undefined | Better HN

0 pointsqot3y ago0 comments

Did you use a brainwallet (ie, the hash of the password as the private key)?

It looks like the funds were drained within an hour of you loading the bounty. People have made giant lookup tables of brainwallet passwords and monitor the corresponding addresses for transactions. Reddit user u/btcrobinhood is known for doing this and returning the funds.

0 comments

mprime13y ago

Interesting! I suspected the attack vector was my poor use of BTC rather than someone cracking AES so quickly, I'll look into this.

I created the wallet using a popular opensource wallet app, and just moved some funds there. Don't know more than that...

Thank you for the pointers!

mprime13y ago

Update: funds were not stolen. PortableSecret wasn't cracked (yet)!

What happened is: the wallet app I'm using automatically performs CoinJoin[1] when funds are received (In fact, this is their business model! They take 0.3% of the amount to automatically anonymize all inbound coin).

CoinJoin is a protocol that breaks up the sum received in tiny pieces and scatters them across a large number of "sub-wallets".

So my wallet still has the funds. Bt the 'receive' address I used looks drained, that's because it was only a temporary address to share with the sender. Funds were soon after scrambled/tumbled/anonymized.

This was an interesting experience. I spent all day thinking about what could have happened, researched and learned a bunch of stuff in the process.

[1] https://en.bitcoin.it/Privacy#CoinJoin

xcdzvyn3y ago

Why bother with BTC? Monero implements such protections (plus many stronger ones) with TX fees in the order of a single cent, and obviously without any fees for laundering your entire balance every time you're given money.

ThePowerOfFuet3y ago

Not your keys, not your coins.

j / k navigate · click thread line to collapse

0 comments

mprime13y ago

Interesting! I suspected the attack vector was my poor use of BTC rather than someone cracking AES so quickly, I'll look into this.

I created the wallet using a popular opensource wallet app, and just moved some funds there. Don't know more than that...

Thank you for the pointers!

mprime13y ago

Update: funds were not stolen. PortableSecret wasn't cracked (yet)!

CoinJoin is a protocol that breaks up the sum received in tiny pieces and scatters them across a large number of "sub-wallets".

This was an interesting experience. I spent all day thinking about what could have happened, researched and learned a bunch of stuff in the process.

[1] https://en.bitcoin.it/Privacy#CoinJoin

xcdzvyn3y ago

ThePowerOfFuet3y ago

Not your keys, not your coins.

j / k navigate · click thread line to collapse