Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Announcements (Altcoins)
Re: ★★DigiByte|极特币★★[DGB]✔ $250k Investment, EasyMiner, iOS Wallet, MultiSig, TipBot
by
HR
on 16/02/2015, 22:45:28 UTC
Quote from: MentalCollatz on February 16, 2015, 07:46:07 PM
Quote from: HR on February 15, 2015, 10:37:20 PM
Quote from: MentalCollatz on February 15, 2015, 08:38:26 PM
Quote from: 24hralttrade on February 15, 2015, 06:27:36 PM
http://www.reddit.com/r/Bitcoin/comments/2vz1zq/its_now_officialbtercom_was_hackedlost_7170_btc/

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/



Second link TLDR: if you create a bitcoin trojan, you can steal bitcoins.  Excerpt: "The attacker must first create a compromised version of ECDSA".  Nothing worth fretting over.

900+ words, and I recommend reading them all.

My favorite excerpt:
Quote
Both Verbücheln and Pustogarov say that the most likely way for such an attack to be mounted would be through dedicated wallet services running proprietary software. Devices designed specifically for secure cold-storage of coins, for example, would be prime candidates for this sort of attack.

Stealing your digital currency right off the blockchain - they don't even need to get to your computer, much less your wallet!


I wasn't planning to respond, but since you reposted the link let me give my breakdown of the article.

To exploit this vulnerability, the attackers must first create a vulnerability to exploit.  That is, they have to get malicious code into the bitcoin source code, or otherwise get their intended victim to download compromised wallet software.  If they successfully manage that, then they can steal bitcoins from an air-gapped wallet running their compromised code.  But if they could insert malicious code into bitcoin in the first place, compromising air-gapped wallets would be the least of everyone's troubles.

I have perhaps the mistaken idea that the attacker only has to create his/her own compromised ECDSA wallet with which to transact with other legitimate wallets that are completely unaware of the exploit since the k2 value sent by the attacker is seen as being a legitimate k value.

The attacker then “watches” everything it transacts with in the hopes of paring up two CONSECUTIVE transactions from the same address.

The attacker's objectives are met once two consecutive transactions are made with the same address, and the victim’s private key is “leaked”, or, as I would say, stolen (after working backwards to calculate k and the private keys to that address).

We need go no further than pool mining to find an ideal place to transact with multiple addresses in consecutive fashion . . .

Correct me if I’m wrong. I’m the first to admit that this is a complicated matter.


-----------------------------------------o-----------------------------------------

On a slightly different note, interesting price action in DGB. Very technical, which is good. Looking forward to seeing what happens now.