您的位置:网站首页 > 数字资产资讯 > 正 文 比特币

Bitcoin Faucet Hacked

【作者:网文】 来源:转载 日期:2012-3-11 3:55:16 人气: 标签:Bitcoin 【打印】

 I lost 5 bitcoins today when the server holding the Bitcoin Faucet's wallet was hacked. Unfortunately, I wasn't alone-- at least one other customer of the web hosting company (Linode.com) had their wallet stolen, too. According to Linode: 
Our investigation has revealed a customer support interface was used to access your account. The compromised credentials have been restricted and we are discussing policy changes to prevent this from recurring.
I knew that using a shared hosting service was a risk, which is why I kept so few bitcoins in the Faucet's wallet. It made sense to spend $30/month on web hosting where I risked losing $25 worth of bitcoins rather than spending a couple hundred dollars a month on a dedicated ultra-secure server or tens of thousands of dollars on full-time system administrator managing my own hardware. It is annoying, though. I've got to create a new wallet for the Faucet, do some work on it's web pages to give a new donation address (any new donations to the old Faucet address could be stolen by the thief), and decide if I trust that Linode really will be more careful about who has access to their customer support interface in the future.

 It is also very preventable; I've been pushing as hard as I can for the last six months or so for "multisignature transactions" as a standard part of the Bitcoin infrastructure. Here's how a future version of the Faucet will work to prevent an incident like today's: 

  1. Coins to fill up the Faucet's wallet will get sent to a "2 signatures required" bitcoin address.
  2. The Faucet's wallet only contains one of the two private keys required to send out coins; the other one would be stored on another machine at some other web hosting company.
  3. When sending out coins, the Faucet would generate one signature and then send the transaction to the second machine.
  4. That second machine would look at the transaction, and check to make sure it looked like a valid Faucet transaction: very small payments to a few people happening at most every 10 minutes, with the change sent back into the main Faucet address. If it didn't smell fishy it would create the second signature and broadcast the completed transaction.
If a hacker compromised the first machine and got the wallet, it wouldn't do them any good because they only have 1 of 2 keys required to spend.  If they compromised the machine and tried to generate a transaction to send them all the bitcoins in the wallet the second machine would notice and stop them.

They might compromise the first machine and send themselves a little trickle of coins so they don't get noticed, but that would be a lot of work and I would pretty soon notice that more coins were leaving the wallet than I expect.

Compromising just the second machine doesn't help; they can't modify transactions before signing them, so they can't steal any coins. They'd only be able to steal the Bitcoins if they somehow managed to get both sets of keys from both machines.

Multisignature support is, unfortunately, still several months away. Until then, I'll continue to keep only small amounts of Bitcoin in the Faucet's new wallet.
返回顶部】【关闭窗口 风险提示:本站分享转载的信息均来自互联网,且仅供阅读参考,不作为具体投资的依据,据此入市,风险自担。本站所有内容涉及到的“货币”字眼需谨慎研判,我们维护各国法币的合法地位,同时数字资产具有货币的某些属性,目前是不能替代任何国家的法定货币的,请谨慎理解投资并严格遵守各国法律法规!详见本站[免责声明]。】
【读完这篇文章后,可否发表您的感受?】
0
0
0
0
0
0
0
0
本文网址:
安全联盟站长平台 互联网举办平台 公共信息安全网监 中国网安 赛门铁克安全响应中心