Blockchain.info R Value Vulnerability: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/blockchaininforvaluevulnerability.php}} thumb|Blockchain.infoThe blockchain.info web wallet had a wallet generation exploit. Wallets were generated in a predictable way with a less secure R value for a few hours. This meant that the funds in those wallets could be snatched up by hackers. A combination of black and white hackers took funds. It would appear that blockchai...") |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/blockchaininforvaluevulnerability.php}} | {{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/blockchaininforvaluevulnerability.php}} | ||
{{Unattributed Sources}} | |||
[[File:Blockchaininfo.jpg|thumb|Blockchain.info]]The blockchain.info web wallet had a wallet generation exploit. Wallets were generated in a predictable way with a less secure R value for a few hours. This meant that the funds in those wallets could be snatched up by hackers. A combination of black and white hackers took funds. It would appear that blockchain.info made special effort to reimburse all affected users, though in at least one case a user reported their refund was sent to a hacker instead of them. | [[File:Blockchaininfo.jpg|thumb|Blockchain.info]]The blockchain.info web wallet had a wallet generation exploit. Wallets were generated in a predictable way with a less secure R value for a few hours. This meant that the funds in those wallets could be snatched up by hackers. A combination of black and white hackers took funds. It would appear that blockchain.info made special effort to reimburse all affected users, though in at least one case a user reported their refund was sent to a hacker instead of them. | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country.<ref name="ccn-7711" /><ref name="ccn-7712" /><ref name="blockchaindotcomarchive-7713" /><ref name="bitcointalk-7714" /><ref name="blockchaindotcom-7715" /><ref name="coinmarketcap-623" /><ref name="blockchaindotcom-7716" /><ref name="reddit-7717" /><ref name="bitcointalk-8431" /><ref name="bitcointalk-8432" /> | ||
== About Blockchain.info == | == About Blockchain.info == | ||
| Line 37: | Line 38: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 58: | Line 58: | ||
!Description | !Description | ||
|- | |- | ||
|December 8th, 2014 8:59:53 AM | |December 8th, 2014 8:59:53 AM MST | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 70: | Line 66: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost | The total amount lost has been estimated at $40,000 USD. | ||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 83: | Line 82: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The total amount recovered has been estimated at $40,000 USD. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 89: | Line 88: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
[https://www.ccn.com/blockchain-reimbursing-stolen-bitcoins-users/ https://www.ccn.com/blockchain-reimbursing-stolen-bitcoins-users/] (Mar 26) | <references><ref name="ccn-7711">[https://www.ccn.com/blockchain-reimbursing-stolen-bitcoins-users/ https://www.ccn.com/blockchain-reimbursing-stolen-bitcoins-users/] (Accessed Mar 26, 2022)</ref> | ||
[https://www.ccn.com/blockchain-info-security-update/ https://www.ccn.com/blockchain-info-security-update/] (May 18) | <ref name="ccn-7712">[https://www.ccn.com/blockchain-info-security-update/ https://www.ccn.com/blockchain-info-security-update/] (Accessed May 18, 2022)</ref> | ||
[https://web.archive.org/web/20170804171907/https://blog.blockchain.com/2014/12/08/blockchain-info-security-disclosure/ Blockchain.info Security Disclosure - Blockchain Blog] (May 19) | <ref name="blockchaindotcomarchive-7713">[https://web.archive.org/web/20170804171907/https://blog.blockchain.com/2014/12/08/blockchain-info-security-disclosure/ Blockchain.info Security Disclosure - Blockchain Blog] (Accessed May 19, 2022)</ref> | ||
[https://bitcointalk.org/index.php?topic=581411.msg9774894 Reused R values again] (May 19) | <ref name="bitcointalk-7714">[https://bitcointalk.org/index.php?topic=581411.msg9774894 Reused R values again] (Accessed May 19, 2022)</ref> | ||
[https://www.blockchain.com/btc/address/1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ Address: 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ | Blockchain Explorer] (May 19) | <ref name="blockchaindotcom-7715">[https://www.blockchain.com/btc/address/1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ Address: 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ | Blockchain Explorer] (Accessed May 19, 2022)</ref> | ||
[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May | <ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (Accessed May 16, 2021)</ref> | ||
[https://www.blockchain.com/btc/tx/b72f8e5434a6af07eedcd30f72aa47afa21e1c3b447a94dc9a787412035fd75c Transaction: b72f8e5434a6af07eedcd30f72aa47afa21e1c3b447a94dc9a787412035fd75c | Blockchain Explorer] (May 20) | <ref name="blockchaindotcom-7716">[https://www.blockchain.com/btc/tx/b72f8e5434a6af07eedcd30f72aa47afa21e1c3b447a94dc9a787412035fd75c Transaction: b72f8e5434a6af07eedcd30f72aa47afa21e1c3b447a94dc9a787412035fd75c | Blockchain Explorer] (Accessed May 20, 2022)</ref> | ||
[https://www.reddit.com/r/Bitcoin/comments/2onl1y/at_least_hundreds_of_coins_were_stolen_from/ At least hundreds of coins were stolen from Blockchain.info users last night, it's blockchain.info's fault, and no one is talking about it. : Bitcoin] (May 20) | <ref name="reddit-7717">[https://www.reddit.com/r/Bitcoin/comments/2onl1y/at_least_hundreds_of_coins_were_stolen_from/ At least hundreds of coins were stolen from Blockchain.info users last night, it's blockchain.info's fault, and no one is talking about it. : Bitcoin] (Accessed May 20, 2022)</ref> | ||
[https://bitcointalk.org/index.php?topic=581411.320 Reused R values again] (Jul 9) | <ref name="bitcointalk-8431">[https://bitcointalk.org/index.php?topic=581411.320 Reused R values again] (Accessed Jul 9, 2022)</ref> | ||
[https://bitcointalk.org/index.php?topic=581411.msg9774894#msg9774894 Reused R values again] (Jul 9) | <ref name="bitcointalk-8432">[https://bitcointalk.org/index.php?topic=581411.msg9774894#msg9774894 Reused R values again] (Accessed Jul 9, 2022)</ref></references> | ||
Latest revision as of 13:16, 14 March 2025
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The blockchain.info web wallet had a wallet generation exploit. Wallets were generated in a predictable way with a less secure R value for a few hours. This meant that the funds in those wallets could be snatched up by hackers. A combination of black and white hackers took funds. It would appear that blockchain.info made special effort to reimburse all affected users, though in at least one case a user reported their refund was sent to a hacker instead of them.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10]
About Blockchain.info
"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."
“[An] issue was present for a brief period of time between the hours of 12:00am and 2:30am GMT on December the 8th 2014. The issue was detected quickly and immediately resolved. In total, this issue affected less than 0.0002% of our user base and was limited to a few hundred addresses. We have sent an alert to all users who have potentially vulnerable addresses in their wallets, for which we have an email on file. We are committed to working with any affected users to assess and rectify any issues.”
"I only know about ~106 stolen coins, my assumption is that there must be much more that I don't know about."
"When making a scheduled software update overnight to our web-wallet, our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner."
"We have sent an alert to all users who have potentially vulnerable addresses in their wallets, for which we have an email on file. We are committed to working with any affected users to assess and rectify any issues."
"If you created a wallet, generated a new address via Blockchain.info’s web-wallet, or sent bitcoin from your wallet during this time period and have not provided us with your email address, please contact our support desk at support@blockchain.zendesk.com or simply create a new wallet."
"This person claims to have been sweeping the affected addresses. He seems open to returning the funds. In my opinion he and blockchain.info should be put into contact as they could help get the coins back to where they belong. But you can contact him on that thread to attempt recovery as well."
"Affected users can contact the official portal for Blockchain user support. The company says that the support team is available seven days a week to help." "Our support team will respond to each individual case as quickly as they can. Some cases will require more research than others and this is to ensure the correct amount of funds are returned to each user who lost funds because of this issue."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| December 8th, 2014 8:59:53 AM MST | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $40,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered has been estimated at $40,000 USD.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ https://www.ccn.com/blockchain-reimbursing-stolen-bitcoins-users/ (Accessed Mar 26, 2022)
- ↑ https://www.ccn.com/blockchain-info-security-update/ (Accessed May 18, 2022)
- ↑ Blockchain.info Security Disclosure - Blockchain Blog (Accessed May 19, 2022)
- ↑ Reused R values again (Accessed May 19, 2022)
- ↑ Address: 1M77fUCzQrmY8jHRRgpzDVPAK5eQ31bwxZ | Blockchain Explorer (Accessed May 19, 2022)
- ↑ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (Accessed May 16, 2021)
- ↑ Transaction: b72f8e5434a6af07eedcd30f72aa47afa21e1c3b447a94dc9a787412035fd75c | Blockchain Explorer (Accessed May 20, 2022)
- ↑ At least hundreds of coins were stolen from Blockchain.info users last night, it's blockchain.info's fault, and no one is talking about it. : Bitcoin (Accessed May 20, 2022)
- ↑ Reused R values again (Accessed Jul 9, 2022)
- ↑ Reused R values again (Accessed Jul 9, 2022)