We knew the Large Bitcoin Collider was useless, now we know it's also rootkit

Hydrogen

legendary

Activity: 2562

Merit: 1441

Quote from: Kprawn on April 25, 2017, 10:55:20 AM

Yes, so they say... and the "hits" might be the computers that were Rootkit'ed and where people's private keys was exploited. Grin

... I never run

any strange software on the same computer that I use for Bitcoin. I also generate my private keys on a old computer & printer that will never

see the internet again. I will melt it down myself. Grin

Large Bitcoin Collider being a rootkit makes more sense than it cracking private keys.

LBC is like distributed CPU mining. Even if they had a million people running it, I doubt it would do much with the (relatively) low amount of computational power at its disposal.

aso118

legendary

Activity: 1918

Merit: 1012

★Nitrogensports.eu★

If the possibility of a collision was so small that it is practically impossible, what could be the motivation for people to run it? Greed and nothing else. Seems like people have been trying to exploit this.

Kprawn

legendary

Activity: 1904

Merit: 1074

Quote from: Hydrogen on April 17, 2017, 09:56:04 AM

Large bitcoin collider claims they generated 100 trillion keys and found 5 keys that worked.

I'm not sure I believe that.

A normal password with more than 8 digits can have trillions of possible combinations.

100 trillion keys doesn't seem like it would do anything.

Yes, so they say... and the "hits" might be the computers that were Rootkit'ed and where people's private keys was exploited. Grin

... I never run

any strange software on the same computer that I use for Bitcoin. I also generate my private keys on a old computer & printer that will never

see the internet again. I will melt it down myself. Grin

Victor_sueca

newbie

Activity: 21

Merit: 0

Quote from: buwaytress on April 25, 2017, 10:43:29 AM

Quote from: The Sceptical Chymist on April 19, 2017, 10:55:06 AM

You crazy ass computer people. I had to google what rootkit meant, lol. Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin. The story keeps changing but the result is always the same.

The first time I came across rootkit was when I tried using an app that was supposedly only useable with rootkit, I googled... followed instructions and promptly set about destroying my Android phone. That was years ago and I still don't really know what it is, except that because I am an old fart like you, I must avoid using rootkit if I have to follow a guide.

No *realistic* way to hack Bitcoin, you do mean, right? Wink

Source: Wikipedia

Quote

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.

So yeah, no realistic way to hack bitcoin, even tho this can definitely be used to steal wallet files from people who run the LBC software.

buwaytress

legendary

Activity: 2968

Merit: 3684

Join the world-leading crypto sportsbook NOW!

Quote from: The Sceptical Chymist on April 19, 2017, 10:55:06 AM

You crazy ass computer people. I had to google what rootkit meant, lol. Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin. The story keeps changing but the result is always the same.

The first time I came across rootkit was when I tried using an app that was supposedly only useable with rootkit, I googled... followed instructions and promptly set about destroying my Android phone. That was years ago and I still don't really know what it is, except that because I am an old fart like you, I must avoid using rootkit if I have to follow a guide.

No *realistic* way to hack Bitcoin, you do mean, right? Wink

Victor_sueca

newbie

Activity: 21

Merit: 0

Quick update 2:
Apparently the developer made a new thread at https://bitcointalksearch.org/topic/large-bitcoin-collider-thread-20-1877935, self-moderated this time.

I was trying to push some sense into the conversation aaaaaaaaaaand.....
https://i.imgur.com/pCvPQBG.png
....... it's gone

Censorship pretty much?

Victor_sueca

newbie

Activity: 21

Merit: 0

Quick update:

A couple of days ago there was a conversation between the poster of the reddit post explaining this vulnerability and the developer of the Large Bitcoin Collider. The developer explains like this:

Quote from: rico666 on April 17, 2017, 08:34:35 AM

The client checks it's own source code and will behave with various intensity of response to code tampering
Up to the point where the client deletes itself from your disk if you're driving your tampering ambitions too far.

So, apparently he explains the remote code execution string as a way for the server to prevent tampering.

And here is the problematic string:

Code:

if
(
defined
$answer
->
{eval}
)
{
eval
$answer
->
{eval}
;
}

Yeah, you probably guessed it, this not only allows the program to delete itself, but also to execute any other arbitrary code on your system.

For the full conversation, see this message and the responses that follow it.

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

You crazy ass computer people. I had to google what rootkit meant, lol. Feel like an old fart and thus my feeling is catching up with reality--but there's no way in fuck to hack bitcoin. The story keeps changing but the result is always the same.

BrewMaster

legendary

Activity: 2114

Merit: 1293

There is trouble abrewing

Quote from: Monnt on April 19, 2017, 10:26:15 AM

Good point, shows how you can’t trust everything you see even if a lot of people condone it. What strikes me is that in my opinion someone seeing this would look into it and try to check if this is in fact true. I mean especially if you have to pay for the software. Just goes to show you should check everything twice even three times and extra care for anything anyone says is anything online. Stay safe everybody and be careful.

i think this is partly because of a wrong way of thinking about being "open source". many think that automatically means safe. and since projects like this only attract greedy and uneducated people who don't understand the code, nobody goes through the code and things like this go un-noticed until somebody finally does and everything crumbles.

Monnt

legendary

Activity: 938

Merit: 1002

Good point, shows how you can’t trust everything you see even if a lot of people condone it. What strikes me is that in my opinion someone seeing this would look into it and try to check if this is in fact true. I mean especially if you have to pay for the software. Just goes to show you should check everything twice even three times and extra care for anything anyone says is anything online. Stay safe everybody and be careful.

Hydrogen

legendary

Activity: 2562

Merit: 1441

Quote from: talkbitcoin on April 18, 2017, 05:21:30 AM

damn, why isn't this already in the first page. consider this as a bump.

It seems as if there are farmed accounts that only bump low quality threads.

I have to go to page 2 or 3 to find posts that are informative and interesting.

Not sure why that is, but a lot of forums are structured this way. Undecided

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

So program that offers the possibility of free money turns out to be a program that might get free money for the programmer. Shocker.

talkbitcoin

legendary

Activity: 1372

Merit: 1032

All I know is that I know nothing.

damn, why isn't this already in the first page. consider this as a bump.
is this the same project: https://bitcointalksearch.org/topic/large-bitcoin-collider-collision-finders-pool-1573035
i have seen this a long time ago and thought of it as shady. never went through it though.
and if so why isn't anything being done about it as in removing the topic or banning the user spreading this

also it seems that OP of that topic has been tagged a while ago by gmaxwell
https://bitcointalk.org/index.php?action=trust;u=159476

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: Catmony on April 17, 2017, 12:11:24 PM

Another shit that claims can find private keys of bitcoin addresses to ruin the bitcoin network completely. Challenging sha256 encryption can't be more than a joke.

ECDSA encryption.

SHA-256 is just the hash function used within that.

Catmony

hero member

Activity: 854

Merit: 500

Another shit that claims can find private keys of bitcoin addresses to ruin the bitcoin network completely. Challenging sha256 encryption can't be more than a joke.

Kprawn

legendary

Activity: 1904

Merit: 1074

Another site with bullshit claims that they are listing valid addresses that was hacked, but contains no bitcoins. The electricity bill for the

bruteforcing of millions of private keys will be much more than the possibility to get a address with actual bitcoins that might be worth their

effort. They are looking for a needle in a haystack and doing it blindfolded. Grin

BrewMaster

legendary

Activity: 2114

Merit: 1293

There is trouble abrewing

(i admit i have never wasted time to read it completely to see what it does but this is my understanding).

it is not a brute force, it is not breaking private keys, i think the word collider is not even right.

what it does (to my understanding) is generating private keys from 0 up towards that crazy number that is max (private key is a number after all). on the way up there has been some numbers that contained some amounts and it was a puzzle not real wallets and they found the reward for that puzzle.

i remember reading something like this
between 1 and 2^1 was one private key from this puzzle
between 2^1 and 2^2 another
2^2 and 2^3 another
....
2^101 and 2^101
....

and they found a couple of these on the way up.

Mometaskers

hero member

Activity: 1764

Merit: 584

First time I heard of this. So basically the plan is to brute-force their way to finding all the private keys and use that to get people's coins? I wonder what the people who downloaded and installed this were thinking. It's probably more likely that it's they that will get hacked later.

If ever, guess they deserved it. I mean, why bother with this malicious idea of getting people's money. There's a legal way to get people's money and you don't even have to force them to give it to you. It's called business - providing services or products. Angry

Pearls Before Swine

sr. member

Activity: 1190

Merit: 306

And the chances of them ever finding out what my private keys are, well, that's close enough to zero that I can sleep very well at night holding bitcoin. It's BS anyway, as OP has pointed out. They're not going to colllide anybody's money.

Victor_sueca

newbie

Activity: 21

Merit: 0

Quote from: Hydrogen on April 17, 2017, 09:56:04 AM

Large bitcoin collider claims they generated 100 trillion keys and found 5 keys that worked.

I'm not sure I believe that.

A normal password with more than 8 digits can have trillions of possible combinations.

100 trillion keys doesn't seem like it would do anything.

It may be possible though if some wallet out there gave users keys with bad randomness.

Topic: We knew the Large Bitcoin Collider was useless, now we know it's also rootkit (Read 1412 times)