btcspry



Offline



Activity: 132

Merit: 17







MemberActivity: 132Merit: 17 BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 09, 2015, 07:53:09 PM

Last edit: August 10, 2015, 01:20:02 AM by btcspry Merited by DarkStar_ (4), LoyceV (2), bL4nkcode (1) #1



Following the announcement and presentation of the software implementation, BrainWallet's website has been shut down. The latest commit on their GitHub page removed the website and replaced it with a parked page, saying that the project is now closed.



However, there are still many safe BrainWallets. As of now, it is recommended that you clean the balance out of your BrainWallet and into a safer storage method. It is important to note that Ryan, the developer of this program, did not take any of the bitcoins. He attempted to alert the owner of 250BTC that their bitcoins are at risk. However, he has not personally gained anything from this, and works for the betterment of the bitcoin community.



While many BrainWallet cracking tools have existed over time, Brainfalyer is many orders of magnitude faster. It uses Bloom Filters to effectively and quickly check if addresses have been used, which increases its speed. Various other optimizations have made is very efficient as well. In the next months, it can be expected that other hackers will be creating botnets, and various other large scale attacks against brain wallets. It is no longer safe to use a BrainWallet. Transfer funds out immediately!



The presentation regarding general information about the attack is available

The source code for the project is available



If you are one of the lucky BrainWallet users who have not haven your bitcoins stolen, we have hosted the BrainWallet code on our website. It can be used to transfer your bitcoins to a safer medium. A Trezor or



Please do not take this warning lightly. Over 730BTC were available for theft thoughout the history of BrainWallet. Please ensure that your bitcoins are not part of the ones that are taken in the future. Save your bitcoins today, and transfer them to a safe storage system such as a Trezor or an Electrum Cold Storage wallet. In light of recent events, it has been proven that BrainWallet is now no longer regarded as safe. At Defcon 23 (running August 6-9 2015), a whitehat hacker (named Ryan) released a program (codenamed Brainflayer) capable of checking 10s of thousands of brainwallets per second. During his research, he discovered private keys for addresses that at some point held over 730BTC. Many of the phrases were regarded as generally safe. However, they were still cracked by his program. BrainWallet as a whole is now being regarded as unsafe for use. While experts have considered it unsafe for a long time, this is one of the first practical implementations that proves exactly how unsafe they are as a wallet choice.Following the announcement and presentation of the software implementation, BrainWallet's website has been shut down. The latest commit on their GitHub page removed the website and replaced it with a parked page, saying that the project is now closed.However, there are still many safe BrainWallets. As of now, it is recommended that you. It is important to note that Ryan, the developer of this program, did not take any of the bitcoins. He attempted to alert the owner of 250BTC that their bitcoins are at risk. However, he has not personally gained anything from this, and works for the betterment of the bitcoin community.While many BrainWallet cracking tools have existed over time, Brainfalyer is many orders of magnitude faster. It uses Bloom Filters to effectively and quickly check if addresses have been used, which increases its speed. Various other optimizations have made is very efficient as well. In the next months, it can be expected that other hackers will be creating botnets, and various other large scale attacks against brain wallets.The presentation regarding general information about the attack is available on Ryan's website. The source code for the project is available on GitHub If you are one of the lucky BrainWallet users whowe have hosted the BrainWallet code on our website. It can be used to transfer your bitcoins to a safer medium. A Trezor or Electrum (cold storage) wallet is recommended for users with larger amounts of bitcoin. They are easy to set up, and are many times safer than your BrainWallet. To use the BrainWallet software, go to our website's hosting of BrainWallet . For smaller amounts of bitcoin, you can use the website implementation itself. For larger amounts, click the "Download ZIP" button in the footer of the website. From there, you can generate the private key and transfer your bitcoins before theft occurs.

AWARD-WINNING

CASINO CRYPTO EXCLUSIVE

CLUBHOUSE 1500+

GAMES 2 MIN

CASH-OUTS 24/7

SUPPORT 100s OF

FREE SPINS PLAY NOW Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertisd sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegl in your jurisdiction. Advertise here.

ryanc



Offline



Activity: 105

Merit: 58







MemberActivity: 105Merit: 58 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 10, 2015, 12:36:00 AM #6 I want to be absolutely clear - other than by accident (and those coins were returned within minutes) - I have not taken anyone's bitcoins. I will be following up with a blog post sharing more details of my research soon.



You could try asking btcrobinhood on reddit - they have a bot that sweeps brainwallets. I believe that their policy is to return 100% if you are able to demonstrate ownership sufficiently.



I would consider helping to recover forgotten brainwallet passphrases (using a tailored search), but I don't have a policy on this at the moment.

tautvilis



Offline



Activity: 179

Merit: 100







Full MemberActivity: 179Merit: 100 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 10, 2015, 09:13:31 AM #7 Quote from: ryanc on August 10, 2015, 12:36:00 AM I want to be absolutely clear - other than by accident (and those coins were returned within minutes) - I have not taken anyone's bitcoins. I will be following up with a blog post sharing more details of my research soon.



You could try asking btcrobinhood on reddit - they have a bot that sweeps brainwallets. I believe that their policy is to return 100% if you are able to demonstrate ownership sufficiently.



I would consider helping to recover forgotten brainwallet passphrases (using a tailored search), but I don't have a policy on this at the moment.

So you mean you not only don't have my BTC you don't have anyone's BTC?So who is that whitehat who has 800BTC.I already messaged robinhood but he didn't seem to post for months.And I don't need to get my passphrase back I have a private key of that wallet. So you mean you not only don't have my BTC you don't have anyone's BTC?So who is that whitehat who has 800BTC.I already messaged robinhood but he didn't seem to post for months.And I don't need to get my passphrase back I have a private key of that wallet.

foxkyu



Offline



Activity: 938

Merit: 1000







Hero MemberActivity: 938Merit: 1000 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 10, 2015, 10:01:27 AM #8 Quote from: ryanc on August 10, 2015, 12:36:00 AM I want to be absolutely clear - other than by accident (and those coins were returned within minutes) - I have not taken anyone's bitcoins. I will be following up with a blog post sharing more details of my research soon.



You could try asking btcrobinhood on reddit - they have a bot that sweeps brainwallets. I believe that their policy is to return 100% if you are able to demonstrate ownership sufficiently.



I would consider helping to recover forgotten brainwallet passphrases (using a tailored search), but I don't have a policy on this at the moment.

i'm glad we have a white hacker like you. you inform us about bug on brain wallet and didn't steal anyone bitcoin.

mostly people will take their bitcoin if they found the bug, but you are not. thanks to you. i'm glad we have a white hacker like you. you inform us about bug on brain wallet and didn't steal anyone bitcoin.mostly people will take their bitcoin if they found the bug, but you are not. thanks to you.

medUSA



Offline



Activity: 952

Merit: 1003





--Signature Designs-- http://bit.ly/1Pjbx77







LegendaryActivity: 952Merit: 1003--Signature Designs-- http://bit.ly/1Pjbx77 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 10, 2015, 11:54:06 AM #9 Quote https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

I originally thought there was a backdoor to the key generation algorithm. After reading the PDF, I believe it's boarder list generation and more efficient way of checking balance. At the end, boils down to weak phrases: Brainwallet users believe they can created a phrase that no one could ever think of.



I don't use brainwallets because I do not trust myself with remembering the phrase. If I need to write it down, it defeats the purpose of using brainwallets. I originally thought there was a backdoor to the key generation algorithm. After reading the PDF, I believe it's boarder list generation and more efficient way of checking balance. At the end, boils down to weak phrases: Brainwallet users believe they can created a phrase that no one could ever think of.I don't use brainwallets because I do not trust myself with remembering the phrase. If I need to write it down, it defeats the purpose of using brainwallets.

ryanc



Offline



Activity: 105

Merit: 58







MemberActivity: 105Merit: 58 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 10, 2015, 02:08:03 PM #12 Quote from: tautvilis on August 10, 2015, 09:13:31 AM So who is that whitehat who has 800BTC.



btcspry said that based on a misunderstanding of some sort. What I said was that I ran a "peak balance analysis" on all the brainwallets I cracked, and the total was about 733 BTC. This does not reflect the balances they had when I found them - it's the most they ever held. I do not know how much of this was moved out by the legitimate owners and how much was stolen. btcspry said that based on a misunderstanding of some sort. What I said was that I ran a "peak balance analysis" on all the brainwallets I cracked, and the total was about 733 BTC. This doesreflect the balances they had when I found them - it's the most theyheld. I do not know how much of this was moved out by the legitimate owners and how much was stolen.

jdebunt



Offline



Activity: 1582

Merit: 1010







LegendaryActivity: 1582Merit: 1010 Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. August 11, 2015, 07:38:16 AM

Last edit: August 11, 2015, 03:39:53 PM by jdebunt #15



If you remove the human part, you're stuck with a third party.



There is no proper implementation to do this in a trustless environment. On paper, the idea of Brainwallet sounded great. But the biggest problem is the human element in the equationIf you remove the human part, you're stuck with a third party.There is no proper implementation to do this in a trustless environment.