Bitcoin Forum
November 11, 2024, 03:46:09 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
Author Topic: Bitcoin cold storage - HACKED easily  (Read 12634 times)
Flashman
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


Hodl!


View Profile
January 18, 2015, 01:45:13 AM
 #101

OP is obviously not painting a complete picture.

Well to be fair, he has neither a full set of paints, nor all the bristles still in his brush.  Wink

TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6

Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
Agestorzrxx
Sr. Member
****
Offline Offline

Activity: 462
Merit: 250


View Profile
January 18, 2015, 02:21:29 AM
 #102

Well, nothing is absolutely safe.
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 18, 2015, 02:44:18 AM
 #103

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
January 18, 2015, 02:47:33 AM
 #104

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
M28MmickT
Sr. Member
****
Offline Offline

Activity: 433
Merit: 250


BTG CEO


View Profile
January 18, 2015, 02:55:45 AM
 #105

zzzZZZZzzzZZZ Hacked easily  Grin i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.

MrTeal
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
January 18, 2015, 04:23:24 AM
 #106

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.


You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.


Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.
rio3232
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
January 18, 2015, 04:29:16 AM
 #107

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.
A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.
muhrohmat
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250


View Profile
January 18, 2015, 10:22:40 AM
 #108

i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc

Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
January 18, 2015, 11:50:28 AM
 #109

A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it} 

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
Duke Of Bitcoin
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 18, 2015, 11:53:01 AM
 #110

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.
mayax (OP)
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
January 18, 2015, 03:35:08 PM
 #111

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol


ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
January 18, 2015, 03:45:46 PM
 #112

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm Smiley

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ? Smiley

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps:  https://www.youtube.com/watch?v=QcE5aDTszrY     lol



Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
RoadStress
Legendary
*
Offline Offline

Activity: 1904
Merit: 1007


View Profile
January 18, 2015, 04:42:50 PM
 #113

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 05:40:25 PM
 #114

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.


mayax (OP)
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
January 18, 2015, 05:48:43 PM
 #115

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
Walsoraj
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Ultranode


View Profile
January 18, 2015, 05:53:39 PM
 #116

“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)
Klestin
Hero Member
*****
Offline Offline

Activity: 493
Merit: 500


View Profile
January 18, 2015, 06:17:55 PM
 #117

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
qwk
Donator
Legendary
*
Offline Offline

Activity: 3542
Merit: 3413


Shitcoin Minimalist


View Profile
January 18, 2015, 06:29:37 PM
 #118

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.
Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins. Wink

Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
January 18, 2015, 07:07:44 PM
 #119

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs.  The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.




blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?

Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
January 18, 2015, 07:20:49 PM
 #120

You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 Cheesy


ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!