Bitcoin cold storage - HACKED easily - page 5.

GrandmaJean

sr. member

Activity: 280

Merit: 250

Quote from: Razick on January 18, 2015, 02:20:49 PM

Quote from: MrTeal on January 16, 2015, 10:22:08 AM

Quote from: Razick on January 16, 2015, 10:17:10 AM

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack

This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker

seriouscoin

hero member

Activity: 658

Merit: 500

This thread sum up OP's IQ. Hint : well below 60, in "Special" zone

Razick

legendary

Activity: 1330

Merit: 1003

Quote from: MrTeal on January 16, 2015, 10:22:08 AM

Quote from: Razick on January 16, 2015, 10:17:10 AM

You have to be using a compromised wallet for this to work.

Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: mayax on January 18, 2015, 12:48:43 PM

Quote from: jonald_fyookball on January 18, 2015, 12:40:25 PM

Quote from: RoadStress on January 18, 2015, 11:42:50 AM

Quote from: newIndia on January 17, 2015, 08:00:17 PM

Quote from: RoadStress on January 17, 2015, 07:57:10 PM

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs. The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

These aren't the attack I just described.

Are you fudding for fun, or do you have an agenda?

qwk

donator

Activity: 3542

Merit: 3413

Shitcoin Minimalist

Quote from: Klestin on January 18, 2015, 01:17:55 PM

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.

Didn't you know? It's got a built-in laugh()-subroutine and speaker to ridicule you after it's taken all your coins. Wink

Klestin

hero member

Activity: 493

Merit: 500

My trezor laughs at your exploit. No, seriously, it laughed. I didn't know it could even do that. Kind of creepy actually.

Walsoraj

hero member

Activity: 686

Merit: 500

Ultranode

“Each time you want to check the balance of a cold wallet, you’re making it less cold”

-Karpeles

Source: http://www.pcworld.com/article/2846252/despite-mt-gox-fiasco-karpeles-still-has-bitcoin-plans.html (Nov. 11, 2014)

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: jonald_fyookball on January 18, 2015, 12:40:25 PM

Quote from: RoadStress on January 18, 2015, 11:42:50 AM

Quote from: newIndia on January 17, 2015, 08:00:17 PM

Quote from: RoadStress on January 17, 2015, 07:57:10 PM

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs. The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

blockchain.info was hacked in this way

Multibit was hacked too : http://www.reddit.com/r/Bitcoin/comments/1scd2n/914_bitcoins_stolen_from_multibit_wallet/

who said that is it safe? it is not safe.

https://www.cryptocoinsnews.com/gentleman-hacker-returns-stolen-bitcoins-blockchain-info/

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

hacker : ""Every bitcoin transaction is signed by two values – 'R' and 'S' – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.""

and then read this :

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: RoadStress on January 18, 2015, 11:42:50 AM

Quote from: newIndia on January 17, 2015, 08:00:17 PM

Quote from: RoadStress on January 17, 2015, 07:57:10 PM

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

Actually, I think it is safest to only receive once as well...The reason being that
you have to sign each of the UTXOs. The attacker would have to see your transaction,
decipher it, steal your private keys, and then try to double spend it before a miner
put it in a block, so it is hard to do, but theoretically possible.

RoadStress

legendary

Activity: 1904

Merit: 1007

Quote from: newIndia on January 17, 2015, 08:00:17 PM

Quote from: RoadStress on January 17, 2015, 07:57:10 PM

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

Thanks.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: mayax on January 18, 2015, 10:35:08 AM

Quote from: Duke Of Bitcoin on January 18, 2015, 06:53:01 AM

Quote from: mayax on January 16, 2015, 08:20:11 AM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT ! Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ?

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps: https://www.youtube.com/watch?v=QcE5aDTszrY lol

Blockchain.info is not and will never be a offline wallet, it is just a online wallet with a bit more security features. Online wallets are never recommended for storing huge amount of BTC. You would be very dumb to buy a cold storage device from a manufacturer who have not opensourced their firmware and are not trusted. You can review the source code and compile it yourself. It is highly unlikely for most reputable cold storage hardware provider to do so as their reputation would be at risk.

mayax

legendary

Activity: 1470

Merit: 1004

Quote from: Duke Of Bitcoin on January 18, 2015, 06:53:01 AM

Quote from: mayax on January 16, 2015, 08:20:11 AM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT ! Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

So many sheeps here.

chill out, grandpa. this article is not for you. keep feeding the exchangers(so called shit/anonymous bitcoin brokers) with your money and stay calm

For anybody else, please re-read the article.

"Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

"Even if the manufacturer claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said."

For example : what is blockchain.info ?

Until then, keep "mehehe" (bitcoin to the shit) like the sheeps: https://www.youtube.com/watch?v=QcE5aDTszrY lol

Duke Of Bitcoin

newbie

Activity: 2

Merit: 0

Quote from: mayax on January 16, 2015, 08:20:11 AM

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/

many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT ! Grin

you should stop spreading fud i would of fallen for this if people didnt call you out on your bullshit.

Kprawn

legendary

Activity: 1904

Merit: 1074

A crock of Bullshit

Cold storage is just that...... A address never used for frequent withdrawals. {The article states, it's compromised after the first transaction}

I have 100's of paper wallets and I deposited small amounts to them all... never used it, and it's still there. {Use some of them as "Honey traps" to detect hack attempts}

I would agree, if you imported those paper wallets into some online wallet, then it would be considered as compromised. {But I never re-use those wallets, after I swiped or imported it}

muhrohmat

sr. member

Activity: 252

Merit: 250

i only use btc as 10% of my monthy income soo its a 10% max risk of losing all to scams or hacking but even then i consern about security i use on line wallets but one of the thigs that can be good its a off line wallet in a pen like multi wallet for btc

rio3232

full member

Activity: 224

Merit: 100

Quote from: ranochigo on January 17, 2015, 09:47:33 PM

Quote from: rio3232 on January 17, 2015, 09:44:18 PM

Quote from: Agestorzrxx on January 17, 2015, 09:21:29 PM

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

well, to lazy to do that. lol
better just sell when u have bitcoins.

MrTeal

legendary

Activity: 1274

Merit: 1004

Quote from: jonald_fyookball on January 17, 2015, 05:38:29 PM

Quote from: mayax on January 17, 2015, 04:47:10 PM

Quote from: grendel25 on January 17, 2015, 03:18:01 PM

I can think of no money that can't be hacked easily. Bitcoin may have different risk factors but it can be stolen just as easily as any other money. It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily. But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.

You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.

Apparently there's been a lot of issues with hacking in the traditional investment backing sector as well.

M28MmickT

sr. member

Activity: 433

Merit: 250

BTG CEO

zzzZZZZzzzZZZ Hacked easily Grin

i feel sleepy and not going to beat the bush, its far from easy!! and to counter it never send coin from the same address more than once. Simple even for a half a brain like you.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: rio3232 on January 17, 2015, 09:44:18 PM

Quote from: Agestorzrxx on January 17, 2015, 09:21:29 PM

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

A better solution would be to use a freshly wiped computer and not download anything suspicious since some viruses can go undetected. Good wallets are preferably opensourced, the best is Bitcoin Core even though it may take up some space.

rio3232

full member

Activity: 224

Merit: 100

Quote from: Agestorzrxx on January 17, 2015, 09:21:29 PM

Well, nothing is absolutely safe.

yeah you right. but we can minimalize the threat.
like by using antivirus and use good wallet.

Topic: Bitcoin cold storage - HACKED easily - page 5. (Read 12634 times)