Topic: Expert Input Only: How Is A Cold Wallet Bter Exchange Hack Possible? (Read 3418 times)

Yes, I tend to agree with Rabbit. If I had to place a bet, I would say - internal job or bad entropy.  

Blockchain.info hack threads describe how private keys, created with bad software, can be hacked from the outside without ever touching the wallet. This is a likely scenario and would work for any wallet, even paper wallets, all that is required is two transactions.

From the looks of it Bter wallet was used lots of times, not really cold storage, so hacker has the two transactions needed.

http://www.coindesk.com/good-samaritan-blockchain-hacker-returned-255-btc-speaks/

My bet, this or the internal job. Will be interesting to watch how this develops, first "real" attack on a so-called cold wallet, pretty scary IMHO.

Depends on whether or not the cold wallet was prepared properly. For example, perhaps they used a compromised hardware wallet, or a weak random number generator.

That said- it reminds me of how when the transaction malleability attack was discovered/described suddenly gox claimed that they had been hacked via this method. Just recently it was discovered that it would be possible to hack cold wallets provided the wallets were generated with weak random numbers or some sort of 'compromised' random number. That way the attacker could empty any wallets generated by the cold wallet generation process. Perhaps they thought this would be a convenient excuse to skip town on.

Like I said its 7000btc.. only a handful of sites

As every of us told : bitcoin is decentralized, and every one has the choice to agree or not agree. It will be impossible to convince all the miners, various exchange , sites, etc...
 

Literally : it is gone.

Now is the time to switch to dex.. something like bitshares or innovate

really 7000btc? atleast we can try

Possibly but this would just be another form of gross incompetence.  A cold wallet is only as secure as its txn data but in this case the cold wallet is only used to fill a hot wallet which makes hardening it against attacks very simple compared to other business models.

The cold wallet can contain the public key of the hot wallet.  The easiest way would be to use a single address for loading the hot wallet but HD wallets make it easier to preserve privacy without a loss of security.  If the hot wallet is using an HD wallet then the ExtendedPublicKey of the hot wallet is kept on the cold wallet machine and it only signs transactions sending an amount to the hot wallet and change back to itself.  This moves all the critical transaction information to the secure offline machine and makes a compromise of the online machine ineffective*.  This only applies in a situation where the cold wallet can be restricted to only send funds to a set of secure addresses.  A general use cold wallet may not have that luxury but an exchange does and everything should be done to harden the company wallet.

Example
For brevity the example uses a single key scenario but this can be done the same way using HD wallet extendedkeys and funds can be sent to ScriptHash (multisig address) instead of PubKeyHash (single key 'normal' address).

Cold Wallet Machine contains:
* Encrypted cold wallet private key
* Hot Wallet Public Key

Online Full node contains:
* Blockchain
* Bitcoind w/ connectivity to bitcoin network peers
* Cold wallet Public Key
* Hot wallet Public Key

STEP 1) Online Machine - use bitcoind and cold wallet public key to locate unspent outputs.  Create unsigned transaction sending funds from Cold Wallet to Hot Wallet with change back to cold wallet.
STEP 2) Online Machine -> Cold Wallet Machine - Transfer unsigned transaction* using offline method
STEP 3) Cold Wallet Machine - Independently verify the txn meets business rules (send acceptable value to hot wallet PubKeyHash and change back to Cold Wallet)
STEP 4) Cold Wallet Machine - Unlock private key and sign transaction.
STEP 5) Cold Wallet Machine -> Online Machine - Transfer signed transaction* using offline method
STEP 6) Online Machine - broadcast transaction to bitcoin network using bitcoind.

*There is another attack vector but it is difficult to exploit and complicates the explanation so it didn't cover it in the example but anyone designing a cold wallet should be aware of it.  A transaction input doesn't specify its value so an attacker could infect a user's online computer to provide false input information to the cold wallet.  The cold wallet may sign a txn thinking the inputs are worth 100 BTC when in reality they are worth 7,000 BTC.  Now if the cold wallet is only sending funds to known secure addresses this doesn't allow the attacker to send funds to any arbitrary address but they could cause the cold wallet to send the difference as a huge fee to miners.  If the attacker then prevented the broadcast of this transaction and mined it into a block he could steal funds this way.  To prevent this today requires giving the cold wallet not just the transaction but also the prior outputs it is spending so it can independently verify their value.   This is secure but greatly increases the complexity and the amount of data to be transferred.  If the txn format was updated so that the value of an input was specified this wouldn't be needed.  To change that however would require a soft fork or hard fork depending on how it was done.

I agree with that, their definition of cold wallet "was wrong". If they was connected on internet (also for 5 minutes) it wasn't more a cold wallet .

Cold Wallet to Bter meant that the computer was located in a room air conditioned to 60F

Now would be a good time for users of other services to question exactly that their exchange or wallet operate means when they say 'cold wallet'.  Cold wallet is just words.  Security is in the details.  I would not be surprised if there are other exchanges operating right now which believe bringing a wallet online for spending is still a 'cold' wallet.

Yeah, it is not a COLD wallet once it touches the internet. Looks like they may have been incorrectly using their "COLD" wallet.

Not a cold wallet than.
Could somebody make a "What is a cold wallet?"-YouTube-Video and send it to these exchanges?

At the moment of the hack, it was a hot wallet. They brought their cold wallet online, to refill another hot wallet, so both were hot wallets at the time. The hacker was patiently waiting for them to do this, because he had already compromised their system, and just waiting for BTER to bring their cold wallet online for funding the hot wallet.

Something similar. Amateurish to the extreme especially when they have been hacked earlier.

So do we agree their cold wallet wasn't a real "cold wallet"? Definition :

Cold storage in the context of Bitcoin refers to keeping a reserve of Bitcoins offline.

For example, a Bitcoin exchange typically offers an instant withdrawal feature, and might be a steward over hundreds of thousands of Bitcoins. To minimize the possibility that an intruder could steal the entire reserve in a security breach, the operator of the website follows a best practice by keeping the majority of the reserve in cold storage, or in other words, not present on the web server or any other computer.

The only amount kept on the server is the amount needed to cover anticipated withdrawals.

Source : https://en.bitcoin.it/wiki/Cold_storage

Strictly speaking flash drive management is part of the cold wallet, one can not use just about any flash drive to transfer signed transaction, flash drive must be as secured as cold wallet machine and not used for anything else, without bootloader, possible hidden executable in flash drive driver etc. Someone with 7000 BTC of other people's money in his hands should have a professional handling the security.

Calling the cold wallet "hacked" is just pushing away responsibility for negligence, and playing dumb.

It seems very unlikely to me that this could be anything other than an inside job.

You'd think an exchange holding 7K BTC would actually have bothered to work out how to properly secure them (and should know what a "cold wallet" is).

A cold wallet should never be connected on internet, I think their "definition" of cold wallet is a little bit wrong. Let see if they will reimburse all the customers (at least a % of each personal fund).

Yo simply cannot hack a cold wallet, therefore:

a) it wasn't a cold wallet
b) somebody who had physical access to the wallet stole the coins.

There are other options (wallet created with compromised software; RNG/entropy problem) but those are extremely unlikely. You can put all your money on either a) or b).

So, did I get this right?
They had a computer, that was usually switched off and when they had to transfer funds, they switched it on, made the transaction and switched it off again. And they called THIS a cold wallet?