Hacker News new | comments | ask | show | jobs | submit login

It seems unlikely that Karpeles randomly stumbled across 200,000 missing bitcoins. It seems at least plausible that he attempted to steal them and is now backpedaling since people aren't buying his malleability story.

This is the first ray of hope regarding customers recovering any of their missing bitcoin though.




> It seems at least plausible that he attempted to steal them and is now backpedaling since people aren't buying his malleability story.

Or that they lost the keys to some wallets and have managed to crack one.


If that were the case, then there's no reason to frame it as if they thought there weren't any bitcoins left in unused company wallets. They could just tell the truth.


That's true, it would actually make them seem less cretinous if they said they had cracked a lost key.

I guess the fact that they have to have been so staggeringly incompetent to have 200,000 bitcoins they didn't even know about makes me feel like there must be some other explanation than the one they are offering.

Attempted theft is up there.


Karpeles said last winter that they were going to make their keys more secure by breaking them into pieces using a Shamir's secret sharing algorithm. This would allow a key to be more secure because it would take several pieces, but not all of them, to reconstitute the private key.

My assumption is that they either made a mistake with the algorithm, or they lost enough chunks of the keys that they can't reconstitute the private key. This could have been as simple as a banks safety-deposit box being inaccessible because it's seized or losing the pieces.

If they were stored digitally, it could be as simple as a media problem (Organic dyes in CDR's degrade. USB drives aren't infallible, etc).

The reason they got this wallet open is because they probably recovered the private key in some ancient backup they forgot they had from before they split the keys into pieces and deleted what they thought were the only copies of the unsecured keys.

This is just my completely unsubstantiated theory, but it seems to match the current facts.


Mark stated that the missing coins were most likely lost due to transaction malleability. I don't know why he would risk lying for no good reason.


The 'good' reason would be the 400 Million dollars...

Not saying he is or isnt lying, but we cant just throw around the 'there is no good reason for him to say xyz' in this situation...


Yes, that's what I meant: stealing them would have been a good reason to lie but covering up a form of negligence (media failure) with another form of negligence (transaction malleability), which was the theory I was trying to refute, doesn't seem especially useful (hence the "no good reason to lie").


Wouldn't someone publishing that keys can be cracked in realistic timeframes deal a blow to the currency itself?

Sure, it would have required tons of computing power, but they still would have cracked the key in several weeks' time.


Well not exactly, as I understand it you could attack the passphrase protecting the key.

If you remember any details about this passphrase then you can dramatically reduce the strength? (I'm not sure of the word to use here. Someone help me out) of said passphrase.

But yes, if someone was able to crack keys in a reasonable amount of time then bitcoin would crash overnight.


Ah okay, you're right. And yes, if you knew anything about the key you could drastically reduce the key space to search.


Was the word you were looking for "entropy"?


That would be it!


>>Or that they lost the keys to some wallets and have managed to crack one.

No cracking. They just found a wallet.dat somewhere, that's all. If they lost the keys(as in, lost the wallet.dat with the keys in it) and were able to generate a valid private key given only a public bitcoin address... bitcoin is dead, game over, pack it up.

Now instead, if we're talking about a passphrase to a wallet.dat...


> If they lost the keys(as in, lost the wallet.dat with the keys in it) and were able to generate a valid private key given only a public bitcoin address... bitcoin is dead, game over, pack it up.

This is a realistic scenario. If the private key generation was of the same quality as the rest of their code (i.e. using a weak PRNG), the reconstructing a private key may be doable.

It's not like Bitcoin wallets weren't previously cracked using this method in the case of an Android wallet misusing the crypto API (http://arstechnica.com/security/2013/08/google-confirms-crit...)

A competent entity in possession of MtGox source code may be in a good position to steal all the loot.


> If they lost the keys(as in, lost the wallet.dat with the keys in it) and were able to generate a valid private key given only a public bitcoin address... bitcoin is dead, game over, pack it up.

Yeah. This wouldn't be a fail on the MTGox league; this would be a "Satoshi Nakamoto and all the cryptographers who took a look at the code failed". Cracking a wallet is supposed to be something that requires the resources of a state-sized entity.


>Cracking a wallet is supposed to be something that requires the resources of a state-sized entity.

A galaxy-sized entity, maybe? The only known way to find a private key from a public key is brute force. That's way beyond the abilities of a state, unless they've made a massive breakthrough in quantum computing.

http://i.imgur.com/fYFBsqp.jpg


Obpedantry: In theory rho allows you to recover private keys with work-factor 2^128 (times some small constant depending on how much storage you wish to use), which is significantly less than the 2^256 you might expect from "brute force".

Still completely infeasible.


But first you have to obtain the public key by finding a preimage of the SHA-256-hashed address. And SHA-256 (with the full number of rounds) currently has no known preimage attacks that are even marginally better than brute force.


Not in a flawed PRNG was used. Lets not forget we talk custom wallet implementation here...


Am I missing something or does that seem really really implausible http://bitcoin.stackexchange.com/questions/2847/how-long-wou...


Yeah, you make off with $116 million, and then rather than blame it on incompetence (which by all accounts is what mt gox looks like), you start back pedalling....




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: