Pages:
Author

Topic: Bitcoin thief techniques (Read 3007 times)

full member
Activity: 126
Merit: 100
November 08, 2013, 08:18:18 PM
#28
#2~          if that's your "short but unique" then everything is clear

UPD: also this


fatchickgiveshead,y?causeshehas2..duh

ok, so this is 37 characters, 8 words, 4 symbols

would this have hi entropy?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
November 08, 2013, 07:54:48 PM
#27
One guy got cleaned out of over 300BTC, here is his link from the explorer.

https://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

This is an address I recognize, it is the brainwallet address when "correct horse battery staple" is used as the passphrase.

Anything sent to it is guaranteed to be swept away in short order.
sr. member
Activity: 462
Merit: 250
November 08, 2013, 07:45:45 PM
#26
@PrintMule et al:

I suppose my password could be brute forced, I hadn't intended any great level of security here.  That is why there was only .11BTC to be had.  My own previous attempts at cracking a wallet (my own, of course) weren't all that successful, but the program I had only did a few attempts per second.  I had to seed it with some pretty good guesses or have a 2-character password to get in.

I don't want to reveal the password, but it was on the order of "malleus4" or "centrifugal9" or "rhapsody3".  Oddly enough, PrintMule, the phrase "correct horse battery staple" appears in the address of the guy who got ripped for 300BTC.   

This leaves the questions of:

1.  What malware finds and sends wallet.dat files?  I suppose a decoy wallet might be the thing?  And then rename  your actual wallet  "familyvacation.jpg"?

2.  (the one bugging me the most)  What is the .00006BTC for?

3.  Why wait?  I realized TraderCoin was a virus/keylogger (if that is the source of this theft) and cleaned it up, but if I was more concerned or had more BTC, I would have transferred them out immediately.  The TraderCoin keylogger thing was 10/24/13, almost two weeks earlier.

The .00006BTC could have something to do with a Mastercoin transaction.

See the spec at https://sites.google.com/site/2ndbtcwpaper/ for more info.


Although neither of those addresses have any history at http://mastercoin-explorer.com/
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 08, 2013, 03:07:50 PM
#25
Ok ~180,000 words in the English language, so there are 180,000^4 different variations: 1,049,760,000,000,000,000,000
That's a lot, but a lot of magnitudes less than needed to crack a normal Bitcoin address.
Furthermore you don't need to crack a specific Bitcoin address, if there are multiple people using it the chance to successfully steal Bitcoins increases.

Where am I wrong?

Well 180,000^4 = 2^70  Most passwords have far far far far less than 70 bits of entropy.
While it is harder than brute forcing a private key (which is impossible) it is beyond what is computationally feasible with any reasonable cost/time constraint.

The fact that multiple people might be using the same password doesn't matter in this case.  We aren't talking about a brain wallet.  The attacker would need a copy of the wallet.dat and attempt to brute force that wallet individually. The QT client uses a random 64 bit salt when hashing the passphrase which means there is no precomputation or shared attack possible.  Each potential password has to be salted and check against a single wallet file (which the attacker needs to have access to first).  The QT wallet also employs key strengthening by hashing the password many tens of thousands of times so instead of the attacker getting to use 1 hash = password attempt it is 56,000 hashes = 1 password attempt.

So putting that all together.
2^70 possible passwords.
Assume 2^16 hashes per password so 2^70 * 2^16 =  2^86 hashes needed
A high end GPU can attempt ~1B SHA-2 hashes a second.

2^86 / 1000^3 / 60 / 60 / 24 / 365 =  2,453,426,321 GPU years.   So if you had 1 billion GPUs you would have a 50% chance of brute forcing a single password on a single wallet in a year.


For the record most people probably would use a smaller dictionary so to be safe I would use more words (an additional one or two words adds significant security while still being memorable) but even still it is probably more secure than 90% of the passwords people "think" are safe.  That was the whole point of the cartoon.  The complicated garbage password people try to come up with actually has very little entropy.  A purely random password "h23j2hF@xl-hd$ij" has about 6.5 bits of entropy per symbol so to acheive 70 bits of entropy would require 11 char/smbols.  In the real world most user's password that they think are strong have much much less entropy.  NIST estimate is the average user select 8 digit password with upper, lower, number and symbols has about 18 bits of entropy. 

http://en.wikipedia.org/wiki/Password_strength

Diceware is another example of a method to randomly pick a password by rolling dice and comparing it against a much smaller word list.  The words are chosen to avoid words which may be hard to remember, have alternate spellings, may be mixed with other words, etc.  Even with a much smaller word list diceware is ~12 bits of entropy per word.  6 or 7 words combined with random salt and key hardening is impossible to brute force.

http://world.std.com/~reinhold/diceware.html



hero member
Activity: 896
Merit: 500
November 08, 2013, 02:22:51 PM
#24
#2~         if that's your "short but unique" then everything is clear


And then dictionary attack became a thing...
4 random english words aren't very strong as password.

Noone expects you to have a string of multiple words this long

Everyone's using Xxxxxxx* these days

Also good luck guessing my wallet's pass with dictionary

hint: it's 6 meaningful words  ~28 chars total, plus one word is used in possessive case

DoNotFuckWithPrintMule'sBTCS

That's my guess  Tongue
sr. member
Activity: 364
Merit: 250
November 08, 2013, 02:10:55 PM
#23
And then dictionary attack became a thing...
4 random english words aren't very strong as password.

4 RANDOM words is a very strong password.   Dictionary attacks aren't looking for random words, they are looking for common words, phrases, known used passwords, variations of words (p@ssw0rd), phrases from books/movies/etc.

A dictionary of all 4 combinations of english words is well useless.

Hm, when I said random, I meant randomly selected from the dictionary with no permutation, just like in the picture.
correct horse battery staple

Ok ~180,000 words in the English language, so there are 180,000^4 different variations: 1,049,760,000,000,000,000,000
That's a lot, but a lot of magnitudes less than needed to crack a normal Bitcoin address.
Furthermore you don't need to crack a specific Bitcoin address, if there are multiple people using it the chance to successfully steal Bitcoins increases.

Where am I wrong?
sr. member
Activity: 406
Merit: 250
November 08, 2013, 02:00:04 PM
#22
tacohomonymblueparabola is going to be my new password...

donator
Activity: 1218
Merit: 1079
Gerald Davis
November 08, 2013, 01:51:35 PM
#21
Noone expects you to have a string of multiple words this long

It isn't that "nobody expects" it is that the keyspace is so large you could tell the attack.  BTW my password is 4 random words all lower case please try to crack it and the permutations make it difficult.

The issue is that humans are often bad at random so 4 random words has to be 4 RANDOM words not hey let me think of 4 words randomly.   The problem with the later is why the English language may have thousands of words the common vocabularly (not every word you ever knew but the words most likely for a human to "think up randomly") is much smaller.  Throw in some selection bias and you can end up with a lot less entropy.

legendary
Activity: 966
Merit: 1000
November 08, 2013, 01:50:17 PM
#20
In the chat I'm in now there is a guy who openly accepts that he steals bitcoins and he has an exploit on blockchain according to those he stole from


I strongly suspect this to be the case. I had an excellent password and got hacked. I did a virus scan and didnt come up with anything that looked malicious.
donator
Activity: 1218
Merit: 1079
Gerald Davis
November 08, 2013, 01:47:50 PM
#19
And then dictionary attack became a thing...
4 random english words aren't very strong as password.

4 RANDOM words is a very strong password (assumming the rest of the system is secure, random large number salt, multi-round key hardening, secure algorithm).   Dictionary attacks aren't looking for random words, they are looking for common words, phrases, known used passwords, variations of words (p@ssw0rd), phrases from books/movies/etc.

A dictionary of all 4 combinations of english words is well useless.
full member
Activity: 207
Merit: 120
November 08, 2013, 01:44:13 PM
#18
As far as passwords concerned, is using leetspeak generally a good idea? 

For example:  For a while my password was "monkeyshit" but I typed it in leetspeak so it was "M0nK3y$h17"

Seems pretty secure to me.

Not really. http://optimwise.com/passwords-with-simple-character-substitution-are-weak/.
newbie
Activity: 56
Merit: 0
November 08, 2013, 12:25:07 PM
#17
In the chat I'm in now there is a guy who openly accepts that he steals bitcoins and he has an exploit on blockchain according to those he stole from
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
November 08, 2013, 12:23:00 PM
#16
I just had a minor theft (0.11BTC, I'll live) and while I understand ways I can positively prevent this (offline wallet, etc), I'm quite curious how the thief did this.

 I've downloaded and tried a pile of miners, altminers, etc, including the now infamous "tradercoin" that had a built in keylogger.   



thats it.


legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
November 08, 2013, 12:20:25 PM
#15
Hjwdi%3?hiuqofC9ybsyq!YFrdEDe

A password should look like the example above. Long, random and using caps, numbers, special chars, etc. Never use a word or anything remotely connected to you, such as a pet's name or a child's birthday.
legendary
Activity: 966
Merit: 1000
November 08, 2013, 12:14:52 PM
#14
To decrypt an encrypted wallet.dat two possibilities:
a) keylogger

or

b) you claim short but unique.  Short = worthless password.  If it was short enough it may have simply been brute forced.  If it had been long and unique that would have been more interesting.  Care to share the password?  Hopefully you are not using it anywhere else, you should assume the attacker knows it.

Or

C) Someone has a list of of passwords.

maybe btc-e, coinbase, this forum, blockchain.org?
newbie
Activity: 14
Merit: 0
November 08, 2013, 12:12:45 PM
#13
And one other thing--if you look at the transaction 95054f44018eda3be92f3274cc31d56dc7e84c8a6d0f5919da09a8b9e01aadd2  you'll see that a lot of the addresses involved are related to HHTT Mining Pool, so perhaps someone quite a bit more sophisticated is trying to rip off HHTT?  It would hardly seem worth any significant effort to get my .11BTC, but for 300BTC or more from a pool, I suppose the game changes.
sr. member
Activity: 406
Merit: 250
November 08, 2013, 12:11:17 PM
#12
As far as passwords concerned, is using leetspeak generally a good idea? 

For example:  For a while my password was "monkeyshit" but I typed it in leetspeak so it was "M0nK3y$h17"

Seems pretty secure to me.
newbie
Activity: 14
Merit: 0
November 08, 2013, 11:55:18 AM
#11
@PrintMule et al:

I suppose my password could be brute forced, I hadn't intended any great level of security here.  That is why there was only .11BTC to be had.  My own previous attempts at cracking a wallet (my own, of course) weren't all that successful, but the program I had only did a few attempts per second.  I had to seed it with some pretty good guesses or have a 2-character password to get in.

I don't want to reveal the password, but it was on the order of "malleus4" or "centrifugal9" or "rhapsody3".  Oddly enough, PrintMule, the phrase "correct horse battery staple" appears in the address of the guy who got ripped for 300BTC.   

This leaves the questions of:

1.  What malware finds and sends wallet.dat files?  I suppose a decoy wallet might be the thing?  And then rename  your actual wallet  "familyvacation.jpg"?

2.  (the one bugging me the most)  What is the .00006BTC for?

3.  Why wait?  I realized TraderCoin was a virus/keylogger (if that is the source of this theft) and cleaned it up, but if I was more concerned or had more BTC, I would have transferred them out immediately.  The TraderCoin keylogger thing was 10/24/13, almost two weeks earlier.
hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
November 08, 2013, 06:04:31 AM
#10
#2~         if that's your "short but unique" then everything is clear


And then dictionary attack became a thing...
4 random english words aren't very strong as password.

Noone expects you to have a string of multiple words this long

Everyone's using Xxxxxxx* these days

Also good luck guessing my wallet's pass with dictionary

hint: it's 6 meaningful words  ~28 chars total, plus one word is used in possessive case
member
Activity: 89
Merit: 10
November 08, 2013, 05:39:30 AM
#9
What happens with a locked wallet, when incoming tx is seen by running bitcoind?
Isn't it automatically unlocked for a brief period? Would it be of use to a memory scanning malware?
Just thinking aloud..
Pages:
Jump to: