Bitcoin cold storage - HACKED easily - page 2.

ChuckBuck

hero member

Activity: 1372

Merit: 783

better everyday ♥

Quote from: mayax on January 26, 2015, 01:43:20 PM

Quote from: Lauda on January 26, 2015, 12:54:53 PM

Quote from: MrTeal on January 26, 2015, 11:53:20 AM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.

Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Stop trying to spread FUD dude.

It's already been established, it's near impossible to hack cold storage, unless that attacker somehow installed the compromised version of ECDSA on the cold offline wallet.

Can't be done, only in theory.

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: Lauda on January 26, 2015, 12:54:53 PM

Quote from: MrTeal on January 26, 2015, 11:53:20 AM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.

Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

large scale = any online wallet can be compromised in this way. When it's about computer, you can not be ever sure. Anyway, why would someone keep a large amount of funds in BTC by having the fear that he can wake up in a morning and see : balance ZERO.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: MrTeal on January 26, 2015, 11:53:20 AM

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.

Which definitely can't be defined as 'easily'.
The hack would be rather hard to deploy, especially on a larger base.

MrTeal

legendary

Activity: 1274

Merit: 1004

Quote from: dsyahputera on January 26, 2015, 11:31:26 AM

How about deep cold storage like this one provided by Xapo? Any comments?

Quote from: http://support.xapo.com/what-is-deep-cold-storage

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process. But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems. The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.

That would not help with this attack, as the keys are compromised during the signing whether it happens online or offline. If you have a system running a compromised version of ECDSA, there's nothing you can really do to protect the private key of an address that's been used to sign a transaction. That being said, the attacker first has to get you to use a compromised version.

dsyahputera

full member

Activity: 224

Merit: 100

How about deep cold storage like this one provided by Xapo? Any comments?

Quote from: http://support.xapo.com/what-is-deep-cold-storage

Cold storage refers to the process of storing bitcoins offline, but the private keys associated with this process may be online and/or exposed to the internet at some time during the generation of signing process. But deep cold storage is a type of cold storage where not only are bitcoins stored offline, but also the system that holds the bitcoins was never online or connected to any kind of network, the private keys associated with that system were generated in offline systems, and the signing process of the transactions is also made in offline systems. The systems used in this type of storage never touch the Internet; they are created offline, they are stored offline, and they are offline when signing transactions.

campycoin

hero member

Activity: 700

Merit: 500

Daily Bitcoins for your Paypal/Skrill

You need to create cold storage wallets and put maybe a bitcoin in each wallet. You do this when you are not connected to the internet of course. So, yes, you might need 10 wallets with 1btc each. Then when you need to spend, dump the entire 1btc into an online wallet and use it as pocket change or spending money.

It says in the OP that hackers get the info from one pay transaction... the thing is... you don't ever want to make more than one trx from your cold storage, otherwise yeah, you could get nipped. It is kinda like saying if you go to the ATM 6x a day, you probably have a better chance of getting robbed then if you went just once, right before you bought something

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: ranochigo on January 23, 2015, 11:47:09 PM

Quote from: freebit13 on January 23, 2015, 12:21:22 PM

Quote from: Wendigo on January 23, 2015, 10:58:20 AM

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

the online wallets are not safe

XeloriA

newbie

Activity: 16

Merit: 0

huhu..thanks for the information Cheesy

TCM

sr. member

Activity: 251

Merit: 250

The length of your password doesn't matter if you have a keylogger on your machine. Nothing is more secure than a cold wallet. The key is using trusted software for the cold wallet.

Medow

sr. member

Activity: 357

Merit: 250

Hi:

Do you think that a 64 letter password phrase wallet is better than cold storage?

Is it possible to extract a private key or import my wallet to any program if i secure it with that kind of password?

TCM

sr. member

Activity: 251

Merit: 250

Quote from: R2D221 on January 24, 2015, 02:33:33 AM

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

Since he doesn't even understand the article he linked to, that question should be viewed as purely rhetorical.

"If you try all possible private keys, you can clean out ALL WALLETS IN EXISTENCE!!1 News at 11!"

R2D221

hero member

Activity: 658

Merit: 500

Quote from: mayax on January 23, 2015, 11:26:36 PM

Quote from: R2D221 on January 23, 2015, 06:56:24 PM

Quote from: cheekychap on January 23, 2015, 06:34:46 PM

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe

If I create a private key using dice, and compute the public address manually (yes, I'm that paranoid), how will you hack it? Please give me all the details.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: freebit13 on January 23, 2015, 12:21:22 PM

Quote from: Wendigo on January 23, 2015, 10:58:20 AM

I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.

Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.

False, anyone can easily hack your private key if they have access to the server itself (operators, devs) they can also make changes to the system without your consent. If a flaw is found in the system itself, you would be hacked, whether you are using 2FA ornot. A recent incident is Blockchain.info's. If you are using a desktop wallet, you can check the source code yourself and decide whether to download it.

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: R2D221 on January 23, 2015, 06:56:24 PM

Quote from: cheekychap on January 23, 2015, 06:34:46 PM

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

either ways, it is not safe

PaulPierce

member

Activity: 112

Merit: 10

Quote from: R2D221 on January 23, 2015, 06:56:24 PM

Quote from: cheekychap on January 23, 2015, 06:34:46 PM

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

Yeah..!! turns into hot wallet I guess.!! Im not sure how the cold storage was hacked.!! some say they had left the key to it or something.!

R2D221

hero member

Activity: 658

Merit: 500

Quote from: cheekychap on January 23, 2015, 06:34:46 PM

Are all cold storages equally vulnerable or only the ones with the transactions?

A cold storage that only has received has the same security as an empty one. If it has sent money, then I don't think it can be considered cold anymore.

cheekychap

full member

Activity: 182

Merit: 100

Are all cold storages equally vulnerable or only the ones with the transactions ?

HarmonLi

sr. member

Activity: 350

Merit: 250

Honest 80s business!

Not a real concern! It only affects systems whose way of generating the keys is already flawed! If you take a real entropy and solid hashing functions of deriving the private key, you're completely safe!

moriartybitcoin

hero member

Activity: 560

Merit: 500

★777Coin.com★ Fun BTC Casino!

this is of course total bullshit

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: Beliathon on January 23, 2015, 03:20:45 PM

OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.

If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/

If you see a price above 0, cold storage can not be hacked.

well, you can say that you do not agree with me but why am I stupid? because I quoted a very intelligent man, Verbücheln?

yes, anything can be backed including the shit cold wallet. this my opinion. Of course, I can have an opinion regarding to you, Beliathon too but I prefer to not say it in public

Verbücheln said VERY clear how it can be done.

Topic: Bitcoin cold storage - HACKED easily - page 2. (Read 12634 times)