sgravina
|
|
January 16, 2015, 07:09:24 PM |
|
If it is easy then give it a try.
This attach won't work if the input address is not reused. It gives the hacker the input private key but if that address is spent in the transaction and not reused then it can't be spent again by the attacker.
A simpler version of this attack would be to give the user a wallet which generates knowable private keys. The attacker then watches all of addresses he has victims generate until he finds bitcoins. This would work with any wallet the attacker was able to distribute. Has this been attempted before?
|
|
|
|
ChuckBuck
|
|
January 16, 2015, 07:21:50 PM |
|
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.
Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first. or they can think : why would I use Bitcoin when I have fiat currency and other payment processors? Yes, I can use Bitcoin to speculate a bubble but nothing more. Now you're cooking! Why use Bitcoin when you can use fiat. Oh...you can get robbed at gunpoint...nevermind. Oh yea, but we can use payment processors like credit cards AMEX, VISA, and Mastercard right? Maybe go shopping at Target and...WHAT?!!? Man that shit's no joke. Damn I though you had a compelling reason, mayax, but just like this thread, very misleading...
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
January 16, 2015, 08:37:26 PM |
|
OP mostly FUD but good that people are aware of all the attack vectors. Can't be too careful when it comes to large amounts of money.
If you are using electrum, I have published several utility scripts in the electrum sub forum that you can use to verify if the addresses and keys from your copy of electrum are legit.
how can normal people use such script? the normal people wants something safe and simple. it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin. I don't have all the answers... I assume that in the future, as cryptocurrency becomes more popular, people will know how to do basic things like run python scripts, similar to how most people know how to check the oil in their car... Either that or hire a trusted security consultant.
|
|
|
|
girb16
Newbie
Offline
Activity: 36
Merit: 0
|
|
January 16, 2015, 09:04:32 PM |
|
Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!
|
|
|
|
Flashman
|
|
January 16, 2015, 10:57:09 PM |
|
Very tired of the vilification of Russian everywhere! The hackers and enemies of Bitcoin live in the good old US of A!
Do you deny they invented Tetris? Well then, hackers everywhere
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
iGotSpots
Legendary
Offline
Activity: 2548
Merit: 1054
CPU Web Mining 🕸️ on webmining.io
|
|
January 16, 2015, 11:34:44 PM |
|
There seems to be a lot of confusion in this thread about what is actually cold storage
|
|
|
|
infobel
Newbie
Offline
Activity: 42
Merit: 0
|
|
January 16, 2015, 11:41:04 PM |
|
Idiotic article/thread...
You can't actually call a not-"cold" storage, a cold storage.
|
|
|
|
infobel
Newbie
Offline
Activity: 42
Merit: 0
|
|
January 16, 2015, 11:46:38 PM |
|
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.
Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first. or they can think : why would I use Bitcoin when I have fiat currency and other payment processors? Yes, I can use Bitcoin to speculate a bubble but nothing more. Or, I can use Bitcoin just because I can, without making some old fat fart very reach for processing my Western Union transfer and taking tons of money as a fee for transferring some bytes of data over the internet. Stop being so stubborn. I just bought 2 Steam Gift Cards with Bitcoin, just because I can, and I'm not giving my credit card information or personal information all over the internet for some small thing like those. YOU on the other hand are the one using Bitcoin just to speculate, right now you're also very angry cause you're not rich already. You should try using Bitcoin, it feels nice.
|
|
|
|
deployuser
Newbie
Offline
Activity: 2
Merit: 0
|
|
January 17, 2015, 01:02:12 AM |
|
What steps should people take to make sure you are 100% safe when dealing with cold storage?
|
|
|
|
cryptworld
|
|
January 17, 2015, 01:10:37 AM |
|
I'd like to get a word from a person with knowledge, is this really dangerous for bitcoin, or is just a theoretic xploit impossible to make real?
|
|
|
|
rio3232
|
|
January 17, 2015, 01:12:07 AM |
|
What steps should people take to make sure you are 100% safe when dealing with cold storage?
get an offline wallet maybe with good antivirus and security. only this can u do ?
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
January 17, 2015, 01:13:19 AM |
|
What steps should people take to make sure you are 100% safe when dealing with cold storage?
No such thing as "100% safe" in computer security, but this gets you close as possible IMO. 1. Only use hardware that has never been connected to the internet and never will be. 2a. Only use trusted wallet software 2b. even safer: ...that you compiled yourself from source and compared the executable hash to PGP signed executables 2c. safer still: ...that you also code reviewed. 3. bonus paranoid security: use dice, coins, or cards to generate the entropy yourself rather than relying on the computer for randomness.
|
|
|
|
Q7
|
|
January 17, 2015, 01:32:59 AM |
|
I think it makes complete sense to use only wallet that you trust is safe. If you are using android system and just a quick browse on google play using "bitcoin wallet" keyword, you will find a long list of wallets. Some are yet to be submitted to github, so that is the first warning bell.
|
|
|
|
Sarthak
|
|
January 17, 2015, 03:32:00 AM |
|
Thanks For sharing This! If cold storage isn't safe then where do we store our coins securely?
|
|
|
|
R2D221
|
|
January 17, 2015, 03:34:50 AM |
|
Thanks For sharing This! If cold storage isn't safe then where do we store our coins securely? 0 Kelvin storage, of course
|
An economy based on endless growth is unsustainable.
|
|
|
Sarthak
|
|
January 17, 2015, 03:37:31 AM |
|
0 Kelvin storage, of course
What's 0 Kelvin Storage? Never Heard of it before!
|
|
|
|
R2D221
|
|
January 17, 2015, 03:38:34 AM |
|
What's 0 Kelvin Storage? Never Heard of it before!
Well, it's sarcastic. 0 Kelvin is the coldest temperature posible: http://en.wikipedia.org/wiki/Absolute_zero
|
An economy based on endless growth is unsustainable.
|
|
|
Sarthak
|
|
January 17, 2015, 03:40:05 AM |
|
Lol i thought it was some wallet system and googled it
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3052
Merit: 4443
Crypto Swap Exchange
|
|
January 17, 2015, 03:40:15 AM |
|
The chances of a cold storage getting hacked is fairly low if you compile it yourself, use trusted wallet software's and don't download any suspicious software. Remember to review source code and download from the trusted source and you will be fine.
|
|
|
|
rio3232
|
|
January 17, 2015, 04:04:49 AM |
|
haha nice one man lel. celcius fahrenheit bla bla bla.
|
|
|
|
|