Bitcoin cold storage - HACKED easily

[Flashman]

OP is obviously not painting a complete picture.

Well to be fair, he has neither a full set of paints, nor all the bristles still in his brush. 

[Agestorzrxx]

Well, nothing is absolutely safe.

[rio3232]

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

[ranochigo]

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

[M28MmickT]

zzzZZZZzzzZZZ Hacked easily  i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.

[MrTeal]

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.

You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.

Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.

[rio3232]

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.

[muhrohmat]

i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc

[Kprawn]

A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it} 

[Duke Of Bitcoin]

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

[mayax]

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ?

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol

[ranochigo]

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ?

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol

Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.

[RoadStress]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

[jonald_fyookball]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

[mayax]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

[Walsoraj]

“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)

[Klestin]

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.

[qwk]

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.

Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins.

[jonald_fyookball]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?

[Razick]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.