Author

Topic: [2014-03-28] Bitcoin Vanity Addresses Hacked (Read 2196 times)

hero member
Activity: 686
Merit: 500
FUN > ROI
March 28, 2014, 12:54:27 PM
#4
Maybe something for a follow-up - which could easily segway into other multikey applications, escrow, all that Smiley

Oh yeah, and the beards. Got to watch those shady buggers.
Hey! I resemble that remark! Wink

And yes, I enjoy reading your articles Smiley
member
Activity: 70
Merit: 10
Writer $0.10/word +
Haha, exactly. The beards part FTW!

I know you, and the rest of the folks here, know about the details, but I didn't think the audience was (or is) ready for full on immersion into why the two part key bits are bad.

Rather, I thought to focus on the fact that the site was a risk (and got hacked), and that a vanity address isn't at all like a vanity phone number or license plate. There are so many random combinations that every single person in the world could have the same 4 to 6 letter start to their vanity address - so what's the point.

Oh yeah, and the beards. Got to watch those shady buggers.

Mostly supposed to be good for a laugh, while easing some more Bitcoin lore into those who have not yet been assimilated.  Smiley
hero member
Activity: 686
Merit: 500
FUN > ROI
* vanity address generation website hacked

tl;dr: A website that generated vanity addresses using a Split-Key setup (which should be safe) allowed users to use a key pair generated on that site itself (uh oh), the generation part of which got hacked (derp), so anybody not providing their own public key (come on, people!) effectively handed over the keys to the kingdom. Also, something about beards Smiley

Though the article itself doesn't really seem to go into the detail that there was security failings on both sides: the site for letting themselves get hacked, and the users for trusting keys generated at that site itself.
member
Activity: 70
Merit: 10
Writer $0.10/word +
http://www.financegirl.co.uk/bitcoin-vanity-addresses-hacked/

I know it's old news, but it took a day to get published. Such is the life of a writer. No offense to those who lost BTC due to the hack / scam - but then, vanity addresses (like the one I had) are about as unique as fingerprints. They all look the same, but every one is different.
Jump to: