Author

Topic: The issue of BC.i was not only the repeated-R (others may have the same issue) (Read 1132 times)

hero member
Activity: 661
Merit: 503
A simple and secure Bitcoin wallet!
Until today, these vulnerable addresses (currently they are not monitored by 1xy/1aa) are still receiving bitcoins. So please tell users (especially miners) to check their wallet ASAP.
Also new txs with problem r-value are still showing.




hero member
Activity: 661
Merit: 503
A simple and secure Bitcoin wallet!
Says not only repeated R and then proceeds to find the same only Roll Eyes

What is the vulnerability, then?

You can look into the two addresses that we provided for more details.

After all the analysis, we will post more infos here.
legendary
Activity: 1008
Merit: 1000
The issue of blockchain.info (Dec. 8th) was not only the repeated-R. Although it showed out as repeated-R, and people could analyze repeated r values to find out the vulnerable addresses.

------------
------------

But we should notice more BC.i users, because we found out that "1xy......"/"1aa......" are still collecting repeated-r bitcoins.

Says not only repeated R and then proceeds to find the same only Roll Eyes

What is the vulnerability, then?
hero member
Activity: 661
Merit: 503
A simple and secure Bitcoin wallet!
There are other vulnerable addresses related to this issue. It seems not only the blockchain.info but also other online wallet services are affected (although their users are much fewer than BC.i).

We have collected those weak bitcoins to another address : 1824bso2XgKTm7XThA75A2gdMpt3jSxW5M
hero member
Activity: 661
Merit: 503
A simple and secure Bitcoin wallet!
The issue of blockchain.info (Dec. 8th) was not only the repeated-R. Although it showed out as repeated-R, and people could analyze repeated r values to find out the vulnerable addresses.

Since the day before yesterday, Bitcoin users in China asked our team about blockchain.info's problem.
So we started digging into the issue and found out:
It was not only the repeated-R, and there were more users affected by this event.

Some bitcoins on these vulnerable addresses that we found were collected to here: 1PGfLgFtRHgdgvPNvmHMjtsWwF4fyG1jvh

Currently we are continuing to evaluate the consequences.
After we finish all analysis, we will post more details here and try to return these bitcoins to correct users.

Johoe did a great job for saving peoples bitcoins. But we should notice more BC.i users, because we found out that "1xy......"/"1aa......" are still collecting repeated-r bitcoins.

UPDATE 20141220:
send bitcoins to blockchain.info Contact Blockchain Support:
Address : https://blockchain.info/address/1PLn3ru1n7wERPP1BLVV9oAEGGuXUP1eoC
Transaction : https://blockchain.info/tx/540c6fb44bb6f008260b88b104bbb1f577d81b79a4393837179b2290a67f4b3d
Jump to: