Bitcoin cold storage - HACKED easily

[seriouscoin]

This thread sum up OP's IQ. Hint : well below 60, in "Special" zone

[1715173678]

1715173678

[1715173678]

1715173678

[GrandmaJean]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 

I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

[promojo]

I will have to read this.  Thanks for the infos.

[Remember remember the 5th of November]

These articles, OP's thread tell us nothing new, it's just the same song sang differently.

[dsattler]

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that...

As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO!

[Furio]

Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that

[Razick]

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

 

Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented.

[Nrcewker]

gold, hold dollars, let us leave bitcoins..

[ChuckBuck]

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

[dsattler]

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

I second this!

[thelibertycap]

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

[mayax]

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

[physicsdude]

Yes, massive news flash: If you have hacked software on your machine your coins aren't safe.  Thanks for the enlightenment.  This article is a huge piece of FUD.

"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."

[thelibertycap]

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"The attacker must first create a compromised version of ECDSA."

so what is it about? if i use a proper binary of my wallet, my system is not compromised.

[dlowings]

Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .

[R2D221]

How can you install a backdoor in my paper wallet? I really want to know.

[mayax]

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

[jonald_fyookball]

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

The article has been read thoroughly by many of us who are knowledgeable and competent.
Anyone who does their due diligence to set up a cold storage wallet properly is not
going to use a compromised version of ECDSA.
 
Your trolling attempts are rather goofy, because although Bitcoin isn't perfect,
having your cold storage keys stolen is one of the LEAST likely things to happen. 

[R2D221]

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

“It's not about a backdoor”

*article title includes the words “install backdoor”*

[Ingatqhvq]

That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?