Bitcoin Forum

Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out:

• http://blockchain.info/tx-index/27883052/6f85951bcecbe64999ad192275af087c5be2922ee13937693992c1ddf9ae8ce6
• http://blockchain.info/tx-index/27883028/8e6a2d0b8132d3d9edc1fcffe1b3079de59c10c67522e2abc51c1d84b260fdac

At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys.

I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere.

Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?

You're pretty much screwed. :\

Yep, that much I knew already.

Before any further steps to investigate the transactions, you have to prove that you owned the stolen funds.

I feel bad for you :(

That sucks, bro.

If it's any consolation (probably not), I heard a story on this forum once about a guy that formatted a drive with tens of thousands of coins on it. He said the worst part was his wife knowing about it.

Well that shouldn't be too hard, I can sign a message with the private key belonging to one of the addresses. But I don't see that doing any good.

Is this incident somehow related to this?:

It might just be a coincidence and will not improve your situation, but there was a discussion today

https://bitcointalk.org/index.php?topic=113654.40

and then someone found this

http://82.130.102.160/

Probably because of the name "BitThief", people started speculating over the purpose of this program so I posted a link to your members page at the ethz to point out that this program is not related to bitcoins. A few minutes later I replaced the link with the following

http://bitthief.ethz.ch/

This happened about an hour before the transaction of your funds. As I said before, this might be a coincidence but I am really sorry if I have drawn attention to you and your funds.

Is your computer infected? Did you notice anything unusual?  Did you run a full AV scan?

Figure out how it happened, gather details, file a police and FBI cybercrimes report.

Make sure the method of theft is not still open.

was there any connection with the university IP and the wallet?

Downloaded, ran in a sandbox, no processes spawned except for BitThief itself, which is a purely leeching torrent client. Stupid and pointless, but not a wallet stealer. Running in ANUBIS to see if I missed something locally.  (http://anubis.iseclab.org/?action=result&task_id=17b84c8f9ebc7c9a485f7ae9ef15dc1ee)

And here's something to cheer you up. https://i.imgur.com/drgqI.jpg

UPDATE:

Yeah, BitThief does jack shit with bitcoins. The only similarity it shares is that it's P2P

Cry, OP. Just let it all out.

You're not getting a dime back. The FBI won't care.

An old backup you stored somewhere?

What does that actually mean?

You gave the staff of some remote file storage site a free unencrypted copy of your wallet yet are surprised they took the coins?

Or what?

-MarkM-

if you have a copy of your unencrypted wallet.dat somewhere and you encrypt it LATER all your private keys are UNSECURED which you had in the wallet until the encryption task happened.

Would be great to hear him confirm this was the case that he had all that before encryption

So, you stored your wallet in plaintext at somewhere other people may be able to access, and surprised someone robbed you?

it doesn't matter how many coins you have, ALL your coins are unsecured which you receive with this private key(s) also the coins you might receive in the future!

Nevermind the other Thread, as I already explained it's part of my research, I myself am 82.130.102.160, and yes we developed BitThief, so that's not it.

I think showing up on blockchain.info actually put a huge target on my back. I see a few connection to my notebook from Russian domains and the big surprise: they are able to log in...
They must have somehow gotten my password or

[...few minutes later ...]

sorry had to kill the network connection, whoever it was they were still logged in on my machine...

Ah so likely they logged your keystrokes to get any passwords you typed, or maybe even were able to access decrypted keys in RAM depending on what kind of "secure RAM" system might be used for keys.

Quite likely you are rootkitted too, so that pretty much anything and everything on your system is suspect, unless they weren't keylogging last time you logged in as a user who can write to the executable files areas and do not have a root exploit that can work from whatever user the logged in as.

-MarkM-

Still reconstructing everything that happened, but it seems that broadband-178-140-220-181.nationalcablenetworks.ru [178.140.220.181] was able to log into my machine:


Same happened a few minutes later on my machine at home (my bash history must have told him were to find it), and from there he must have been able to find my wallet backup (which is really old, but was kept unencrypted, so any key that was in there is compromised).

I'll write everything down and file a report, we'll see how open to technology the swiss police are :D

What is "Accepted publickey for cdecker from 178.140.220.181 port 28384 ssh2" about? Does that mean he had the private key corresponding to your public key so was able to respond to some kind of asymmetric crypto challenge to auto-login through sshd?

-MarkM-

Cdecker, I'm so sorry to hear this, regardless of how it happened. :(

Russkies cracked into your computer and pilfered your wallet? That's a lesson to all of us.

Really sorry.  The best thing I've ever done is create a bunch of paper wallet backups on a un-networked Linux machine with Armory and then do a military grade wipe of the drive.  I suggest everyone holding significant amounts do something similar.  I remember when Gavin started talking about wallet encryption and how he made it a point to say that it couldn't fend of attacks such as the one you've unfortunately fallen victim to.  Real bummer.

This incident also proves, if need be, that using linux rather than windows does not automagically protect you from cybercriminals.

Whatever the OS, it's your security
procedures that make all the difference.

I've started closing down SSH as much as possible. The one time I got hacked, it was via a temporary account with a stupidly simple password and a privilege escalation. Fortunately, as far as I can tell, nothing substantial happened but with the world as it is at the moment, leaving the port open to the world when I only ever occasionally need to access it from the internet and then for only short periods of time seems unwise.

i do feel 50% more paranoid now - if even security researchers get hacked, who can even say his hot wallet is secure?

Good investigating. Someone needs to build a physical device that generates address/key pairs offline so you can take a Polaroid of it and stick it in a safety deposit box.

Well I'm not a security researcher, I'm researching Distributed Computing. And yes the errors were stupid.

wait so..was the primary error that you left your backup wallet unencrypted? Or were there others?

I was going to ask the same thing. Could someone please explain (in simple words?) how the coins got stolen?

could this be someone trying to launder your coins? I will try and dig out when the first peak occured.

edit:
[namecoin chart with odd peak]

no it was much too early. sorry for the confusion and good luck with getting back your coins. with this large a stash  you really should have been more careful.

Wow sorry to hear that.  I've since gone and removed all unencrypted wallets I had backed up just in case.  If there's any possible way of getting things back, I wish you luck.  Was about to say I hope you didn't have much but.. yeah, sorry.

Thank you for being strong and sharing everything you did so that others in the future may be more protected now.  It sucks but your story will help others!

If it was just formatted one time, they are probably recoverable.

That ssh log message indicates they accessed using your public key. How on earth did they get that? Did you access from some other systems that they may have also got access to? This is pretty common. This means you need to check all other computers that previously you used to connect to your laptop. A public key is not more safe than a password if it's left laying around on various systems.

People often use a key for automated access (scripts etc). If you do that it should be for a different, limited user that can only do the very limited functions you intent to automate.

I don't understand it either, apparently they got first into my home machine (with password auth enabled), grabbed the private key for my work machine and logged in there. No idea as to how.

Keylogger somewhere ? Password shared with a compromised website ?
Sorry for you loss, and good luck with your research. And thanks for doing research on bitcoin

2 things:

1. I sent an email to the ISP that controls the IP that hacked you. I doubt much will come of it, but I figured "Hey, worth a shot".

2. I can check your computer through Teamviewer if you're comfortable with letting me have access to it. I'd just check the startup processes. However, I won't be of much help on Linux if that's what you use. I'm not comfortable enough with Linux to do much. :/

Thanks caffeinewriter, any help is appreciated. I will file a report on Monday, and see what they say.

As for the cleaning up I think I'm OK. Just running clamscan over all the files, rkhunter had nothing to complain, but I don't know whether an eventual rootkit wouldn't be smart enough to fool them, any experience about that?

wow, 8000+ btc, that must hurt. sorry man!

My humble advice:

- log off, go to bed, try to sleep and get your head clear

- tomorrow, try to figure out what happened.

agh sorry to hear ...

Just wanted to repeat my self again,
we need a easy to use Multi Sig implementation asap ...

Funds like these do not belong on a one to one transaction address.
 ::)

I'm sorry for the accident :(

Care to share the details of your exact setup? I still didn't pick up what OS you were using etc.

Any possibility of physical access at home? Roommate, neighbor, wandering gypsy, anyone who has physical access can gain root without password and then access your key - unless you use encrypted home or an encrypted hard disk.

Do you have remote access methods open at home, eg. VNC, or run a web server or other service? These are things that can get compromised. Java based web apps/servers seem to be open like swiss-cheese nowadays going by reading the news anyway.

Even someone with brief access to your laptop could simply run ssh-copy-id to some remote server they control. That would give your key to their server for later re-access. I wouldn't fully believe this was a Russian user. It could just as easily be your next door neighbor using a proxy.
Check whether an additional key has been added to your laptop's ~/.ssh/authorized_keys file. This could be done by anyone with even a few moments access to your laptop.

Another thing I noticed - your sshd log msg indicates the user used sftp to login since it happened at the same exact same second as the ssh login. Hence, it wasn't a user logging in to the console and then choosing to use sftp. Have there been machines where you used sftp to view files? This uses ssh as a transport layer but you may have thought differently about how you connected since the client would not be console but Nautilus or any number of file browser apps.

Let me put it this way. There is nothing more annoying than Rootkits. They hide in every dark corner of your system. I'd recommend a specific rootkit detector/remover. Here are some I know of.

1. http://www.gmer.net (http://www.gmer.net) (Windows)

2. https://www.pcworld.com/product/946306/f-secure-blacklight-rootkit-eliminator.html (https://www.pcworld.com/product/946306/f-secure-blacklight-rootkit-eliminator.html) (Windows)

3. http://www.rootkit.nl/projects/rootkit_hunter.html (http://www.rootkit.nl/projects/rootkit_hunter.html) (Linux)

4. http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx (http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx) (Windows)

If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

ssh-copy-id transfers the public key.  That is fine.  Your public key can be public.  It's the private key that you have to protect and often have encrypted.

Stories like this make me want to change all my passwords and move to new hot wallets.  This is why I keep my large stash in an offline Armory wallet.

You're right - I got turn around. It's someone adding a public key to your authorized_keys file that you would need to be wary of.

BTC is the most pathetic way to store money I have ever seen. PERIOD!!!!!
It gets taken and you get told go to hell and I get yet another laugh...
If you try and get my FIAT that is not in the bank, well, my gun(s) will change your mind or take your life. Simple as that...

Yes, now print a paper wallet (key) and you can say exactly the same thing about Bitcoin.

+1 GernMiester, I respect your opinion and respectfully reject it and maintain my own.

Separate money into multiple offline backup wallets. Everything in 1 pot is silly =/

Sorry about your loss.

Indeed. They may do it slowly but it is surely. At 3%/year it'll take them, what, about 20 years to take half of it but guns in both hands and bars on the doors won't stop them.

So far with Bitcoin, excepting a week when everyone went bananas last summer, you would very likely be much ahead, maybe even very much ahead.

Please explain us how the hell they got access to your private key.

Does you home machine password have more or less than 60 bits of information (10 character, letters, numbers ,symbols)?

You may want to check the logs for failed login attempts.

I think the lesson here (which I did not know) is that you are going to move to key-based authentication, you should do it everywhere at the same time. Do you log into you home machine from Public computers? is that why you were not using Key based authentication?

Note: until recently, I was using password authentication with about 17 bits of information. Half my security was obscurity (two logins required with different usernames and passwords).

I think after a disaster like this the only secure method is to reinstall all affected computers, make some images
of the harddisk so you can still analyze what happend.

+1, don't try to fix a os if you think it might have a root kit.
Root kit cleaners are like anti virus software, they only clean what they know and recognize ....

8000 btc in a hotwallet... Was that necessary? Why didn't you consider cold storage?

advise, advise, advise... it's to late to blame him! I'm looking forward to get clear instructions from here:

Really sorry for the OP. There's not much one can say to help the situation. These kind of problems have got to be sorted out before BTC hits the mainstream. I get the feeling that on the average, we are here are quite tech savvy compared to the the normal guy. But if a granny had her wallet.dat stolen and the tabloid newspapers get hold of it, that would be a serious blow to the credibility of bitcoin and might be irreversible.

Just to add that with bitcoin, responsibility lies in the hands of the users whereby with the normal currency, responsibility lies partly with the banks and partly with the users. In the case of money theft from a bank account, there is a good chance that the user would be fully reimbursed, even if the users were negligent. The people are dumbed down in this day and age to shy away from personal responsibilty and always be finding someone else to blame, e.e. governments, banks, etc.

sincerest sympathies.

this is precisely why every backup of my wallet i've ever done isn't stored in a readily indentifiable way. i hide the compressed and encrypted (password of over 20 characters)  in another file type using a mostly forgotten about DOS command.

also it reminds me that i need to set up my brass plate etching equipment again to make "paper" wallets that are more durable.

The problem is that there's no good way to keep your coins secure. It's not so much a matter of blame -- it's just that there's no good way to keep your coins secure. Every reasonable suggestion I've heard is so complicated it's just not practical. And there's no good way to balance being sure you don't lose access to your own coins with being sure nobody else gains access to them. This is one of the two biggets problems facing Bitcoin today.

Try this thought experiment: Reason out an explanation of how to securely hold thousands of dollars worth of Bitcoins such that a typical American adult with somewhat above average computer skills could understand the process and the reasoning behind each step.

I'll just leave this here:

http://blockchain.info/ip-address/178.140.220.181

http://www.bitbin.it/2gB4kcIa

Thanks mate, will add this to my gathered data for the police :-)
He has since then disappeared (reconnect?)

In many countries, banks are insured by government agencies. That's pretty close to fool proof. You can also hide fiat and/or lock it securely. Of course, that's not 100% reliable, but its risks are very easy to understand and not that difficult to reduce. People have many years of experience protecting fiat and have gotten very good at it. It's rare for a person to be a victim of a large theft of fiat.

BREAKING NEWS: Goat admits to thievery! ;)

What's so difficult to understand about a paper wallet?

for the technically/cryptographically clued in, probably not much. but the process of creating one in a truly secure offline manner is a whole different kettle of fish.

The best I know is this: http://bitcoinarmory.com/index.php/using-offline-wallets-in-armory and possibly paper wallets (a different level of trust is needed).

Any simple solution will involve trust because the common folk won't be a cryptography expert. So maybe a bunch of paper wallets made offline by trustworthy code (or code reviewed by trustworthy people). Provided no single wallet storage holds too much, it should be fine...

Freudian slip.

I would certainly recommend wiping any machines you have, clearing any authorized SSH keys on any systems you have access to, and transferring any remaining coins you have to new wallets.

If somebody had SSH access to your system and knew a bit about bitcoins, I'm sure it wouldn't be a problem for them to find some local privilege escalation attack against your system and deeply embed themselves into your machine.

Bitcoin is an excellent social experiment in the depravity of people.

And to the OP.  Sorry about the sick feeling in your stomach.  You have to protect your balls..errr, coins man.

Bitcoin has to fight at two fronts right now. Governments & Regulations and Scammers & Hackers.
It's a bit depressing to see that it's more the Scammers & Hackers site of things which makes most users suffer.

That tells you something about the predatory attitude of people. We may have abolished cannibalism in the literal meaning, but we still have it in an economical sense.

blockchain.info wallet

The key is not being sure "nobody" gains access to them, the critical part is you know exactly who can potentially access them.

if you have your wallet on a computer somehow connected to the internet, it's pretty safe to assume it's accessible by anybody with the proper skill set to hack into computers. The only way to mitigate the risk is to make it unattractive for thiefs, i.e. the time they have to invest to hack into your system should NOT PAY OFF (i.e. keep the incentive low). That's why I don't understand that people store >$1000 in a hot wallet.

Some services don't have a choice and they have to have hot wallets connected to the internet. However, they usually employ multi-sig and other protective mechanisms.

It always makes me sad if honest users get robbed by petty thiefs. I think one of the mission statements of the bitcoin foundation was to facilitate user education. I think that's absolutely necessary.

Great Freudian slip there Goat!  :)

True on this. Over the time bitcoin shall mature and hold tight aganist these people.

Granny doesn't use her computer or smartphone for financial transactions, she's probably more secure than any of us right now :D

geez, 9000 btc... thats big money...
I feel for you man, next time dont keep it online, just print the keys encrypted, keep it safe and wipe the wallet.

Very true, which is why I don't necessarily condone Rootkit removers. I'd much rather lose everything on a hard disk than have my BTC get stolen (again in his case).

Primarily how you securely withdraw from it. It's not bad for long-term storage.

I agree. Every time you want to withdraw you need access to an "uncompromised" system.

Bitcoins on paper do not need to be monolithic, surely?

Couldn't you print a whole bunch of addresses with different amounts in them, either already chopped up into separate pieces of paper, or go in with scissors to cut out just enough for your current withdrawl needs when you need to withdraw?

Basically print hundreds or thousands of encrypted one-bitcoin bills, for example, and bring only as many out of your vault as you actually want to spend?

-MarkM-

That's extremely inconvenient. But you could probably draw a bit of a compromise and use a scheme where any time you need to get money from one of your paper wallets, you empty it and put the change (if it's a large amount) into a new paper wallet. If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.

theres no point in tracing the block chain.. u can try though im not stopping you.

i have just found when trying to use known deposit addresses from pirates BS&T and the addresses people that (early on before he went rogue) received the funds on..

he used the 1DKY address in the middle.. which is where from what has been recently confirmed as the silkroad address..

so most theifs and scum would simply deposit money into silkroad. and then withdraw it.. and due to the large volume in the mix what u get out is not the same 'taint' as what u put in.

alot of us thought this was pirates actual wallet.. but due to it know known as silk roads its harder to point down where those funds ended up due to the mixer.. and how much pirate actually hoarded.

i dont think silk road would want to reveal who owned the deposit/withdrawl address 1 hop either side of the 1DkyBEK address. so the OP of this thread will have a hard time too tracking the payments.

hopefully the IP address is not a tor node/proxy ..

sorry to be the bearer of bad news.

id definetly suggest to everyone to hand write their privkeys on paper. and cleanse their system if they are large holders.

FBI, huh?  Gonna pay taxes on those bitcoins now to pay for that?

Mind boggling but as long as you're organised doable.

I'd think that a binary sequence of deposit values to addresses would work. Then you would just spend what combination of keys gave you the value you wanted. I suppose you would have to do a balance re-org after to keep it usable.  ;)

how does the paper wallet work when you get money back on change address ?
or does the privkey of the 1 key include the other 100 keys ?

That would depend on how and where you create the transaction. If you imported your key into a client then that client would build the transaction and likely return change to one of it's addresses. Some clients do allow change address selection. blockchain.info allows you to do that and you could send it back to the same address or another offline address. In the satoshi (std) client it would be returned to a new address in your wallet.

You can easily recover files from a formatted drive.  

So where are the potential flaws in this method of both creating wallets and generating transactions offline (http://www.howtovanish.com/images/offline-transactions.zip).

(1) Transfer the address and transaction generator code via USB to the offline computer.
(2) Create the private keys and store them in a .pdf, .txt, etc. file.
(3) Create a TrueCrypt volume and if desired a hidden volume.
(4) Place the files containing the private keys into the TrueCrypt volume. I like to place the public keys in the main folder, along with some dummy private keys, and the other private keys in the hidden folder.
(5) Transfer the TrueCrypt volume via USB to an online computer.
(6) Store the TrueCrypt volume in many places such as Dropbox, Amazon Cloud, Google Drive, Gmail, multiple USB sticks, email to friends, etc.
(7) With Blockchain.info you can click Import/Export and input a public key to ‘watch’. This will let you keep an eye on your wallets without revealing the private keys in anyway beyond the TrueCrypt volume.

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.

Sure, there's a piece of a solution for everything. But it's unreasonable to expect someone to put all those pieces together. A program that produces cut-apart paper wallets with barcoded public and private parts would be a great part of a solution.

I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either

attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced

The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?

Its in the works, but is being prepared for another use.

Still trying to figure that one out myself, will have more in a couple of days I guess.

Some one might already have your wallet since long time ago, but they just wait until it is big enough to harvest  ::)

For python there is a module that is used by Electrum. One click turns on web cam, with live view window, and it waits til it sees a barcode. When it does, it closes and returns with the scanned code.

For C lib,
http://zbar.sourceforge.net/

and also,
python-zbar

Works great in Electrum send tab.

A friend accidentally formatted my camera's memory card a few days ago.  I was able to recover all the files from the formatted memory card using "photorec" from Ubuntu's "testdisk" package.

It probably starts with the fact that it's not a wallet.

I can understand why that word was chosen but it sets people up with totally the wrong basis to mentally work from. Given that many people don't even understand where the web or the internet are and some of them even make it to senator, well...

Though I'm sure that that's a discussion that's already been done to death on these boards already so I don't really want to get into a big discussion. But any documentation for the regular user will probably have to handily subvert the wallet metaphor on page 1, paragraph 1.

A wallet is the thing you keep your cards in, right?

The cards with the magic numbers on them that give you access to money?

What generation are you from? Maybe old enough to remember when people kept paper in their wallets instead of printing their wallets on paper?

-MarkM-

P.S. The cards that nowadays chances are have to be scanned/read-by or typed into a computer to get access to that money?

Nice sarcasm. Shame it's wasted, I have no problem with the concepts involved in the Bitcoin wallet. Do you really want me to spell out all the differences? These differences are what will make it troublesome for many to adopt. That is all I'm saying.

I was not being sarcastic, I was realising myself that although I recall wallets as being where one keeps money, who-ever named the private keys repository in bitcoin might well date from an era when wallets are not for keeping money in but, rather, for keeping the stuff you need for identifying yourself as being authorised to access money.

-MarkM-

Ah, I see what you mean. Good point. Though people do still put cash in wallets (not me. The different dollar bills all being the same size makes it too annoying) and the bitcoin is, after all, named after a currency token which further emphasizes the metaphor of "a bitcoin in your wallet". Even on this board, those who know better often talk as if the coins are in the wallet. Like I say, I understand why it was called that, I just think where the metaphor breaks (and it breaks easily) is where things fall apart.

Also consider that although credit/debit cards authorize your access to money, they very much behave like cash in actual use (Get items, hand token to cashier, the invocation and return of token are the main difference).

I'm actually thinking that the hardware wallets suggested elsewhere may provide a more friendly introduction to bitcoins.

You put coins in wallets where you come from?

I thought most people put coins in purses or pockets and notes-aka-bills in wallets.

So much cultural variation! Biblical David or somesuch ancient carried bread in his didn't he? Or was that purse? Hmmm... Was Medusa's head carried in a purse or a wallet? Times change, cultures vary, but part also of my point was try focussing on the part of their wallet where they carry ID and/or credit cards, hotel room door swipe-cards and such.

-MarkM-

EDIT: Also, at first sign they are thinking of the wrong type or aspect of wallet, maybe try "no no no not billfold, not coinpurse, wallet!

(I have one that has a billfold section and a coinpurse (horrible to use, too bumpy/bulky in use) as well as normal wallet parts for IDs and cards etc...)

(See what I did there with that "normal" word? :D)

Over my head for sure.

I did know someone who had a coin-purse and used it. Of course, he was also pretending to smoke a pipe by age 10 so...

Even so, I'm just saying that the metaphor of a physical token is enough to cause confusion in the wallet metaphor, not to mention that you don't have to backup or encrypt your wallet and if you lose it, you haven't lost all your money (Though you shouldn't if you are properly managing wallets anyway. But there's another point, who has multiple real-world wallets in general use?). The wallet metaphor falls short well before a regular user comprehends enough to be able to use Bitcoin safely.

Actually I too thought on first encounter with wallet.dat that wallet was a bad word to use for it.

But what would actually be better?

canofworms.dat?

HereThereBeMonsters.dat?

Perseus-Pouch.dat?

Lets not confuse it with /etc/passwd.

privkeys.dat?

-MarkM-

I like this one :). Though not sure where the Perseus reference comes from.


I was thinking that the keys were more like keys. Which leads to keyring or keychain. But that clashes with the whole PGP thing. Key pouch, keystore, keyfile keyvault? Keybook maybe? I don't know. The programs themselves also do more than just store keys so even that is not really a good representation (though your wallet does not monitor or initiate transactions either). Maybe go a little sideways: Sesame? (as in open sesame). Multipass? ( :D )

How about spendkeys.dat or spendauth.dat

Wallet might not be a perfect analogy but I think overall it's still a fine nomenclature.

Wallet makes sense to me

Is it just me or was the only real problem here that the wallet had no password on it? If it had one there'd have been no theft right? Would it be sensible for the client to make passwords mandatory by default?

Condolences to the OP on the loss. it sucks.

If you force people to use a password, they use a lame password or store it in a file right next to the data it's supposed to protect. An attacker can tell how many Bitcoins are in the wallet and can devote significant brute force resources to only those wallets known to have significant funds in them.

http://www.wired.co.uk/news/archive/2013-05/28/password-cracking

Which is a greater risk?  Having someone steal all your Bitcoins, or locking yourself out of your wallet when you forget your ultra secure, alpha-numeric, mixed case password?

What do you think happened to Satoshi Nakamoto?

am I reading this right? The OP lost over a MILLION dollars worth of btc???

Seems like it. I've 2factoring my bitcoin wallets and all exchange accounts now.

Well, it was around 100k at the time.

Out of all the bitcoin losses, I feel the most sorry for CDecker. I don't know why exactly, maybe because he's an expert who ended up losing his coins. Maybe because he was so genuinely interested in the technology that seeing him get robbed is worse than seeing some random speculator lose their coins. I don't know exactly , but it sucks that he lost them.

Sorry for your loss. PeerCover is on its way!

Wow man im really sorry for that, i dont keep my wallet or backup on my laptop or online i have it offline and just add small amounts of bitcoin when i want to go shopping.

Yeah, it pretty much sucks. He disappeared from the forums after the theft, I pretty much understand him, being robbed of that huge amount of money it's a shock.

This is a lesson to be learned, nobody should feel secure regardless of their OS (some linux guys tend to believe they are uncrackable), the only way to have your coins reasonably safe is with a paper wallet or in cold storage.

And still, BTC is like cash - so treat it like that. When it's gone, it's gone for good.

He's still online almost daily

@topic: lol

Sorry to hear OP & I hope that one day you'll have made it back or equivalent in some way, maybe by developing the best selling hardware wallet in existence or something.

+1

It would be really funny if the hacker left a million dollars in Ripple IOUs in its place...

But seriously, I did feel really bad when I read this.

Bitcoin used to be near worthless, so I guess no one really bothers until recently.   But Bitcoin now is extremely valuable, everyone needs to take the necessary precautions.

It was worth around 10-12 dollars if I remember correctly when he lost his coins. Around $100,000 dollars even then. Definitely not worthless.

In Fact, bitcoins have been worth protecting since at least 2011. It was 2009-2010 when people were forgetting about/deleting their wallets without thinking too much.

I mean old habits die hard.  If all along it was considered worthless and it appreciates in value, you wont be noticing about adding on extra security features.

Another unfortunate event that can't be undone. Guess that's a minus for Bitcoin.

It's the same minus you have for cash. When it's gone, it's gone - unless you can identify the thieves and you send the police after them.

If you want insured money keep using your credit card. Bitcoin is not about that.

Some software that would sweep the wallet too. In theory, you could even code the destination address onto the paper wallet to make it a one-shot deal.

Hmm. I don't know enough about the protocol but I wonder if you could create and print the signed transaction so that it just gets inserted wholesale. Would it be possible to derive the public keys from that and direct it to another address? If not, you have a pretty secure way of storing funds (though it would tie you to one target wallet).

Just had a quick look at how transactions are generated and it does appear that this is completely possible.

espescially if she knew what they were worth now..

it'd be like dropping a damn winning lottery ticket into a fire... i dont even WANT to know what that would feel like.