Pages:
Author

Topic: (Almost sure)brainwallet.org stole 22BTC from me (Read 7247 times)

legendary
Activity: 1148
Merit: 1006
This is still th biggest hinderance to bitcoin getting mass recognition.

It is far to unsafe to store any real wealth in for the average person.
umm no, brain wallets have nothing to do with the average person holding funds, the average person would use electrum or HD Multibit and a mobile wallet for on the go.

I think the amount of noobs using brainwallets will be rather high. Because A, they don't know or realize how insecure it is and B, because noobs everywhere are asking about things they heard or read about. "Coldwallet is safe, where do i get i", "Paperwallet is great, i want one", and so on. They read something and want it. So i think many noobs will have used it.
full member
Activity: 364
Merit: 101
Did you recover something?very sorry for your lost.
jr. member
Activity: 45
Merit: 3
Use dice to generate a secure random key with enough entropy.
100 dice throws with 6-sided dice gives 256 bits of entropy.

The bitgen software will assist with that, and can generate ps/pdf files with the key information:

http://bitcoin-gen.org/

Also see:
https://bitcointalksearch.org/topic/bitgen-tool-for-addresses-signatures-encryption-and-transactions-1107927


full member
Activity: 179
Merit: 100
I was the fault of the system brainwallet.org, try to send a message to the email admin
I do not undertand what you mean?You mean you were responsible for something.And no people my passphrase was not weak imagine it was something like this
Code:
uioeghyahyuiyhuiqreuiyhuwiytuighdgbsajkgfbjhbcvjhxvbjhxbvjhhgfuioedyrwiuyreiufhsdfgvjhksxbshdgfuioewyuiphfiusdhbkvjsbiuwrtg
That is what I usually write when I try to generate my priv key.There is other possible way my private keys leaked.Can somebody very trusted who understands code inspect and compile my coders little tool, he used Qt5.1.1 / mingw.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.

Its still not that complicated.  This is like 8th grade probability stuff.  Are people idiots?  What's going on here?
hero member
Activity: 560
Merit: 509
I prefer Zakir over Muhammed when mentioning me!
If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

That's why i called it a web resource. It's a bit like using vanity gen. Even if the software is 100% legit, the address generated is inherently less secure than a completely random one. And the common mortal is not apt to judge whether what they are doing is safe or not.

The second you use anything from a 3rd party, you're foregoing a certain level of security for whatever you are gaining.

Is there a proof that the online tools were in fact as legit as the maybe legit bundle you were able to use offline? Well maybe, if it was really a scam, a lot more people would have lost BTC, but you can never really trust something 100%.

Yes, you are right and what you said* is true for all wallets and tools including Bitcoin Core.

* Except web resource.

Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.

Yeah! That' why, PBMining and Mt. Gox has repaid all customers! Undecided

and it is insured by well known insurance companies etc etc.

i guess in the future most people have to use services like this. easy and secure. the average joe cant keep hunderds of dollars on his crappy pc or phone  Undecided

Secure? How? I can't believe you are saying people to store Bitcoin in an online wallet which does not even give access to private keys instead of a PC or phone.
legendary
Activity: 1722
Merit: 1000
I think people should stop using web/online wallets altogether,

They're great for a daily wallet.  People need to stop storing mass amounts on them.
sr. member
Activity: 273
Merit: 260
Pool Owner
I think people should stop using web/online wallets altogether,
full member
Activity: 210
Merit: 100
I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.

I wouldnt do 20 id wouldnt be able to remember it.

I probably do a unique of 8 characters mix with 1 capital letter, and 1 # though thats similar to my ebay password login.

Not the best idea, but I find that these situations are rare.
member
Activity: 132
Merit: 17
I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?

People confuse 20 random characters with simply 20 characters.  20 characters, if they're common words, is not safe.  That's a totally different discussion, and is not basic math.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.

20 random characters is strong but that wouldn't be an easy to recall phrase.

I don't know why people are so confused about this question of security.
You need 128 bits (or greater) of entropy or randomness. that means 2^128.
assuming 26 letters lowercase , 26 uppercase and ten digits, that's 62.
so 20^62.  much bigger so you're good. simple math with a calculator.
why is this so difficult?
member
Activity: 132
Merit: 17
So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.

No, Brainwallets are pretty much completely unsafe.  Doesn't matter the password, they're just a bad way of storing bitcoin.  Use a WarpWallet with a big passphrase or something that takes more effort to generate.  The Brainflayer program really proves this.
sr. member
Activity: 252
Merit: 250
So basically this dude has a weak passphrase.

But my question is whats considered a viable passphrase then? Like 20 characters long? I mean the odds of having a same passphrase is slim but im assuming the hacker is using sometype of passphrase thats commonly used and runs it.

Sorry op, Id just use something else from now on and have a better strong passphrase I guess.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR here are proves
Code:
I tautvilis am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR
HNC22GYmWi19BFHQa7iH54WLIWGk4RqczGkkJM0BScfP5dtXepwU5hjHXdLClOHhq1f8Lpmsg95FCLrW9ANkOto=
Recently someone stole 22BTC from that address.I am 100% I haven't downloaded any malware I haven't entered any suspicious sites I haven's used tor or did anything unusual.But what I did was I used brainwallet(only with that address luckily) I haven't suspected it but today when I wanted to use it I seen it is down and I want to know if someone else lost funds due to this.If you are a hacker and you are watching this please kindly return the coins to 1NcA77gqawRSsi9ara5omk2ajKS5bJLZM7

Did you really store 22 BTC at brianwallet? That is the same as walking around with a big sign "STEAL MY MONEY". Sorry for your loss. I am sure you eventually will recover. Keep the spirit up Smiley

Brian wallet . lol.  guilty consciounce eh
hero member
Activity: 546
Merit: 510
I am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR here are proves
Code:
I tautvilis am the owner of this address 1JqL1fp2nfuoSKirnRLjqUbQpf7Pou7mXR
HNC22GYmWi19BFHQa7iH54WLIWGk4RqczGkkJM0BScfP5dtXepwU5hjHXdLClOHhq1f8Lpmsg95FCLrW9ANkOto=
Recently someone stole 22BTC from that address.I am 100% I haven't downloaded any malware I haven't entered any suspicious sites I haven's used tor or did anything unusual.But what I did was I used brainwallet(only with that address luckily) I haven't suspected it but today when I wanted to use it I seen it is down and I want to know if someone else lost funds due to this.If you are a hacker and you are watching this please kindly return the coins to 1NcA77gqawRSsi9ara5omk2ajKS5bJLZM7

Did you really store 22 BTC at brianwallet? That is the same as walking around with a big sign "STEAL MY MONEY". Sorry for your loss. I am sure you eventually will recover. Keep the spirit up Smiley
full member
Activity: 168
Merit: 100
OP sad to hear that man
legendary
Activity: 1722
Merit: 1000
It is far to unsafe to store any real wealth in for the average person.

I'm an average person. I've been using Bitcoin for over 4 years now. I've never lost a single coin.

All it takes is some responsibility. I learned enough (common sense really) to realize that private keys were the "key" to security. After that, it's child's play.

Create secure private keys offline, keep them offline, and your bitcoins will be quite secure.

Learn a little bit about shamir's secret sharing and you will have an asset that is more secure than any traditional asset known to man.

Data is easy to copy, so do it!

There is reliable, open source software which will accomplish all your bitcoin security needs without any additional education (beyond the basics I just mentioned) for the user.

So... I'll rephrase your post as follows: It is far too unsafe to store any real wealth in for the irresponsible, ignorant, unmotivated person. As it should be.

You are not the average person one bit.

The average person thinks password1234 is safe.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

If you use a strong passphrase for your brainwallet, then it is definitely better than Xapo. Well, if you are taking about Brainwallet.org, then still, I am firm with my words! I have used it many times! It may not be secure enough to use Brainwallet.org online though.

Btw, Brainwallet.org and brainwallet are two different things. So please do specify correctly when you are talking!
Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.

and it is insured by well known insurance companies etc etc.

i guess in the future most people have to use services like this. easy and secure. the average joe cant keep hunderds of dollars on his crappy pc or phone  Undecided
legendary
Activity: 868
Merit: 1006
Probably it is way more secure and user friendly to use a service like Xapo than a brainwallet.

If you use a strong passphrase for your brainwallet, then it is definitely better than Xapo. Well, if you are taking about Brainwallet.org, then still, I am firm with my words! I have used it many times! It may not be secure enough to use Brainwallet.org online though.

Btw, Brainwallet.org and brainwallet are two different things. So please do specify correctly when you are talking!
Well, I think Xapo is very legit. If they lost your coins, they wouldn't be able to get away with it, it's not some anonymous dude, the CEO etc it's all registered, if they screw you up they owe you the Bitcoins. I don't know the terms of wha would happen exactly tho.
legendary
Activity: 1302
Merit: 1068
If you are talking about Brainwallet.org, it is not a web wallet. It is a website of a bundle of tools which can also be used locally.

That's why i called it a web resource. It's a bit like using vanity gen. Even if the software is 100% legit, the address generated is inherently less secure than a completely random one. And the common mortal is not apt to judge whether what they are doing is safe or not.

The second you use anything from a 3rd party, you're foregoing a certain level of security for whatever you are gaining.

Is there a proof that the online tools were in fact as legit as the maybe legit bundle you were able to use offline? Well maybe, if it was really a scam, a lot more people would have lost BTC, but you can never really trust something 100%.
Pages:
Jump to: