Bitcoin Forum
December 11, 2017, 08:35:46 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12327 times)
seriouscoin
Hero Member
*****
Offline Offline

Activity: 658


View Profile
January 18, 2015, 10:04:41 PM
 #121

This thread sum up OP's IQ. Hint : well below 60, in "Special" zone

1512981346
Hero Member
*
Offline Offline

Posts: 1512981346

View Profile Personal Message (Offline)

Ignore
1512981346
Reply with quote  #2

1512981346
Report to moderator
1512981346
Hero Member
*
Offline Offline

Posts: 1512981346

View Profile Personal Message (Offline)

Ignore
1512981346
Reply with quote  #2

1512981346
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512981346
Hero Member
*
Offline Offline

Posts: 1512981346

View Profile Personal Message (Offline)

Ignore
1512981346
Reply with quote  #2

1512981346
Report to moderator
1512981346
Hero Member
*
Offline Offline

Posts: 1512981346

View Profile Personal Message (Offline)

Ignore
1512981346
Reply with quote  #2

1512981346
Report to moderator
GrandmaJean
Sr. Member
****
Offline Offline

Activity: 280


View Profile
January 19, 2015, 06:43:24 AM
 #122

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy


I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker
promojo
Sr. Member
****
Offline Offline

Activity: 392


View Profile
January 19, 2015, 07:07:53 AM
 #123

I will have to read this.  Thanks for the infos.
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1610

Reverse engineer from time to time


View Profile
January 19, 2015, 07:12:49 AM
 #124

These articles, OP's thread tell us nothing new, it's just the same song sang differently.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
dsattler
Legendary
*
Offline Offline

Activity: 896


View Profile
January 19, 2015, 07:39:37 AM
 #125

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that...

As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO!

Bitcointalk member since 2013! Smiley
Furio
Legendary
*
Offline Offline

Activity: 868


BTC | LTC | PPC | EFL | NLG | ZEIT | XPM | DOGE(D)


View Profile
January 19, 2015, 07:41:54 AM
 #126

Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote
The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that Grin
Razick
Legendary
*
Offline Offline

Activity: 980


★Jetwin.com★


View Profile
January 20, 2015, 01:28:42 AM
 #127

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy



Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented.


▄▄▄████████▄▄▄
▄▄███▀▀▀ ▄  ▄ ▀▀▀███▄▄
▄██▀▀ ▄▄████  ████▄▄ ▀▀██▄
▄██▀ ▄███████    ███████▄ ▀██▄
██▀ ▄████████▀    ▀████████▄ ▀██
██▀ ██████████      ██████████ ▀██
██▀ ██████████        ██████████ ▀██
▄██                                ██▄
██ ▄                              ▄ ██
██ ███▄                        ▄███ ██
██ ██████▄                  ▄██████ ██
██ ▀████████              ████████▀ ██
▀██ ███████                ███████ ██▀
██▄ █████▀                ▀█████ ▄██
██▄ ████        ▄▄        ████ ▄██
██▄ ▀█      ▄▄████▄▄      █▀ ▄██
██▄    ▄▄██████████▄▄    ▄██▀
▀██▄▄ ▀▀██████████▀▀ ▄▄██▀
▀▀███▄▄▄ ▀▀▀▀ ▄▄▄███▀▀
▀▀▀████████▀▀▀
 

    [    ]
Nrcewker
Hero Member
*****
Offline Offline

Activity: 504


Fantasy Poet.


View Profile
January 20, 2015, 02:29:03 AM
 #128

gold, hold dollars, let us leave bitcoins..
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 602


Vietnamese Translator


View Profile
January 20, 2015, 02:05:46 PM
 #129

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

██
█║█
║║║
║║║
█║█
██
'BTC MULTI-WALLET SOON'
▬▬▬▬ Download WHITEPAPER ▬▬▬▬

                    ▄██▄
                  ▄██████▄
                ▄██████████
              ▄██████████▀   ▄▄
            ▄██████████▀   ▄████▄
          ▄██████████▀    ████████▄
         ██████████▀      ▀████████
         ▀███████▀   ▄███▄  ▀████▀   ▄█▄
    ▄███▄  ▀███▀   ▄███████▄  ▀▀   ▄█████▄
  ▄███████▄      ▄██████████     ▄█████████
  █████████    ▄██████████▀    ▄██████████▀
   ▀█████▀   ▄██████████▀    ▄██████████▀
     ▀▀▀   ▄██████████▀    ▄██████████▀
          ██████████▀    ▄██████████▀
          ▀███████▀      █████████▀
            ▀███▀   ▄██▄  ▀█████▀
                  ▄██████▄  ▀▀▀
                  █████████
                   ▀█████▀
                     ▀▀▀
e i d o o
██

███▀▀
▐▐▌
▐▌
▐▌
▐▐▌
███▄▄
▀▀███
▐▌▌
▐▌
▐▌
▐▌▌
▄▄███
dsattler
Legendary
*
Offline Offline

Activity: 896


View Profile
January 20, 2015, 02:22:33 PM
 #130

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

I second this!

Bitcointalk member since 2013! Smiley
thelibertycap
Full Member
***
Offline Offline

Activity: 211


View Profile
January 20, 2015, 02:33:52 PM
 #131

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for
mayax
Legendary
*
Offline Offline

Activity: 1064


View Profile
January 20, 2015, 10:00:48 PM
 #132

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan Smiley

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

physicsdude
Newbie
*
Offline Offline

Activity: 11

Visit NexusEarth.com


View Profile WWW
January 20, 2015, 10:15:25 PM
 #133

Yes, massive news flash: If you have hacked software on your machine your coins aren't safe.  Thanks for the enlightenment.  This article is a huge piece of FUD.

"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."

NexusEarth.com
thelibertycap
Full Member
***
Offline Offline

Activity: 211


View Profile
January 20, 2015, 10:41:00 PM
 #134

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan Smiley

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/



"The attacker must first create a compromised version of ECDSA."

so what is it about? if i use a proper binary of my wallet, my system is not compromised.
dlowings
Full Member
***
Offline Offline

Activity: 225


View Profile
January 20, 2015, 10:48:28 PM
 #135

Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .

BTC donations welcome:- 1BrersvQubEKt4m2hBXDNvU1B4RiYe6J4i   -   Feel free to visit wiki.chainminer.com for free hardware listings, and mining info. -  IRC on freenode #wiki.chainminer.com
R2D221
Hero Member
*****
Offline Offline

Activity: 658



View Profile
January 20, 2015, 11:16:59 PM
 #136

How can you install a backdoor in my paper wallet? I really want to know.

An economy based on endless growth is unsustainable.
mayax
Legendary
*
Offline Offline

Activity: 1064


View Profile
January 21, 2015, 01:55:45 AM
 #137

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1260


Core dev leaves me neg feedback #abuse #political


View Profile
January 21, 2015, 02:03:10 AM
 #138

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

The article has been read thoroughly by many of us who are knowledgeable and competent.
Anyone who does their due diligence to set up a cold storage wallet properly is not
going to use a compromised version of ECDSA.
 
Your trolling attempts are rather goofy, because although Bitcoin isn't perfect,
having your cold storage keys stolen is one of the LEAST likely things to happen. 

R2D221
Hero Member
*****
Offline Offline

Activity: 658



View Profile
January 21, 2015, 02:07:56 AM
 #139

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

“It's not about a backdoor”

*article title includes the words “install backdoor”*

An economy based on endless growth is unsustainable.
Ingatqhvq
Hero Member
*****
Offline Offline

Activity: 532



View Profile
January 21, 2015, 04:12:07 AM
 #140

That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?
Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!