Bitcoin Forum
April 17, 2014, 04:20:27 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: Can my Bitcoins be stolen?  (Read 5274 times)
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
February 28, 2011, 09:07:42 PM
#1

I am really hopeful that Bitcoin emerges from Beta to become the Internet currency of the future.

For this to happen people must have confidence that their wallet cannot be emptied by some crook out on the net. So if I am running the Bitcoin software in the background, could a virus installed on my pc send a copy of my .bitcoin folder or wallet.dat to the crooks pc, who could then send all my coins to his own wallet thus stealing all my coins?

As a Newbie and not that techi, this is a concern I think many possible adopters will have. For example if I am tempted to install an animated wallpaper that happens to come with an unwanted payload designed to steal my .bitcoin folder. The wallet.dat that I think is the essential part is available unencrypted just begging to be stollen. Am I right? If not then thats a relief but if this is the case what would be the recommended procedure to protect your coins? I won't accept "don't install the wallpaper" as a fair answer.  Wink

Faith is believing what you know isnít true. For example, Global Warming.
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397751627
Hero Member
*
Offline Offline

Posts: 1397751627

View Profile Personal Message (Offline)

Ignore
1397751627
Reply with quote  #2

1397751627
Report to moderator
1397751627
Hero Member
*
Offline Offline

Posts: 1397751627

View Profile Personal Message (Offline)

Ignore
1397751627
Reply with quote  #2

1397751627
Report to moderator
SmokeTooMuch
Hero Member
*****
Offline Offline

Activity: 784


View Profile

Ignore
February 28, 2011, 09:17:02 PM
#2

Quote
Can my Bitcoins be stolen?
short answer: yes.
with the Bitcoin client you are your own bank and you have the full responsibility for storing and using your wallet in a safe way.

Also, there is at least one thread about this topic already.
-> https://www.bitcoin.org/smf/index.php?topic=2698.0

You like what I'm doing? Why don't you send me a coin: 17Pj8jpUgY6qTaKgiopL5U48zxU4rTrkuB
Bitcoin on Reddit: https://pay.reddit.com/r/Bitcoin
caveden
Hero Member
*****
Offline Offline

Activity: 1092



View Profile

Ignore
February 28, 2011, 09:18:52 PM
#3

Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
February 28, 2011, 09:58:09 PM
#4

Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so thatís not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

Faith is believing what you know isnít true. For example, Global Warming.
theGECK
Sr. Member
****
Offline Offline

Activity: 399



View Profile

Ignore
February 28, 2011, 10:00:28 PM
#5

Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so thatís not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

If somebody steals your wallet, they have complete control over any addresses that are a part of that wallet. That's one reason you may want to keep using different wallets, to mitigate that threat.

13shEJVGamWDu1qkAjbjD8g62hacPFmjQc
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
February 28, 2011, 10:43:53 PM
#6

I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.

Faith is believing what you know isnít true. For example, Global Warming.
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
February 28, 2011, 11:53:03 PM
#7

I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.


Your wallet is data. If you connect a computer to the internet, there is the possibility that the data on that computer may be compromised. Take precautions. Use a secure operating system. Encrypt your wallet. Do not install programs from sources you do not trust. Practice safe computing, and you don't need to worry about your wallet.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
ronaldmaustin
Full Member
***
Offline Offline

Activity: 126


View Profile

Ignore
March 01, 2011, 07:27:12 AM
#8

No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
March 01, 2011, 07:37:48 AM
#9

No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend. I sincerely hope it is the former. Even if you couldn't just load up his wallet and send his coins to yourself, several threads have been written (and the bounty collected) about collecting coins using nothing but the private key, which is included in the wallet.dat. Other threads have been written about extracting the private key from a wallet (again, bounty collected).

tl;dr: don't send your wallet to anyone.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
caveden
Hero Member
*****
Offline Offline

Activity: 1092



View Profile

Ignore
March 01, 2011, 09:38:30 AM
#10

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Yes. If you suspect your wallet has been compromised, you should:
  • Generate 100 new addresses, and discard them (never use)
  • Transfer any remaining coins on that wallet to a address generated after the 100 above.
  • Never use any of the older addresses for any transaction.
  • Most important, try to understand what happened in order not to keep your new addresses in the same compromised machine. Maybe a format if it was a virus, a divorce if it was your wife etc.

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

I agree, the thing is that it's just not that simple. If you keep your wallet on the same machine you use to surf the web, there's always risk. If besides that you use windows, the risk is greater. It's impossible to fully protect a user's computer if the user executes malicious code or if s/he trusts in people s/he shouldn't. And sometimes you may get a worm just for viewing the wrong web site, without executing anything else but normal browsing...

I think that the best solution for those who don't feel comfortable in keeping their own coins is:
  • Have an offline wallet for your savings, as suggested before.
  • Use a "bank" (MyBitcoin, MtGox, Bitcoin-central...) to keep the bitcoins you want to move more frequently.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
markm
Hero Member
*****
Offline Offline

Activity: 1148



View Profile WWW

Ignore
March 01, 2011, 10:52:09 AM
#11

Any user accounts on any of your machines that are used to run untrusted software such as random screensavers and such that you impulse download while surfing the net should probably not also be used for financial applications, at least if one feels the concern that you feel.

Log in to your user account that has the financial apps only when you have finances to transact. For recreational computing log in to your recreational account.

It is much the same as not using your system-administrator account for recreation. Regard your financial-administration account similarly.

Treat your recreational account like En Guard's "red light district" activity: each time you visit you might be mugged so only take as much money there as you are prepared to lose.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
March 01, 2011, 08:37:23 PM
#12

I am pleased to get all your helpful answers but disappointed Bitcoin has this security hole. My fear is not that I will get my coins stolen as I am very careful not to allow my Linux system to be attacked. My worry is that where a shop does decides to accept Bitcoins, only then to see their takings randomly disappear, surely this would effectively strangle Bitcoin at birth.

Faith is believing what you know isnít true. For example, Global Warming.
caveden
Hero Member
*****
Offline Offline

Activity: 1092



View Profile

Ignore
March 01, 2011, 08:51:54 PM
#13

This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
March 01, 2011, 08:57:36 PM
#14

This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.

Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?

Faith is believing what you know isnít true. For example, Global Warming.
FatherMcGruder
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW

Ignore
March 01, 2011, 09:27:14 PM
#15

Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?
He's saying that if Bitcoin goes mainstream, we'll see a huge demand for really good security. However, we'll also see a demand for really good thieves.

To reassure you, I'll say that you'll have less vulnerability to theft with bitcoins than with regular paper money. It's harder to counterfeit, and no one can print it on a whim. Also, you can't back up paper.

Use my Trade Hill referral code: TH-R11519

Check out bitcoinity.org and Ripple.

Shameless display of my bitcoin address:
1Hio4bqPUZnhr2SWi4WgsnVU1ph3EkusvH
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
March 01, 2011, 11:19:37 PM
#16

Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Beremat
Member
**
Offline Offline

Activity: 118


View Profile

Ignore
March 02, 2011, 03:27:12 AM
#17

Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.
Exactly. This is as much a "security hole" as someone breaking into your house and stealing your jewelry.
ronaldmaustin
Full Member
***
Offline Offline

Activity: 126


View Profile

Ignore
March 02, 2011, 02:53:01 PM
#18

No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend.
tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
March 02, 2011, 02:58:16 PM
#19

tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.

Indeed. The "flat" nature of internet text communication means sudden left turns like this usually get misunderstood.

My apologies. Smiley

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Scarecrow
Jr. Member
*
Offline Offline

Activity: 35



View Profile

Ignore
March 02, 2011, 09:23:52 PM
#20

Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

Faith is believing what you know isnít true. For example, Global Warming.
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!