giantdragon



Offline



Activity: 1582

Merit: 1000









LegendaryActivity: 1582Merit: 1000 Blockchain.info security [FUNDS STOLEN] August 19, 2013, 03:27:16 PM #1

Today I noticed that about 1.8 BTC was stolen from one of the addresses (which used for Anonymous Ads earnings), but funds from other addresses in this wallet were not affected.

This leads me on thoughts that Blockchain.info or Firefox may have some weakness in random number generator like the vulnerability was recently found in the Android.



TXID with my funds gone:



I used Blockchain.info online wallet for small transactions on my Windows 7 64-bit PC with strong password kept in KeePass.Today I noticed that about 1.8 BTC was stolen from one of the addresses (which used for Anonymous Ads earnings), but funds from other addresses in this wallet were not affected.This leads me on thoughts thatlike the vulnerability was recently found in the Android.TXID with my funds gone: https://blockchain.info/tx/975412ecc21a0ad949deba3f47c6ac41e42fb7bd3f7eeb36cc071f151003d8c9

escrow.ms



Offline



Activity: 1260

Merit: 1004



GPG Key-ID: B82BA7E1 | I don't use skype.







LegendaryActivity: 1260Merit: 1004GPG Key-ID: B82BA7E1 | I don't use skype. Re: Blockchain.info security [FUNDS STOLEN] August 19, 2013, 03:37:08 PM #2 https://bitcointalk.org/index.php?topic=271486.msg2907468#msg2907468



Same address, are you sure that you never used wallet on android cell?

I mean same identifier etc. Same address, are you sure that you never used wallet on android cell?I mean same identifier etc.

Jesse James



Offline



Activity: 29

Merit: 0







NewbieActivity: 29Merit: 0 Re: Blockchain.info security [FUNDS STOLEN] August 19, 2013, 11:14:12 PM #7



https://blockchain.info/tx/e05d98ee17d4610eb4e63cf27dd4e63f7128dc28187ae73588ca5562d9391bb8



Inputs 0 and 2 specifically. If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.



The 'k' value was 0x7f561ff2d0a848480f575773dd8b72f17cabc9f202951d9c7392b331b0565f28



I have a tool that can find these things and solve for the private keys but it's a total kludge and I don't use it to snatch funds nor run it on a rolling basis. However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.



... since the guy currently exploiting this at the moment Your transaction with the repeated signature R values is this one:Inputs 0 and 2 specifically. If you can 100% confirm the exact client software / platform / browser that generated this transaction, that would be helpful.The 'k' value was 0x7f561ff2d0a848480f575773dd8b72f17cabc9f202951d9c7392b331b0565f28I have a tool that can find these things and solve for the private keys but it's a total kludge and I don't use it to snatch funds nor run it on a rolling basis. However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.... since the guy currently exploiting this at the moment https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj is just cleaning em up and I'm not holding out hope he has plans to return anything.

smolen



Offline



Activity: 525

Merit: 500







Hero MemberActivity: 525Merit: 500 Re: Blockchain.info security [FUNDS STOLEN] August 19, 2013, 11:59:35 PM #9 Quote from: Jesse James on August 19, 2013, 11:14:12 PM I'm thinking of augmenting it so that it snatches weak funds immediately

The legal risk is too high.

On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier. The legal risk is too high.On the other hand, I thought about writing and releasing such scannerand letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier. Of course I gave you bad advice. Good one is way out of your price range.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4298









StaffLegendaryActivity: 3178Merit: 4298 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 12:11:06 AM #10 FWIW, My logs show someone was complaining at one point a while back their new wallet under chrome had someone elses coin in it. They dropped out before I could extract useful information from them. May be related.



One thing that has long really frightened me about all these webwallets is that if they fail to read from the secure rng they just use some snake oil "randomness" (the mouse position) that has practically no entropy.

Jesse James



Offline



Activity: 29

Merit: 0







NewbieActivity: 29Merit: 0 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 12:22:16 AM #11 Quote from: smolen on August 19, 2013, 11:59:35 PM Quote from: Jesse James on August 19, 2013, 11:14:12 PM I'm thinking of augmenting it so that it snatches weak funds immediately

The legal risk is too high.

On the other hand, I thought about writing and releasing such scanner without touching funds myself and letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

The legal risk is too high.On the other hand, I thought about writing and releasing such scannerand letting people to catch and sue each other. I see every bitcoin-related court case as a good thing that make adoption of Bitcoin by business easier.

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.



Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it? Any lawyers out there?

There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it? Any lawyers out there?

smolen



Offline



Activity: 525

Merit: 500







Hero MemberActivity: 525Merit: 500 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 12:44:21 AM #13 Quote from: Jesse James on August 20, 2013, 12:22:16 AM There's only one address implicated in all the recent thefts so I'm not sure how useful releasing a scanner would be ... other than increasing competition for snatching funds from weak addresses.

I'm eager to refresh my math skills and play with modern cryptography a bit. Looks like RNGs are good target to try bit diffusion methods. But if such attempt will succeed, touching any weak address by myself would be both unethical and legally risky. And by publishing research results I'll shift all such problems to someone else

Quote from: Jesse James on August 20, 2013, 12:22:16 AM Although your first point brings up a larger legal question ... if someone makes their private key public (intentionally or non-intentionally) ... under what conditions (if any) and under what legal theory could a 3rd party be liable for signing with it? Any lawyers out there?

The only way I can see under Russian Federation laws to get to such third party is deriving private key from something protected by copyright. OK, IANAL and that's offtopic here.

I'm eager to refresh my math skills and play with modern cryptography a bit. Looks like RNGs are good target to try bit diffusion methods. But if such attempt will succeed, touching any weak address by myself would be both unethical and legally risky. And by publishing research results I'll shift all such problems to someone elseThe only way I can see under Russian Federation laws to get to such third party is deriving private key from something protected by copyright. OK, IANAL and that's offtopic here. Of course I gave you bad advice. Good one is way out of your price range.