The hacker known as “Johoe” has shown for the second time this week that he is one of the best by hacking into what Blockchain.info says are secure Bitcoin wallets. Today he skimmed more than 300 BTC.
The best way to determine if your assets are secure is to hire a thief to steal them. Johoe made his point in his previous hack of 255 BTC last week, explaining in an interview how online wallets were not as secure as advertised.
"Every bitcoin transaction is signed by two values — 'R' and 'S' — which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone."
Johoe´s technique is to run a script that he has developed that searches through recently added data and isolates repeated “R” values. Since last week, he has been posting examples of “broken” addresses on BitcoinTalk.
When he first considered the trial hack, he never expected to find such a large number of broken addresses that he would be able to isolate. It took him less than an hour to build up 150 BTC. When he discovered the security holes, he immediately posted his findings on BitcoinTalk and said that he intended to return the Bitcoin to its owners when the problem was addressed.
"I decided this beforehand. I make enough money with my day job that I can live on it. Also this way I don't have to worry that someday someone will find it out. In hindsight, this was a very good decision."
The Bitcoin community has expressed concern that the attacks on Blockchain.info wallets could easily be translated by unfriendly media into attacks on the blockchain.
Johoe uses a hardware wallet that he says makes him feel a great deal safer, especially since it is apparent that his first invasions have not appeared to convince online wallet providers to up their game.
Hardware wallets effectively isolate your assets from the internet, but they are not foolproof. A person can be victimized for instance when they open a laptop or mobile device to a public internet node, such as at an airport or hotel lobby. Hackers set up ad hoc hotspots in public places and prey on anyone foolish enough to use them.
Johoe has demonstrated again that we are responsible for securing our own assets in a digital world. Online wallets are convenient and fast, but even large payment platforms such as PayPal, using advanced security, are vulnerable to penetration by a determined hacker. Hardware wallets are much more secure, but they also pose dangers if users do not develop situational awareness and use care when opening a connection to the internet.
Did you enjoy this article? You may also be interested in reading these ones: