Never again store your escrow bitcoins on a server.
Silk Road will never again be a centralized escrow storage.
I’ve been wondering this myself every time I see one of these bitcoin-related sites or exchanges getting their funds stolen. Why are people storing their bitcoin wallets on anywhere other than their own computers and encrypted with a password? I would never store my real money in a bank that wasn’t insured, and I sure as hell wouldn’t store my funny money on a central server with questionable security and with no information known about the operators.
I would never store my real money in a bank that wasn’t insured, and I sure as hell wouldn’t store my funny money on a central server with questionable security and with no information known about the operators.
Out of curiosity, do you own any BTC? I agree with the quoted sentiment 100% - but then again I don’t have any BTC. I wonder if there’s an inverse correlation between our - potentially “conservative” attitude - and owning BTC.
As in many things, there’s a big gap between the theoretical benefits touted by the loudest advocates and the practical reality faced by users who only want to get shit done and move on. “secured by impossible to break crypto” mentally translates to “can never be stolen”, but all of the “assuming these conditions hold true” parts get left behind.
“If you control your own wallet” is a giant freaking If, but it’s also the most annoying to live with, so it’s the first to go out the window. The warm fuzzy feeling, however, doesn’t immediately evaporate with it.
I’m far from an expert on the subject, but I did mine many moons ago (and cashed in way too soon, else I would have $30k+ damn), so here’s my $.02 of insight:
A wallet means more than just a data file, it’s a program to serve as a node on the network and potentially mine. If you’re not interested in mining (why would you bother these days?) then you’re running a program that’s chewing up CPU and network, and a very sizeable chunk of disk space (the blockchain is 2GB last I looked), just to hold your “money.” Or you could “set it and forget it” with an online wallet. Saves you disk space, bandwidth, software updates, etc. And the idea of “put your money in a bank” is pretty easy to swallow these days. (I don’t think I’ve ever come across a bank that wasn’t FDIC insured, so it’s not something I think much of anyways.)
I’ve been thinking about a secure way to handle this. I’m still a little fuzzy on the difference between accounts, wallets, and addresses, but it’s coming together. It doesn’t help that the documentation sometimes talks about how the desktop client works, or how the json bitcoind api works, or how the low level bitcoin protocol works.
When you send money to somebody, you have to split a large amount into the amount you want to give them, and a “change” amount you give back to yourself. I want to give you 1 BTC out of 10. That kind of looks like this.
(X:10) -> (X:9 U:1)
If you only do X:10 -> U:1, the other 9 bitcons are apparently eaten by bitcoin gremlins and you no longer have them. As an attacker, I will claim the above didn’t occur, and request the server redo it. The server has in the mean time spent some money elsewhere, so now it makes a new transaction:
(X:9) -> (X:7 Y:2) -- unrelated third party
(X:7) -> (X:6 U:1) -- "do over"
I’m still little fuzzy on how the initial X value is determined. Totaling all three actions up, we see 26 going in on the left, and 26 coming out on the right. Hurray, balance. The bitcoin nodes will like this. But the net output total in X is only 6. Oops, we gave you two coins.
I read some notes that one should use a different address, and not strictly send the money back to yourself.
(X:10) -> (Xa:9 U:1)
Then future transactions will come from Xa.
(Xa:9) -> (Xb:5 Y:4)
And so forth. If the user requests a do over, ok, fine, whatever, do it again, just like before:
(X:10) -> (Xa:9 U:1)
Now there are two possibilities. Either the first one worked or the second one worked. But they can’t both work, because either transaction will completely drain the X account. You can’t finish with (X:-10). The other bitcoind nodes will count this as a double spend.
We solve the problem of users tricking us into giving them double refunds by making the network do the work. It already detects double spending. We just need to make double refunds look like double spending.
Except that’s 99% likely not the real explanation. “I have decided to abscond with your funds. Fortunately, mt. gox had a big fuck up this week, so I can divert the blame that way.” or “I didn’t steal the money, but I did build my admin interface out of a wordpress plugin and I would prefer not to reveal that.”
(Correct me if I’m wrong and there’s evidence this was the result of txid forgery.)
The only evidence I have is the linked post; I’m taking the author on his word. Could he have outright pocketed the money? Perhaps, though that will become apparent when he tries to spend it.
Maybe I should revise my 99% certainty down a bit, but not long ago all the forum talk was “only mt. gox could be stupid enough to have this bug”. How am I to reconcile last week’s thoughts with this week’s thoughts? Slow down, bitcoin, you’re moving too fast for me to know who to blame.
The timing feels weird to me. Allegedly this attack happened after mt. gox announced they were sealing their doors. It’s not too hard to accomplish, but pulling it off requires some ingenuity and knowledge of bitcoin. How likely is it that somebody found out about txid from mt. gox’s website, built an exploit, and then drained silk road? That’s a quick learner.
(And again: basic accounting principles. Don’t hook your escrow account into your general funds account.)
I’ve been wondering this myself every time I see one of these bitcoin-related sites or exchanges getting their funds stolen. Why are people storing their bitcoin wallets on anywhere other than their own computers and encrypted with a password? I would never store my real money in a bank that wasn’t insured, and I sure as hell wouldn’t store my funny money on a central server with questionable security and with no information known about the operators.
Out of curiosity, do you own any BTC? I agree with the quoted sentiment 100% - but then again I don’t have any BTC. I wonder if there’s an inverse correlation between our - potentially “conservative” attitude - and owning BTC.
No, I don’t. Perhaps it’s hard to use coins stored anywhere other than an exchange or escrow site like Silk Road? I dunno.
As in many things, there’s a big gap between the theoretical benefits touted by the loudest advocates and the practical reality faced by users who only want to get shit done and move on. “secured by impossible to break crypto” mentally translates to “can never be stolen”, but all of the “assuming these conditions hold true” parts get left behind.
“If you control your own wallet” is a giant freaking If, but it’s also the most annoying to live with, so it’s the first to go out the window. The warm fuzzy feeling, however, doesn’t immediately evaporate with it.
I’m far from an expert on the subject, but I did mine many moons ago (and cashed in way too soon, else I would have $30k+ damn), so here’s my $.02 of insight:
A wallet means more than just a data file, it’s a program to serve as a node on the network and potentially mine. If you’re not interested in mining (why would you bother these days?) then you’re running a program that’s chewing up CPU and network, and a very sizeable chunk of disk space (the blockchain is 2GB last I looked), just to hold your “money.” Or you could “set it and forget it” with an online wallet. Saves you disk space, bandwidth, software updates, etc. And the idea of “put your money in a bank” is pretty easy to swallow these days. (I don’t think I’ve ever come across a bank that wasn’t FDIC insured, so it’s not something I think much of anyways.)
It’s ~16G now!
The recommended wallets on Bitcoin.org do not require the full blockchain or node operation.
https://bitcoin.org/en/choose-your-wallet
Thank you for the update.
And kudos to bitcoin.org for their popups explaining the differences between web wallets, services like blockchain, etc.
I’ve been thinking about a secure way to handle this. I’m still a little fuzzy on the difference between accounts, wallets, and addresses, but it’s coming together. It doesn’t help that the documentation sometimes talks about how the desktop client works, or how the json bitcoind api works, or how the low level bitcoin protocol works.
When you send money to somebody, you have to split a large amount into the amount you want to give them, and a “change” amount you give back to yourself. I want to give you 1 BTC out of 10. That kind of looks like this.
If you only do X:10 -> U:1, the other 9 bitcons are apparently eaten by bitcoin gremlins and you no longer have them. As an attacker, I will claim the above didn’t occur, and request the server redo it. The server has in the mean time spent some money elsewhere, so now it makes a new transaction:
I’m still little fuzzy on how the initial X value is determined. Totaling all three actions up, we see 26 going in on the left, and 26 coming out on the right. Hurray, balance. The bitcoin nodes will like this. But the net output total in X is only 6. Oops, we gave you two coins.
I read some notes that one should use a different address, and not strictly send the money back to yourself.
Then future transactions will come from Xa.
And so forth. If the user requests a do over, ok, fine, whatever, do it again, just like before:
Now there are two possibilities. Either the first one worked or the second one worked. But they can’t both work, because either transaction will completely drain the X account. You can’t finish with (X:-10). The other bitcoind nodes will count this as a double spend.
We solve the problem of users tricking us into giving them double refunds by making the network do the work. It already detects double spending. We just need to make double refunds look like double spending.
Thoughts? Anybody know enough to check my work?
I would suggest a less sensationalist title: Silk Road 2 wallet drained by txid malleability exploit.
Except that’s 99% likely not the real explanation. “I have decided to abscond with your funds. Fortunately, mt. gox had a big fuck up this week, so I can divert the blame that way.” or “I didn’t steal the money, but I did build my admin interface out of a wordpress plugin and I would prefer not to reveal that.”
(Correct me if I’m wrong and there’s evidence this was the result of txid forgery.)
The only evidence I have is the linked post; I’m taking the author on his word. Could he have outright pocketed the money? Perhaps, though that will become apparent when he tries to spend it.
Maybe I should revise my 99% certainty down a bit, but not long ago all the forum talk was “only mt. gox could be stupid enough to have this bug”. How am I to reconcile last week’s thoughts with this week’s thoughts? Slow down, bitcoin, you’re moving too fast for me to know who to blame.
The timing feels weird to me. Allegedly this attack happened after mt. gox announced they were sealing their doors. It’s not too hard to accomplish, but pulling it off requires some ingenuity and knowledge of bitcoin. How likely is it that somebody found out about txid from mt. gox’s website, built an exploit, and then drained silk road? That’s a quick learner.
(And again: basic accounting principles. Don’t hook your escrow account into your general funds account.)