Bitcoin Forum
October 23, 2017, 12:58:07 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12063 times)
Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
January 18, 2015, 01:45:13 AM
 #101

OP is obviously not painting a complete picture.

Well to be fair, he has neither a full set of paints, nor all the bristles still in his brush.  Wink

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
1508720287
Hero Member
*
Offline Offline

Posts: 1508720287

View Profile Personal Message (Offline)

Ignore
1508720287
Reply with quote  #2

1508720287
Report to moderator
1508720287
Hero Member
*
Offline Offline

Posts: 1508720287

View Profile Personal Message (Offline)

Ignore
1508720287
Reply with quote  #2

1508720287
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Agestorzrxx
Sr. Member
****
Offline Offline

Activity: 462


View Profile
January 18, 2015, 02:21:29 AM
 #102

Well, nothing is absolutely safe.
rio3232
Full Member
***
Offline Offline

Activity: 224


View Profile
January 18, 2015, 02:44:18 AM
 #103

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
ranochigo
Legendary
*
Offline Offline

Activity: 1232

In the midst of an exam, will be very inactive.


View Profile WWW
January 18, 2015, 02:47:33 AM
 #104

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
M28MmickT
Sr. Member
****
Offline Offline

Activity: 435


BTG CEO


View Profile
January 18, 2015, 02:55:45 AM
 #105

zzzZZZZzzzZZZ Hacked easily  Grin i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.

MrTeal
Legendary
*
Offline Offline

Activity: 1274


View Profile
January 18, 2015, 04:23:24 AM
 #106

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.


Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.
rio3232
Full Member
***
Offline Offline

Activity: 224


View Profile
January 18, 2015, 04:29:16 AM
 #107

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.
muhrohmat
Sr. Member
****
Offline Offline

Activity: 252


View Profile
January 18, 2015, 10:22:40 AM
 #108

i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc

Kprawn
Legendary
*
Offline Offline

Activity: 1274


It is better to burn out, than to fade away.


View Profile WWW
January 18, 2015, 11:50:28 AM
 #109

A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it} 

▄██████████████████████████████████████████████████████████████████▀███▀███▄
████████████████████████████████████████████████████████████████████▄▀▄█████
███████████████████████████████████████████████████████████████████▀▄█▄▀████

███▀▀▀▀▀▀▀▀██████▀▀▀████████▀▀▀██▀▀▀███████████▀▀▀██▀▀▀▀▀▀▀▀████████▀▀▀█████
███          ▀███   ████████   ██    ▀█████████   ██           ▀████   █████
███   █████▄   ██   ████████   ██      ▀███████   ██   ██████▄   ███   █████
███   ██████   ██   ████████   ██   █▄   ▀█████   ██   ████████   ██   █████
███   █████▀   ██   ████████   ██   ███▄   ▀███   ██   ████████   ██   █████
███          ▄███   ▀██████▀   ██   █████▄   ▀█   ██   ███████▀   ██   █████
███   ▄▄▄▄▄███████   ▀▀▀▀▀▀   ███   ███████▄      ██   ▀▀▀▀▀▀   ▄███   █████
███   █████████████▄        ▄████   █████████▄    ██        ▄▄▄█████   █████
████████████████████████████████████████████████████████████████████████████
▀██████████████████████████████████████████████████████████████████████████▀
  BUY
  SELL
ACCEPT
   ███████████████████████████
  .CRYPTOCURRENCY..
███████████████████████████
.



 Senior Member


██████████████████████████████████████████████████████████████████▄   ▄
███████████████████████████████████████████████████████████████████▀▄▀
██████████████████████████████████████████████████████████████████▄▀ ▀▄
  ▄▄▄▄▄▄▄▄      ▄▄▄        ▄▄▄  ▄▄▄           ▄▄▄  ▄▄▄▄▄▄▄▄▄       ▄▄▄
  ██████████▄   ███        ███  ████▄         ███  ███████████▄    ███
  ███     ▀███  ███        ███  ██████▄       ███  ███      ▀███   ███
  ███      ███  ███        ███  ███ ▀███▄   
Duke Of Bitcoin
Newbie
*
Offline Offline

Activity: 2


View Profile
January 18, 2015, 11:53:01 AM
 #110

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.
mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 18, 2015, 03:35:08 PM
 #111

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol


ranochigo
Legendary
*
Offline Offline

Activity: 1232

In the midst of an exam, will be very inactive.


View Profile WWW
January 18, 2015, 03:45:46 PM
 #112

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol



Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
RoadStress
Legendary
*
Offline Offline

Activity: 1610


View Profile
January 18, 2015, 04:42:50 PM
 #113

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

iCEBREAKER is a troll! He and cypherdoc helped HashFast scam 50 Million $ from its customers !
H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1218


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 05:40:25 PM
 #114

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.


mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 18, 2015, 05:48:43 PM
 #115

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
Walsoraj
Hero Member
*****
Offline Offline

Activity: 686


Ultranode


View Profile
January 18, 2015, 05:53:39 PM
 #116

“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)
Klestin
Hero Member
*****
Offline Offline

Activity: 494


View Profile
January 18, 2015, 06:17:55 PM
 #117

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1568


Bitcoin Foundation Member


View Profile WWW
January 18, 2015, 06:29:37 PM
 #118

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins. Wink

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1218


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 07:07:44 PM
 #119

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?

Razick
Legendary
*
Offline Offline

Activity: 924


Pundi X- Any store can buy, sell & accept Crypto!


View Profile
January 18, 2015, 07:20:49 PM
 #120

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy


▄██████████████████████████████████████████████████████████████████▀███▀███▄
████████████████████████████████████████████████████████████████████▄▀▄█████
███████████████████████████████████████████████████████████████████▀▄█▄▀████

███▀▀▀▀▀▀▀▀██████▀▀▀████████▀▀▀██▀▀▀███████████▀▀▀██▀▀▀▀▀▀▀▀████████▀▀▀█████
███          ▀███   ████████   ██    ▀█████████   ██           ▀████   █████
███   █████▄   ██   ████████   ██      ▀███████   ██   ██████▄   ███   █████
███   ██████   ██   ████████   ██   █▄   ▀█████   ██   ████████   ██   █████
███   █████▀   ██   ████████   ██   ███▄   ▀███   ██   ████████   ██   █████
███          ▄███   ▀██████▀   ██   █████▄   ▀█   ██   ███████▀   ██   █████
███   ▄▄▄▄▄███████   ▀▀▀▀▀▀   ███   ███████▄      ██   ▀▀▀▀▀▀   ▄███   █████
███   █████████████▄        ▄████   █████████▄    ██        ▄▄▄█████   █████
████████████████████████████████████████████████████████████████████████████
▀██████████████████████████████████████████████████████████████████████████▀
  BUY
  SELL
ACCEPT
   ███████████████████████████
  .CRYPTOCURRENCY..
███████████████████████████
.
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!