|
|
|
|
|
|
|
|
|
|
|
"There should not be any signed int. If you've found a signed int
somewhere, please tell me (within the next 25 years please) and I'll
change it to unsigned int." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
turvarya
|
 |
February 15, 2015, 10:17:46 PM |
|
It depends on what exactly they call a "cold wallet"
If it was in any way connected to a network, it was just a "normal" hack
|
|
|
|
zimmah
Legendary
 Offline
Activity: 1106
Merit: 1005
|
|
February 15, 2015, 10:23:52 PM |
|
a cold wallet, by definition, is not connected to the internet.
Therefore, a cold wallet can not be hacked, no matter what.
If it was hacked, it wasnt a cold wallet.
|
|
|
|
|
|
goosoodude
|
|
February 15, 2015, 10:25:39 PM |
|
It was not a true cold wallet but rather an wallet which is kept offline most of the time. When the hot wallet needs to be refilled it is brought online and that moment was used by the attacker.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1053
Gerald Davis
|
|
February 15, 2015, 10:29:34 PM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
b) the randomly generated keys in the wallet may have had poor entropy (also unlikely)
c) the wallet was compromised due to poor signing with repeat k values (unlikely but can be verified from transaction history)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
* A 'cold wallet' would be a private key or keys created by an offline machine and the private keys are never used on a machine that is or has been connected to the internet. Signing of transactions should be done offline as well. If you create a 'cold wallet' and then move it to a computer which is connected to the internet then it is no longer a cold wallet.
|
|
|
|
|
|
Nixian
|
|
February 15, 2015, 10:38:36 PM |
|
What dunno , still newbie , but bter use cold wallets to fill there hots, apparently 7000btc on 1 cold wallet is not done , gess bit lazzy and made redraws from cold wallet with same key multi times , is it then possible to "catch" the key and use it urself? my 2bit : It is most likely a proxy/VPN that leads to another one and so on. If someone wants to steal so much money, I guess they make sure to stay safe as much as possible. Students having the know how , intrest, time and equipment , and watch the ISP Research and academic network |
|
|
|
|
inBitweTrust
|
|
February 15, 2015, 10:41:22 PM |
|
It likely was simply an inside job.
Any centralized bitcoin exchange that doesn't store a majority of their clients bitcoins in multiple multisig cold wallets with good physical security is acting wildly irresponsible at this point in the game.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 15, 2015, 10:46:43 PM |
|
It likely was simply an inside job.
Any centralized bitcoin exchange that doesn't store a majority of their clients bitcoins in multiple multisig cold wallets with good physical security is acting wildly irresponsible at this point in the game.
Indeed if these exchanges will not start to use multiSig I think a lot of people will start to keep their coin in own wallets. Remember : an exchange is not a bank.For example why aren't they using greenAddress for their cold wallet ? |
|
|
|
|
VOR
Newbie
Offline
Activity: 21
Merit: 0
|
|
February 15, 2015, 10:51:08 PM |
|
they are either from the future and computed the corresponding private key to the cold wallet using an array of quantum computers, or it was an inside job.
i dont get how its finally possible to control your own funds such as with bitcoin, and people go and relinquish that control to someone else.
|
|
|
|
|
|
Q7
|
|
February 15, 2015, 10:56:03 PM |
|
It shouldn't be too difficult to figure out who did this. If it has multi sig or multiple factor authentication enabled on a cold wallet, it would be almost impossible to pull off that stunt.
|
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
February 15, 2015, 11:03:02 PM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
b) the randomly generated keys in the wallet may have had poor entropy (also unlikely)
c) the wallet was compromised due to poor signing with repeat k values (unlikely but can be verified from transaction history)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
* A 'cold wallet' would be a private key or keys created by an offline machine and the private keys are never used on a machine that is or has been connected to the internet. Signing of transactions should be done offline as well. If you create a 'cold wallet' and then move it to a computer which is connected to the internet then it is no longer a cold wallet.
a==b) was the case with the blockchain hack, wasn't it? Just that it was a white hat hacker at the time. |
Truth is the new hatespeech.
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
February 15, 2015, 11:06:55 PM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
b) the randomly generated keys in the wallet may have had poor entropy (also unlikely)
c) the wallet was compromised due to poor signing with repeat k values (unlikely but can be verified from transaction history)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
* A 'cold wallet' would be a private key or keys created by an offline machine and the private keys are never used on a machine that is or has been connected to the internet. Signing of transactions should be done offline as well. If you create a 'cold wallet' and then move it to a computer which is connected to the internet then it is no longer a cold wallet.
a==b) was the case with the blockchain hack, wasn't it? Just that it was a white hat hacker at the time.Yes, 1000 btc sent back to blockchain.info. Here the thread : https://bitcointalk.org/index.php?topic=581411.0 |
|
|
|
|
RocketSingh
Legendary
Offline
Activity: 1654
Merit: 1045
|
|
February 15, 2015, 11:21:31 PM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
b) the randomly generated keys in the wallet may have had poor entropy (also unlikely)
c) the wallet was compromised due to poor signing with repeat k values (unlikely but can be verified from transaction history)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
* A 'cold wallet' would be a private key or keys created by an offline machine and the private keys are never used on a machine that is or has been connected to the internet. Signing of transactions should be done offline as well. If you create a 'cold wallet' and then move it to a computer which is connected to the internet then it is no longer a cold wallet.
How does the creator of a cold wallet will know that his generated keys are not of poor entropy ? |
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1110
|
|
February 15, 2015, 11:25:20 PM |
|
they are either from the future and computed the corresponding private key to the cold wallet using an array of quantum computers, or it was an inside job.
i dont get how its finally possible to control your own funds such as with bitcoin, and people go and relinquish that control to someone else.
...so they are from the future?  |
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
|
cryptworld
|
|
February 15, 2015, 11:27:43 PM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
b) the randomly generated keys in the wallet may have had poor entropy (also unlikely)
c) the wallet was compromised due to poor signing with repeat k values (unlikely but can be verified from transaction history)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
* A 'cold wallet' would be a private key or keys created by an offline machine and the private keys are never used on a machine that is or has been connected to the internet. Signing of transactions should be done offline as well. If you create a 'cold wallet' and then move it to a computer which is connected to the internet then it is no longer a cold wallet.
thanks for that explanation, I was wondering what could happen |
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1075
^ Will code for Bitcoins
|
|
February 16, 2015, 12:02:37 AM |
|
When the hot wallet needs to be refilled it is brought online and that moment was used by the attacker.
Hot wallets are refiled without bringing cold wallet online. You sign the refill transaction on the cold wallet machine, copy it to the USB drive without ever bringing it online, and then broadcast signed transaction from any other computer which is connected to the internet. Cold wallet by definition cannot be "hacked" in the strict sense, unless you call hacking gaining physical access to the offline computer and copying private key from it on some media, or changing it's software to use weak random number generator. |
|
|
|
|
charleshoskinson
Legendary
Offline
Activity: 1134
Merit: 1008
CEO of IOHK
|
|
February 16, 2015, 02:29:05 AM |
|
We spent months thinking about vectors of attack at Ethereum regarding the ether sale funds. Generally speaking, if the funds are in a cold wallet then either social engineering or inside theft are the two viable attacks. this said, it is possible if the cold wallet is stored in a digital format on a computer not connected to the internet that one could perform a stuxnet style attack piggybacking on a flash drive to introduce an APT. But no, someone internal stole the funds most likely.
|
The revolution begins with the mind and ends with the heart. Knowledge for all, accessible to all and shared by all
|
|
|
|
Beymond
|
|
February 16, 2015, 02:59:48 AM |
|
Their Cold wallet was really messed up , obviously being using to transfer funds to hot wallet's at time's
For that they should have kept two cold wallet's , one with small amount and other main cold wallet
|
|
|
|
|
|
Troonetpt
|
|
February 16, 2015, 03:33:40 AM |
|
A. It's not a really cold wallet.
B. It's a inside job.
Must one of them.
|
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3402
Merit: 2368
Join the world-leading crypto sportsbook NOW!
|
|
February 16, 2015, 06:17:08 AM |
|
Hacking a properly created cold wallet is impossible however it may not have been a properly created cold wallet
a) the wallet may have been created using compromised software (given how long the wallet has existed this is unlikely)
d) despite the company calling it a 'cold wallet' is wasn't a cold wallet* at all and was compromised just as any other hot wallet would be
e) someone (most likely an employee) with physical access to the cold wallet data file stole the coins
Most likely one of these but I'm more inclined to believe an inside job. |
|
|
|
|
