OP may have just achieved stupidest thread title of the year, just 16 days in. Quite a feat, well done OP.
If at any time you'd like to see evidence that bitcoin cold storage is not hackable, simply click here: https://bitcoinwisdom.com/
If you see a price above 0, cold storage can not be hacked.
Topic: Bitcoin cold storage - HACKED easily - page 3. (Read 12634 times)
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account.or you don't use Bitcoin for storing your funds. you convert it to cash and you can only keep a small amount just for speculating it
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Then you should use an online wallet service that offers 2FA and get the confirmation code sent to your mobile phone. That way a keylogger won't work unless they steal your phone and you also have the added extra of getting notified by sms if someone else logs into your account. I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport. It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.
Yes, the cost is be prohibitive for any small-medium company
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
Try Trusteer Rapport - https://www.trusteer.com/ and read about it here http://www-03.ibm.com/software/products/en/trusteer-rapport. It will bog your computer down, somewhat. And it is not compatible with some firewalls. But if you can work your way around these two problems, it seems to be something that is very valuable. Many banks are trusting it.
I am actually afraid of keyloggers when using online hot wallets because most of the time people use this service.
what you it seems that you do not understand or you do not want to say is that :
"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.
These developers can put anything they want INTO the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked.
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.
These developers can put anything they want INTO the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked.
I'm not checking. Are you checking? Maybe the other guy is checking.
what you it seems that you do not understand or you do not want to say is that :
"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.
These developers can put anything they want INTO the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked.
this is true but at the same time it means that it will become apparent to the community since a lot of people are checking "Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.
in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.
These developers can put anything they want INTO the source code: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."
So, COLD Storage can be easily hacked.
putting the sourcecode of the critical parts of code into blockchain, and let a "smart client" compile it when downloaded, could be a way to secure a client.
a CRC checked compiled version could be used too instead of downloading and compiling (because often code rely on external references)
the trust problem is something real for bitcoin clients, there isn't a perfect solution, even downloading from the official site could be insecure and not decentralized anyway, and people who compile on their machine doesn't have to assume that since they have compiled then the client is secure, because if they rely on other dependencies (like QT libraries) then they should check that even that dll isn't compromised
i think that a good way to secure clients would be to implement a sanity check between nodes: every client should implement a protocol to find other peers that share the same client (and match the version) so they can cross check that they are using the same version and that every file match (of course this check couldn't be cross platform, every platform has its own set of files) and if the version doesn't match, then a warning should popup on the client that has less consensus over the network
I haven't thought yet about details, but I think that this could work, the network should be its own supervisor to keep behaving as decentralized (would be easy to create a service where you upload your client files and it returns if they are fine, but this would be a 3rd party service, so centralized)
a CRC checked compiled version could be used too instead of downloading and compiling (because often code rely on external references)
the trust problem is something real for bitcoin clients, there isn't a perfect solution, even downloading from the official site could be insecure and not decentralized anyway, and people who compile on their machine doesn't have to assume that since they have compiled then the client is secure, because if they rely on other dependencies (like QT libraries) then they should check that even that dll isn't compromised
i think that a good way to secure clients would be to implement a sanity check between nodes: every client should implement a protocol to find other peers that share the same client (and match the version) so they can cross check that they are using the same version and that every file match (of course this check couldn't be cross platform, every platform has its own set of files) and if the version doesn't match, then a warning should popup on the client that has less consensus over the network
I haven't thought yet about details, but I think that this could work, the network should be its own supervisor to keep behaving as decentralized (would be easy to create a service where you upload your client files and it returns if they are fine, but this would be a 3rd party service, so centralized)
Your funds are not safe neither in "cold storage". Read:
https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf
or
http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.
What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.
Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !
I don't believe that.https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf
or
http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.
What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.
Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !
I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.
How someone could know my mouse movements if I type some random letters between moves.
How many paperwallets (with enough entropy) have been stolen?
A year ago or so, we got instant payment(so without PIN) via NFC for our Bank cards in Austria. There where also a theory about how to route the signal through a smartphone so a thief could pay with his smartphone on the other end.
Also not very likely to execute and a lot of effort for € 25. I just bought a protective cover that blocks the signal(and also protects my card from e.g. a magnetic field) and was done with that.
So, it might be nice, that there are people theorizing about such things, but they don't really work in the real world.
Your funds are not safe neither in "cold storage". Read:
https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf
or
http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.
What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.
Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !
I don't believe that.https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf
or
http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/
many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.
What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.
Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !
I always create my paperwallets offline and I move the computer mouse in order to get enough entropy.
How someone could know my mouse movements if I type some random letters between moves.
How many paperwallets (with enough entropy) have been stolen?
Why does the title say Hacked Easily ?
I don't think that is the case. Even cold wallets which have not many transactions are rather safe.
I don't think that is the case. Even cold wallets which have not many transactions are rather safe.
The solution is in the article itself:
Also the following statement in the article is endorsed by Captain Obvious:
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
Quote
Another counter-measure would be to strictly not use any address more often than once.
Also the following statement in the article is endorsed by Captain Obvious:
Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
the answer is "easy" when you know what you are doing.
And who knows how to do this exactly?
And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.
Please lock this thread.
many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too
The solution is in the article itself:
Also the following statement in the article is endorsed by Captain Obvious:
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
Quote
Another counter-measure would be to strictly not use any address more often than once.
Also the following statement in the article is endorsed by Captain Obvious:
Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
the answer is "easy" when you know what you are doing.
And who knows how to do this exactly?
And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.
Please lock this thread.
many other people know a lot about cryptography. Verbücheln is only one of them. Stay chill, you will find out soon that cold wallets were hacked.
MT gox wallet was hacked too
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
Agree that its not mainstream, but its not THAT hard.
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS.
Or wait for this:
https://www.indiegogo.com/projects/mycelium-entropy
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
Agree that its not mainstream, but its not THAT hard.
Buy a cheap machine from ebay/craigslist, kill the wifi, and re-install the OS.
Every solution has a problem and every problem has a solution.
It will just go on and on. And only progress gains.
It will just go on and on. And only progress gains.
I also read that if you make a paper wallet, despite the keys being embedded in a jpeg, they can still be hacked. And that if you print the wallets, the info is stored in the printer, which can be hacked.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
So, the solution seems to be to buy a computer that has never seen the internet, and a printer that has never seen the internet. This is NOT a solution for the main-stream 99% of people. I've given up on computer-based cold storage as I'm not tech-literate enough, but would still like to try paper wallets.
The solution is in the article itself:
Also the following statement in the article is endorsed by Captain Obvious:
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
Quote
Another counter-measure would be to strictly not use any address more often than once.
Also the following statement in the article is endorsed by Captain Obvious:
Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
the answer is "easy" when you know what you are doing.
The solution is in the article itself:
Also the following statement in the article is endorsed by Captain Obvious:
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
Quote
Another counter-measure would be to strictly not use any address more often than once.
Also the following statement in the article is endorsed by Captain Obvious:
Quote
there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify
And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrongtm.
the answer is "easy" when you know what you are doing.
And who knows how to do this exactly?
And please don't say Stephan Verbücheln, because he's the one that wrote the damn paper.
Please lock this thread.
Jump to: