Title: Thieves, Govts and Mistakes Post by: mishrahsigni on July 13, 2013, 01:30:26 AM Well, this is depressing... After i lost 100 BTC to the Polish/German government/banks when Bitcoins-24 was shutdown [1], and someone managing to discover my BTE-E password [2] and took another 100 BTC from me, I moved all my coins to Blockchain, with double passwords (one to get in, another to withdraw)... passwords I have never used before or written down anywhere... very good passwords. Sadly, I can not use Yubikey or 2-pass auth here in Argentina. Nevertheless, I get a message from blockchain at midnight two nights ago saying "Withdrawal from your account".. Of course, I look and yes, the account has been completely wiped out by some address that appears in the ocean off the west African coast. Once upon a time I had 500 BTC. Between what has been lost (hard drive crash with no backup), commandeered by TPTB, and stolen, I am left with 25 coins.
I am not the only person with this story. the one big question mark I have about the future of bitcoins is for all the cryptology involved in 'securing' the coin, they seem to be about as secure a gold bars under my mattress. [1] has ANYONE received anything of their BTC back? I know they keep saying "we are working on it", but I kinda think they are full 'o crap. I think they are refunding the euros but just keeping the BTC and blatantly screwing their BTC clients because they know there is little or nothing that can be done to them. But with actual money they can be prosecuted. So they return the money and simply steal the BTC. [2] my BTC-E account was emptied at 8pm, then 20 minutes later, my Vircurex account (which used the same password) was emptied, and there were failed attempts to log into other account. My theory is they managed to steal my username/passwd from BTC-E then use dthat same combo on every exchange out there, and they managed to get lucky with Vircurex, and not with the others. I asked BTC-E if they had been hacked, and they said nothing at all had happened, but a quick search will show that BTC-E seems to be a favorite for thieves and hackers. Title: Re: Thieves, Govts and Mistakes Post by: CasinoBit on July 13, 2013, 01:54:40 AM I have been thinking of producing other more effective methods of bitcoin transfer myself, the internet is simply too unpredictable for the average person to handle along with the "chaotically" liberating nature of Bitcoins.
Let me guess, you have probably fallen into one of those BTC-E phishing sites. Probably the one where they demand you watch a really important video (don't even remember the phishing sites excuse for this) and ask you to login before you do that. It really is amazing to burst the bubble of the average crypto nerd, pretty much this: http://www.abload.de/img/cryptonerdcomic1ro6z.jpg Title: Re: Thieves, Govts and Mistakes Post by: justusranvier on July 13, 2013, 01:56:41 AM The way to prevent this is to keep all your coins that you aren't currently spending in cold storage, with paper backups.
Title: Re: Thieves, Govts and Mistakes Post by: Twerka on July 13, 2013, 02:09:02 AM You made a lot of mistakes, the first one was to TRUST on a system.
You trusted Bitcoins-24, do you know who they are? Giving something of value to anybody is always a risk, even giving it to the bank. You are from Argentina, where you had a bank run on 2001, banks stole dollars from people, and the minister give the people "peso" instead of his dollars. Then you trusted on BlockChain, even when they say they have security, you can't be sure if they really are keeping your coins safe. Misteriously they can say "uppsss, our system was hacked" and say "bye bye" to you (ex-) coins. Then you trust on Yubikey, a third party security system. What happens if it fails? And 2-pass auth? The one controlled by G00? The answer was always, do not trust on somebody, you should keep your coins for yourself. Cold storage, print the code, or remember it. And trust no one. Title: Re: Thieves, Govts and Mistakes Post by: ralree on July 13, 2013, 02:09:12 AM Yes. Don't keep large amounts on exchanges for long periods of time (I'd say 1 day max) - it's a really bad idea for various reasons. At least keep them on a local encrypted wallet. Also, don't go to BTC-E with javascript, flash or java on in your browser - people have gotten keylogged before that way and lost wallets.
Title: Re: Thieves, Govts and Mistakes Post by: Chaoskampf on July 13, 2013, 02:10:47 AM The way to prevent this is to keep all your coins that you aren't currently spending in cold storage, with paper backups. The good old fashioned way. Title: Re: Thieves, Govts and Mistakes Post by: Garr255 on July 13, 2013, 02:15:31 AM I have been thinking of producing other more effective methods of bitcoin transfer myself, the internet is simply too unpredictable for the average person to handle along with the "chaotically" liberating nature of Bitcoins. Let me guess, you have probably fallen into one of those BTC-E phishing sites. Probably the one where they demand you watch a really important video (don't even remember the phishing sites excuse for this) and ask you to login before you do that. It really is amazing to burst the bubble of the average crypto nerd, pretty much this: http://www.abload.de/img/cryptonerdcomic1ro6z.jpg Solution to that comic: http://en.wikipedia.org/wiki/Deniable_encryption Title: Re: Thieves, Govts and Mistakes Post by: franky1 on July 13, 2013, 02:20:10 AM also, dont download stuff that you have not compiled yourself or came from legitimate corporations own DVD..
if you want to play cracked games and torrent downloaded crap, dont do it on the same computer you use to store your funds Title: Re: Thieves, Govts and Mistakes Post by: Snail2 on July 13, 2013, 09:17:59 PM also, dont download stuff that you have not compiled yourself or came from legitimate corporations own DVD.. if you want to play cracked games and torrent downloaded crap, dont do it on the same computer you use to store your funds ...or run it at last in a virtual machine. Title: Re: Thieves, Govts and Mistakes Post by: Gabi on July 13, 2013, 09:23:43 PM Get a hardware wallet, problem solved
Title: Re: Thieves, Govts and Mistakes Post by: DublinBrian on July 14, 2013, 09:20:49 AM I moved all my coins to Blockchain, with double passwords (one to get in, another to withdraw)... passwords I have never used before or written down anywhere... very good passwords. Sadly, I can not use Yubikey or 2-pass auth here in Argentina. Nevertheless, I get a message from blockchain at midnight two nights ago saying "Withdrawal from your account".. Of course, I look and yes, the account has been completely wiped out by some address that appears in the ocean off the west African coast. It sounds like theres a keylogger on your device thats capturing all your passwords. What kind of device did you use to access the acccounts?Other people have reported passwords being lifted from Android devices. I would not use an Android device to access high value bitcoin accounts. Any amount more than 20BTC should be kept offline. BTW the address "off the west african coast" is latitude 0, longitude 0, which is the default location for blockchain when the originating IP is unknown. Title: Re: Thieves, Govts and Mistakes Post by: freedomno1 on July 14, 2013, 09:41:48 AM First things first get some good software and Web of Trust WOT or siteadvisor
Malwarebytes spybot s@d avast/antivir or nod32 at least The first line of defense is the most important After that the second line of defense Still it is an unusual case get 2FA as well while your at it and use a coldwallet for your bitcoins the hardware one aka Armory Once you clear your pc of all viruses malware and rootkits With your luck your better off just buying direct asicminer shares from a legit seller instead of holding bitcoins somewhere else and hoping it stays blue chip :) Or btc-tc with its maximum daily withdrawal limit and hope they catch it going to a weird address and checking it up for you I also hope you get your bitcoin back Title: Re: Thieves, Govts and Mistakes Post by: Raoul Duke on July 14, 2013, 09:48:05 AM About Bitcoin-24: I had 20 BTC in there when it went down. Got them when they opened to allow withdrawals, a couple weeks after. I hope you get your BTC back!
Title: Re: Thieves, Govts and Mistakes Post by: goldlyre on July 14, 2013, 10:17:07 AM The way to prevent this is to keep all your coins that you aren't currently spending in cold storage, with paper backups. It seems to me that the Armory is down long ago (Usability Issue). Without Armory what other option can I take in order to make a really good offline wallet with proofed paper backup? Thanks.Title: Re: Thieves, Govts and Mistakes Post by: Kuroth on July 14, 2013, 02:55:57 PM The way to prevent this is to keep all your coins that you aren't currently spending in cold storage, with paper backups. It seems to me that the Armory is down long ago (Usability Issue). Without Armory what other option can I take in order to make a really good offline wallet with proofed paper backup? Thanks.I have this same question.. How do you do a Cold Storage? Do I just put all my BTC I want to keep in my wallet on my PC and then copy that wallet to a USB drive(Maybe 2 or them?) and then delete the wallet on my PC and I now have cold storage? And what is meant by back it up with paper? Please explain or point me to a good thread on the subject.. Thanks! Title: Re: Thieves, Govts and Mistakes Post by: justusranvier on July 14, 2013, 03:40:04 PM It seems to me that the Armory is down long ago (Usability Issue). You need a modern computer with a decent amount of RAM to run Armory, but if you've got enough Bitcoins to worry about losing them then it shouldn't be a problem to spend a couple of them to upgrade your computer if necessary.I have this same question.. How do you do a Cold Storage? Do I just put all my BTC I want to keep in my wallet on my PC and then copy that wallet to a USB drive(Maybe 2 or them?) and then delete the wallet on my PC and I now have cold storage? https://bitcoinarmory.com/using-offline-wallets-in-armory/And what is meant by back it up with paper? Please explain or point me to a good thread on the subject.. Title: Re: Thieves, Govts and Mistakes Post by: mishrahsigni on July 17, 2013, 05:33:15 PM It sounds like theres a keylogger on your device thats capturing all your passwords. What kind of device did you use to access the acccounts? Other people have reported passwords being lifted from Android devices. I would not use an Android device to access high value bitcoin accounts. Any amount more than 20BTC should be kept offline. BTW the address "off the west african coast" is latitude 0, longitude 0, which is the default location for blockchain when the originating IP is unknown. I only access with hardwired linux box. I have no bitcoin info on my android, except for my blockchain.info app, which I rarely use but absolutely have not used sined i changed my password a month before they were hacked. yes, i suspected that keylogger as well, but a) I can not imagine how that would have been possible to install on my linux box 2) the 2nd withdrawal password on blockchain.info uses a virtual keyboard specifically so keylogger can not see the password. ah... interesting about 0,0. makes sense. thanks honestly I am not sure how much I trust ANY of the exchanges. They are all vulnerable to hackers and greed. If someone at blockchain decided to empty my account (and, occasionally some other persons account), they can easily say "hey, you should have used better passwords/security/etc/etc' and there is nothing the victim can do. As bitcoins are not even money, I dount you could even get any real attention on such acts. Although i think that is a .01% possibility of what happened to my bitcoins, I think there is a 50% chance that is what happened with BTC-E and a 99.9999% chance that (or something very similar) this happened with Bitcoin-24 Title: Re: Thieves, Govts and Mistakes Post by: mishrahsigni on July 17, 2013, 05:46:06 PM About Bitcoin-24: I had 20 BTC in there when it went down. Got them when they opened to allow withdrawals, a couple weeks after. I hope you get your BTC back! Damn! Just bad luck for me, I guess, cause I still ain't seen hide nor hair of any of my 100 'disappeared' coins, and my attempt to withdraw when that was made available simply responded with a "you coins will be returned within 24 hours". At this point it is clear that have no plans sice then, nor made any effort, to refund.. I am curious, did you have any euros in your account as well? Because if you did, that supports my conspiracy theory that they took care of (only) clients that had the right to go to official legal channels. Title: Re: Thieves, Govts and Mistakes Post by: Raoul Duke on July 17, 2013, 05:51:25 PM About Bitcoin-24: I had 20 BTC in there when it went down. Got them when they opened to allow withdrawals, a couple weeks after. I hope you get your BTC back! I am curious, did you have any euros in your account as well? Because if you did, that supports my conspiracy theory that they took care of (only) clients that had the right to go to official legal channels.Nope, no Euros whatsoever. Only had 21 BTC in there if I'm not mistaken. Only unsure about how many BTC. That I had zero Euros I'm positive ;) Title: Re: Thieves, Govts and Mistakes Post by: acoindr on July 17, 2013, 05:58:18 PM Damn! Just bad luck for me, I guess, cause I still ain't seen hide nor hair of any of my 100 'disappeared' coins, and my attempt to withdraw when that was made available simply responded with a "you coins will be returned within 24 hours". At this point it is clear that have no plans sice then, nor made any effort, to refund.. Did you try contacting them directly? I mean not through an account withdrawal. Sometimes when a service is dealing with problems a lot gets lost in communication. It may be that they know about your claim and have no intention to honor it. Then again it may be your claim got lost in all the confusion. I'd try contacting them directly if at all possible for that many BTC. Title: Re: Thieves, Govts and Mistakes Post by: P_Shep on July 17, 2013, 06:00:10 PM Out of curiosity, how safe might a computer be, if the *only* open port was 8333?
Title: Re: Thieves, Govts and Mistakes Post by: bitcoin_max on July 17, 2013, 06:31:48 PM You made a lot of mistakes, the first one was to TRUST on a system. You trusted Bitcoins-24, do you know who they are? Giving something of value to anybody is always a risk, even giving it to the bank. You are from Argentina, where you had a bank run on 2001, banks stole dollars from people, and the minister give the people "peso" instead of his dollars. Then you trusted on BlockChain, even when they say they have security, you can't be sure if they really are keeping your coins safe. Misteriously they can say "uppsss, our system was hacked" and say "bye bye" to you (ex-) coins. Then you trust on Yubikey, a third party security system. What happens if it fails? And 2-pass auth? The one controlled by G00? The answer was always, do not trust on somebody, you should keep your coins for yourself. Cold storage, print the code, or remember it. And trust no one. You are certainly correct, but reading your post - and this thread - I was thinking: is bitcoin ever going to become mainstream needing this level of attention? Title: Re: Thieves, Govts and Mistakes Post by: kik1977 on July 26, 2013, 08:38:24 AM About Bitcoin-24: I had 20 BTC in there when it went down. Got them when they opened to allow withdrawals, a couple weeks after. I hope you get your BTC back! I am curious, did you have any euros in your account as well? Because if you did, that supports my conspiracy theory that they took care of (only) clients that had the right to go to official legal channels.Nope, no Euros whatsoever. Only had 21 BTC in there if I'm not mistaken. Only unsure about how many BTC. That I had zero Euros I'm positive ;) I also had only bitcoins with them (around 8-10) and after a few days I was allowed to transfer them away.. Maybe they started accepting withdrawals from people with low value accounts? Don't know.. good luck with yours! Title: Re: Thieves, Govts and Mistakes Post by: domob on July 26, 2013, 08:49:10 AM About Bitcoin-24: I had 20 BTC in there when it went down. Got them when they opened to allow withdrawals, a couple weeks after. I hope you get your BTC back! I am curious, did you have any euros in your account as well? Because if you did, that supports my conspiracy theory that they took care of (only) clients that had the right to go to official legal channels.Nope, no Euros whatsoever. Only had 21 BTC in there if I'm not mistaken. Only unsure about how many BTC. That I had zero Euros I'm positive ;) I also had only bitcoins with them (around 8-10) and after a few days I was allowed to transfer them away.. Maybe they started accepting withdrawals from people with low value accounts? Don't know.. good luck with yours! Me too. I had transferred 2 BTC to them to try BTC-24 out just hours before they shut down, but they were received correctly and I was able to withdraw them when they allowed BTC withdrawals again. Title: Re: Thieves, Govts and Mistakes Post by: stevenh512 on July 26, 2013, 12:13:54 PM The one controlled by G00? The one that's opensource, based on open standards that anyone can re-implement, and doesn't require any network access as long as the time on your device (iOS, Android or Blackberry) is accurate? While not everything Google does is "good" we shouldn't automatically assume everything is "evil" either, especially when it's something that can be verified (opensource, open standards), can be freely re-implemented by anyone who understands those standards, and requires no network access once it's installed. But back on-topic, here's what I do. I don't use Armory mainly because my online PC with my watch-only wallet is underpowered and downloading the whole blockchain using the best internet access available in my area would take at least a week. I use Electrum with a seedless watch-only wallet on my online PC and the full (seeded) wallet on an old laptop with its wifi card physically removed. I can make as many transactions as I want with the online PC, but (similar to Armory) I need to transfer them to my offline PC to sign them before they can be broadcast over the network. I have a paper wallet with a BIP-38 encrypted private key (generated with a modified version of bitaddress.org, the bip38 branch of github.com/Zeilap/bitaddress.org ) that I can use for cold storage, if I ever need to access those coins I can decrypt the key with the same version of bitaddress.org, bit2factor.org or the Casascius Address Utility and import it into any wallet. I also use a couple online wallets including inputs.io and blockchain, but never store more than a couple dollars worth of btc there at any given time. |