Skip to main content

Roll your own Bitcoin client? Prepare to be raided

posted onOctober 20, 2014
by l33tdawg

The engineer behind the Heartbleed checker has created a tool to hunt down wallets from poorly secured transactions that leak private keys.

Filippo Valsorda released the Blockchainer tool to Github following a presentation at the Hack in the Box conference in Malaysia today.

The CloudFlare engineer demonstrated how known flaws in some implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA) have allowed thieves to steal Bitcoins due to factors such as insecure clients or flaws in unpatched browsers. "I applied a known attack to the real world and showed how you could use ECDSA in a safe way that doesn't need random numbers so that it would not fail scanning the blockchain," Valsorda told Vulture South via Skype.

Source

Tags

BitCoin Industry News Privacy HITB2014KUL

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th