Pages:
Author

Topic: Bitcoin cold storage - HACKED easily - page 8. (Read 12634 times)

hero member
Activity: 1372
Merit: 783
better everyday ♥
January 16, 2015, 02:21:50 PM
#62
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley

Now you're cooking!

Why use Bitcoin when you can use fiat.



Oh...you can get robbed at gunpoint...nevermind.


Oh yea, but we can use payment processors like credit cards AMEX, VISA, and Mastercard right?

Maybe go shopping at Target and...WHAT?!!?







Man that shit's no joke.

Damn I though you had a compelling reason, mayax, but just like this thread, very misleading...
sr. member
Activity: 451
Merit: 250
January 16, 2015, 02:09:24 PM
#61
If it is easy then give it a try.

This attach won't work if the input address is not reused.  It gives the hacker the input private key but if that address is spent in the transaction and not reused then it can't be spent again by the attacker.

A simpler version of this attack would be to give the user a wallet which generates knowable private keys.  The attacker then watches all of addresses he has victims generate until he finds bitcoins.  This would work with any wallet the attacker was able to distribute.  Has this been attempted before?
hero member
Activity: 518
Merit: 500
Hodl!
January 16, 2015, 02:06:13 PM
#60
My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.
legendary
Activity: 1470
Merit: 1004
January 16, 2015, 02:00:43 PM
#59
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.


or they can think : why would I use Bitcoin when I have fiat currency and other payment processors?

Yes, I can use Bitcoin to speculate a bubble but nothing more. Smiley
hero member
Activity: 518
Merit: 500
Hodl!
January 16, 2015, 01:58:05 PM
#58
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.
full member
Activity: 182
Merit: 100
January 16, 2015, 01:57:25 PM
#57
Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe. Smiley

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    Grin

Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.
legendary
Activity: 1470
Merit: 1004
January 16, 2015, 01:55:38 PM
#56
OP mostly FUD but good that people are aware of all the attack vectors.  
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.


 how can normal people use such script? Smiley  the normal people wants something safe and simple.

it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
January 16, 2015, 11:54:04 AM
#55
OP mostly FUD but good that people are aware of all the attack vectors. 
Can't be too careful when it comes to large amounts of money.

If you are using electrum, I have published several utility
scripts in the electrum sub forum that you can use
to verify if the addresses and keys from your copy
of electrum are legit.
hero member
Activity: 770
Merit: 500
January 16, 2015, 11:37:05 AM
#54
I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.
hero member
Activity: 1372
Merit: 783
better everyday ♥
January 16, 2015, 11:21:12 AM
#53
well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

Yes, but it is a white hat Hacker and he returned all coins lost:

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

If you keep most of your funds online, you're pretty much asking to get hacked.
hero member
Activity: 882
Merit: 1006
January 16, 2015, 11:18:50 AM
#52
well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?

You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.
full member
Activity: 224
Merit: 100
January 16, 2015, 11:16:25 AM
#51
well, i hope blockchain wallet not going hacked  Cry
is blockchain ever hacked once ?
sr. member
Activity: 300
Merit: 250
January 16, 2015, 10:54:44 AM
#50
not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.
hero member
Activity: 1372
Merit: 783
better everyday ♥
January 16, 2015, 10:30:20 AM
#49
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes

You guys are definitely all wrong.  Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops.  Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him:



Only then can the attacker upload the compromised version of the wallet software.
hero member
Activity: 518
Merit: 500
Hodl!
January 16, 2015, 10:28:56 AM
#48
Not if you turn up the heat remotely on the Nest to make them smarter Cheesy
legendary
Activity: 1274
Merit: 1004
January 16, 2015, 10:27:27 AM
#47
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes
That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
January 16, 2015, 10:25:26 AM
#46
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
You got it all wrong.
It's so much easier to just train the alligators to replace the wallet than to do it yourself. Roll Eyes
legendary
Activity: 1274
Merit: 1004
January 16, 2015, 10:22:08 AM
#45
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction.
It's shocking how insecure Bitcoin is, really.
legendary
Activity: 924
Merit: 1000
January 16, 2015, 10:21:47 AM
#44
I think nowadays most of the people only read the headlines!  Sad

But not all of them go straight to btt and spread FUD!  Angry
legendary
Activity: 1330
Merit: 1003
January 16, 2015, 10:17:10 AM
#43
You have to be using a compromised wallet for this to work.
Pages:
Jump to: