Bitcoin Forum
December 11, 2017, 08:34:30 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12326 times)
freequant
Hero Member
*****
Offline Offline

Activity: 770


View Profile
January 16, 2015, 03:05:54 PM
 #41

Title is wrong and FUD'y: it should read "compromised bitcoin client coldstorage hacked easily". This is a complete non-news, it was already possible to do the same thing by using a custom random generator that would generate numbers in a reduced subset of the integer space.
1512981270
Hero Member
*
Offline Offline

Posts: 1512981270

View Profile Personal Message (Offline)

Ignore
1512981270
Reply with quote  #2

1512981270
Report to moderator
1512981270
Hero Member
*
Offline Offline

Posts: 1512981270

View Profile Personal Message (Offline)

Ignore
1512981270
Reply with quote  #2

1512981270
Report to moderator
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512981270
Hero Member
*
Offline Offline

Posts: 1512981270

View Profile Personal Message (Offline)

Ignore
1512981270
Reply with quote  #2

1512981270
Report to moderator
1512981270
Hero Member
*
Offline Offline

Posts: 1512981270

View Profile Personal Message (Offline)

Ignore
1512981270
Reply with quote  #2

1512981270
Report to moderator
1512981270
Hero Member
*
Offline Offline

Posts: 1512981270

View Profile Personal Message (Offline)

Ignore
1512981270
Reply with quote  #2

1512981270
Report to moderator
Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
January 16, 2015, 03:11:29 PM
 #42

Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.

If you're D/Ling compromised binaries period, your Nest thermostat is going to kill you from hypothermia in your sleep, or your cellphone is deliberately trying to give you brain cancer by going full power on all radios any time you pick it up, and so on.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Razick
Legendary
*
Offline Offline

Activity: 980


★Jetwin.com★


View Profile
January 16, 2015, 03:17:10 PM
 #43

You have to be using a compromised wallet for this to work.


▄▄▄████████▄▄▄
▄▄███▀▀▀ ▄  ▄ ▀▀▀███▄▄
▄██▀▀ ▄▄████  ████▄▄ ▀▀██▄
▄██▀ ▄███████    ███████▄ ▀██▄
██▀ ▄████████▀    ▀████████▄ ▀██
██▀ ██████████      ██████████ ▀██
██▀ ██████████        ██████████ ▀██
▄██                                ██▄
██ ▄                              ▄ ██
██ ███▄                        ▄███ ██
██ ██████▄                  ▄██████ ██
██ ▀████████              ████████▀ ██
▀██ ███████                ███████ ██▀
██▄ █████▀                ▀█████ ▄██
██▄ ████        ▄▄        ████ ▄██
██▄ ▀█      ▄▄████▄▄      █▀ ▄██
██▄    ▄▄██████████▄▄    ▄██▀
▀██▄▄ ▀▀██████████▀▀ ▄▄██▀
▀▀███▄▄▄ ▀▀▀▀ ▄▄▄███▀▀
▀▀▀████████▀▀▀
 

    [    ]
dsattler
Legendary
*
Offline Offline

Activity: 896


View Profile
January 16, 2015, 03:21:47 PM
 #44

I think nowadays most of the people only read the headlines!  Sad

But not all of them go straight to btt and spread FUD!  Angry

Bitcointalk member since 2013! Smiley
MrTeal
Legendary
*
Offline Offline

Activity: 1274


View Profile
January 16, 2015, 03:22:08 PM
 #45

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
qwk
Donator
Legendary
*
Offline Offline

Activity: 1624


Bitcoin Foundation Member


View Profile WWW
January 16, 2015, 03:25:26 PM
 #46

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes

Yeah, well... I'm gonna go build my own blockchain, with blackjack and hookers. In fact, forget the blockchain!
MrTeal
Legendary
*
Offline Offline

Activity: 1274


View Profile
January 16, 2015, 03:27:27 PM
 #47

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes
That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.
Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
January 16, 2015, 03:28:56 PM
 #48

Not if you turn up the heat remotely on the Nest to make them smarter Cheesy

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 602


Vietnamese Translator


View Profile
January 16, 2015, 03:30:20 PM
 #49

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes

You guys are definitely all wrong.  Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops.  Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him:



Only then can the attacker upload the compromised version of the wallet software.

██
█║█
║║║
║║║
█║█
██
'BTC MULTI-WALLET SOON'
▬▬▬▬ Download WHITEPAPER ▬▬▬▬

                    ▄██▄
                  ▄██████▄
                ▄██████████
              ▄██████████▀   ▄▄
            ▄██████████▀   ▄████▄
          ▄██████████▀    ████████▄
         ██████████▀      ▀████████
         ▀███████▀   ▄███▄  ▀████▀   ▄█▄
    ▄███▄  ▀███▀   ▄███████▄  ▀▀   ▄█████▄
  ▄███████▄      ▄██████████     ▄█████████
  █████████    ▄██████████▀    ▄██████████▀
   ▀█████▀   ▄██████████▀    ▄██████████▀
     ▀▀▀   ▄██████████▀    ▄██████████▀
          ██████████▀    ▄██████████▀
          ▀███████▀      █████████▀
            ▀███▀   ▄██▄  ▀█████▀
                  ▄██████▄  ▀▀▀
                  █████████
                   ▀█████▀
                     ▀▀▀
e i d o o
██

███▀▀
▐▐▌
▐▌
▐▌
▐▐▌
███▄▄
▀▀███
▐▌▌
▐▌
▐▌
▐▌▌
▄▄███
uvt9
Sr. Member
****
Offline Offline

Activity: 301


View Profile
January 16, 2015, 03:54:44 PM
 #50

not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.
rio3232
Full Member
***
Offline Offline

Activity: 224


View Profile
January 16, 2015, 04:16:25 PM
 #51

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?
Blazr
Hero Member
*****
Offline Offline

Activity: 882



View Profile
January 16, 2015, 04:18:50 PM
 #52

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.

ChuckBuck
Hero Member
*****
Offline Offline

Activity: 602


Vietnamese Translator


View Profile
January 16, 2015, 04:21:12 PM
 #53

well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

Yes, but it is a white hat Hacker and he returned all coins lost:

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

If you keep most of your funds online, you're pretty much asking to get hacked.

██
█║█
║║║
║║║
█║█
██
'BTC MULTI-WALLET SOON'
▬▬▬▬ Download WHITEPAPER ▬▬▬▬

                    ▄██▄
                  ▄██████▄
                ▄██████████
              ▄██████████▀   ▄▄
            ▄██████████▀   ▄████▄
          ▄██████████▀    ████████▄
         ██████████▀      ▀████████
         ▀███████▀   ▄███▄  ▀████▀   ▄█▄
    ▄███▄  ▀███▀   ▄███████▄  ▀▀   ▄█████▄
  ▄███████▄      ▄██████████     ▄█████████
  █████████    ▄██████████▀    ▄██████████▀
   ▀█████▀   ▄██████████▀    ▄██████████▀
     ▀▀▀   ▄██████████▀    ▄██████████▀
          ██████████▀    ▄██████████▀
          ▀███████▀      █████████▀
            ▀███▀   ▄██▄  ▀█████▀
                  ▄██████▄  ▀▀▀
                  █████████
                   ▀█████▀
                     ▀▀▀
e i d o o
██

███▀▀
▐▐▌
▐▌
▐▌
▐▐▌
███▄▄
▀▀███
▐▌▌
▐▌
▐▌
▐▌▌
▄▄███
freequant
Hero Member
*****
Offline Offline

Activity: 770


View Profile
January 16, 2015, 04:37:05 PM
 #54

I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1260


Core dev leaves me neg feedback #abuse #political


View Profile
January 16, 2015, 04:54:04 PM
 #55

OP mostly FUD but good that people are aware of all the attack vectors. 
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.

mayax
Legendary
*
Offline Offline

Activity: 1064


View Profile
January 16, 2015, 06:55:38 PM
 #56

OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? Smiley  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

cheekychap
Full Member
***
Offline Offline

Activity: 182


View Profile
January 16, 2015, 06:57:25 PM
 #57

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.

Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
January 16, 2015, 06:58:05 PM
 #58

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
mayax
Legendary
*
Offline Offline

Activity: 1064


View Profile
January 16, 2015, 07:00:43 PM
 #59

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley
Flashman
Hero Member
*****
Offline Offline

Activity: 518


Hodl!


View Profile
January 16, 2015, 07:06:13 PM
 #60

My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!