New research shows Bitcoin security is worrying

Are you still interested in Bitcoin trading? If you are interested in Bitcoin trading, please read the following, I believe it will be very helpful to you. The latest research shows that Bitcoin security is worrying.

Encyclopedia: Bitcoin wallet

The concept of Bitcoin was first proposed by "Satoshi Nakamoto" (it is not clear who he is) in 2009. The open source software designed and released based on Satoshi Nakamoto's ideas and the P2P network built on it are Bitcoin is a P2P digital currency.

Unlike most currencies, Bitcoin is not issued by a specific monetary institution. It is generated through a large amount of calculation based on a specific algorithm. The Bitcoin economy uses a distributed database composed of many nodes in the entire P2P network to confirm and record all transactions, and uses cryptographic design to ensure the security of all aspects of currency circulation. The currency system had no more than 10.5 million in 4 years, and the total number will be permanently limited to 21 million.

Currently, researchers have tracked transaction records for 6 years and found that hackers have obtained a total of about $103,000 in profits from protected Bitcoin holders' accounts. At the same time, research shows that many Bitcoin holders use simple and easy-to-remember passwords to protect their accounts instead of complex passwords. After testing nearly 900 accounts, it was found that the passwords of some accounts can be quickly cracked. Previously, there was a new electronic wallet "brain wallets". As the name suggests, brain wallets are Bitcoin wallets that exist in the mind. It is actually a way to generate Bitcoin private keys, which generates the corresponding Bitcoin address by calculating the user's input. You only need to remember one password, and you can use this password to restore the Bitcoin address and private key in the brain wallet program.

As early as 2012, a website Brainwallet.org appeared. It is a web-based JavaScript Bitcoin address generator that generates the corresponding Bitcoin private key and address by performing SHA256 calculation on the content entered by the user. The benefits it brings are very obvious:

1. Users do not need to install Bitcoin Core (then called Bitcoin) software, nor do they need to download huge blockchain data. They only need to open a URL to easily generate a Bitcoin address and receive it;

2. Users do not need to learn how to back up the wallet.dat file regularly. They only need to remember the password they set so that they can calculate the corresponding private key when needed.

Over the years, the wallet has been considered relatively secure, although some Bitcoin experts such as Gregory Maxwell and Gavin Andresen have warned that it is prone to problems.

In the following years, Brainwallet.org was constantly updated, but the core functionality remained largely unchanged until it was shut down in August 2015.

Last year, another discovery proved the insecurity of electronic wallets. In August last year, Ryan Castellucci, a security researcher at White Ops, proved at the Defcon hacker conference that attacking brain wallets is not as difficult as imagined. Brain wallets do not add salt (a randomly generated string) to passwords, and this deficiency can allow malicious attackers to obtain a large amount of user information at one time. In contrast, companies such as Google and Facebook have done a good job in this regard, with more complex encryption and preventing problems like Castellucci's.

As Bitcoin grows, so does encryption technology

According to the latest report, the vulnerability of brain wallets has been well known. As of August last year, 884 brain wallet accounts have suffered losses, with a loss of approximately 1,806 bitcoins. The report author said:

“Our research revealed the existence of an active group. Overall, about $100,000 worth of Bitcoin was loaded into brain wallets, more than three-quarters of the total value of the ten most valuable wallets. Some brain wallet accounts were stolen within minutes, and some accounts were completely emptied of Bitcoin. Almost all brain wallets can be stolen within 24 hours.”

The report, called "The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets," will be presented at the Financial Cryptography and Data Security 2016 conference. To crack the brain wallet, the team collected about 100 billion passwords from 20 projects, including urban dictionary, the English version of Wikipedia, and passwords leaked from the RockYou gaming website. There are also phrases like "say hello to my little friend," "yohohoandabottleofrum," and "dudewheresmycar." Since the blockchain is public, it means anyone can see where the bitcoins are going, which means that once the password is obtained, the specific location of the bitcoin user can be clearly seen.

Earlier, some Bitcoin holders posted information on the forum that the Bitcoin in their accounts suddenly disappeared, and many victims complained about the theft of Bitcoin. Now many people have given up on brain wallets, but Castellucci said that Ethereum is not as absolutely safe as imagined, but he did not disclose more details. However, with the development of Bitcoin, I believe that more excellent encryption technologies will emerge to improve these shortcomings.