Bitcoin Forum
October 19, 2017, 04:00:44 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 »  All
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12032 times)
mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 23, 2015, 06:19:12 PM
 #161

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

or you don't use Bitcoin for storing your funds. you convert it to cash and you can only keep a small amount just for speculating it Smiley
1508385644
Hero Member
*
Offline Offline

Posts: 1508385644

View Profile Personal Message (Offline)

Ignore
1508385644
Reply with quote  #2

1508385644
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508385644
Hero Member
*
Offline Offline

Posts: 1508385644

View Profile Personal Message (Offline)

Ignore
1508385644
Reply with quote  #2

1508385644
Report to moderator
1508385644
Hero Member
*
Offline Offline

Posts: 1508385644

View Profile Personal Message (Offline)

Ignore
1508385644
Reply with quote  #2

1508385644
Report to moderator
1508385644
Hero Member
*
Offline Offline

Posts: 1508385644

View Profile Personal Message (Offline)

Ignore
1508385644
Reply with quote  #2

1508385644
Report to moderator
Beliathon
Hero Member
*****
Offline Offline

Activity: 784


https://youtu.be/PZm8TTLR2NU


View Profile WWW
January 23, 2015, 08:20:45 PM
 #162

OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

Remember Aaron Swartz, a 26 year old computer scientist who died defending the free flow of information.
mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 23, 2015, 10:37:22 PM
 #163

OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

well, you can say that you do not agree with me but why am I stupid? because I quoted a very intelligent man, Verbücheln?

yes, anything can be backed including the shit cold wallet. this my opinion. Of course, I can have an opinion regarding to you, Beliathon too but I prefer to not say it in public Smiley

Verbücheln said VERY clear how it can be done.
moriartybitcoin
Hero Member
*****
Offline Offline

Activity: 560

★777Coin.com★ Fun BTC Casino!


View Profile
January 23, 2015, 10:49:34 PM
 #164

this is of course total bullshit

HarmonLi
Sr. Member
****
Offline Offline

Activity: 350


Honest 80s business!


View Profile
January 23, 2015, 10:51:53 PM
 #165

Not a real concern! It only affects systems whose way of generating the keys is already flawed! If you take a real entropy and solid hashing functions of deriving the private key, you're completely safe!

cheekychap
Full Member
***
Offline Offline

Activity: 182


View Profile
January 23, 2015, 11:34:46 PM
 #166

Are all cold storages equally vulnerable or only the ones with the transactions ?

R2D221
Hero Member
*****
Offline Offline

Activity: 658



View Profile
January 23, 2015, 11:56:24 PM
 #167

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

An economy based on endless growth is unsustainable.
PaulPierce
Member
**
Offline Offline

Activity: 112


View Profile
January 24, 2015, 01:13:46 AM
 #168

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

Yeah..!! turns into hot wallet I guess.!! Im not sure how the cold storage was hacked.!! some say they had left the key to it or something.!

mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 24, 2015, 04:26:36 AM
 #169

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe Smiley
ranochigo
Legendary
*
Offline Offline

Activity: 1232

In the midst of an exam, will be very inactive.


View Profile WWW
January 24, 2015, 04:47:09 AM
 #170

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
R2D221
Hero Member
*****
Offline Offline

Activity: 658



View Profile
January 24, 2015, 07:33:33 AM
 #171

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe Smiley

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

An economy based on endless growth is unsustainable.
TCM
Sr. Member
****
Offline Offline

Activity: 250


View Profile
January 24, 2015, 08:27:27 AM
 #172


If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

Since he doesn't even understand the article he linked to, that question should be viewed as purely rhetorical.

"If you try all possible private keys, you can clean out ALL WALLETS IN EXISTENCE!!1 News at 11!"
Medow
Sr. Member
****
Offline Offline

Activity: 347


---- The memeator ----


View Profile
January 24, 2015, 08:58:05 AM
 #173

Hi:

Do you think that a 64 letter password phrase wallet is better than cold storage?

Is it possible to extract a private key or import my wallet to any program if i secure it with that kind of password?

"Sick Money Making Machine"
TCM
Sr. Member
****
Offline Offline

Activity: 250


View Profile
January 24, 2015, 09:00:38 AM
 #174

The length of your password doesn't matter if you have a keylogger on your machine. Nothing is more secure than a cold wallet. The key is using trusted software for the cold wallet.
XeloriA
Newbie
*
Offline Offline

Activity: 16


View Profile
January 24, 2015, 11:09:41 AM
 #175

huhu..thanks for the information Cheesy
mayax
Legendary
*
Offline Offline

Activity: 1008


View Profile
January 26, 2015, 02:28:13 AM
 #176

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.
False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

the online wallets are not safe
campycoin
Hero Member
*****
Offline Offline

Activity: 700


Daily Bitcoins for your Paypal/Skrill


View Profile
January 26, 2015, 03:48:21 AM
 #177

You need to create cold storage wallets and put maybe a bitcoin in each wallet.  You do this when you are not connected to the internet of course. So, yes, you might need 10 wallets with 1btc each. Then when you need to spend, dump the entire 1btc into an online wallet and use it as pocket change or spending money.

It says in the OP that hackers get the info from one pay transaction... the thing is... you don't ever want to make more than one trx from your cold storage, otherwise yeah, you could get nipped.  It is kinda like saying if you go to the ATM 6x a day, you probably have a better chance of getting robbed then if you went just once, right before you bought something
dsyahputera
Full Member
***
Offline Offline

Activity: 224


View Profile WWW
January 26, 2015, 04:31:26 PM
 #178

How about deep cold storage like this one provided by Xapo? Any comments?

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process.  But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems.  The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.

MrTeal
Legendary
*
Offline Offline

Activity: 1274


View Profile
January 26, 2015, 04:53:20 PM
 #179

How about deep cold storage like this one provided by Xapo? Any comments?

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process.  But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems.  The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.
That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Lauda
Legendary
*
Offline Offline

Activity: 1638


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
January 26, 2015, 05:54:53 PM
 #180


That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.
Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
.
|
.
|
          ▄█████▄
        ▄█████████▄
      ▄████▀   ▀████▄
    ▄████▀   ▄ ▄█▀████▄
  ▄████▀   ▄███▀   ▀████▄
▄████▀   ▄███▀   ▄   ▀████▄
█████   ███▀   ▄███   █████
▀████▄   ▀██▄▄███▀   ▄████▀
  ▀████▄   ▀███▀   ▄████▀
    ▀████▄       ▄████▀
      ▀████▄   ▄████▀
        ▀███  ████▀
          ▀█▄███▀
unthy
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!