Pages:
Author

Topic: Brain Wallet hacked, suspect bitcoin talk hackers. - page 3. (Read 5564 times)

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
Hi everyone,

This serves as another lesson to make your brain wallets silly hard to hack.

My Brain wallet, in the form of example123example123example123 (example123 was my bitcoin talk password,) was hacked resulting in the loss of 12btc I had freshly put in there. Before I noticed it was hacked I sent another 7btc there and luckily got it out before the hacker did.

This was my brain wallet 17z2uppQS9fyag5KtbQ6KNiCBrNSL1z64r

This is the Hackers wallet, with the funds in it at the time of writing 153h8BH61rQgfyujZjJqjQNSsRK2Hsaf3A


The community might take interest in this address as the hackers of bitcoin talk are prime suspects.

Its crazy, is this guy lucky or is it really that easy to hack brain wallets??

Take care!

you could buy a hardware wallet, that is safer than your password:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
legendary
Activity: 1204
Merit: 1028
After this experience you should go to the highest level of security,
which is true cold storage.  You generate your keys on a machine
that has never been online and never will be, and use physical
coins/dice to generate entropy. 

Well, the Winklevoss brothers use Brain Wallet, or at last that's what i've seen on the latest interview. I would never store all of my wallets on a brain walled tho, just "spending money" like you do with Mycellium etc (im hoping no one stores their main stack Mycellium..)
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
After this experience you should go to the highest level of security,
which is true cold storage.  You generate your keys on a machine
that has never been online and never will be, and use physical
coins/dice to generate entropy. 
sr. member
Activity: 462
Merit: 250
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 

Thx mate,

I have used the password elsewhere, but I think it was secure up until the hack.

Im using mozilla firefox. Never had troubles with it before. On firefox Im using FVD speed Dial. Java and adobe are installed on my computer for things like multibit and youtube etc.... Im not computer savy so no im not sure anything cant be used as key loggers but I have developed trust in Linux systems. Is that wrong?

It's not about Linux.
It could be a malicious website you have visited running a malicious script.
That script could do many things, one of them is to install a backdoor to your system.

You should always scan links you are uncertain of with virustotal.com
And even then, you are still not 100% safe.

That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??

Not simple, but doable.
Haven't you ever wondered why so many newbie accounts in the forums posting suspicious links?
Because it is exactly that, suspicious links.

And now that I mention it, did you click on any links in the forum lately from newbies?

EDIT: That does not mean that Sr. or Hero members are credible.
If you head over to the digital goods section you will see quite a few of them for sale.
legendary
Activity: 3248
Merit: 1070
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 

Thx mate,

I have used the password elsewhere, but I think it was secure up until the hack.

Im using mozilla firefox. Never had troubles with it before. On firefox Im using FVD speed Dial. Java and adobe are installed on my computer for things like multibit and youtube etc.... Im not computer savy so no im not sure anything cant be used as key loggers but I have developed trust in Linux systems. Is that wrong?

It's not about Linux.
It could be a malicious website you have visited running a malicious script.
That script could do many things, one of them is to install a backdoor to your system.

You should always scan links you are uncertain of with virustotal.com
And even then, you are still not 100% safe.

That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??

having java installed will surely help the hacker, when you click on some random ad that hide a malicious scrypt

also i think you should use chrome, is far more secure
legendary
Activity: 924
Merit: 1001
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 

Thx mate,

I have used the password elsewhere, but I think it was secure up until the hack.

Im using mozilla firefox. Never had troubles with it before. On firefox Im using FVD speed Dial. Java and adobe are installed on my computer for things like multibit and youtube etc.... Im not computer savy so no im not sure anything cant be used as key loggers but I have developed trust in Linux systems. Is that wrong?

It's not about Linux.
It could be a malicious website you have visited running a malicious script.
That script could do many things, one of them is to install a backdoor to your system.

You should always scan links you are uncertain of with virustotal.com
And even then, you are still not 100% safe.

That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??
sr. member
Activity: 462
Merit: 250
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 

Thx mate,

I have used the password elsewhere, but I think it was secure up until the hack.

Im using mozilla firefox. Never had troubles with it before. On firefox Im using FVD speed Dial. Java and adobe are installed on my computer for things like multibit and youtube etc.... Im not computer savy so no im not sure anything cant be used as key loggers but I have developed trust in Linux systems. Is that wrong?

It's not about Linux.
It could be a malicious website you have visited running a malicious script.
That script could do many things, one of them is to install a backdoor to your system.

You should always scan links you are uncertain of with virustotal.com
And even then, you are still not 100% safe.
sr. member
Activity: 462
Merit: 250
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.

i think that kind of password is not good choice for online use when you have some coins in a address, as i use 4 different kind of passwords and make them in a combination like my favorite place, car,food and day with mix of 5 letters for example : 1paris2honda3burger4weekend5 ... i think that kind of combination more secure to use.



Adding special characters like: ! # @ $ & etc also makes a password stronger.
Also try and add it in the middle, e.g.: PaS#sW@o$r&d!

And of course the usual combo of upper-lower case and numbers
True, using special characters make it several orders of magnitude harder to crack, the problem is,you need at least 12 different words for a decent amount of protection. There are high chances that you eventually forget about 1 word. Brainwallets are tempting but im still scared to forget the seed password, and typing it defeats the purpose of a brain wallet.

I know what you mean.
Personally I just use Bitcoin Core.
i have a cold wallet which I can send funds to and a wallet I use for everything else (small amounts)
legendary
Activity: 924
Merit: 1001
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 

Thx mate,

I have used the password elsewhere, but I think it was secure up until the hack.

Im using mozilla firefox. Never had troubles with it before. On firefox Im using FVD speed Dial. Java and adobe are installed on my computer for things like multibit and youtube etc.... Im not computer savy so no im not sure anything cant be used as key loggers but I have developed trust in Linux systems. Is that wrong?
hero member
Activity: 770
Merit: 509
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.

i think that kind of password is not good choice for online use when you have some coins in a address, as i use 4 different kind of passwords and make them in a combination like my favorite place, car,food and day with mix of 5 letters for example : 1paris2honda3burger4weekend5 ... i think that kind of combination more secure to use.

Adding special characters like: ! # @ $ & etc also makes a password stronger.
Also try and add it in the middle, e.g.: PaS#sW@o$r&d!

And of course the usual combo of upper-lower case and numbers
True, using special characters make it several orders of magnitude harder to crack, the problem is,you need at least 12 different words for a decent amount of protection. There are high chances that you eventually forget about 1 word. Brainwallets are tempting but im still scared to forget the seed password, and typing it defeats the purpose of a brain wallet.
sr. member
Activity: 462
Merit: 250
Can I ask why you used bitaddress.org to create an address instead of creating one in Bitcoin Core?

Also, it doesn't seem like the usual brainwallet hack.
So it must either be that your PC is compromised, bitaddress is compromised or the forum hacker(s).

I lean towards the first case scenario.

I didnt know that you can use bitcoin core to generate brain wallets. Im interested in that.

Im also worried that my computer is compromised, but I have made some bait wallets with some btc in them in a similar fashion and so far nothing. I have another brain wallet generated on bitaddress.com from a few months back which is uncompromised too.



No, AFAIK Bitcoin Core can generate a new standard address (for the moment), not a brainwallet address.
If you want brainwallet address the I would suggest you actually download the github files and create addresses from an offline computer that is never to access the internet.
hero member
Activity: 774
Merit: 500
Lazy Lurker Reads Alot
Sorry for your loss.

It might be that the hackers have used the forum to get this kinda information.
But on the other hand if it was not related to the forum hack, it could happen easily if you used the same password elsewhere.
What browser did you use and does it have plugins installed or toolbars ?
If so are you sure they can not be used as keyloggers ?
In any case the btc is gone forever, and there is nothing anyone can do about it.
 
legendary
Activity: 924
Merit: 1001
Can I ask why you used bitaddress.org to create an address instead of creating one in Bitcoin Core?

Also, it doesn't seem like the usual brainwallet hack.
So it must either be that your PC is compromised, bitaddress is compromised or the forum hacker(s).

I lean towards the first case scenario.

I didnt know that you can use bitcoin core to generate brain wallets. Im interested in that.

Im also worried that my computer is compromised, but I have made some bait wallets with some btc in them in a similar fashion and so far nothing. I have another brain wallet generated on bitaddress.com from a few months back which is uncompromised too.

sr. member
Activity: 462
Merit: 250
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.

i think that kind of password is not good choice for online use when you have some coins in a address, as i use 4 different kind of passwords and make them in a combination like my favorite place, car,food and day with mix of 5 letters for example : 1paris2honda3burger4weekend5 ... i think that kind of combination more secure to use.

Adding special characters like: ! # @ $ & etc also makes a password stronger.
Also try and add it in the middle, e.g.: PaS#sW@o$r&d!

And of course the usual combo of upper-lower case and numbers
hero member
Activity: 896
Merit: 1000
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.

i think that kind of password is not good choice for online use when you have some coins in a address, as i use 4 different kind of passwords and make them in a combination like my favorite place, car,food and day with mix of 5 letters for example : 1paris2honda3burger4weekend5 ... i think that kind of combination more secure to use.
sr. member
Activity: 462
Merit: 250
Can I ask why you used bitaddress.org to create an address instead of creating one in Bitcoin Core?

Also, it doesn't seem like the usual brainwallet hack.
So it must either be that your PC is compromised, bitaddress is compromised or the forum hacker(s).

I lean towards the first case scenario.
legendary
Activity: 924
Merit: 1001
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.

Thanks.

I guess this must have been the case, although it still seems so unlikely to me that people would even try this while there are so many possible combinations of passwords.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
When generating a brain wallet, you MUST use something like DICEWARE and have at least 96 bits of entropy. Only then will you be "safe".

I have a still unhacked brainwallet that I created back in 2012 using "my own brain" so I think MUST in regards to DICEWARE or the like is overstating things a tad (recommended might be a more reasonable way to put it).

Your password had very low entropy - it was just a matter of time. Repeating words in patterns does NOTHING against an attack.

Password123 and the same repeated 10x is worthless.

That of course depends upon the method being used to brute force your password but very simple patterns such as repeating once or twice are not going to help much (as presumably was the case here).
legendary
Activity: 924
Merit: 1001
When generating a brain wallet, you MUST use something like DICEWARE and have at least 96 bits of entropy. Only then will you be "safe".

Your password had very low entropy - it was just a matter of time. Repeating words in patterns does NOTHING against an attack.

Password123 and the same repeated 10x is worthless.

I know that Password123 is literally worthless, but are you saying that a stronger password such as YankeeDoodle123 is useless too? surely a password like YankeeDoodle123YankeeDoodle123YankeeDoodle123 would be very unlikely to be hacked?? and three times the password would mean at least 3x the difficulty to hack no? if hackers need to combine every password in multiples of three they must be doing 3x the work (which is already a lot in the case of YankeeDoodle123!?)
hero member
Activity: 770
Merit: 500
I am sorry you lost so much bitcoins, but you should have immediately changed your brainwallet after the site went offline.

After all cracking brain wallets is easy if you have a the right "dictionary". Let's say the hacker managed to crack 50% of all easy to crack bitcointalk passwords and put them in his "dictionary". Then he tried different possibilities of all the passwords:

cracked: password
try: passwordpwassword, PASSWORDPASSWORD, passwordpasswordpassword, passwordpasswordpasswordpassword, password1password2password3, etc.


I am sure you are not the only one who lost some bitcoins this way.

Don't use the same password twice. Don't use a similar passwords.
Pages:
Jump to: