Bitcoin cold storage - HACKED easily - page 4.

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: ABitNut on January 20, 2015, 11:15:48 PM

The solution is in the article itself:

Quote

Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote

there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrong^tm.

the answer is "easy" when you know what you are doing.

ABitNut

hero member

Activity: 764

Merit: 500

I'm a cynic, I'm a quaint

The solution is in the article itself:

Quote

Another counter-measure would be to strictly not use any address more often than once.

Also the following statement in the article is endorsed by Captain Obvious:

Quote

there is only one conclusion to draw from this
problem: Users cannot trust any implementation of ECDSA or Bitcoin, which they cannot fully verify

And "Easily" is very subjective. How easy is it to compromise a cold storage wallet? -> If the answer is easy then you're doing it wrong^tm.

Ingatqhvq

hero member

Activity: 532

Merit: 500

That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?

R2D221

hero member

Activity: 658

Merit: 500

Quote from: mayax on January 20, 2015, 08:55:45 PM

Quote from: R2D221 on January 20, 2015, 06:16:59 PM

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

“It's not about a backdoor”

*article title includes the words “install backdoor”*

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mayax on January 20, 2015, 08:55:45 PM

Quote from: R2D221 on January 20, 2015, 06:16:59 PM

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

The article has been read thoroughly by many of us who are knowledgeable and competent.
Anyone who does their due diligence to set up a cold storage wallet properly is not
going to use a compromised version of ECDSA.

Your trolling attempts are rather goofy, because although Bitcoin isn't perfect,
having your cold storage keys stolen is one of the LEAST likely things to happen.

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: R2D221 on January 20, 2015, 06:16:59 PM

How can you install a backdoor in my paper wallet? I really want to know.

it is not about backdoor. please read carefully : http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

R2D221

hero member

Activity: 658

Merit: 500

How can you install a backdoor in my paper wallet? I really want to know.

dlowings

full member

Activity: 226

Merit: 100

Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .

thelibertycap

full member

Activity: 211

Merit: 100

Quote from: mayax on January 20, 2015, 05:00:48 PM

Quote from: thelibertycap on January 20, 2015, 09:33:52 AM

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"The attacker must first create a compromised version of ECDSA."

so what is it about? if i use a proper binary of my wallet, my system is not compromised.

physicsdude

newbie

Activity: 11

Merit: 0

Yes, massive news flash: If you have hacked software on your machine your coins aren't safe. Thanks for the enlightenment. This article is a huge piece of FUD.

"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: thelibertycap on January 20, 2015, 09:33:52 AM

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

please read again. it's not about a trojan

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

thelibertycap

full member

Activity: 211

Merit: 100

news at 11! a software trojan horse can steal your funds!

i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for

dsattler

legendary

Activity: 924

Merit: 1000

Quote from: ChuckBuck on January 20, 2015, 09:05:46 AM

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

I second this!

ChuckBuck

hero member

Activity: 1372

Merit: 783

better everyday ♥

Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.

The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.

Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.

Admins please lock, thanks.

Nrcewker

copper member

Activity: 2268

Merit: 539

LuckyDiamond.io - FLAT 50% Deposit Bonus!

gold, hold dollars, let us leave bitcoins..

Razick

legendary

Activity: 1330

Merit: 1003

Quote from: Razick on January 18, 2015, 02:20:49 PM

Quote from: MrTeal on January 16, 2015, 10:22:08 AM

Quote from: Razick on January 16, 2015, 10:17:10 AM

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented.

Furio

legendary

Activity: 938

Merit: 1000

BTC | LTC | XLM | VEN | ARDR

Quote from: Blazr on January 16, 2015, 08:26:39 AM

Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed.

Quote

The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung.

One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation.

I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that Grin

dsattler

legendary

Activity: 924

Merit: 1000

Quote from: GrandmaJean on January 19, 2015, 01:43:24 AM

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that...

As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO!

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

These articles, OP's thread tell us nothing new, it's just the same song sang differently.

promojo

sr. member

Activity: 420

Merit: 250

I will have to read this. Thanks for the infos.

Topic: Bitcoin cold storage - HACKED easily - page 4. (Read 12634 times)