Roll your own Bitcoin client? Prepare to be raided
The engineer behind the Heartbleed checker has created a tool to hunt down wallets from poorly secured transactions that leak private keys.
Filippo Valsorda released the Blockchainer tool to Github following a presentation at the Hack in the Box conference in Malaysia today.
The CloudFlare engineer demonstrated how known flaws in some implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA) have allowed thieves to steal Bitcoins due to factors such as insecure clients or flaws in unpatched browsers. "I applied a known attack to the real world and showed how you could use ECDSA in a safe way that doesn't need random numbers so that it would not fail scanning the blockchain," Valsorda told Vulture South via Skype.