Bitcoin cold storage - HACKED easily

[freequant]

Title is wrong and FUD'y: it should read "compromised bitcoin client coldstorage hacked easily". This is a complete non-news, it was already possible to do the same thing by using a custom random generator that would generate numbers in a reduced subset of the integer space.

[Flashman]

Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.

If you're D/Ling compromised binaries period, your Nest thermostat is going to kill you from hypothermia in your sleep, or your cellphone is deliberately trying to give you brain cancer by going full power on all radios any time you pick it up, and so on.

[Razick]

You have to be using a compromised wallet for this to work.

[dsattler]

I think nowadays most of the people only read the headlines! 

But not all of them go straight to btt and spread FUD! 

[MrTeal]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

[qwk]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself.

[MrTeal]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself.

That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.

[Flashman]

Not if you turn up the heat remotely on the Nest to make them smarter

[ChuckBuck]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself.

You guys are definitely all wrong.  Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops.  Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him:



Only then can the attacker upload the compromised version of the wallet software.

[uvt9]

not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.

[rio3232]

well, i hope blockchain wallet not going hacked 
is blockchain ever hacked once ?

[Blazr]

well, i hope blockchain wallet not going hacked  
is blockchain ever hacked once ?

You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.

[ChuckBuck]

well, i hope blockchain wallet not going hacked 
is blockchain ever hacked once ?

Yes, but it is a white hat Hacker and he returned all coins lost:

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

If you keep most of your funds online, you're pretty much asking to get hacked.

[freequant]

I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.

[jonald_fyookball]

OP mostly FUD but good that people are aware of all the attack vectors. 
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.

[mayax]

OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.

 how can normal people use such script?  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

[cheekychap]

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    

Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.

[Flashman]

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.

[mayax]

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.

or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more.

[Flashman]

My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.