Jesse James



Offline



Activity: 29

Merit: 0







NewbieActivity: 29Merit: 0 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 07:17:40 AM

Last edit: August 20, 2013, 08:29:10 AM by Jesse James #22 After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment. I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first. Stay tuned.

Mike Hearn



Offline



Activity: 1526

Merit: 1008







LegendaryActivity: 1526Merit: 1008 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 09:25:55 AM #23 My understanding is that b.i uses the "web crypto" APIs when available, and they should be more or less a direct path through to the platform crypto RNG.



However if the browser does not support those APIs then it basically just invents its own RNG. I recall bringing this issue up before, a long time ago, but I don't remember what became of it.

VTC



Offline



Activity: 83

Merit: 14









MemberActivity: 83Merit: 14 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 09:47:31 AM #24 Quote from: Jesse James on August 20, 2013, 07:17:40 AM After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment. I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first. Stay tuned.



Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet? Is the blockchain wallet safe to make transactions with manual key rotation? Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet? Is the blockchain wallet safe to make transactions with manual key rotation?

Jesse James



Offline



Activity: 29

Merit: 0







NewbieActivity: 29Merit: 0 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 10:16:12 AM #25 Quote from: VTC on August 20, 2013, 09:47:31 AM Quote from: Jesse James on August 20, 2013, 07:17:40 AM After reviewing the blockchain.info wallet source code, I can not recommend using it at the moment. I had a full monty write-up on this earlier, but as I've dug deeper I've decided to take it down so I can communicate my findings to blockchain.info exclusively first. Stay tuned.



Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet? Is the blockchain wallet safe to make transactions with manual key rotation?

Do you advise to meanwhile sweep funds to a fresh new address with blockchain wallet? Is the blockchain wallet safe to make transactions with manual key rotation?

If you are feeling careful, IMHO it would be wise to move to a non-javascript wallet for the time being ... and when you move, do it with a single transaction ... that way even if your signature(s) expose the private key you're moving from, they'll be nothing there left to spend. If you are feeling careful, IMHO it would be wise to move to a non-javascript wallet for the time being ... and when you move, do it with a single transaction ... that way even if your signature(s) expose the private key you're moving from, they'll be nothing there left to spend.

gmaxwell

Legendary



Offline



Activity: 3178

Merit: 4298









StaffLegendaryActivity: 3178Merit: 4298 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 10:21:48 AM #26 Careful with that "move all at once". If your move transaction reveals your private key it may be the case that people are attacking in realtime now and might beat you w/ a double spend.



I would prefer to move the keys into something that doesn't have known DSA nonce concerns and send that movement transaction from there, if at all possible.

piuk



Offline



Activity: 910

Merit: 1001









Hero MemberActivity: 910Merit: 1001 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 11:11:40 AM #27



Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.



Chrome extension - v2.85

Fixefox extension - v1.97

Mac client - v0.11



Users of the web interface should clear their browsers cache before next login.



Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.Chrome extension - v2.85Fixefox extension - v1.97Mac client - v0.11Users of the web interface should clear their browsers cache before next login.Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email help@blockchain.info Try a My Wallet Demo Account

Gaff



Offline



Activity: 924

Merit: 502







Hero MemberActivity: 924Merit: 502 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 01:01:56 PM #29 Is it possible for a bitcoin wallet to scan all previous transactions to check that the r value isn't being reused before broadcasting the new transaction? I appreiciate it might be expensive to calculate if you have a lot of transactions in your wallet O(n^2)? but for most wallets that's a small enough number I'd have thought?

BurtW



Offline



Activity: 2604

Merit: 1078



All paid signature campaigns should be banned.







LegendaryActivity: 2604Merit: 1078All paid signature campaigns should be banned. Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 03:11:26 PM #32



https://bitcointalk.org/index.php?topic=277601.0 Can someone please run the script on these two addresses and determine if this theft was caused by the bad signatures and comment in this thread: Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!

BurtW



Offline



Activity: 2604

Merit: 1078



All paid signature campaigns should be banned.







LegendaryActivity: 2604Merit: 1078All paid signature campaigns should be banned. Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 03:25:26 PM #34 Quote from: Jesse James on August 19, 2013, 11:14:12 PM However, at this point I'm thinking of augmenting it so that it snatches weak funds immediately so I can return funds to peeps who are able to prove ownership of the victim address by signing a message with a bunch of keys with a 1-degree relationship to that address.

I believe that if you can prove that change was sent to the address in a transaction from an address you can prove ownership to (by signing a message) then that should good enough. However, this obviously does not work if no change was ever sent to the address in question. I believe that if you can prove that change was sent to the address in a transaction from an address you can prove ownership to (by signing a message) then that should good enough. However, this obviously does not work if no change was ever sent to the address in question. Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!

guitarplinker



Offline



Activity: 1680

Merit: 1006









LegendaryActivity: 1680Merit: 1006 Re: Blockchain.info security [FUNDS STOLEN] August 20, 2013, 03:38:46 PM #35 I have a few questions:

1. I've only used Google Chrome with my blockchain wallet, and haven't installed the blockchain extensions, only used the website. I've also cleared my cache just a minute ago, am I vulnerable?

2. Were paper wallets at risk with this? Like, just an imported public address, with no private key.

3.) After clearing my cache, is there anything else I should do to make sure I'm secure?