CryptoCoinsInfoClub.com

Ethereum Private Key Hack

Security Alert: Mist Browser Bug Puts Private Keys In Danger

Security Alert: Mist Browser Bug Puts Private Keys In Danger

Security Alert: Mist Browser Bug Puts Private Keys in Danger The Mist team warns users of a bug found in Mist Browser Beta and provides a security checklist. A post on the Ethereum blog today informs users of a bug in Mist Browser Beta that could potentially allow private keys to be stolen by malicious websites. The vulnerability affects Mist Browser Beta v0.9.3 and below. A security alert from the Mist team published today on the Ethereum blog highlights how security update discrepancies across Mist, its underlying platform Electron, and the Chromium browser could compromise data privacy. The alert states: Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time. However they note that users of the Ethereum Wallet desktop app are not affected. In the period following high-profile Ethereum-related security issues, notably Paritys notorious hack and accidental quarantine of funds , developers are conspicuously keen to highlight their commitment to keeping on top of new problems. The complex three-tier setup in Mist, Electron and Chromium nonetheless presents hurdles to security. In the security alert, the Mist team explains the complexities involved that cause vulnerability, saying: A core problem with the current architecture is that any 0-day Chromium vulnerability is several patch-steps away from Mist: first Chromium needs to be patched, then Electron needs to update the Chromium version, and finally, Mist needs to update to the new Electron version. Mist browser users are advised to follow a seven-step checklist to ensure maximum safety: Avoid keeping large quantities of Ether or tokens in private keys on an o Continue reading >>

Coins Stolen, Help. Ethereum Community Forum

Coins Stolen, Help. Ethereum Community Forum

edited July 2017 in General Project Discussion (non-technical) briefly speaking all my ETH coins were stolen. I created my wallet on Windows 10 using geth. Then I deleted my keystore file and ONLY uploaded it to my MEGA cloud (with is encrypted). Since then I haven't ever used my wallet on my Windows 10 machine again. I started mining into this wallet and checked balance using etherchain.org. I once downloaded the Android App WALLETH from F-Droid ( ). It required my keystore file and private key in order to import my wallet. I generously gave it both but didn't like the app. Then I forgot about it. Yesterday I checked balance again and boom. All my ETH have been transfered to another adress, which then have been transfered to yet another adress. 1: The creator of WALLETH took my coins. (I doubt this one) 2: Someone hacked the WALLETH server and took my keystore file and private key (do they even get stored there? Honestly I'd be surprised) 3: My phone (OnePlus 3T) was hacked (trojan etc.) and my keystore file and private key were stolen. However my phone is running the very latest Android 7.1, its not rooted and doesn't have a custom recovery either. It also has a virus scanner installed for any case. 4: My Windows 10 machine was compromised and my keystore file and private key were stolen. However I'm running the latest Windows 10 updates and a virus scanner. Continue reading >>

Someone Else Could Randomly Guess Your Bitcoin Private Key!

Someone Else Could Randomly Guess Your Bitcoin Private Key!

Someone else could randomly guess your Bitcoin private key! How hard is it to find a 256-bit digital signature or hash just by guessing and checking? What kind of computer would that take? This video attempts to get your head around the answer: That is why you dont guess them, you steal them. But since you are only copying the key, is it stealing? You can also look for flaws in the client software if you want someone elses crypto currency. If the keys are constantly under brute force attack, and the means to do so are always getting better, everyone who wants to keep their coins will have to use a service that adds a date related timestamp to it, i.e. normal key plus some formula using DDMMYYYY that is unique to you so its not easily guessable. You might get key+DDMMYYYY/3 rounded up, I might get DDMMYYYY*1.7 rounded down for a week then you get an encrypted email with the new formula to use for the week, etc. A major PITA I know. I dont think you really grasp how long and complex private keys are with bitcoin. adding a date modifier to it doesnt really increase the complexity by more than a few orders of magnitude. Yeah I suppose. There has to be a solution, I dont have a great one. If not the system is screwed! No, no, what Im saying is that the complexity is already a few orders of magnitude larger than the number of atoms in the solar system. I am yet unconvinced that quantum computing couldnt reduce the time to brute force things by orders of magnitude that would make solving go from impossible to merely unlikely. The only entities at first to have such beyond known edge tech will be State actors. oh sure, quantum computer could be a worry. So, you know. Just hang out and wait for quantum bitcoin. Im pretty sure thatll be pretty badass. Now I cant claim to fully u Continue reading >>

$35 Million Refund? Developer Appeals To Ethereum For Hack Reversal

$35 Million Refund? Developer Appeals To Ethereum For Hack Reversal

$35 Million Refund? Developer Appeals to Ethereum for Hack Reversal Feb 28, 2018 at 05:01 UTC|UpdatedMar 1, 2018 at 09:10 UTC On November 24, 2015, James Levy received 40,000 ether from the Ethereum Foundation. Worth roughly $35,000 at the time (and nearly $35 million today), the grant was an award for Levy's efforts to create an early smart contracting tool, and one of many meant to encourage work on what was then another nascent cryptocurrency in a sea of alternatives. But three weeks later, the grant was gone, drained from his wallet in what might be the largest hack of a single wallet in the history of the ethereum platform. The result of a weak passphrase, Levy has been silent on the matter ever since. But now, in order to fund a new venture called TapTrust, Levy is appealing to the hacker to return the funds, and failing that, he's turning to the community to implement what would entail a system-wide software upgrade, or hard fork , to do so. Such an upgrade would rely on EIP 867 , a proposal to standardize the process of recovering funds on the platform, one that has been a point of conflict for ethereum developers. At times heated, the discussion around the proposal is tilting toward blocking all attempts for the EIP to proceed. Former EIP editor Yoichi Hirai even stepped down from his post as a result, citing legal concerns that could ensue from allowing the proposal to develop. And with the developer community in an uproar, the proposal has been frozen in place as the process for accepting code changes gets considered more intently. As a co-author of EIP 867, Levy has found himself in the eye of the storm as developers expose concerns about the proposal - everything from lamenting ethereum's governance structure as it relates to system-wide catastrophes to pr Continue reading >>

Is It Possible For Someone To Guess A Private Key To A Bitcoin Wallet And Steal The Coins?

Is It Possible For Someone To Guess A Private Key To A Bitcoin Wallet And Steal The Coins?

If you use a Brainwallet then yes, somebody can guess your private key as you can use dictionaries and brute force attack it. For a true random generated wallet the probability of guessing is unpractical. Here is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F. E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262 This private key does not exist by the way. So you see, there are 64 characters, and each character is hexadecimal (can hold 16 different case insensitive values: {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F} ), meaning there are [math]16^{64}[/math] possible private key combinations. The current world population is roughly [math]7.6[/math] billion. Assume everyone holds a wallet (meaning [math]~7,600,000,000[/math] private keys). Even with this imaginary best case scenario, the success rate of randomly guessing a private key correctly is: [math]~ 100 \cdot \frac{7,600,000,000}{16^{64}} = 0.0000000000000000000000000000000000000000000000000000000000000000065634881018717779152936274157283036740481602769715738[/math]% So even if you had the computing power of Sunway TaihuLight (a Chinese supercomputer which, as of November 2016, is ranked number one in the TOP500 list as the fastest supercomputer in the world), which is about [math]9.3 \cdot 10^{16} = 93,000,000,000,000,000[/math] floating point operations per second (flops), then giving there are [math]86,400[/math] seconds a day and about [math]365[/math] days a year, and (falsely) assuming it takes 1 flop to generate a private key and 0 time to check for its correctness, then a correct guess would probably occur once every- [math]\frac{1}{365} \cdot \frac{(\frac{16^{64}}{7,600,000,000})}{(86400 \cdot (9.3 \cdot 10^{16}))} =~ 5194882658574989737995779 Continue reading >>

A Hacker Stole $31m Of Etherhow It Happened, And What It Means Forethereum

A Hacker Stole $31m Of Etherhow It Happened, And What It Means Forethereum

A hacker stole $31M of Ether how it happened, and what it means forEthereum Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies. Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker couldve made off with over $180,000,000 from vulnerable wallets. Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did. By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000. To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds. Its an extraordinary story, and it has significant implications for the world of cryptocurrencies. Its important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets. This is all pretty complicated, so to make th Continue reading >>

Coincheck Hack: How To Steal $500 Million In Cryptocurrency | Fortune

Coincheck Hack: How To Steal $500 Million In Cryptocurrency | Fortune

How to Steal $500 Million in Cryptocurrency Early Friday morning in Tokyo, hackers broke into a cryptocurrency exchange called Coincheck Inc. and made off with nearly $500 million in digital tokens. Its one of the biggest heists in history, with the exchange losing more than 500 million of the somewhat obscure NEM coins. The hack has raised questions about security of cryptocurrencies around the world. Coincheck hasnt disclosed how their system was breached beyond saying that it wasnt an inside job. The company did own up to a security lapse that allowed the thief to seize such a large sum: It kept customer assets in whats known as a hot wallet, which is connected to external networks. Exchanges generally try to keep a majority of customer deposits in cold wallets, which arent connected to the outside world and thus are less vulnerable to hacks. Coincheck also lacked multi-signature security, a measure requiring multiple sign-offs before funds can be moved. Thats one of the stranger aspects of these heists. Because transactions for Bitcoin and the like are all public, its easy to see where the NEM coins are even though theyre stolen. Coincheck has identified and published 11 addresses where all 523 million of the stolen coins ended up. You can see for yourself online. Trouble is, no one knows who owns the accounts. Each one has been labeled with a tag that reads coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker. NEM developers created a tracking tool that would allow exchanges to automatically reject stolen funds. 3. Does that mean the hackers wont be able to cash in? Not necessarily. The thief could attempt to shake off surveillance by going through a service like ShapeShift, which offers cryptocurrency trading without collecting personal d Continue reading >>

How One Hacker Stole Thousands Of Dollars Worth Of Cryptocurrency With A Classic Code Injection Hack On Etherdelta And What You Can Learn Fromit

How One Hacker Stole Thousands Of Dollars Worth Of Cryptocurrency With A Classic Code Injection Hack On Etherdelta And What You Can Learn Fromit

Views expressed here do not represent those of my employer. How one hacker stole thousands of dollars worth of cryptocurrency with a classic code injection hack on EtherDelta and what you can learn fromit The attack detailed in this post has already been fixed by the EtherDelta team. I share this as a cautionary tale for Dapp developers and cryptocurrency users. On September 24, 2017 I learned about a malicious code injection that allowed a hacker to steal private keys from multiple victims wallets and then manually drain the funds from those wallets. I will attempt to describe the attack, the security vulnerability that made it possible, and as much information as I have on the attacker. For those who dont know, EtherDelta is a cryptocurrency exchange for Ethereum and ERC20 compatible tokens (tokens that have been deployed on the Ethereum blockchain). These tokens can be stored and transfered with Ethereum wallets and smart contracts, and the entire EtherDelta exchange runs on a single smart contract, which you can view here: EtherDelta is a clever exchange it does not require a traditional server architecture, because the back end architecture is a smart contract deployed on the Ethereum blockchain. It is a true Dapp, or Distributed Application, in the cryptocurrency sense of the word. When users trade on EtherDelta, they have to either create a wallet that they can use to interact with this smart contract, or they connect their existing wallet to EtherDelta to interact with the smart contract. The EtherDelta frontend functions much like MyEtherWallet.com, in that the website you load in your browser is a full wallet management application that also exposes the methods from the EtherDelta smart contract. Thus, users of EtherDelta must enter their public wallet addres Continue reading >>

Bitcoin Private Keys: Everything You Need To Know

Bitcoin Private Keys: Everything You Need To Know

Bitcoin Private Keys: Everything You Need To Know By: Sudhir Khatwani In: Bitcoin , Wallets Last Updated: What if you lost all of your bitcoins tomorrow? What would you do? If you dont own your private key, you dont own your bitcoins. Even the most knowledgeable man on Bitcoin says: The private key must remain secret at all times because revealing it to third parties is equivalent to giving them control over the bitcoins secured by that key. The private key must also be backed up and protected from accidental loss, because if its lost it cannot be recovered and the funds secured by it are forever lost, too. In my earlier guide on Bitcoin wallets , I have used two terms extensively-Private Address (or key) and Public Address (or key).These keys are what make Bitcoin the safest and most widely used cryptocurrency . Tounderstand private keys and public keys, let us look at an example. Consider a mailbox where you receive your physical mail. It has a unique and specific number (an address). If someone has to deliver you a letter, he/she must know your house/flat number to deliver it. And as the receiver, you have a private address (or key)to unlock the mailbox and collect your belongings. In real life, do you give your keys to someone unknown? You always keep track of your key and dont jeopardize the contents inside of your mailbox. Similarly, just like your house/flat number, anyone in the Bitcoin world can know your public address(Bitcoin address) to send you bitcoins. And to unlock (spend/send) those bitcoins, you would requireyour private address (or key)for which you need to take full responsibility, just like the keys of the mailbox. I feel that understanding the underlying technical aspect of keys is important so that your remain better informed and educated enough Continue reading >>

Wallet Hacks: How A Person Lost Over $300,000 Due To Simple Mistakes

Wallet Hacks: How A Person Lost Over $300,000 Due To Simple Mistakes

Wallet Hacks: How a Person Lost Over $300,000 Due to Simple Mistakes Starting two weeks ago, an ether wallet received hundreds of thousands of dollars. The only problem was that these funds were hacked from different wallets. Unfortunately, the vast majority of the funds were hacked due to carelessness on the part of the user. Over the past couple of weeks, over $400,000 worth of Ethereum has been transferred into a hackers wallet, the transactions are shown here . Over $350,000 of the ether was stolen using a process that was released publicly over two months ago. With some security measures, at least some of the funds could have been saved from the hacker. The majority of the funds, 973 ether, were stolen from one user. This user - who uses the Jaxx wallet - managed the funds from a rooted android phone. This is the attack vector the hacker used to gain access to the funds. For those of you that don't know, rooted Android devices are like jailbroken iPhones: you can install many new things if you have a rooted phone, but you have no security guarantee that the apps are not compromised. In this case, an app that was compromised was likely downloaded onto the phone giving the hacker all the access he needed. Once access to the phone was gained, it is likely the hacker used an exploit that retrieves the backup phrase to Jaxx wallets. This exploit has been known for many months but has not been fixed due to Jaxx being a hot wallet (a wallet where the coin is constantly being used, not stored). The user that had his wallet hacked and wished not to be identified told Coinidol.com: Seems like such a terrible omission that could easily be implemented. Life will go on. I have my health. According to a researcher at VX Labs who first found the exploit that was likely used, a s Continue reading >>

Myetherwallet Hacked

Myetherwallet Hacked

I have very serious concerns with the security, or the lack of security, of MyEtherWallet. The only wallet I know of that will transact in ICO Tokens is MyEtherWallet. Every ICO I have ever come across says to use MyEtherWallet. I have had problems using MyEtherWallet. I will access it with the information that only I have access to. There are times that my balance will not show. I have to come back later to access the wallet so I can see my balance. Now, the 1.5 ETH and 3000 KICK Tokens I had in there look like they are gone. I have accessed Etherscan and both my ETH and my Tokens were withdrawn to this address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be Ethplorer: You can see that whoever this person is, they have grabbed many KICK tokens from many addresses: Also, you can see that the address the KICK tokens were withdrawn to has taken in tons of other kinds of tokens: And, yes, I don't know if I should be posting this transactional information on here, but what does it matter? Everything has been taken out of my wallet. Is MyEtherWallet that vulnerable to hacking? I carefully safeguard my access information to MyEtherWallet. No one else has access to it. I only log on directly to . I subscribe to MalwareBytes, which is easily the most robust protection I have ever used. I do not click on third-party links or email links for financial sites. But, still, my ETH and Tokens are gone to that address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be And, I am guessing I have zero recourse. Is that correct? Can anybody just hack into something like MyEtherWallet and take your coin and tokens? Thank you for your time and assistance with this. I appreciate it! - Mining and Crypto News Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or il Continue reading >>

So, My Eth Wallet Got Hacked And I Lost 100 . I Need Advice On Security

So, My Eth Wallet Got Hacked And I Lost 100 . I Need Advice On Security

So, My Eth Wallet Got Hacked And I Lost 100 . I Need Advice On Security Since this is a TOR based coin i think there will be lots of super experts and hackers in here. i had my ETH address hacked last night and someone took al my tokens (mainly bitquence, worth 100more or less). Now, for what i remember i only used my private key on myetherwallet and on etherdelta...is it possible that i have beeen phished? I've never been phished in my entire life, i'm always cautios. i can't believe i was fooled liked this. The only way this could happen is if i gave my private key to a not secure website right? or could a hacker access my ETH address even if i never export my private keys? I was using EXODUS wallet to store my ETH. (now i made a new wallet using JAXX, is it safer? it doesn't have a password, while Exodus had a password to access....). i rememebr the etherdelta website asking me to deactivate the metamask extension from chrom, is that something only the phishing site does? Because if the legitimate etherdelta never asks you to deactivate metamask, then i was phishsed and superstupid. i'm not gonna export my private key ever again Continue reading >>

The Etherdelta Hack Hurts, But It Could Have Been Worse

The Etherdelta Hack Hurts, But It Could Have Been Worse

The EtherDelta Hack Hurts, but It Could Have Been Worse Join our community of 10 000 traders on Hacked.com for just $39 per month. If you havent heard the news yet, EtherDelta was subject to a phishing attack on its DNS server yesterday. A hacker compromised the EtherDelta website, supplanting it with a copycat version of the popular Ethereum exchange. When the dust settled, the culprit stole away with 305 ETH, valued at over $244,000, and bag-full of ERC20 tokens. This makes Ether Delta the latest to join an infirmary of exchanges plagued by hacking attacks in 2017. Earlier in the year, Bithumb lost hundreds of millions of won , and after recovering from an attack in April, Youbit had to terminate operations after losing 17% of its funds in a hack earlier this week. Smart Contracts, Decentralization Ensure Damage Control Unlike Youbit, EtherDelta managed to scrape by relatively unscathed in its own hacking run-in. Users have decentralization and smart contracts to thank for that. Typical exchanges (Bithumb, Bittrex, Binance, and the like) are centralized, trusted, and operate much like a bank. When you use one of these services, you trust the exchange to manage the private keys of your accounts for you, and assets are purchased and distributed on an IOU basis through the exchanges reserve. The exchange holds all funds for its customers until they want to withdraw them from the exchange, at which time the exchange relinquishes the private keys to its users and debits them with the corresponding account balance. EtherDelta, on the other hand, is trustless. Everything on the exchange is peer to peer, and EtherDelta itself does not manage user fundsit only provides a platform to facilitate trading. As a result, users are completely in charge of their own keys. They import Continue reading >>

Myetherwallet Was Just Hacked! - Myetherwallet

Myetherwallet Was Just Hacked! - Myetherwallet

All of my money was just send from MyEtherWallet to this address. It looks like that person has stolen more than 44 million dollars worth of crypto. What now? 0x8d12a197cb00d4747a1fe03395095ce2a5cc6819 thats the wallet for etherdelta dude... its an exchange I didnt send my tokens to that exchange though. he's saying that 'that person' didn't steal 44 million dollars worth of crypto.I'm curious, what's the transaction id? Thanks again for taking the time to help out a stranger. Highly appreciated. It sounds like you got phished. Please take a moment to read this article on our knowledge base: . Sorry man. My MEW was just hacked, everything gone. I see the wallets that the tokens were transferred to, it was just 2 days ago. Is there any way I can get them back, or contact the person who stole them? I wish. Same thing happened to me. Sadly crypto is anonymous and there is nothing we can do except move on. That was the worst day of my life. I had incredible positions and lost multiple 5 figures which probably would have been six figures this year. I never shared my private key. I think I made sure I used https when logging in. I am so upset. No idea what happened. Incredibly disheartened. Im really New at this. Can u please put my mind at rest. I have a ledger connecting to mew. Im very careful to make sure I am on the legit website of mew. Is there anyway someone can steal the contents off my wallet when Im on? It is impossible for it to be stolen from your ledger. The only way to transfer money out of your ledger is to manually agree to it on the ledger itself. You can use the ledger on a completely infected computer and be safe. Hope that helps. Thank u really appreciate it. Cant tell u enough. I was on it and I couldnt connect to Xrp or mew while at the office. I went Continue reading >>

Here's How To Protect Your Bitcoin And Ethereum From Hacking

Here's How To Protect Your Bitcoin And Ethereum From Hacking

Six ways to protect your bitcoin and ethereum investments from hackers Coinbase , one of the largest cryptocurrency exchanges, added about 1.9 million new users in the last two months. In the same period, Blockchain.com , the leading digital wallet to store cryptocurrencies, saw its users grow just slightly less than that. Many are newcomers, unaware of the risks and security holes in the complicated yet lucrative world of cryptocurrency, making them easy prey for hackers and cyberthiefs. One common crime that's carried out on cryptocurrency investors is the phone-porting attack . Hackers snoop around social media, looking for cryptocurrency conversations in which investors post their phone and email for easy contact. Then, posing as the victim, they call up the phone provider in an attempt to fool the customer service representative into transferring the phone number to a device they control. Once the hackers take over the phone number, they can go into the victim's cryptocurrency exchange account by resetting the password, ultimately stealing cryptocurrencies from the account. Cody Brown, a virtual reality developer, blogged about how he lost around $8,000 worth of cryptocurrencies on Coinbase in 15 minutes, triggered by a phone porting attack on his phone account. A cellphone number is not the only point of weakness. Adam Dachis , a former writer for Lifehacker, says his Coinbase account was ransacked in May by hackers who took control of his home computer, costing him $10,000 worth of cryptocurrencies. "Computer hacks, phishing attacks and cryptocurrency Ponzi schemes are all common types of cryptocurrency theft," said Jonathan Levin, co-founder of Chainalysis , an intelligence software firm that specializes in tracking and solving cryptocurrency crimes. So what's Continue reading >>

More in ethereum