FBI supposedly finds flaw with Bitcoin wallet encryptions

[Lakados]

With all the ransomware attacks the FBI and CIA have stepped up their efforts into tracking and tracing illicit bitcoin funds, supposedly they have found a way to reliably track coins but also obtain access to the wallets that store them to recover the funds.

https://hackernoon.com/did-the-fbi-hack-the-bitcoin-yv3235gx

 

[Zarathustra[H]]

I have to admit I am pretty ignorant about crypto-wallets, but aren't they usually stored offline, unless you dump your cryptocurrencies into an online exchange like Coinbase?

 

[Master_shake_]

Ok when will they start with this guy?

https://www.ctvnews.ca/sci-tech/cha...-worth-millions-cryptocurrency-firm-1.5287655

They can help the RCMP if they have that ability.

 

[Zarathustra[H]]

Either way, any bad news for Crypto is good news for me, if it helps the value of any cryptocurrency fall a little, it may just help with GPU pricing.

I know GPU's aren't typically used for Bitcoin anymore, but these fluctuations in value tend to hit all cryptocurrencies at the same time, as uneducated investors lump them all together.

 

[Zarathustra[H]]

Ok when will they start with this guy?


https://www.ctvnews.ca/sci-tech/cha...-worth-millions-cryptocurrency-firm-1.5287655

Yeah, if I were him I'd call FBI and be like:

Hey, listen, I'll make a million dollar donation to the FBI Agents Association (or whatever) if you help me break into and recover my wallet.

 

[Master_shake_]

Yeah, if I were him I'd call FBI and be like:

Hey, listen, I'll make a million dollar donation to the FBI Agents Association (or whatever) if you help me break into and recover my wallet.

It's the RCMP canada's I guess FBI?

https://globalnews.ca/news/5830003/quadriga-crypto-fbi-rcmp/

Oh the FBI is helping. I bet the people who lost all their coins are sure to get them back.

 

[DPI]

FBI supposedly finds flaw with Bitcoin wallet encryptions

No, they didn't.

Another day, another FUD, another no name WordPress blog.

 

[TheBuzzer]

sure there are flaws in encryption, just ask any quantom engineers.

 

[GreenLaser]

Monetary system is only as good as the trust in it. Inferring that they'll know you're paying hookers with it so ppl may not buy into it. ...unless your daddys the Prez.

 

[Zarathustra[H]]

No, they didn't.

Another day, another FUD, another no name WordPress blog.

Well,

That is true. How much faith do you give some rando with a wordpress site? We will see if something similar comes out in more trustworthy media.

One of the problems with crypto is that federal pump and dump and other manipulation regulations don't apply, at least not yet, so you have constant "fake news" stories being published to either pump the value of a coin, or tank it, so that interested parties can sell or buy.

If crypto is going to take a more important role in currency, we are going to have to update regulations to minimize the "wild wild west" mentality.

Also, damn the design of that site is atrocious. It makes my PC monitor look like a phone screen!

 

[DPI]

Well,

That is true. How much faith do you give some rando with a wordpress site? We will see if something similar comes out in more trustworthy media.

One of the problems with crypto is that federal pump and dump and other manipulation regulations don't apply to crypto, at least not yet, so you have constant "fake news" stories being published to either pump the value of a coin, or tank it, so that interested parties can sell or buy.

If crypto is going to take a more important role in currency, we are going to have to update regulations to minimize the "wild wild west" mentality.

Also, damn the design of that site is atrocious. It makes my PC monitor look like a phone screen!

The wild-westness of crypto is definitely a serious discussion but also kind of a separate topic. But on the topic of this thread, no encryption was actually broken. The blog post linked in the OP was written in bad faith, IMO - and my main issue is that network and encryption security FUD gets published and regurgitated endlessly because it gets more clicks.

 

[Lakados]

The wild-westness of crypto is definitely a serious discussion but also kind of a separate topic. But on the topic of this thread, no encryption was actually broken. The blog post linked in the OP was written in bad faith by a person that knew better.

https://www.wsj.com/articles/how-th...cement said,hackers after a ransomware attack.
There is a better article describing how the FBI did it, they don't state how they obtained the private keys used for the wallets, just that they got them. Probably just used the good old Kneecap algorithm, which generally works every time.

 

[DPI]

https://www.wsj.com/articles/how-the-fbi-got-colonial-pipelines-ransom-money-back-11623403981#:~:text=On Monday, the Justice Department,not support the audio tag.&text=Last week, law enforcement said,hackers after a ransomware attack.
There is a better article describing how the FBI did it, they don't state how they obtained the private keys used for the wallets, just that they got them. Probably just used the good old Kneecap algorithm, which generally works every time.

That's paywalled but still just surface level drivel on what's more of a nuanced, rabbit hole issue. The main problem is the FBI isn't actually being transparent about what and how they did what they claim they did, and they have their reasons for it. But reading between the lines of what they did say in their press release and court order affidavits, no encryption was broken, and this was more a matter of investigative work, and using jurisdictional leverage to compel internet companies and/or a crypto exchange for information. And basically unraveling this from its weakest points that have nothing to do with breaking encryption.

So unless our three letter agencies are already using quantum computers, there's no way to hack a private key - it's a mile long. And if they DID crack SHA-256, they don't reveal that for a $2.3m recovery. Because that would mean carte blanche access to the encrypted communications and banking of everyone on the planet.

My only issue with this is that network and encryption security FUD gets published and regurgitated endlessly because it gets more clicks.

 

[Zarathustra[H]]

That's paywalled but still kinda garbage. The main problem here is the FBI isn't actually being transparent about what and how they did what they claim they did, and they have their reasons for it. So the public will never know the step by step. But reading between the lines of what they did say in their press release, no encryption was broken, and this was matter of investigative work, and using jurisdictional leverage to compel internet companies and/or a crypto exchange. And basically unraveling this from its weakest points that have nothing to do with breaking encryption.

Yep, FBI are not white hats.

They have a vested interest in keeping their "sources and methods" secret so they keep working for as long as possible.

 

[t1337duder]

If the FBI could crack wallets, I doubt they would tell anyone. Does the FBI making habit of bragging about their capabilities?

On the other hand, if they couldn't do it - I wouldn't put it past them to straight up lie and claim they can.

The FBI is full of kiddy diddlers and they aren't competent.

 

[cthulhuiscool]

I have to admit I am pretty ignorant about crypto-wallets, but aren't they usually stored offline, unless you dump your cryptocurrencies into an online exchange like Coinbase?

The keys are stored offline, but the crypto itself stays on the blockchain and could theoretically be tapped into from any location with the correct keys. That said, this is 100% FUD meant to scare people that don't understand how encryption protocols work. Any security concerns would be with how securely you're storing your keys, not with the storage itself. For good measure, it's also good to shuffle your crypto to a new wallet with new security keys every now and then.

 

[drop point]

The FBI can't hack dice.

 

[Iratus]

I’ve got 20 bitcoins from the very early days that I cant access. I’d bribe a federal agent to get access to them them fo’ sho’

They should do it as a service, they’d make a fortune 😂

 

[Jagger100]

Bitcoin is an open ledger. This is not news.

I find it more curious the FBI got so 'lucky' the sophisticated hackers are dumb when it comes to Crypto Wallets. I wonder if the hackers will be unindicted co-conspirators.

The pipeline hack was/is conveniently politically useful. It gave Biden something to condescend about to Putin ahead of talks.
It also gives more narrative material to the story that crypto is related to criminal activity and government needs to control it.

 

[sharknice]

Bitcoin is an open ledger. This is not news.

I find it more curious the FBI got so 'lucky' the sophisticated hackers are dumb when it comes to Crypto Wallets. I wonder if the hackers will be unindicted co-conspirators.

The pipeline hack was/is conveniently politically useful. It gave Biden something to condescend about to Putin ahead of talks.
It also gives more narrative material to the story that crypto is related to criminal activity and government needs to control it.

People assume Crypto currency is untraceable and great for illicit activities, while in reality it's TERRIBLE for it. All transactions are 100% publicly visible and tracible.

The only advantage crypto has for illicit activities is your account isn't controlled by any entity that will submit to the will of the government. So you can have an account with the coins, but then what? You have no way to do anything with it without being caught.

 

[emphy]

I find it more curious the FBI got so 'lucky' the sophisticated hackers are dumb when it comes to Crypto Wallets. I wonder if the hackers will be unindicted co-conspirators.

The sophisticated hackers were fine; it's the those who hired their services that got their keys compromised. It's hardly surprising that those people also happen to not have their security in order.

 

[HAL_404]

Monetary system is only as good as the trust in it. Inferring that they'll know you're paying hookers with it so ppl may not buy into it. ...unless your daddys the Prez.

yup, if it's digital it's traceable one way or another. People think it's free $$$$ for nothing except a higher electric bill and cost of a rig.

"Monetary system is only as good as the trust in it" ...folks used to exchange sea shells and beads as cash

 

[sleepeeg3]

https://www.wsj.com/articles/how-the-fbi-got-colonial-pipelines-ransom-money-back-11623403981#:~:text=On Monday, the Justice Department,not support the audio tag.&text=Last week, law enforcement said,hackers after a ransomware attack.
There is a better article describing how the FBI did it, they don't state how they obtained the private keys used for the wallets, just that they got them. Probably just used the good old Kneecap algorithm, which generally works every time.

A bitcoin wallet is not encrypted by default. From what I can read, it just says they "gained access." Popping the wallet.dat file in any bitcoin client would give them access, if it were not encrypted.

What the FBI did was probably akin to them finding out where a thief lives and finding the thief's wallet on their couch. If it were encrypted, the wallet would be sealed in adamantium.

 

[KarsusTG]

I thought the NSA invented bitcoin for this purpose.. lol

 

[MrGuvernment]

People assume Crypto currency is untraceable and great for illicit activities, while in reality it's TERRIBLE for it. All transactions are 100% publicly visible and tracible.

The only advantage crypto has for illicit activities is your account isn't controlled by any entity that will submit to the will of the government. So you can have an account with the coins, but then what? You have no way to do anything with it without being caught.

It is great for it, it is completely anonymous UNTIL - you want to try and convert it to FIAT or another more usable form....that is where the anonymous aspect of it goes out the window, or vice versa and you buy crypto with your CC/Bank/e-transfer as now you have tied your info to that purchase / withdrawl. But this is also why in the crypto world they have "washers" just like in the fiat world.. to wash crypto funds around to make it pretty dam next to impossible to trace.

 

[sharknice]

It is great for it, it is completely anonymous UNTIL - you want to try and convert it to FIAT or another more usable form....that is where the anonymous aspect of it goes out the window, or vice versa and you buy crypto with your CC/Bank/e-transfer as now you have tied your info to that purchase / withdrawl. But this is also why in the crypto world they have "washers" just like in the fiat world.. to wash crypto funds around to make it pretty dam next to impossible to trace.

As long as that exchange is untraceable yeah. If it's something high profile like this the washers would be under some serious heat.

 

[Lakados]

As long as that exchange is untraceable yeah. If it's something high profile like this the washers would be under some serious heat.

Assuming you could find washers willing to touch it, would be safe to assume that all those coins were tagged so no matter where they go they get followed and no actual exchange would safely touch them regardless of who was the owner.

 

[MrGuvernment]

Assuming you could find washers willing to touch it, would be safe to assume that all those coins were tagged so no matter where they go they get followed and no actual exchange would safely touch them regardless of who was the owner.

No known good exchange would, just like no good know banks or business would wash fiat, most DEX's are good for washing and depending what country they exist under, would have zero reason to give anything to any law enforcement. DEX's come and go over night I am sure like people change their under wear, they get in wash money through legit exchanges via their DEX as an initial point and then close shop and move on....

 

[SavageThrash]

Generally when some organisation claims to have defeated key/wallet encryption/generation what they are actually saying is that they found an error in the way private keys were generated and the entropy method that was used. This has happened quite a few times from just my recollection.

I would guess that the FBI has found a way to identify wallets that were generated using a flawed randomness generator, meaning there are lots of wallets out there that can be tied or linked to a specific creation tool/method. BTC protocol itself is secure, the wallet you generated using your browsers randomness generator is not.

At the end of the day why would anyone be using BTC over say monero? I can figure that monero isnt as widely accepted but it is actually private as satoshi discussed/intended.

 

[d3athf1sh]

Assuming you could find washers willing to touch it, would be safe to assume that all those coins were tagged so no matter where they go they get followed and no actual exchange would safely touch them regardless of who was the owner.

you're not understanding how it works. and you can't tag coins. they are called tumblers. they send the coins through a bunch of random addresses. there are tons of them and they do it for a fee. if you don't want to be tracked, use a good vpn. there are also bitcoin atm's

 

[d3athf1sh]

Generally when some organisation claims to have defeated key/wallet encryption/generation what they are actually saying is that they found an error in the way private keys were generated and the entropy method that was used. This has happened quite a few times from just my recollection.

I would guess that the FBI has found a way to identify wallets that were generated using a flawed randomness generator, meaning there are lots of wallets out there that can be tied or linked to a specific creation tool/method. BTC protocol itself is secure, the wallet you generated using your browsers randomness generator is not.

At the end of the day why would anyone be using BTC over say monero? I can figure that monero isnt as widely accepted but it is actually private as satoshi discussed/intended.

bitcoin is the gold standard. a lot of people have money in bitcoin, it's accepted everywhere and even irl at some places.

 

[Archaea]

People assume Crypto currency is untraceable and great for illicit activities, while in reality it's TERRIBLE for it. All transactions are 100% publicly visible and tracible.

The only advantage crypto has for illicit activities is your account isn't controlled by any entity that will submit to the will of the government. So you can have an account with the coins, but then what? You have no way to do anything with it without being caught.

Monero

 

[sleepeeg3]

bitcoin is the gold standard. a lot of people have money in bitcoin, it's accepted everywhere and even irl at some places.

If only this were true. After over a decade, it's still hard to find many stores that accept Bitcoin.

 

[Archaea]

If only this were true. After over a decade, it's still hard to find many stores that accept Bitcoin.

Gyft
https://www.gyft.com/bitcoin/

 

[DPI]

If only this were true. After over a decade, it's still hard to find many stores that accept Bitcoin.

OTOH if you had a gold bar you wouldn't shave off a flake just to buy a starbucks.

We're still in the wild west, "early 90s internet" days of cryptocurrency. Whether or not BTC prevails as the global defacto standard of future finance remains to be determined, but it'll always be the match that started the fire.