Pages:
Author

Topic: Have I been hacked? how? (Read 11835 times)

newbie
Activity: 85
Merit: 0
August 25, 2013, 03:25:04 PM
#42
Sound frightening but good for the education purpose. Thanks for sharing.
legendary
Activity: 1338
Merit: 1000
August 19, 2013, 04:53:46 PM
#41
This is nothing to do with me i was just posting that the address got more money today
newbie
Activity: 5
Merit: 0
August 19, 2013, 03:50:05 PM
#40
Blockchain keeps wallet keys on hard drive. Do you have any friends familiar with BTC with access to your computer? It is a moment to copy wallet.dat Smiley
legendary
Activity: 1338
Merit: 1000
August 19, 2013, 12:28:07 PM
#39
seems like its at it again 1.8BTC was placed in that address

https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj
member
Activity: 76
Merit: 10
August 11, 2013, 08:12:39 PM
#38
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

http://bitcoin.org/en/alert/2013-08-11-android

We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.

In order to re-secure existing wallets, key rotation is necessary. This involves generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.

If you use Bitcoin Wallet by Andreas Schildbach, key rotation will occur automatically soon after you upgrade. The old addresses will be marked as insecure in your address book. You will need to make a fresh backup.

Updates for other wallet apps should be released shortly.

Some technical details of what exactly has gone wrong inside Android will be released once the upgrade process is reasonably compete. I will keep track of the upgrade status of each wallet app I know about in the post below.
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQEcBAEBCgAGBQJSB7jRAAoJEPLkhhyZiIFvpk8IAI34L0HsEj5wztFl18jQxj74
svaY+eY1mwgWZjjyZlCRlP42B3u5zF2jlh2+taRgM9DaXlECqa3euGe+EmHWirTU
HTTNNg2ZFf7jvruUZ2tanl4Sv34/q/q8w81zL6uJAKK98ZBWuMQ9oPghW1erCAHv
Ke5eoLzGdnwpAN817SLGL2iUgwMpJLu7Jx2HEhF2Yz7Yl1+ScLHzlXSZP65BlpI7
lNeJweQsC0PHPnumde/UIRdcTQqhciY/0xM7HHyrrn00AW56vu4l+/Hb9Mr9rpds
Rx2UEvFXQ5KWX7e8E3+Wx2Rs/w5cYRwwsfzwWIYkoZaJ3ssaPaYAEr5YMO1bz24=
=AFBd
-----END PGP SIGNATURE-----

legendary
Activity: 1526
Merit: 1129
August 10, 2013, 02:52:49 PM
#37
The version of Android you're on would also be useful.
legendary
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
August 10, 2013, 11:09:03 AM
#36
crazy that it seems to be the android app

So far 55.82152538 BTC have been taken (see https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj)

If what johoe says is true then this bug of every once in a while reusing the same random number may exist in both the blockchain.info android wallet and the Andreas Schildbach Android Wallet.

Perhaps they both use the same faulty random number generation library?  It would be very interesting to look at all the libraries used by both applications and focus on the crypto libraries used by both applications.

A third point of reference might be this:

this happened to me recently they removed the funds from my gambling account.

Bitcoinnoob420:  please give us as many details as you can on your case.  Did the gambling client in question use the android phone?

johoe:  can you give us more details please?
legendary
Activity: 1338
Merit: 1000
August 08, 2013, 01:10:30 PM
#35
crazy that it seems to be the android app
newbie
Activity: 9
Merit: 0
August 08, 2013, 10:39:55 AM
#34
this happened to me recently they removed the funds from my gambling account.
full member
Activity: 217
Merit: 241
August 08, 2013, 08:55:52 AM
#33
@Xeno-Genesis

For you the bad transactions were
https://blockchain.info/tx/b6350f4339a59faf09bfc2a4086c2261598f46f257517ce53785145c964799bc
https://blockchain.info/tx/38fbb8a3ff718dd7c8006feb6aa9ed6add1772522781b0db95abb350a859220b

which use the same R-value in the signature.  It is strange that the same random number was generated in two transactions that are four days apart.  This doesn't fit the usual pattern. Which bitcoin client do you use?

The stealing transaction occured less then five hours after the transaction that reused the R-value.

full member
Activity: 217
Merit: 241
August 08, 2013, 06:48:38 AM
#32
Hello,

The problem is that the bitcoin application generates bad signatures, reusing random numbers. In this case this transaction was the culprit:

https://blockchain.info/de/tx/54ac98e2301b9c7fdab5cfe93907032cc1248f9d5995cee70f38e98ba93d2d7f

Can you confirm that the transaction (sending 0.02 BTC to 1DzUV...) was generated by the android app?  You should send a bug report to the author of the app you used to generate this transaction.  The problem is that it uses the same r-value b8e6c364b50eada68923eb07930b294411826e6068f0dcbe7514154881d75812 twice in the signature, which is enough to break the ECDSA signature scheme and reveal the public key (5HrE9sgmeWu6mW...). Everyone can break the key with this information.

This problem occurs more and more frequently in recent times.  Usually there is a transaction to the 1Hkywx.. address within a few hours after the bad transaction, so it seems someone has a script that monitors this problem. 

At the moment there are 147 exposed keys.  The recent ones usually have a lot of transactions before the problem occurs, so it seems to occur rarely, but it occurs several times a month (worldwide).

I hope this post sheds some light into the problem.
jr. member
Activity: 38
Merit: 1
August 05, 2013, 12:16:47 PM
#31
haimcn, was your wallet generated using the Android Blockchain.info app or was it generated from a regular PC using the web browser interface to Blockchain.info?
vip
Activity: 1316
Merit: 1043
👻
August 05, 2013, 11:35:02 AM
#30
FYI, Inputs.io has much stronger security features. An attacker signing in from a remote location would need to also compromise your email and PIN which is very difficult to keylog.
jr. member
Activity: 38
Merit: 1
August 05, 2013, 11:16:04 AM
#29
My friend has an Android phone with Andreas Schildbach Android Wallet in it. Last night it sent all the bitcoins in the phone to that same Bitcoin address. We don't understand how it got hacked yet. We're investigating. This is the transaction:

https://blockchain.info/tx/211c135e58dc55bcce4c71dc02eae2dffc5a55387c29e8144bf1cd1e8878e52e
newbie
Activity: 28
Merit: 0
July 07, 2013, 05:50:02 PM
#28
I don't think you will get return your coins.  Sad
newbie
Activity: 42
Merit: 0
July 07, 2013, 04:30:12 PM
#27
Maybe is better to be careful with BTC on smartphones:
'Master key' to Android phones uncovered
http://www.bbc.co.uk/news/technology-23179522

ARF !
newbie
Activity: 15
Merit: 0
July 07, 2013, 04:21:38 PM
#26
Are you sure you have been robbed and you aren't trolling us all?
I wish!!
I don't really have what to gain by that...
legendary
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
July 07, 2013, 04:18:27 PM
#25
Maybe is better to be careful with BTC on smartphones:
'Master key' to Android phones uncovered
http://www.bbc.co.uk/news/technology-23179522
hero member
Activity: 630
Merit: 500
Bitgoblin
July 07, 2013, 04:12:48 PM
#24
That said, your coins are sitting here, and this is quite a strange address.
Created in march with two big (20, 24 BTC) transactions, fueled with some more strange transactions (with the same input address appearing multiple times in the same transaction), no outgoing transactions ever.

Also, I'm not sure how the blockchain.info taint analysis works, but I find it quite odd that your source address appears with a count of 108, instead of 1 as I would have expected.

Are you sure you have been robbed and you aren't trolling us all?
Anyone who knows how that taint analysis works care to shed some light?
newbie
Activity: 56
Merit: 0
July 07, 2013, 04:05:07 PM
#23
Hi

I'm not that newbie, or at least i thought so, but I think I have been hacked and I wondered if someone can hint on how.

I used my account in blockchain.info for satoshidice gambling from address 16io8zfbhStqe9WVdHN3JLzc29D73okaoy.
On Saturday, 45 minutes after a the last satoshidice transactions, an unknown transaction emptied my wallet.

First, I assume I have nothing to do with it and the coins were lost, correct?
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.

Thanks, Haim

What the fuck !
Pages:
Jump to: