ChavasRegal Posted January 11, 2018 Share Posted January 11, 2018 Right lets just start by saying I feel sick, physically sick,. Over Christmas I had family up and we got talking about crypto, after a bit of chatting they decided that they would like to invest in some XRP but with exchanges overwhelmed and registrations being suspended they asked if I would mind acting as the middleman and putting the money through my bank and on to the exchange, personally I was against this as I know how volatile things can be and although I'm happy to loose my money; I'm not so happy to risk other peoples. I finally caved and put a modest £2k on to the exchange for them with 50% going on a selection of alts and 50% going on XRP, they wanted 100XRP setting aside In a wallet for the grandkids a long ways down the line and the rest in to their wallet. so today after the price of XRP dropped and with them having around £1k in profit from their altcoins they asked me to trade those in and pick up more XRP, happily I obliged. Come tonight and I'm ready to move the XRP from Binance to their wallet, I copy their wallet address but before I send I double checked the address, to my horror all their XRP had been taken out on the 31st Dec. Below are the two wallets. https://bithomp.com/explorer/rEAvsfoR3GN8D7YKEdCGBZj81QkFXyfGPv https://bithomp.com/explorer/rftjDErSDDdq93zQK9T6Gxf4aEHcxrv9xP Both these wallets were cold wallets, they were generated and then printed out, their private keys only stored on paper, they were both generated by using https://ihomp.github.io/ripply-paper-wallet/coldwallet-SHA1-cdfbe3260927b6073180a1099f02ef99ce0495e8.html The only thing I can think of is the wallet generator site itself is where the account was compromised! Has anyone else used this particular wallet generator, can anyone clarify its safety / security? As I said earlier I feel physically sick, I know to a lot of people its not a lot of money, but I feel personally responsible, my gut instinct to not play with other peoples money was right and now the only option I feel I have is to reimburse them out of my own wallet. CR Link to comment Share on other sites More sharing options...
elias Posted January 11, 2018 Share Posted January 11, 2018 (edited) It is strange that the wallet generators 'fork me on github' link is dead - that is where the source code should be available. I have previously used TheWorldExchange.net to access the ledger/generate keys etc. Its source code is available and it runs entirely client side (apart from connecting to the ledger or Ripple servers). I trust TWE, at least the version I downloaded from github and run myself, but I would not trust that paper wallet thing you posted. Apparently some people trust hardware wallets, but personally I wouldn't trust those either and don't even see the point. Edited January 11, 2018 by elias Link to comment Share on other sites More sharing options...
eoma Posted January 11, 2018 Share Posted January 11, 2018 It could be generating predetermined key-pairs Link to comment Share on other sites More sharing options...
kickstart Posted January 11, 2018 Share Posted January 11, 2018 I am guessing --- Computer that was used to generate the wallet is compromised The github hosted code is compromised Would enabling "GlobalFreeze" prevent others from stealing funds? What about "RequireAuth"? https://ripple.com/build/freeze/#global-freeze https://ripple.com/build/gateway-guide/#requireauth Link to comment Share on other sites More sharing options...
Jannercobbler Posted January 11, 2018 Share Posted January 11, 2018 (edited) 45 minutes ago, kickstart said: I am guessing --- Computer that was used to generate the wallet is compromised The github hosted code is compromised Would enabling "GlobalFreeze" prevent others from stealing funds? What about "RequireAuth"? https://ripple.com/build/freeze/#global-freeze https://ripple.com/build/gateway-guide/#requireauth How would you enable Global Freeze on an account please?? Edited January 11, 2018 by Jannercobbler edit Link to comment Share on other sites More sharing options...
gtyj Posted January 11, 2018 Share Posted January 11, 2018 (edited) I used that very same paper wallet link about a week ago and my funds are just fine. You can see my thread asking about verifying a cold storage wallet right before I transferred the funds here Also that very wallet is the one reference by @Mercury on one of the tutorials posted here about wallet options So far my funds are there and there are no issues, however I would be very alarmed to find out there is an issue with this wallet. The way I did it was to run the code in a newly installed raspbian OS on a blackbery PI 3 that was never online. I never printed the wallet nor did I generate the key pair on an online machine. I only transferred its key/secret to a couple of usb sticks that I still hold. So far, like I said my wallet has all the funds I transferred almost a week ago. Edited January 11, 2018 by gtyj Link to comment Share on other sites More sharing options...
RecentChange Posted January 11, 2018 Share Posted January 11, 2018 https://ripple.com/build/freeze/#global-freeze The XRP Ledger gives addresses the ability to freeze non-XRP balances, which can be useful to meet regulatory requirements, or while investigating suspicious activity. There are three settings related to freezes: Individual Freeze - Freeze one counterparty. Global Freeze - Freeze all counterparties. No Freeze - Permanently give up the ability to freeze individual counterparties, as well as the ability to end a global freeze. Because no party has a privileged place in the XRP Ledger, the freeze feature cannot prevent a counterparty from conducting transactions in XRP or funds issued by other counterparties. No one can freeze XRP. SimpleLife 1 Link to comment Share on other sites More sharing options...
MooseInTime Posted January 11, 2018 Share Posted January 11, 2018 3 minutes ago, gtyj said: I used that very same paper wallet link about a week ago and my funds are just fine. You can see my thread asking about verifying a cold storage wallet right before I transferred the funds here Also that very wallet is the one reference by @Mercury on one of the tutorials posted here about wallet options So far my funds are there and there are no issues, however I would be very alarmed to find out there is an issue with this wallet. The way I did it was not run the code in a newly installed raspbian OS on a blackbery PI 3 that was never online. I never printed the wallet, only transferred its key/secret to a couple of usb sticks that I still hold. So far, like I said my wallet has all the funds I transferred almost a week ago. different URL - same look I'm comparing the source code now ChavasRegal and RecentChange 1 1 Link to comment Share on other sites More sharing options...
MooseInTime Posted January 11, 2018 Share Posted January 11, 2018 The one in the Mercury post is a dead URL: https://yxxyun.github.io/ripple-wallet/ The one the OP used is at https://ihomp.github.io/ripply-paper-wallet/coldwallet-SHA1-cdfbe3260927b6073180a1099f02ef99ce0495e8.html Link to comment Share on other sites More sharing options...
MooseInTime Posted January 11, 2018 Share Posted January 11, 2018 Can't compare the source code as the Mercury one is dead, I'm looking for anything obvious in the source of the OP's candidate now ThomasTheTGV 1 Link to comment Share on other sites More sharing options...
cuber Posted January 11, 2018 Share Posted January 11, 2018 @ChavasRegal Reaching out to @JoelKatz for you now. JK has previously been excellent helping out guys with similar issues such as yours and hopefully he can provide some assistance. Of course, i'm sure that he's extremely busy during these times however you never know. cryptoxrp and ChavasRegal 1 1 Link to comment Share on other sites More sharing options...
ChavasRegal Posted January 11, 2018 Author Share Posted January 11, 2018 1 minute ago, cuber said: @ChavasRegal Reaching out to @JoelKatz for you now. JK has previously been excellent helping out guys with similar issues such as yours and hopefully he can provide some assistance. Of course, i'm sure that he's extremely busy during these times however you never know. Thanks cuber much appreciated. Link to comment Share on other sites More sharing options...
MooseInTime Posted January 11, 2018 Share Posted January 11, 2018 (edited) I'm not a JS expert (I manage a team of JS devs as my day job) will ask them to have a look when I'm back in the office. Edited January 11, 2018 by MooseInTime Trisky 1 Link to comment Share on other sites More sharing options...
ChavasRegal Posted January 11, 2018 Author Share Posted January 11, 2018 6 minutes ago, MooseInTime said: Can't compare the source code as the Mercury one is dead, I'm looking for anything obvious in the source of the OP's candidate now My main concern is that the generator is compromised and others are going to be affected. I don't think its my computer that's the weak link, it's kept fully up to date and scanned regularly for viruses / malware and I used spyboy search and destroy to immunise against known threats. Link to comment Share on other sites More sharing options...
Valhalla_Guy Posted January 11, 2018 Share Posted January 11, 2018 I used the same wallet generator (offline) and my XRP is still there. I was steered to the wallet from this thread (trusted source) -- I believe (hope) it is safe. The hash is the same, as the one in my zip file. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now