Pages:
Author

Topic: my wallets were stolen just now, can any one help me? - page 6. (Read 12255 times)

member
Activity: 98
Merit: 10
hero member
Activity: 607
Merit: 500
You can't spot issues with bad RNG (due to Android or any other future bug) by just eyeballing the signature.   The signature won't be identical as the signature is a signing of the hash of the simplified tx.  Since any two txs will be different the hash will be different and the signature will be different as well.  

I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:

Tx 1: R1, R1
Tx 2: R2, R2

However if your RNG is flawed and spits out two identical random numbers, it becomes:

Tx 1: R, S1
Tx 2: R, S2

And because of that we can calculate the private key used to generate these signatures using equation below:

Private key = (e1*S2 - e2*S1)/(R*(S1-S2))

Where e1 and e2 are hashes of the transaction, which are also public knowledge.

So the point is - you can spot an issue (a specific kind of issue) with the RNG just by looking at the signatures.

Source: PS3 hack slides and Nils Schneider's blog
member
Activity: 61
Merit: 10
member
Activity: 98
Merit: 10
Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/
sr. member
Activity: 490
Merit: 250
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left



Oh come on now, don't throw salt in this users wound.  If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket.  You'd tell people they stole ALL your money too.
full member
Activity: 238
Merit: 100
The Bitcoin Catalog ---> Get Started!
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Also, thanks to D&T for your great post (as always).

However, let's talk about your password on blockchain.info.  How many characters is it?  Did you use the same password anywhere else?  Was it "strong" and "long"?
legendary
Activity: 1568
Merit: 1001
Holy crap!! I sure hope we can get to the bottom of this. Sad
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
Thanks, deleting my stupid post now.
member
Activity: 98
Merit: 10

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
Did you have 2 factor authorization activated on blockchain.info?
sr. member
Activity: 366
Merit: 258
Can you contact blockchain to get a record of logins to your account?  You may have a key stroke logger program that is installed on your machine and they just collected your login info from that data.  If blockchain shows someone logged in as you, at a time that doesn't look familiar to you, they probably used more traditional hacking methods to get access.  Let's rule out the easy stuff first.
donator
Activity: 1218
Merit: 1079
Gerald Davis



304402205713e765e3c010b6d8f7bfee8e574f1423c88fdd9504d4ec0128b8f6f0037e6702204f625cb1772dc54dcc662cabade0a20141b849e5e4b4d80c98876c42bcd5f98f01 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

and

3046022100ce9509ae9b442f0ad2684b7fd83923b4f6df70c9197f22c616c429a6efac03a3022100da424212a11effccc7eadf8bf532250911706636483376dbd5ef04033f75104201 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5


The signatures are not the same.  The bolded portions is the public key and it will remain the same for all tx from the same address.
What is commonly (and incorrectly) referred to as the "signature" is actually the "ScriptSig & PubKey".  
The portion beginning with 0x30 is the actual signature.  The portion of the signature that is the unique random number is underlined (thank for correction: M4v3R).
The portion  beginning with 0x04 is the pubkey.

This diagram might help it shows a breakdown of the TxIn structure.
https://en.bitcoin.it/w/images/en/e/e1/TxBinaryMap.png

For secure ECDSA signatures one must use a nonce (number used once) which hasn't already been used in a prior signatures.  Although it doesn't need to be random (just unique) large random numbers are normally used to simplify nonce selection.  If the nonce is reused then the private key can be reconstructed from the other information.  The android flaw is that it duplicated random numbers however the OP indicated he doesn't use an android phone.

On edit: r value can be "eyeballed" but it is the portion underlined not the bolded portion.  Thanks M4v3R
hero member
Activity: 607
Merit: 500
@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
full member
Activity: 151
Merit: 100
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

...
I am looking into it but so far it looks like your are the victim of a known issue, the bad signature bug caused by a faulty secure random number generator.
...
News: Due to a serious flaw in Android, all users of Android-based wallets must take immediate action. More info

You can find out more there.


But he said "i don't use android phone." does this RNG problem affects web wallets too, then whole internet is doomed
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left

member
Activity: 61
Merit: 10
What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
IP address shows France but it could just be a hop.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?
full member
Activity: 151
Merit: 100
full member
Activity: 151
Merit: 100
If you don't mind me asking, how were these coins stored and secured? It might help if you can figure out how they were compromised.
Pages:
Jump to: