Pages:
Author

Topic: 1 BTC stolen from BrainWallet due to weak key - page 2. (Read 3937 times)

legendary
Activity: 2058
Merit: 1452
December 13, 2013, 01:06:02 PM
#3
My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.
the RNG flaw was only on keys generated by android wallets.
hero member
Activity: 770
Merit: 500
newbie
Activity: 12
Merit: 0
December 13, 2013, 11:46:50 AM
#1
I did a transaction yesterday using http://www.bit2factor.org/ in which I got about 1 BTC total.

After the transaction, I used the "sweep key" function on Blockchain.info to transfer the funds into my own wallet, and it looks like it moved it to my oldest address -- 1Gj6ubnVGcHcPMmBEhvGXhcQkpusE4vH85 -- which was originally generated as a brain wallet back in April 2013. Before the transaction, the wallet address had a zero balance.

About 4 hours after the sweep, it looks like someone came in and nabbed all the funds and sent them to 1EnuCnYuYadPAp1qTWj8rWxZvb9QQ1vFKz. According to the relay information, that transaction (3a19b0d36c19360cc0794de9b44b2fffd5a1a3a1a0322aed2b033b98f8b957a0) was relayed by 129.132.230.77 which maps to vbitcoin-08.inf.ethz.ch at ETH/UNIZH.

My guess is that back when I used Blockchain.info in April, it had that RNG flaw that was discovered in August, and now that I was using the address again, someone used the key exposed in the prior transactions to grab the funds.

I am 100% positive that this was not the result of a virus or anything on my own machine -- I'm a software dev, very cautious about what I download, running Kaspersky AV, and regular scans.
Pages:
Jump to: