ██


          ▄▄█▀▀▀█▄▄           
     █  █▀ ▄▄▄▄▄▄▄ ▀█▄ █▄     
 ▄  █▌ █  █▀ ▄▄▄  ▀▄ █▄ █  ▐▄
 █ ▐█ █▌ █  █ ▄ ▀█ █ ▐█ █▌ ▐▌
 ▀██  █  █ ▐▌ █ ▐█ █  █▄ ▀█▀ 
    ▄█  █  █ ▐█ █▌ █ ▄ ▀█▄   
  ▀▀ ▄█▀ ▄█ ▄█ ▄█ █▌ ▀█▄▄  ▀ 
  ▀▀▀  ▄█▀ █▀ ▄▀ █▀ ▀█▄▄ ▀▀   
   ▀▀▀▀ ▄█▀ ▄█  █▀ ▀█▄  ▀▀▀   
    ▐▀▀▀ ▄█▀  ▄   ▀▄▄ ▀▀▀     
      █▀▀  ▄█▀ ▀█▄▄  ▀▀▀     
        ▀▀▀▄▄▀▀▀█▄▄▀▀▀       
          ▀  ▄▄▄▄ ▀           
.
-

██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██ ██
██
.................Start Using for Free.................
           ▄▄█     
          ██▀       
    ▄▄▄▄▄  ▄▄▄▄▄   
   █████████████   
  █████████████     
  █████████████▄   
  ▐██████████████▌ 
   ▐█████████████   
     ▀███▀ ▀███▀   
Download on the
App Store

 ▀█▄▄           
 ██▄▀███▄▄       
 ████▄▀████▀▄▄   
 ██████▄▀█▀█████
 █████▀▄███▄▀▀   
 ███▀▄██▀▀       
 █▀▄█▀▀         
Get it on
Google Play
SargeR33
Member
**
Offline Offline

Activity: 112
Merit: 10

★Bitin.io★ - Instant Exchange


View Profile
January 18, 2015, 12:25:23 AM
 #94

Seems like a load of bull. This is open source, sure people can sneak code into it but it will be picked up. I'm also sure most people here now have found a wallet they trust and tested and will stick to it. I have no reason to swap wallets. I am happy with the wallet I am using and I can trust it and trust the machine I use.

If in doubt, use offline files from paper wallet websites, check the code and generate cold storage that way. If the code is clean, it is impossible for the hacker to obtain any private key since the machine used is offline, there is no leaked data and only you can have this information. Then just transfer your btc to that and store them in a safe.

This is why people don't use BTC. People who don't know what they're doing will probably get stung by a dodgy wallet or website and be deterred from bitcoin forever. Bitcoin is not user friendly.

Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 18, 2015, 12:28:35 AM
 #95

being "open source" is much more vulnerable than any other centralized e-currency.

True, coz nobody would put that open source linux shit on teh interwebs servers for same reason  Roll Eyes

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Rum152
Full Member
***
Offline Offline

Activity: 147
Merit: 100

www.secondstrade.com - 190% return Binary option


View Profile
January 18, 2015, 12:33:09 AM
 #96

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.
This is not true. Having something open source means that many people can and will audit the code to ensure that it is secure. When you have something closed source and centralized you have one central point of failure and do not get this kind of testing - at least not until it is too late

tokeweed
Legendary
*
Offline Offline

Activity: 1764
Merit: 1017


Life, Love and Laughter...


View Profile
January 18, 2015, 12:35:15 AM
 #97

If it is so easy why don't you get the funds from primedice or from bitstamp?

yup.  or hack satoshi's wallet/s.  duh.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
RoadStress
Legendary
*
Offline Offline

Activity: 1792
Merit: 1002


View Profile
January 18, 2015, 12:57:10 AM
 #98

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

iCEBREAKER is a troll! He and cypherdoc helped HashFast scam 50 Million $ from its customers !
H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
newIndia
Legendary
*
Offline Offline

Activity: 1428
Merit: 1003


View Profile
January 18, 2015, 01:00:17 AM
 #99

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.
smoothie
Legendary
*
Offline Offline

Activity: 2100
Merit: 1002


LEALANA Monero Physical Silver Coins


View Profile
January 18, 2015, 01:07:45 AM
 #100

OP is obviously not painting a complete picture. Obviously a compromised pc or set of code can be hacked because in essence it is already hacked by it being compromised with a backdoor etc.

Problem with this guy's post is he doesn't paint a clear picture of the security that exists when code that is reviewed by the public (many parties) and how that secures people's funds from a software standpoint.

Better open sourced than closed. But oh let's not bring that up buddy lol

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.        SMOOTHIE'S HEALTH AND FITNESS JOURNAL          History of Monero development Visualization ★☆ .
LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
 
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 18, 2015, 01:45:13 AM
 #101

OP is obviously not painting a complete picture.

Well to be fair, he has neither a full set of paints, nor all the bristles still in his brush.  Wink

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Agestorzrxx
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


View Profile
January 18, 2015, 02:21:29 AM
 #102

Well, nothing is absolutely safe.
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 18, 2015, 02:44:18 AM
 #103

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
ranochigo
Legendary
*
Offline Offline

Activity: 1442
Merit: 1056



View Profile WWW
January 18, 2015, 02:47:33 AM
 #104

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

(                                   ▄▀▀▀▄
████▄          ▄█████████████████▄ ▄▀▀▀▄
██████▄      ▄█████████      ▀████▀▄▄▄▀
████▀██ ████ ██▀████▄▄▄▄▄     ▄████
████  ▀ ▀▀▀▀   █████████ ███████▀
███            ████▀▀▀▀▀     ▀███▄
███            ███████      ▄████
███            ██████████████████▀
▀▀▀            ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                              ▀
                ▄▀▀▀▀▄ ▄▀▀▀▀▄ █ █▀▀▀▀▄
                █      █    █ █ █    █
                ▀▄▄▄▄▀ ▀▄▄▄▄▀ █ █    █
)     MB8Coin       .                           
     The new fuel for an existing........
     Loyalty Rewards Network...........
(   WEBSITE   ) (   FACEBOOK   ) (   TWITTER   )
.
(       WHITEPAPER      ) (      ANN THREAD       )
────────────────────────────────────────── 
M28MmickT
Sr. Member
****
Offline Offline

Activity: 433
Merit: 250


BTG CEO


View Profile
January 18, 2015, 02:55:45 AM
 #105

zzzZZZZzzzZZZ Hacked easily  Grin i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.

MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000


View Profile
January 18, 2015, 04:23:24 AM
 #106

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.


Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 18, 2015, 04:29:16 AM
 #107

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.
muhrohmat
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
January 18, 2015, 10:22:40 AM
 #108

i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc

Kprawn
Legendary
*
Offline Offline

Activity: 1484
Merit: 1033


View Profile
January 18, 2015, 11:50:28 AM
 #109

A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it} 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

                   BitCloak Bitcoin Mixer  
  BTC & BCH | API| MULTIADDRESS| PGP PROOF|  FAST MIX |  ESCROW|  MORE ! 

░░░░░░░▄▄▄▄▄▄
░░░░▄██████████▄
░░░██████████████
░░██████▐▌██████
█████░░░░░░░▀█████
██████▄▄░░▄▄░░██████
████████░░▀▀▄██████
████████░░▄▄▄░░█████
██████▀▀░░▀▀▀░░█████
█████░░░░░░░░█████
░░██████▐▌██████
░░░██████████████
░░░░▀██████████▀
░░░░░░░▀▀▀▀▀▀
░░░

Duke Of Bitcoin
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 18, 2015, 11:53:01 AM
 #110

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 18, 2015, 03:35:08 PM
 #111

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol


ranochigo
Legendary
*
Offline Offline

Activity: 1442
Merit: 1056



View Profile WWW
January 18, 2015, 03:45:46 PM
 #112

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol



Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.

(                                   ▄▀▀▀▄
████▄          ▄█████████████████▄ ▄▀▀▀▄
██████▄      ▄█████████      ▀████▀▄▄▄▀
████▀██ ████ ██▀████▄▄▄▄▄     ▄████
████  ▀ ▀▀▀▀   █████████ ███████▀
███            ████▀▀▀▀▀     ▀███▄
███            ███████      ▄████
███            ██████████████████▀
▀▀▀            ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                              ▀
                ▄▀▀▀▀▄ ▄▀▀▀▀▄ █ █▀▀▀▀▄
                █      █    █ █ █    █
                ▀▄▄▄▄▀ ▀▄▄▄▄▀ █ █    █
)     MB8Coin       .                           
     The new fuel for an existing........
     Loyalty Rewards Network...........
(   WEBSITE   ) (   FACEBOOK   ) (   TWITTER   )
.
(       WHITEPAPER      ) (      ANN THREAD       )
────────────────────────────────────────── 
RoadStress
Legendary
*
Offline Offline

Activity: 1792
Merit: 1002


View Profile
January 18, 2015, 04:42:50 PM
 #113

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

iCEBREAKER is a troll! He and cypherdoc helped HashFast scam 50 Million $ from its customers !
H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 05:40:25 PM
 #114

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.


mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 18, 2015, 05:48:43 PM
 #115

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
Walsoraj
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Ultranode


View Profile
January 18, 2015, 05:53:39 PM
 #116

“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)
Klestin
Hero Member
*****
Offline Offline

Activity: 493
Merit: 500


View Profile
January 18, 2015, 06:17:55 PM
 #117

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1764
Merit: 1197



View Profile
January 18, 2015, 06:29:37 PM
 #118

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins. Wink

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 07:07:44 PM
 #119

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?

Razick
Legendary
*
Offline Offline

Activity: 1134
Merit: 1002


DIW - Security Decentralized, Life Revolutionized


View Profile
January 18, 2015, 07:20:49 PM
 #120

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy


          ▄▄
        ▄█▀▀█▄
      ▄█▀ ▄▄ ▀█▄
      ▀ ▄████▄ ▀
   ▄▀ ▄ ▀████▀ ▄ ▀▄
 ▄▀ ▄███▄ ▀▀ ▄███▄ ▀▄
█  ███████  ███████  █
 ▀▄ ▀███▀ ▄▄ ▀███▀ ▄▀

   ▀▄ ▀ ▄████▄ ▀ ▄▀
      ▄ ▀████▀ ▄
      ▀█▄ ▀▀ ▄█▀
        ▀█▄▄█▀
          ▀▀
███████████████████████████████████████████████████████████████████
██████▀▀▀▀▀▀▀▀▀▀▀██████████▀▀▀▀▀████▀▀▀▀▀█████▀▀▀▀█████▀▀▀▀▀███████
██████            ▀████████     ████     █████    █████     ███████
██████     ▄▄▄▄▄    ▀██████     █████    ████      ████    ████████
██████     ██████▄    █████     █████    ▀██▀  ▄▄  ▀██▀    ████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████     █   ██   █     █████████
██████     █████▀    ██████     ███████       ████       ██████████
██████     ▀▀▀▀▀    ▄██████     ████████     ██████     ███████████
██████            ▄████████     ████████     ██████     ███████████
██████▄▄▄▄▄▄▄▄▄▄▄██████████▄▄▄▄▄█████████▄▄▄▄██████▄▄▄▄████████████
███████████████████████████████████████████████████████████████████
.DIWtoken.com.
▄██████████████████▄
███       ▀███████
███       █████████
███       █████████
███       █████████
███              ██
███   ▄▄▄▄▄▄▄▄   ███
███   ▄▄▄▄▄▄▄▄   ███
███              ███
███▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
██████████████████▀

▄██████████████████▄
███████████▀ ███████
█████████▀   ███████
███████▀     ██▀ ███
███ ▀▀       █▄▄████
███          █▀▀▀▀██
███ ▄▄       ███████
██████▄     █▄ ▀███
█████████▄   ███▄███
███████████▄ ███████
▀██████████████████▀

▄██████████████████▄
████████████████████
███████████████▀▀ ██
█████████▀▀     ███
████▀▀     ▄█▀   ███
███▄    ▄██      ███
█████████▀      ▄██
█████████▄     ████
█████████████▄ ▄████
████████████████████
▀██████████████████▀
......SECURITY DECENTRALIZED...
seriouscoin
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
January 18, 2015, 10:04:41 PM
 #121

This thread sum up OP's IQ. Hint : well below 60, in "Special" zone

GrandmaJean
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
January 19, 2015, 06:43:24 AM
 #122

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy


I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker
promojo
Sr. Member
****
Offline Offline

Activity: 413
Merit: 250


View Profile
January 19, 2015, 07:07:53 AM
 #123

I will have to read this.  Thanks for the infos.
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1708
Merit: 1001

Reverse engineer from time to time


View Profile
January 19, 2015, 07:12:49 AM
 #124

These articles, OP's thread tell us nothing new, it's just the same song sang differently.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
January 19, 2015, 07:39:37 AM
 #125

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that...

As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO!

Bitcointalk member since 2013! Smiley
Furio
Legendary
*
Offline Offline

Activity: 910
Merit: 1000

BTC | LTC | XLM | VEN | ARDR


View Profile
January 19, 2015, 07:41:54 AM
 #126

Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that Grin

Razick
Legendary
*
Offline Offline

Activity: 1134
Merit: 1002


DIW - Security Decentralized, Life Revolutionized


View Profile
January 20, 2015, 01:28:42 AM
 #127

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy



Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented.

          ▄▄
        ▄█▀▀█▄
      ▄█▀ ▄▄ ▀█▄
      ▀ ▄████▄ ▀
   ▄▀ ▄ ▀████▀ ▄ ▀▄
 ▄▀ ▄███▄ ▀▀ ▄███▄ ▀▄
█  ███████  ███████  █
 ▀▄ ▀███▀ ▄▄ ▀███▀ ▄▀

   ▀▄ ▀ ▄████▄ ▀ ▄▀
      ▄ ▀████▀ ▄
      ▀█▄ ▀▀ ▄█▀
        ▀█▄▄█▀
          ▀▀
███████████████████████████████████████████████████████████████████
██████▀▀▀▀▀▀▀▀▀▀▀██████████▀▀▀▀▀████▀▀▀▀▀█████▀▀▀▀█████▀▀▀▀▀███████
██████            ▀████████     ████     █████    █████     ███████
██████     ▄▄▄▄▄    ▀██████     █████    ████      ████    ████████
██████     ██████▄    █████     █████    ▀██▀  ▄▄  ▀██▀    ████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████    ██   ██   ██    █████████
██████     ███████    █████     ██████     █   ██   █     █████████
██████     █████▀    ██████     ███████       ████       ██████████
██████     ▀▀▀▀▀    ▄██████     ████████     ██████     ███████████
██████            ▄████████     ████████     ██████     ███████████
██████▄▄▄▄▄▄▄▄▄▄▄██████████▄▄▄▄▄█████████▄▄▄▄██████▄▄▄▄████████████
███████████████████████████████████████████████████████████████████
.DIWtoken.com.
▄██████████████████▄
███       ▀███████
███       █████████
███       █████████
███       █████████
███              ██
███   ▄▄▄▄▄▄▄▄   ███
███   ▄▄▄▄▄▄▄▄   ███
███              ███
███▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
██████████████████▀

▄██████████████████▄
███████████▀ ███████
█████████▀   ███████
███████▀     ██▀ ███
███ ▀▀       █▄▄████
███          █▀▀▀▀██
███ ▄▄       ███████
██████▄     █▄ ▀███
█████████▄   ███▄███
███████████▄ ███████
▀██████████████████▀

▄██████████████████▄
████████████████████
███████████████▀▀ ██
█████████▀▀     ███
████▀▀     ▄█▀   ███
███▄    ▄██      ███
█████████▀      ▄██
█████████▄     ████
█████████████▄ ▄████
████████████████████
▀██████████████████▀
......SECURITY DECENTRALIZED...
Nrcewker
Copper Member
Hero Member
*****
Offline Offline

Activity: 665
Merit: 500


Geek UAV Pilot


View Profile WWW
January 20, 2015, 02:29:03 AM
 #128

gold, hold dollars, let us leave bitcoins..

                     ▓█████████████▓                       
                 ▓███▓██  █████████▓███▓▒                 
              ▓██▓▒▓█▓▒ ▒▒▓▓████████████▓██               
            ▓██▓▒  ▒█▓▓▓██████████████▓▒▒▒▓█▓             
           ███▓█▒▓█▓▒▒▓▓█████████████████  ███             
         ▓█▓▒▒▒█▓▓   ▓█▓█▓█████████████      ███           
        ▓█▒▒▒▒  █▓███▒▒▒▒▓▓█▓██████████       ███         
        ██▒▒▒▒   ▓██▓▒▒▓█▓▒▒▒▒▓▒▓▒█▒▓▒     ██▓ ▒█         
       ██▒▒▓▓▒     ▒▒▒▓▓▓▓▒▓▒▒▒▒▒▒▒▒▒           ▓█         
       █▓▒▒▓▓▒     ▒█▒▓▓▒▓▒▓▒▒▓▒▓▒▒▓▒▓         ▒▒█         
      ▓█▓█         █▓████████████████▓        ████▓       
      ▓█▓█       ███▓████████████████▓       █████▓       
       █▓█      ████▓████████████████▓     █▓▓████         
       ▓██ █████████▓████████████████▓▓▓  ██▓███▓█         
        ██ ▓█▓██████▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▓▓▓███████▓█         
         ██  ████████▓▓▓▓▓▓▓███████████▓██▓██████         
          █▓██████████████████ ██▓██   ███▓██▓█▓           
           ██████████████████    ▓▓█▓▓█████▓██▓           
            ▓███████▓██████       ███▓██████▓             
               ██▓██████████▓▓██    ██▓███▓               
                 ▓███▓██████     ██▓███▓█                 
                     ▓████████████▓▓                       
 
►  Telegram
►  Twitter
►  Facebook
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 20, 2015, 02:05:46 PM
 #129

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
January 20, 2015, 02:22:33 PM
 #130

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

I second this!

Bitcointalk member since 2013! Smiley
thelibertycap
Full Member
***
Offline Offline

Activity: 211
Merit: 100


View Profile
January 20, 2015, 02:33:52 PM
 #131

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 20, 2015, 10:00:48 PM
 #132

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan Smiley

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

physicsdude
Newbie
*
Offline Offline

Activity: 11
Merit: 0

Visit NexusEarth.com


View Profile WWW
January 20, 2015, 10:15:25 PM
 #133

Yes, massive news flash: If you have hacked software on your machine your coins aren't safe.  Thanks for the enlightenment.  This article is a huge piece of FUD.

"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."

NexusEarth.com
thelibertycap
Full Member
***
Offline Offline

Activity: 211
Merit: 100


View Profile
January 20, 2015, 10:41:00 PM
 #134

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan Smiley

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/



"The attacker must first create a compromised version of ECDSA."

so what is it about? if i use a proper binary of my wallet, my system is not compromised.
dlowings
Full Member
***
Offline Offline

Activity: 226
Merit: 100


View Profile
January 20, 2015, 10:48:28 PM
 #135

Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .

BTC donations welcome:- 1BrersvQubEKt4m2hBXDNvU1B4RiYe6J4i   -   Feel free to visit wiki.chainminer.com for free hardware listings, and mining info. -  IRC on freenode #wiki.chainminer.com
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 20, 2015, 11:16:59 PM
 #136

How can you install a backdoor in my paper wallet? I really want to know.

An economy based on endless growth is unsustainable.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 21, 2015, 01:55:45 AM
 #137

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 21, 2015, 02:03:10 AM
 #138

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

The article has been read thoroughly by many of us who are knowledgeable and competent.
Anyone who does their due diligence to set up a cold storage wallet properly is not
going to use a compromised version of ECDSA.
 
Your trolling attempts are rather goofy, because although Bitcoin isn't perfect,
having your cold storage keys stolen is one of the LEAST likely things to happen. 

R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 21, 2015, 02:07:56 AM
 #139

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

“It's not about a backdoor”

*article title includes the words “install backdoor”*

An economy based on endless growth is unsustainable.
Ingatqhvq
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500



View Profile
January 21, 2015, 04:12:07 AM
 #140

That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?
ABitNut
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500


I'm a cynic, I'm a quaint


View Profile
January 21, 2015, 04:15:48 AM
 #141

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.


              ▄
            ▄███▄
          ▄███████▄
   ▄▄▄    █
█████████
   ███
    ███████████▄
██    ████    ████████▄
      ████    ██████████
  ████    ████▀██████████
  ████    ██▀   ▀█████████▄
      █████       █████████▄
      ███▀         ▀████████
  ██████▀           ▀███████
  █████▀             ▀█████
   ████ █▄▄▄     ▄▄▄█ ████
    ███ ▀███████████▀ ███
     ▀▀█▄ █████████ ▄█▀▀
        ▀▀▄▄ ▀▀▀ ▄▄▀▀
●●
●●
●●
●●
●●
●●
|●  facebook
●  reddit
●  ann thread
|
█ ██
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██

██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
█ ██ █
██ █
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 21, 2015, 01:04:50 PM
 #142

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505


Vietnamese translator - https://goo.gl/Muc9xi


View Profile WWW
January 21, 2015, 01:15:55 PM
 #143

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   Cheesy

Please lock this thread.

....TRUEPLAY.io....♣ TRANSPARENT AND HONEST GAMBLING PLATFORM
PRE-SALE STARTS 15th APR, 2018
♠ 30% DISCOUNT
    SITE
ANN THREAD
WALLET
turvarya
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
January 21, 2015, 01:44:39 PM
 #144

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.
If it is so easy, than explain the steps, to get the compromissed code in any of the currently used programs. You can pick every program you like.

https://forum.bitcoin.com/
New censorship-free forum by Roger Ver. Try it out.
BillyBobZorton
Legendary
*
Offline Offline

Activity: 1162
Merit: 1017


View Profile
January 21, 2015, 02:24:41 PM
 #145

I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.


                        ▗▗▗                   
                    ▗▗████▖▘                 
                  ▖████████▌                 
               ▗███████████▖                 
              ▞████████████▞                 
            ▗██████████████▝                 
           ▗███████████████▐        ▄██▖     
          ▗█████████████████▘    ▗███▀▝       
          ▞█████████████████▗   ████ █▖       
         ▝██████████████████▗  ███▘▗██▞       
         ▚██████████████████▖ ▗██▗████▘▘     
         ▌██████████████████▝   ▐████ █       
        ▝██████████████████▗▚  ████ ██▌       
        ▐██████████████████▞▖  █ ████▜▝       
        ▖██████████████████▖▚  █▗████▌▌       
        ▝██████████████████▀  █▞████▚▚▗       
        ▝██████████████████▘▗█▚████▞▙▚       
        ▝████████████████▝▖ ██▐▚████▐▗       
         ▚██████████████▘▖█████████▞▞         
        ▝██████████████▖██████████▞▚         
         ▐██████████████▚▚████████▘▘         
         ▖████████████▜▐████████▖▝           
          ▚████████▌▛████████▝               
          ▘████████▛▞████▘▘                   
          ▝████████▞▀▝▝                       
           ▘██▘▘▘▝                           
           ▝                                 
Bonpay
Unbelive
Full Member
***
Offline Offline

Activity: 210
Merit: 100


Invest & Earn: https://cloudthink.io


View Profile
January 21, 2015, 02:55:48 PM
 #146

Every solution has a problem and every problem has a solution.

It will just go on and on. And only progress gains.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1288
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
January 21, 2015, 03:07:36 PM
 #147

I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.

Agree that its not mainstream, but its not THAT hard. 
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS. 

dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
January 21, 2015, 04:01:32 PM
 #148

I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.

So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.

Agree that its not mainstream, but its not THAT hard. 
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS. 

Or wait for this:

https://www.indiegogo.com/projects/mycelium-entropy

Bitcointalk member since 2013! Smiley
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 21, 2015, 05:56:08 PM
 #149

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   Cheesy

Please lock this thread.

many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too Smiley
turvarya
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
January 21, 2015, 07:00:41 PM
 #150

The solution is in the article itself:

Quote
Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.

the answer is "easy" when you know what you are doing.

And who knows how to do this exactly?

And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.   Cheesy

Please lock this thread.

many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too Smiley

MtGox cold wallet was just hacked, because Mark accidentally looked at it

https://forum.bitcoin.com/
New censorship-free forum by Roger Ver. Try it out.
thompete
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 21, 2015, 08:09:40 PM
 #151

Why does the title say Hacked Easily ?
I don't think that is the case. Even cold wallets which have not many transactions are rather safe.

Anillos2
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


View Profile
January 21, 2015, 09:04:27 PM
 #152

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin
I don't believe that.

I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.

How someone could know my mouse movements if I type some random letters between moves.

How many paperwallets (with enough entropy) have been stolen?

turvarya
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


View Profile
January 23, 2015, 08:04:32 AM
 #153

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin
I don't believe that.

I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.

How someone could know my mouse movements if I type some random letters between moves.

How many paperwallets (with enough entropy) have been stolen?
The whole thing is just theoretical.
A year ago or so, we got instant payment(so without PIN) via NFC for our Bank cards in Austria. There where also a theory about how to route the signal through a smartphone so a thief could pay with his smartphone on the other end.
Also not very likely to execute and a lot of effort for € 25. I just bought a protective cover that blocks the signal(and also protects my card from e.g. a magnetic field) and was done with that.
So, it might be nice, that there are people theorizing about such things, but they don't really work in the real world.

https://forum.bitcoin.com/
New censorship-free forum by Roger Ver. Try it out.
MithrilMan
Hero Member
*****
Offline Offline

Activity: 554
Merit: 500

Developer!


View Profile WWW
January 23, 2015, 10:40:39 AM
 #154

putting the sourcecode of the critical parts of code into blockchain, and let a "smart client" compile it when downloaded, could be a way to secure a client.
a CRC checked compiled version could be used too instead of downloading and compiling (because often code rely on external references)

the trust problem is something real for bitcoin clients, there isn't a perfect solution, even downloading from the official site could be insecure and not decentralized anyway, and people who compile on their machine doesn't have to assume that since they have compiled then the client is secure, because if they rely on other dependencies (like QT libraries) then they should check that even that dll isn't compromised

i think that a good way to secure clients would be to implement a sanity check between nodes: every client should implement a protocol to find other peers that share the same client (and match the version) so they can cross check that they are using the same version and that every file match (of course this check couldn't be cross platform, every platform has its own set of files) and if the version doesn't match, then a warning should popup on the client that has less consensus over the network

I haven't thought yet about details, but I think that this could work, the network should be its own supervisor to keep behaving as decentralized (would be easy to create a service where you upload your client files and it returns if they are fine, but this would be a 3rd party service, so centralized)

Huntercoin: Mithril Edition - Alternative client for Huntercoin - (Discontinued)
HUC: HMSCYGYJ5wo9FiniVU4pXWGUu8E8PSmoHE  - BTC: 1DKLf1QKAZ5njucq37pZhMRG67qXDP3vPC
rant to people who pretend things for free
pooya87
Legendary
*
Offline Offline

Activity: 1274
Merit: 1075


Buy bitcoin they said... who listened?


View Profile
January 23, 2015, 03:32:37 PM
 #155

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking

BADecker
Legendary
*
Offline Offline

Activity: 1666
Merit: 1036


View Profile
January 23, 2015, 03:54:11 PM
 #156

what you it seems that you do not understand or you do not want to say is that :

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want INTO  the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."


So, COLD Storage can be easily hacked. Smiley
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking

I'm not checking. Are you checking? Maybe the other guy is checking.

Smiley
Wendigo
Legendary
*
Offline Offline

Activity: 1652
Merit: 1021


View Profile
January 23, 2015, 03:58:20 PM
 #157

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

BADecker
Legendary
*
Offline Offline

Activity: 1666
Merit: 1036


View Profile
January 23, 2015, 04:16:56 PM
 #158

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport.  It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.

Smiley
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 23, 2015, 05:17:11 PM
 #159

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport.  It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.

Smiley

Yes, the cost is be prohibitive for any small-medium company Smiley
freebit13
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500

I got Satoshi's avatar!


View Profile
January 23, 2015, 05:21:22 PM
 #160

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

Decentralize EVERYTHING!
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 23, 2015, 06:19:12 PM
 #161

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

or you don't use Bitcoin for storing your funds. you convert it to cash and you can only keep a small amount just for speculating it Smiley
Beliathon
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


https://youtu.be/PZm8TTLR2NU


View Profile WWW
January 23, 2015, 08:20:45 PM
 #162

OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

Remember Aaron Swartz, a 26 year old computer scientist who died defending the free flow of information.
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 23, 2015, 10:37:22 PM
 #163

OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

well, you can say that you do not agree with me but why am I stupid? because I quoted a very intelligent man, Verbücheln?

yes, anything can be backed including the shit cold wallet. this my opinion. Of course, I can have an opinion regarding to you, Beliathon too but I prefer to not say it in public Smiley

Verbücheln said VERY clear how it can be done.
moriartybitcoin
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

★777Coin.com★ Fun BTC Casino!


View Profile
January 23, 2015, 10:49:34 PM
 #164

this is of course total bullshit

HarmonLi
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


Honest 80s business!


View Profile
January 23, 2015, 10:51:53 PM
 #165

Not a real concern! It only affects systems whose way of generating the keys is already flawed! If you take a real entropy and solid hashing functions of deriving the private key, you're completely safe!

cheekychap
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
January 23, 2015, 11:34:46 PM
 #166

Are all cold storages equally vulnerable or only the ones with the transactions ?

R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 23, 2015, 11:56:24 PM
 #167

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

An economy based on endless growth is unsustainable.
PaulPierce
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
January 24, 2015, 01:13:46 AM
 #168

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

Yeah..!! turns into hot wallet I guess.!! Im not sure how the cold storage was hacked.!! some say they had left the key to it or something.!

mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 24, 2015, 04:26:36 AM
 #169

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe Smiley
ranochigo
Legendary
*
Offline Offline

Activity: 1442
Merit: 1056



View Profile WWW
January 24, 2015, 04:47:09 AM
 #170

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

(                                   ▄▀▀▀▄
████▄          ▄█████████████████▄ ▄▀▀▀▄
██████▄      ▄█████████      ▀████▀▄▄▄▀
████▀██ ████ ██▀████▄▄▄▄▄     ▄████
████  ▀ ▀▀▀▀   █████████ ███████▀
███            ████▀▀▀▀▀     ▀███▄
███            ███████      ▄████
███            ██████████████████▀
▀▀▀            ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                              ▀
                ▄▀▀▀▀▄ ▄▀▀▀▀▄ █ █▀▀▀▀▄
                █      █    █ █ █    █
                ▀▄▄▄▄▀ ▀▄▄▄▄▀ █ █    █
)     MB8Coin       .                           
     The new fuel for an existing........
     Loyalty Rewards Network...........
(   WEBSITE   ) (   FACEBOOK   ) (   TWITTER   )
.
(       WHITEPAPER      ) (      ANN THREAD       )
────────────────────────────────────────── 
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
January 24, 2015, 07:33:33 AM
 #171

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe Smiley

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

An economy based on endless growth is unsustainable.
TCM
Sr. Member
****
Offline Offline

Activity: 250
Merit: 250


View Profile
January 24, 2015, 08:27:27 AM
 #172


If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

Since he doesn't even understand the article he linked to, that question should be viewed as purely rhetorical.

"If you try all possible private keys, you can clean out ALL WALLETS IN EXISTENCE!!1 News at 11!"
Medow
Sr. Member
****
Offline Offline

Activity: 361
Merit: 250



View Profile
January 24, 2015, 08:58:05 AM
 #173

Hi:

Do you think that a 64 letter password phrase wallet is better than cold storage?

Is it possible to extract a private key or import my wallet to any program if i secure it with that kind of password?
TCM
Sr. Member
****
Offline Offline

Activity: 250
Merit: 250


View Profile
January 24, 2015, 09:00:38 AM
 #174

The length of your password doesn't matter if you have a keylogger on your machine. Nothing is more secure than a cold wallet. The key is using trusted software for the cold wallet.
XeloriA
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
January 24, 2015, 11:09:41 AM
 #175

huhu..thanks for the information Cheesy
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
January 26, 2015, 02:28:13 AM
 #176

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

the online wallets are not safe