CryptoCoinsInfoClub.com

# Ethereum Private Key Hack

## Security Alert: Mist Browser Bug Puts Private Keys In Danger

Security Alert: Mist Browser Bug Puts Private Keys in Danger The Mist team warns users of a bug found in Mist Browser Beta and provides a security checklist. A post on the Ethereum blog today informs users of a bug in Mist Browser Beta that could potentially allow private keys to be stolen by malicious websites. The vulnerability affects Mist Browser Beta v0.9.3 and below. A security alert from the Mist team published today on the Ethereum blog highlights how security update discrepancies across Mist, its underlying platform Electron, and the Chromium browser could compromise data privacy. The alert states: Due to a Chromium vulnerability affecting all released versions of the Mist Browser Beta v0.9.3 and below, we are issuing this alert warning users not to browse untrusted websites with Mist Browser Beta at this time. However they note that users of the Ethereum Wallet desktop app are not affected. In the period following high-profile Ethereum-related security issues, notably Paritys notorious hack and accidental quarantine of funds , developers are conspicuously keen to highlight their commitment to keeping on top of new problems. The complex three-tier setup in Mist, Electron and Chromium nonetheless presents hurdles to security. In the security alert, the Mist team explains the complexities involved that cause vulnerability, saying: A core problem with the current architecture is that any 0-day Chromium vulnerability is several patch-steps away from Mist: first Chromium needs to be patched, then Electron needs to update the Chromium version, and finally, Mist needs to update to the new Electron version. Mist browser users are advised to follow a seven-step checklist to ensure maximum safety: Avoid keeping large quantities of Ether or tokens in private keys on an o Continue reading >>

## Coins Stolen, Help. Ethereum Community Forum

edited July 2017 in General Project Discussion (non-technical) briefly speaking all my ETH coins were stolen. I created my wallet on Windows 10 using geth. Then I deleted my keystore file and ONLY uploaded it to my MEGA cloud (with is encrypted). Since then I haven't ever used my wallet on my Windows 10 machine again. I started mining into this wallet and checked balance using etherchain.org. I once downloaded the Android App WALLETH from F-Droid ( ). It required my keystore file and private key in order to import my wallet. I generously gave it both but didn't like the app. Then I forgot about it. Yesterday I checked balance again and boom. All my ETH have been transfered to another adress, which then have been transfered to yet another adress. 1: The creator of WALLETH took my coins. (I doubt this one) 2: Someone hacked the WALLETH server and took my keystore file and private key (do they even get stored there? Honestly I'd be surprised) 3: My phone (OnePlus 3T) was hacked (trojan etc.) and my keystore file and private key were stolen. However my phone is running the very latest Android 7.1, its not rooted and doesn't have a custom recovery either. It also has a virus scanner installed for any case. 4: My Windows 10 machine was compromised and my keystore file and private key were stolen. However I'm running the latest Windows 10 updates and a virus scanner. Continue reading >>

## Someone Else Could Randomly Guess Your Bitcoin Private Key!

Someone else could randomly guess your Bitcoin private key! How hard is it to find a 256-bit digital signature or hash just by guessing and checking? What kind of computer would that take? This video attempts to get your head around the answer: That is why you dont guess them, you steal them. But since you are only copying the key, is it stealing? You can also look for flaws in the client software if you want someone elses crypto currency. If the keys are constantly under brute force attack, and the means to do so are always getting better, everyone who wants to keep their coins will have to use a service that adds a date related timestamp to it, i.e. normal key plus some formula using DDMMYYYY that is unique to you so its not easily guessable. You might get key+DDMMYYYY/3 rounded up, I might get DDMMYYYY*1.7 rounded down for a week then you get an encrypted email with the new formula to use for the week, etc. A major PITA I know. I dont think you really grasp how long and complex private keys are with bitcoin. adding a date modifier to it doesnt really increase the complexity by more than a few orders of magnitude. Yeah I suppose. There has to be a solution, I dont have a great one. If not the system is screwed! No, no, what Im saying is that the complexity is already a few orders of magnitude larger than the number of atoms in the solar system. I am yet unconvinced that quantum computing couldnt reduce the time to brute force things by orders of magnitude that would make solving go from impossible to merely unlikely. The only entities at first to have such beyond known edge tech will be State actors. oh sure, quantum computer could be a worry. So, you know. Just hang out and wait for quantum bitcoin. Im pretty sure thatll be pretty badass. Now I cant claim to fully u Continue reading >>

## Is It Possible For Someone To Guess A Private Key To A Bitcoin Wallet And Steal The Coins?

If you use a Brainwallet then yes, somebody can guess your private key as you can use dictionaries and brute force attack it. For a true random generated wallet the probability of guessing is unpractical. Here is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F. E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262 This private key does not exist by the way. So you see, there are 64 characters, and each character is hexadecimal (can hold 16 different case insensitive values: {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F} ), meaning there are $16^{64}$ possible private key combinations. The current world population is roughly $7.6$ billion. Assume everyone holds a wallet (meaning $~7,600,000,000$ private keys). Even with this imaginary best case scenario, the success rate of randomly guessing a private key correctly is: $~ 100 \cdot \frac{7,600,000,000}{16^{64}} = 0.0000000000000000000000000000000000000000000000000000000000000000065634881018717779152936274157283036740481602769715738$% So even if you had the computing power of Sunway TaihuLight (a Chinese supercomputer which, as of November 2016, is ranked number one in the TOP500 list as the fastest supercomputer in the world), which is about $9.3 \cdot 10^{16} = 93,000,000,000,000,000$ floating point operations per second (flops), then giving there are $86,400$ seconds a day and about $365$ days a year, and (falsely) assuming it takes 1 flop to generate a private key and 0 time to check for its correctness, then a correct guess would probably occur once every- [math]\frac{1}{365} \cdot \frac{(\frac{16^{64}}{7,600,000,000})}{(86400 \cdot (9.3 \cdot 10^{16}))} =~ 5194882658574989737995779 Continue reading >>

## A Hacker Stole $31m Of Etherhow It Happened, And What It Means Forethereum A hacker stole$31M of Ether how it happened, and what it means forEthereum Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies. Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker couldve made off with over$180,000,000 from vulnerable wallets. Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did. By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000. To prevent the hacker from robbing any more banks, the white-hats wrote software to rob all of the remaining banks in the world. Once the money was safely stolen, they began the process of returning the funds to their respective account holders. The people who had their money saved by this heroic feat are now in the process of retrieving their funds. Its an extraordinary story, and it has significant implications for the world of cryptocurrencies. Its important to understand that this exploit was not a vulnerability in Ethereum or in Parity itself. Rather, it was a vulnerability in the default smart contract code that the Parity client gives the user for deploying multi-signature wallets. This is all pretty complicated, so to make th Continue reading >> ## Coincheck Hack: How To Steal$500 Million In Cryptocurrency | Fortune

How to Steal $500 Million in Cryptocurrency Early Friday morning in Tokyo, hackers broke into a cryptocurrency exchange called Coincheck Inc. and made off with nearly$500 million in digital tokens. Its one of the biggest heists in history, with the exchange losing more than 500 million of the somewhat obscure NEM coins. The hack has raised questions about security of cryptocurrencies around the world. Coincheck hasnt disclosed how their system was breached beyond saying that it wasnt an inside job. The company did own up to a security lapse that allowed the thief to seize such a large sum: It kept customer assets in whats known as a hot wallet, which is connected to external networks. Exchanges generally try to keep a majority of customer deposits in cold wallets, which arent connected to the outside world and thus are less vulnerable to hacks. Coincheck also lacked multi-signature security, a measure requiring multiple sign-offs before funds can be moved. Thats one of the stranger aspects of these heists. Because transactions for Bitcoin and the like are all public, its easy to see where the NEM coins are even though theyre stolen. Coincheck has identified and published 11 addresses where all 523 million of the stolen coins ended up. You can see for yourself online. Trouble is, no one knows who owns the accounts. Each one has been labeled with a tag that reads coincheck_stolen_funds_do_not_accept_trades : owner_of_this_account_is_hacker. NEM developers created a tracking tool that would allow exchanges to automatically reject stolen funds. 3. Does that mean the hackers wont be able to cash in? Not necessarily. The thief could attempt to shake off surveillance by going through a service like ShapeShift, which offers cryptocurrency trading without collecting personal d Continue reading >>

## The Etherdelta Hack Hurts, But It Could Have Been Worse

The EtherDelta Hack Hurts, but It Could Have Been Worse Join our community of 10 000 traders on Hacked.com for just $39 per month. If you havent heard the news yet, EtherDelta was subject to a phishing attack on its DNS server yesterday. A hacker compromised the EtherDelta website, supplanting it with a copycat version of the popular Ethereum exchange. When the dust settled, the culprit stole away with 305 ETH, valued at over$244,000, and bag-full of ERC20 tokens. This makes Ether Delta the latest to join an infirmary of exchanges plagued by hacking attacks in 2017. Earlier in the year, Bithumb lost hundreds of millions of won , and after recovering from an attack in April, Youbit had to terminate operations after losing 17% of its funds in a hack earlier this week. Smart Contracts, Decentralization Ensure Damage Control Unlike Youbit, EtherDelta managed to scrape by relatively unscathed in its own hacking run-in. Users have decentralization and smart contracts to thank for that. Typical exchanges (Bithumb, Bittrex, Binance, and the like) are centralized, trusted, and operate much like a bank. When you use one of these services, you trust the exchange to manage the private keys of your accounts for you, and assets are purchased and distributed on an IOU basis through the exchanges reserve. The exchange holds all funds for its customers until they want to withdraw them from the exchange, at which time the exchange relinquishes the private keys to its users and debits them with the corresponding account balance. EtherDelta, on the other hand, is trustless. Everything on the exchange is peer to peer, and EtherDelta itself does not manage user fundsit only provides a platform to facilitate trading. As a result, users are completely in charge of their own keys. They import Continue reading >>

## Myetherwallet Was Just Hacked! - Myetherwallet

Six ways to protect your bitcoin and ethereum investments from hackers Coinbase , one of the largest cryptocurrency exchanges, added about 1.9 million new users in the last two months. In the same period, Blockchain.com , the leading digital wallet to store cryptocurrencies, saw its users grow just slightly less than that. Many are newcomers, unaware of the risks and security holes in the complicated yet lucrative world of cryptocurrency, making them easy prey for hackers and cyberthiefs. One common crime that's carried out on cryptocurrency investors is the phone-porting attack . Hackers snoop around social media, looking for cryptocurrency conversations in which investors post their phone and email for easy contact. Then, posing as the victim, they call up the phone provider in an attempt to fool the customer service representative into transferring the phone number to a device they control. Once the hackers take over the phone number, they can go into the victim's cryptocurrency exchange account by resetting the password, ultimately stealing cryptocurrencies from the account. Cody Brown, a virtual reality developer, blogged about how he lost around $8,000 worth of cryptocurrencies on Coinbase in 15 minutes, triggered by a phone porting attack on his phone account. A cellphone number is not the only point of weakness. Adam Dachis , a former writer for Lifehacker, says his Coinbase account was ransacked in May by hackers who took control of his home computer, costing him$10,000 worth of cryptocurrencies. "Computer hacks, phishing attacks and cryptocurrency Ponzi schemes are all common types of cryptocurrency theft," said Jonathan Levin, co-founder of Chainalysis , an intelligence software firm that specializes in tracking and solving cryptocurrency crimes. So what's Continue reading >>