Bitcoin Forum

New to bitcoin.

Has this community or you (individual) ever been the victim of a clever attacker?
Has anybody exploited a weakness in your system?
If so, id like to hear your experience & the security practices you implement today.

From modding timestamps & using custom clients for double spend attacks,
to DNS hijacks, keyloggers, botnets & malware. Have any of you ran into savvy users throughout your
bitcoin experience, or better yet have any of you caught them in the act?

Whats your method of security to keep your BTC safe?
Is there any physical measures you can take?
Cold storage?

(Note i am not talking about scammers or basic human error, Im talking about a situation where you were "outguned" with skill & knowledge of computer science)



Curious & interested

- Fresh lettuce

There are many points of failure in protecting Bitcoins, even for skilled and knowledgeable people. Many things can go wrong in setting up cold storage or printing paper wallets... Or even backing up your wallet.

You can have malicious binaries, you can have a malicious OS install, you can have the OS access the internet prior to wallet creation and have it somehow hacked, you can have a broken RNG, you can install broken code or with bugs, you can have your printer exploited, you can insert and exploited USB drive in your machine, you can insert an SD card into a laptop reader thinking it is not connected via USB internally... The list is pretty much endless.

You can take many measures of security: verifying binary hashes, using very well audited code, use dummy printers, have your computer always offline, etc, but you never know if you are truly ready for a strong attack or an undiscovered bug :) This is my view on it. Meanwhile, I employ all I know in protecting my coins. Cold storage is definitely the safest method (for me).

While COLD storage and hardware wallet is the best, you can still make some steps which can make you tougher to break even for skilled and experienced computer savvies. First of all install a safe OS(Linux is the best out there for the moment and hopefully will continue to be) , do all updates after the OS asks you. Once done, open up Firefox and go to electrum webpage and download and install it, make sure you save your seed in different USB or different offline PC (a PC which never accessed the internet) and then after doing this start your work normally. This way you are sure you have installed the wallet in a safe envoironment, and last but not least add a strong password to your wallet.

This is the best practice to store your btc online

I have never been a victim of a hack nor any sort of scams out here. It really comes down to the user itself, I hardly doubt that people with small amount of money are going to get targeted directly. As long as you don't click on shady stuff or download it in addition to having the necessary protective software you are going to be fine. My Bitcoin should be safe as both wallets use Core, both are encrypted and the main one is offline.

What you described is not storing online, it is storing offline.

So far I haven't encountered any incidence of cold wallet being hacked. Just need to practice caution when creating paper wallet using offline computer and printer.

Most of the time I will transfer 0.1 BTC into a newly created paper wallet and monitor it for some time (a few weeks). If it is not moved I assume the address is secure. I think some people may think it is still not a good test. Anyway, the maximum amount per paper wallet for me is 1BTC. So far so good- most of my coins have been hibernating in paper wallets since end of 2013.

Yes, I know I bought those expensive ones...

Never been a victim of any kind of attacks.Nothing extra superficial methods I use to store my bitcoins,just a light weight wallet like electrum and not opening or downloading random links posted by users.Barely have seen members having their wallets hacked or cracked.The more possibility of one losing their bitcoins is by not taking measures such as storing the private keys safely or forgetting their passwords and deleting their wallet.dat "by mistake ".

I know of people complaining that they've lost BTC - some had a browser extension that supposed to be a price ticker, but actually stole their money, some had (too) big amounts on exchanges that got "hacked".

My BTC are safe .... until proven otherwise  :o

Windows Defender is useless and would probably not help you. You need good AV software (e.g. Kaspersky or Bitdefender).

Wrong. A double spend is very much possible if one accepts zero confirmation transactions.

The problem does not lie in the Bitcoin wallet, but rather the OS itself.

Since when is there a thing called "clean OS"?

I'll add one thought: In addition to losing your bitcoin to a thief,  you need to be aware of the risk of losing bitcoins due to loss of a private key (or your password to access a private key). You need a strategy that copes with both risks. Having a single paper wallet printed from an offline machine with all the security precautions in the world won't save you if you subsequently lose the paper wallet in a house fire, for example.

From prior discussion here, it seems the best strategy for large amount of BTC may involve a multi-signature strategy (m of n keys required to spend) with multiple copies of each key carefully distributed in safe places. In this way the loss of one (or more) keys to a thief will not result in stolen bitcoin, and the loss of single password or private key will likewise not cut off your ability to access your own bitcoin.

no never none of my coin were even stolen once, and i'm not talking about bitcoin only but about altcoin also

and i can assure you that i've installed at least 200 altcoin since i'm here

obviously i know what i'm doing, and i have some defences to deal with possible infection, like VM, separate phisical machine, good antivirus, checking abnormal activities, identifying folder that were not there etc...

and anyway keeping the big amount on a cold storage

This is an interesting idea. You can give out 2 of the private key to people you trust, for safe keeping, without telling them what is that. Of course, you have to trust them they will never actually know what you gave them and that if they team up they can get your money.

And if it's about trust and not telling what is that, you can have normal wallets and hide (a copy of) the private keys inside a fake letter or anything and give to your parents for safe keeping. Or you can hide the private keys on USB sticks inside certain files only you know about.

Really, there are plenty of options. The actual enemy of paper wallets is yourself. Because over time you start forgetting. And you have to keep in mind the actions you did for safe keeping. More sophisticated is the security, more you have to remember after some years.

I have only used online Bitcoin wallets till now and haven't been a victim of any attacks yet. I don't take any special precautions other than running an antivirus program like Nod32. I am trying not to click on any shady links from emails and such. I think it's not the hackers who are dangerous but the Bitcoin exchanges which can always scam you and blame a random breach in security.

I am a victim of Pishing. I entered the same email and password on a betting website that I was using for my email and btc-e, within few days my half Btc were gone. OTP was not activated, from that day I use good securities measures.

Bread Wallet is most saved and cannot be hacked

never lost a bit.

cold storage. antivirus. encryption. brain.


you could buy a hardware wallet for extra security:

https://bitcointalk.org/index.php?topic=899253.0

i have never been a victim of any of these things, i always try to be safe by keeping my coins offline and in cold storage and never install what i don't know or click on suspicious links.

also all the victims that i have ever seen was the victim of their own carelessness, for example there are a lot of victims of losing bitcoin because they use online wallets with a simple 123 password and no 2fa

Nearly lost some coin on "copy & paste" malware that replaced my pasted address with their own. I quickly got onto it and reported it on several platforms. I wiped OS with a clean image and it was gone. I now

double check everything I "Copy & Paste" and I re-image my desktop every other day to wipe any malware or virus that might come my way. You have to double check everything these days, because the

scammers are getting very clever. I also make backups every day now... different sets to prevent Ransomware attacks.  ::)

I think of my wallet as just another computer file. So I keep it safe by:

1. keeping the overwhelming majority of my coins offline always. I keep a small amount on my phone for daily spending, an amount less than the value of the phone.

2. I only use Linux for transferring any larger amount or reloading the phone.  Windows is out of the question for me. I use open source tools that I compile myself. It's freekin crazy to just download some bitcoin related software to a winxx computer.

3. Keep the back-up "real world" safe! If you want a copy of my wallet file you can find it in my safe deposit box at the bank.

4. trust no one. Satoshi gave us trustless cash for a reason.

Nothing for me so far.  I use 2 factor auth whenever offered and have most coins stored offline in cold wallets.  So important to use 2FA ALL THE TIME, it is an extra step but soooooo worth it. 2FA!

I've never been the victim of a Bitcoin theft, though in the past someone has tried to access my blockchain.info account.
Luckily I have 2 factor auth enabled, so I get a message when someone tries to log in.

I have bread wallet. I'll try this

Always enable 2FA for security purpose.

Grateful i never lost a bit, I just access my wallet in my computer and android using 2 FA auth so there will never get hack from any hacker

You don't understand what a double spend is then. The seller can't double spend your transaction, you could if you've wanted to (and obviously knew how).

That is pure nonsense. Original installers are outdated and such a 'clean OS' is vulnerable. Clean install is just a fresh OS reinstall. I recommend updating in addition to removing telemetry updates.

FriendlyGuy with a suspicious link ;D


@OP I've always been very careful with my bitcoin though I could just be lucky to have not lost any so far. There are lots of horror stories on the scam accusation board.

Well, I never lost my any of BTC so far. But I lost all my data on my laptop because it got infected with CryptoWall ransomware virus, I never recovered these files.
And I think this is pretty much linked to bitcoin. At that time I got so angry that criminals got a way to incorporate cryptocurrency in their vile schemes that I considered selling all my coins.

I've used the original Bitcoin client, Armory, BitcoinSpinner and Mycelium.

The majority of my savings has been kept secure with Armory.

I've never had any issues with lost or stolen coins.

This is just the beginning, we could see even better creations from evil labs, malware, viruses and other as bitcoin becoming more popular..Wallets and users with low knowledge in security will be even more targeted, we can see this also on this forum, many accounts been lost by clicking on suspicious links.
 ;D ;D ;D
Soon we all will become paranoid, and we could end up crazy.. :o
Prevention, disconnect from network!  ;)

I have had only 1 breach of security when some website I had an account at got its database stolen and my email address and password were compromised. At that time I was using only one master password with small modifications for different accounts so my email account got hacked afterwards. I was lucky that the attacker didn't find out about my online bitcoin wallets and I was quick to update my accounts with a new email address. I am using an AV solution and a firewall now and I am very cautiously clicking on any unknown links. Better safe than sorry.

Paper wallets for long term storage and a really secure wallet like breadwallet for everyday transactions keeping a very small balance there.

Even if you are a newbie, if you place your coins in cold storage, they are reasonably safe.
I use an electrum offline wallet and have not faced any issues so far.

i have never lost my bitcoin a bit or even my altcoin, to protect my pc i keep my antivirus up to date, installing 2factor auntheticator ,typed the password with screenkeyboard to protect our pass from keylogger, and so on, you must installing 2fauntheticator even though for spendable amount, and for big amount make sure to keep it safe on cold storage
the point is you have ultimate controll over your bitcoin

Yeah, I had a breach of my trust.  My trust got hacked by a green-trusted member and I got hit for 0.3 bitcoin.  I'M STILL NOT OVER IT BUT I'M GETTING THERE.

But as far as having my wallet hacked, or my account--no, not yet.  But there are tons of people here who've been victims, and even Mt. Gox and Cryptsy say they're victims of hacking.  That's up for debate but it definitely happens.  People here are going to tell you to make paper wallets and that's probably your safest bet.

I never got any single satoshi stolen by hacking or security breaches, and I can't say I adopt the most hardcore security practices, I even leave Bitcoin in exchanges and online wallets.

Maybe the fact that I use Linux has something to do with it, also I don't install altcoin stuff

When I first got into Bitcoin I looked for wallets on Google Play and found 2 that looked promising. Bitcoin wallet and Blockchain.info. I liked the UI of blockchain.info's app a little more so I used it over Bitcoin wallet (on Android). I bought BTC0.05 off of an exchange and within 24h it was stolen from my wallet. I didn't have any malware on my phone (I have an encrypted BlackBerry) and I hadn't set up 2FA because I was a newbie and didn't know how. I got robbed and went to blockchain.info for answers. I got useless generic information from them saying I must have malware, sorry this happened to you, nothing we can do etc.

Lesson learned. Luckily at the time it was about an $18CAD lesson for me. Never use an online wallet. They're so easily compromisible. I looked at the address that my funds were sent to and the person was constantly getting huge amounts of Bitcoins sent to their wallet, from what I can only assume were other victims.

What I do now is create paper wallets on a fresh OS. I use an Ubuntu Live USB. I'm 99.99999% guaranteed not to have a virus on the fresh OS, then I never import the private key until I need to spend the funds. I would highly recommend you look into paper wallets (cheap, relatively easy-to-use) or hardware wallets (expensive, but more practical for moving large amounts with ease and protection).

I've never used a hardware wallet because I don't have enough Bitcoins to store to make it worthwhile.

I sell Ubuntu Live USBs, if you're looking for an easy way to make very secure paper wallets, check out my thread here (https://bitcointalk.org/index.php?topic=1424863.msg14519603#msg14519603).

So far I have been lucky enough to not become victim of any hack but just being lucky is not it, I take all the security measures to ensure my money remains safe and I think unless one becomes too careless, keeping your coins safe is not that big of a challenge and I am not talking about investing in hardware wallets, even the biggest volume of coins can be kept safe free if one knows how to.

But having said that, if you're running a service of some sort then it is a little different since you would then be dependent on some of your employees who may end up stealing themselves, as most recently happened with shapeshift.

highly secure I save bitcoin and keep it in wallet blockchain even I'm currently very trouble to try to enter. because I lost my cell phone where I had to use SMS verification. This makes the hacker could not enter also :D

Since you are using a 2FA no one can enter your wallet but you alone this is a great security that blockchain.info have.

A friend of mine got hacked a while ago, but he admitted to re-using passwords for different sites. He also used online services for email and those accounts were not protected with 2FA. You will get hacked, if you make the basic mistakes like this.

# Never re-use the same password for multiple sites.
# Use 2FA where available
# Store the majority of your coins offline and hide your private key.
# Buy a Hardware wallet for day to day payments.
# Update your AV software
# Use Virtual machines to test out new services or websites.

I hope these tips will be helpful to anyone reading this, it has worked for me thus far. ^smile^

they should add 2fa to bitcoin client itself, other than the passphrase, some newbie put low effort into making  a good passphrase so for them it would be good to have an additional layer of security

Your practices are really amazing.

But I have simple suggestion who live in village of developing countries :
Use a Desktop wallet,keep it safe from virus and unauthorized access. Keep the private key safe and then no one will ever able to hack it.

Nope. Cold wallets in the main. I keep peanuts on Mycelium and don't particularly care what happens to that. Nothing has so far. I gave up blockchain.info as I couldn't trust my own machines.

The other advice was good, but the above is sort of a myth: well designed operating software doesn't need "anti-virus", the virus thing was just a symptom of the Microsoft software culture i.e. why bother fixing OS vulnerabilities when you can start an "anti-exploit software" industry all of it's own. A load of BS word-salad garbage, designed to fleece the consumer, in other words.

I have another safe option. Use Bread wallet. Keep the private key safe. Now transfer funds to your wallet.
Now uninstall it from iPhone. You're safe for sure.

If you are really serious about security, first step is to avoid Windows. It is very, very weak and has a pile of vulnerabilities.

I had people "invading" my Windows OS and planting/modifying shortcuts without my consent. All I had to do was to connect to internet for that to happen.

Now, I use a Linux based operating system where no one can modify a thing as easy. Downloading external programs can be completely avoided if I wanted, on Windows they can be executed as soon as the download has finished (imagine if you authorized the download by accident).

There are no safe or idiot proof tips when you are using Windows. Then I won't waste my time giving you tips.

But if you use a Linux based operating system (Debian, Ubuntu, Mint) then all you should care about probably is:
  1.Avoid downloading programs from external sites, if you do make sure it is from a trusted source.
  2.Do not install countless extensions in your browser (install only what is absolutely necessary and if they're trusted), do not install modified browsers unless you know what you are doing.
  3.Do not install remote desktop client, if you do make sure your password is strong enough and shutdown the server when it is not needed.
  4.Use a decent password for both your root and user account, preferably different. Disable/Uninstall SSH server if it is not needed.
  5.Do not install or run any command someone told you on forum, chat, or whatever unless you are sure those commands are not evil.
  6.Backup your wallet regularly, use a password manager to make accounts with random and strong passwords and backup often and when needed. Do not repeat passwords across sites.
  7.Keep both local and online backups of critical files, make sure your backup is encrypted so only you can access it in case they are stolen. You never know when a natural disaster will occur and wipe your house.
  8.Avoid doing things via smartphone.

By following those simple rules I believe you are pretty safe and can sleep well at night.

I never lost a single penny to outside attacks using a Linux based operating system and by following simple rules above.

Yes. *nix or *nux is best for it.
But not all are in running some debian/ubuntu - even not in a desktop mode!  8)
(dont use S.U.s.E. - all I have to say about this...)

Anyways.
Run a multi-signature wallet - even the easy Electrum wallet can with the portable version!
You always will need n+1 keys (how much you want) but dont forget - if the rule is 2/3 then you need 2 of those keys or you never can open your own wallet again.

Best would be to use a hardware wallet (cold wallet) with verification on button press or touchpad for the big money.
And use a small wallet for collecting bitcoin (and transfering it to the big wallet) and load up the small wallet (electrum for example) on windows only with what you want to spend.

And maybe try MultiBitHD - I was not fine with it on windows but it has additional security features against some other wallets.

With the introduction of 2FA things got a lot better for the average user. We are not there but honestly i feel quite safe that a hacker needs to hack both my mail, account and phone to get to my money.

Thanks God, currently I am full safe , no one has tried to attack me till now, But I am afraiding, as there are a lot of people who are well expert in the field of bitcoin and they got hacked.

I do agree that Linux is relatively more safer than Windows OS but it's for more tech-savvy people that are not afraid to work with command line. I know that graphical environments for Linux have advanced a lot but still it's not for the average joe to fiddle with settings and modifications every other day to get things to work when with Windows 10 everything is ready right out of the box. And if you are a gamer you will have a hard time trying to run games on that. I think if you are serious with upping your online security you could dual-boot Linux and Windows on the same machine. Windows for your daily work and Linux when you are dealing with sensitive information prone to attack.

You are right but I see the normal windows user running in problems and loosing all data on their first try with any Linux, but again I suggest for windows the portable electrum and for linux you do this:

sudo apt-get install python-qt4 python-pip
and
sudo pip install https://download.electrum.org/2.6.4/Electrum-2.6.4.tar.gz

and have fun with a handy small good working wallet.

I didnt tested the OSX app yet - I dont like 2/3 apple signs on my machines ;)
And no time or need for the android app - but I will test it soon.

Use electrum for the daily fun / needs with smaller amounts.

As Multisginature wallet you even can configure complexe rules, but in a very easy way.
For a club, clan, community, household etc. - shared money etc.