chessnut



Offline



Activity: 924

Merit: 1001









LegendaryActivity: 924Merit: 1001 Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:00:18 AM #1 Hi everyone,



This serves as another lesson to make your brain wallets silly hard to hack.



My Brain wallet, in the form of example123example123example123 (example123 was my bitcoin talk password,) was hacked resulting in the loss of 12btc I had freshly put in there. Before I noticed it was hacked I sent another 7btc there and luckily got it out before the hacker did.



This was my brain wallet 17z2uppQS9fyag5KtbQ6KNiCBrNSL1z64r



This is the Hackers wallet, with the funds in it at the time of writing 153h8BH61rQgfyujZjJqjQNSsRK2Hsaf3A





The community might take interest in this address as the hackers of bitcoin talk are prime suspects.



Its crazy, is this guy lucky or is it really that easy to hack brain wallets??



Take care!



http://www.coindesk.com/price



https://docs.google.com/spreadsheets/d/1JoeyzXgMXYFq3pixDTsqkNKLJI5iz0eOU_P-tfQAny4/edit?pli=1#gid=1512098707 One hoarse laugh is worth a thousand syllogisms.

NUFCrichard



Offline



Activity: 1218

Merit: 1003







LegendaryActivity: 1218Merit: 1003 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:07:27 AM #3 Sorry to hear that.

I don't understand exactly how that happened to you, what information did you have on your bitcointalk account that helped them hack your brain wallet?



It is the number one reason why bitcoin hasn't taken off as we all hope, security is much harder to perfect than almost everyone thinks

chessnut



Offline



Activity: 924

Merit: 1001









LegendaryActivity: 924Merit: 1001 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:17:56 AM #4 Quote from: DarkHyudrA on May 29, 2015, 11:07:07 AM And how he found that this address is yours?





He must have hacked my bitcoin talk password, like most of us, and tried many combinations to produce my private key.



Quote from: NUFCrichard on May 29, 2015, 11:07:27 AM Sorry to hear that.

I don't understand exactly how that happened to you, what information did you have on your bitcointalk account that helped them hack your brain wallet?



It is the number one reason why bitcoin hasn't taken off as we all hope, security is much harder to perfect than almost everyone thinks



I received an email from bitcoin talk that the hacker who brought bitcoin talk for a few days could have stolen my password hash amongst other things. This same password in the form of 'passwordpasswordpassword' was my brain wallet. Its a pretty random password, I dont believe it was brute force hacked. Im really baffled, I think it must have been the bitcoin talk hacker targeting me. There is also a chance it was bitaddress.org that was compromised but Ive never had that trouble before. He must have hacked my bitcoin talk password, like most of us, and tried many combinations to produce my private key.I received an email from bitcoin talk that the hacker who brought bitcoin talk for a few days could have stolen my password hash amongst other things. This same password in the form of 'passwordpasswordpassword' was my brain wallet. Its a pretty random password, I dont believe it was brute force hacked. Im really baffled, I think it must have been the bitcoin talk hacker targeting me. There is also a chance it was bitaddress.org that was compromised but Ive never had that trouble before.



http://www.coindesk.com/price



https://docs.google.com/spreadsheets/d/1JoeyzXgMXYFq3pixDTsqkNKLJI5iz0eOU_P-tfQAny4/edit?pli=1#gid=1512098707 One hoarse laugh is worth a thousand syllogisms.

NUFCrichard



Offline



Activity: 1218

Merit: 1003







LegendaryActivity: 1218Merit: 1003 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:21:15 AM #5 That sucks, I hope you didn't have all of your bitcoin in that one wallet, though obviously 12 bitcoin is a hell of a lot to lose anyway



Bitcointalk should probably use 2fa to protect the users, I can't see much reason not to offer it at least.

bronan



Offline



Activity: 774

Merit: 500





Lazy Lurker Reads Alot







Hero MemberActivity: 774Merit: 500Lazy Lurker Reads Alot Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:24:03 AM #7 Even bank-, governement- massive shop sites and systems are not safe.

Let me remind you nasa, fbi and cia has been victim as well.

Yes its often a small gap, but they seem allways find that small fail in the systems.

Nothing is absolute safe against these attacks.

Its for most people too much to stay safe small mistakes by any person using your system can make a big hole in your security.

Some girlfriend of my wife was a real facebook lover and opened up all kinda sites and never refused any of the java and adobe stuff, its obvious that my system got infiltrated.

So even though some are trying to make it hard to get hacked, a friend or girlfriend could easily make the same mistake.

I have huge problems to get people to use different passes on different sites and programs, they simply refuse because they can not remember more than 2 passwords.....

Even today i noticed a group of workers who shared the system passes freely, everywhere stickers with the passwords from all of them.

Its time we find better ways to secure our programs/sites whatever from these problems.

I was hoping biometrics would solve alot, but i found even these have flaws and sometimes am worse than having passwords.







chessnut



Offline



Activity: 924

Merit: 1001









LegendaryActivity: 924Merit: 1001 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:35:19 AM #8 Quote from: chessnut on May 29, 2015, 11:17:56 AM There is also a chance it was bitaddress.org that was compromised but Ive never had that trouble before.



You used the live version of bitaddress or did you download the github repository and created your address from that?

Also, did you scan your PC for keyloggers, trojans, etc?

[/quote]



I used the live version of bitaddress. Im not very computer savy, I dont know how to tell if I have key loggers on my computer. I am using Ubuntu 14.04, be that as it may. Ive never had trouble on linux (except possibly this occasion)



Quote from: NUFCrichard on May 29, 2015, 11:21:15 AM That sucks, I hope you didn't have all of your bitcoin in that one wallet, though obviously 12 bitcoin is a hell of a lot to lose anyway



Bitcointalk should probably use 2fa to protect the users, I can't see much reason not to offer it at least.



Its wasnt too much of my total btc worth, but plenty enough to make me cringe. I was thinking of buying a new laptop but Im not feeling that rich any more.

You used the live version of bitaddress or did you download the github repository and created your address from that?Also, did you scan your PC for keyloggers, trojans, etc?[/quote]I used the live version of bitaddress. Im not very computer savy, I dont know how to tell if I have key loggers on my computer. I am using Ubuntu 14.04, be that as it may. Ive never had trouble on linux (except possibly this occasion)Its wasnt too much of my total btc worth, but plenty enough to make me cringe.I was thinking of buying a new laptop but Im not feeling that rich any more.



http://www.coindesk.com/price



https://docs.google.com/spreadsheets/d/1JoeyzXgMXYFq3pixDTsqkNKLJI5iz0eOU_P-tfQAny4/edit?pli=1#gid=1512098707 One hoarse laugh is worth a thousand syllogisms.

spartacusrex



Offline



Activity: 716

Merit: 533









Hero MemberActivity: 716Merit: 533 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:42:00 AM #9



May I ask how many characters your bitcointalk password was ? I'll use X.



So the attack 'could' have been :



1) Hack bitcointalk and download the hash of all the passwords.



2) Check password hashes against known hashes in rainbow tables and then brute force all combinations up to X letters still missing.



3) If you find a valid password/hash combo try it in brainwallet and see if the address exists. Try many combinations of the password, including stringing multiple copies together. Maybe billions.



4) Empty any funds found.



..



Very harsh my friend.



I use a brainwallet too, but the password is VERY loonnggg.. (over 200 characters symbols/number/characters etc..). not repeated strings. never used in part or in full anywhere else. ever...





..GRUDDDAMMM HACCKKKERRSSS@!!!@£$!

Sorry to hear that..May I ask how many characters your bitcointalk password was ? I'll use X.So the attack 'could' have been :1) Hack bitcointalk and download the hash of all the passwords.2) Check password hashes against known hashes in rainbow tables and then brute force all combinations up to X letters still missing.3) If you find a valid password/hash combo try it in brainwallet and see if the address exists. Try many combinations of the password, including stringing multiple copies together. Maybe billions.4) Empty any funds found...Very harsh my friend.I use a brainwallet too, but the password is VERY loonnggg.. (over 200 characters symbols/number/characters etc..). not repeated strings. never used in part or in full anywhere else. ever.....GRUDDDAMMM HACCKKKERRSSS@!!!@£$! Life is Code.

shulio



Offline



Activity: 1540

Merit: 1016







LegendaryActivity: 1540Merit: 1016 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:43:15 AM #10 The hacker could be the one that hacked bitcointalk because most of our password are compromised and I dont see many people claim that they lost their account because of the server compromised. It seems like his target is this, to hack the brain wallet of the bitcoin address that may have the same password with bitcointalk password

franky1



Offline



Activity: 2884

Merit: 1751









LegendaryActivity: 2884Merit: 1751 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:44:41 AM #11 lesson to learn dont use



example123example123example123example123



if anything

3x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp7312 33x4mp731233x4mp731233x4mp731233x4mp73123

3x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp731233x4mp7312 33x4mp731233x4mp731233x4mp731233x4mp73123



use really long passphrases and not with dictionary words spelled out exactly as found in the dictionary.



if its not atleast 50 characters long, you might aswell say goodbye to it within a couple months I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.

Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at

franky1



Offline



Activity: 2884

Merit: 1751









LegendaryActivity: 2884Merit: 1751 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:46:17 AM #12 Quote from: shulio on May 29, 2015, 11:43:15 AM The hacker could be the one that hacked bitcointalk because most of our password are compromised and I dont see many people claim that they lost their account because of the server compromised. It seems like his target is this, to hack the brain wallet of the bitcoin address that may have the same password with bitcointalk password



if only websites had some common sense and not store clear-text passwords..



all passwords should be hashes of a password that is converted at login but the cleartext is never stored. if only websites had some common sense and not store clear-text passwords..all passwords should be hashes of a password that is converted at login but the cleartext is never stored. I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.

Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at

NorrisK



Offline



Activity: 1820

Merit: 1004









LegendaryActivity: 1820Merit: 1004 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:47:05 AM #13 Quote from: chessnut on May 29, 2015, 11:35:19 AM Quote from: chessnut on May 29, 2015, 11:17:56 AM There is also a chance it was bitaddress.org that was compromised but Ive never had that trouble before.



You used the live version of bitaddress or did you download the github repository and created your address from that?

Also, did you scan your PC for keyloggers, trojans, etc?

You used the live version of bitaddress or did you download the github repository and created your address from that?Also, did you scan your PC for keyloggers, trojans, etc?

I used the live version of bitaddress. Im not very computer savy, I dont know how to tell if I have key loggers on my computer. I am using Ubuntu 14.04, be that as it may. Ive never had trouble on linux (except possibly this occasion)



Quote from: NUFCrichard on May 29, 2015, 11:21:15 AM That sucks, I hope you didn't have all of your bitcoin in that one wallet, though obviously 12 bitcoin is a hell of a lot to lose anyway



Bitcointalk should probably use 2fa to protect the users, I can't see much reason not to offer it at least.



Its wasnt too much of my total btc worth, but plenty enough to make me cringe. I was thinking of buying a new laptop but Im not feeling that rich any more.



[/quote]



I think it is wise to run a good antivirus progrm. I would try hit man pro. It has a 30 day free trial for its full version

in addition, install hit man pro alert, which monitors and blocks any suspicious browser activity. (I think it blocks stuff like browser hijackers etc). I used the live version of bitaddress. Im not very computer savy, I dont know how to tell if I have key loggers on my computer. I am using Ubuntu 14.04, be that as it may. Ive never had trouble on linux (except possibly this occasion)Its wasnt too much of my total btc worth, but plenty enough to make me cringe.I was thinking of buying a new laptop but Im not feeling that rich any more.[/quote]I think it is wise to run a good antivirus progrm. I would try hit man pro. It has a 30 day free trial for its full versionin addition, install hit man pro alert, which monitors and blocks any suspicious browser activity. (I think it blocks stuff like browser hijackers etc).

shulio



Offline



Activity: 1540

Merit: 1016







LegendaryActivity: 1540Merit: 1016 Re: Brain Wallet hacked, suspect bitcoin talk hackers. May 29, 2015, 11:57:11 AM #17 Quote from: franky1 on May 29, 2015, 11:46:17 AM Quote from: shulio on May 29, 2015, 11:43:15 AM The hacker could be the one that hacked bitcointalk because most of our password are compromised and I dont see many people claim that they lost their account because of the server compromised. It seems like his target is this, to hack the brain wallet of the bitcoin address that may have the same password with bitcointalk password



if only websites had some common sense and not store clear-text passwords..



all passwords should be hashes of a password that is converted at login but the cleartext is never stored.

if only websites had some common sense and not store clear-text passwords..all passwords should be hashes of a password that is converted at login but the cleartext is never stored.

Some website has this feature but I think at bitcointalk, this is not the way they store our password. Because of the server compromised, alot of old VIP account that never posted come back to post . I think this make sense this is the hacker target because if he hack a usual account , theymos can easily restore it back. I guess the hacker hit a jackpot Some website has this feature but I think at bitcointalk, this is not the way they store our password. Because of the server compromised, alot of old VIP account that never posted come back to post . I think this make sense this is the hacker target because if he hack a usual account , theymos can easily restore it back. I guess the hacker hit a jackpot