Pages:
Author

Topic: 1 BTC stolen from BrainWallet due to weak key (Read 3937 times)

hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
January 16, 2014, 08:26:51 AM
#23
Very well, fixed.

the coins are already gone, what was your password?

Yeah, this post made me also curious.

This thread goes well in hand with multiple threads about address generating hacks, and brainwallet hacking competitions.
hero member
Activity: 770
Merit: 500
Very well, fixed.

the coins are already gone, what was your password?

Yep, this would be interesting to know.

+1
sr. member
Activity: 430
Merit: 250
Very well, fixed.

the coins are already gone, what was your password?

Yep, this would be interesting to know.
legendary
Activity: 1321
Merit: 1007
Very well, fixed.

the coins are already gone, what was your password?
newbie
Activity: 12
Merit: 0
Instead of blaming people for your faults, you can ask politely who cracked your weak brainwallet password. Some people will return it. Also inform yourself what a strong brainwallet password means.

Well, I haven't used a brainwallet since April and don't intend to. Normal private key is, IMO, way more secure. Didn't even realize I had that address still linked with my account until the funds were gone.
hero member
Activity: 490
Merit: 500
Very well, fixed.

I'm sorry about your loss. 1 btc is quite a lot of money. Sad

Did you figure out more details about how things happened, or have you written everything off by now?
newbie
Activity: 12
Merit: 0
Very well, fixed.
hero member
Activity: 728
Merit: 500
If the info in this thread is correct, "Swiss Federal Institute of Technology Zurich" should be removed from the thread title. If blockchain only shows 'relayed by' and this is the last hop, the chance that "Swiss Federal Institute of Technology Zurich" is the culprint is fairly slim.

+1. OP please fix subject.

ETH has a lot of computing power and some very fast relays which do actually strenghten the network. Someone in there did a thesis on bitcoin last year. I think there was a thread on bitcointalk about it. They do not mine but they run full nodes.
hero member
Activity: 504
Merit: 500
,... running Kaspersky AV, and regular scans.
answer
hero member
Activity: 490
Merit: 500
If the info in this thread is correct, "Swiss Federal Institute of Technology Zurich" should be removed from the thread title. If blockchain only shows 'relayed by' and this is the last hop, the chance that "Swiss Federal Institute of Technology Zurich" is the culprint is fairly slim.
hero member
Activity: 770
Merit: 500
Instead of blaming people for your faults, you can ask politely who cracked your weak brainwallet password. Some people will return it. Also inform yourself what a strong brainwallet password means.
hero member
Activity: 728
Merit: 500
There, how's that?

Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.

I just hope that at the end of their research / proof of concept, they return the coins...

The "relayed by" field on the Blockchain.info website just shows the node that Blockchain.info received the transaction from. And while Blockchain.info is well-connected to the network, the vast majority of nodes are not directly connected to Blockchain.info, so a transaction may pass through several nodes before Blockchain.info sees it. "relayed by" only shows the last hop.

The chance that this transaction actually originated from ETH Zurich is rather small.
sr. member
Activity: 430
Merit: 250
Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.

Them relaying the transaction doesn't mean they stole your money. I'm 100% sure ETH had nothing to do with this. You should maybe educate yourself what the data you gather actually means before you start throwing such accusations around.
newbie
Activity: 12
Merit: 0
There, how's that?

Seriously, though, it looks like the Swiss Federal Institute of Technology Zurich is running a tool to brute force brain wallets.

I just hope that at the end of their research / proof of concept, they return the coins...
newbie
Activity: 12
Merit: 0
December 13, 2013, 08:07:22 PM
#9
I will wait to see what Blockchain.info says about it...
newbie
Activity: 12
Merit: 0
December 13, 2013, 05:07:37 PM
#8
Not intentionally a quote, no. The words themselves do, of course, show up in Google.
hero member
Activity: 770
Merit: 500
December 13, 2013, 04:11:49 PM
#7
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.

30 character passphrase. It's a sentence that starts with an uppercase letter, ends with a period, and contains three words separated by spaces.

Not by any chance a quote from somewhere? If you find the sentence in google search you have your answer.
newbie
Activity: 12
Merit: 0
December 13, 2013, 03:26:41 PM
#6
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.

30 character passphrase. It's a sentence that starts with an uppercase letter, ends with a period, and contains three words separated by spaces.
newbie
Activity: 12
Merit: 0
December 13, 2013, 03:06:07 PM
#5
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
the RNG flaw was only on keys generated by android wallets.

Not true, the Blockchain RNG vulnerability in August was on the random numbers used to sign transactions. It was using the same R value for multiple transactions with the same private key.
hero member
Activity: 770
Merit: 500
December 13, 2013, 01:22:43 PM
#4
Can you give some details on the password you used for the brainwallet? You know some people are "mining" brainwallets with weak passwords nowadays.
Pages:
Jump to: