Bitcoin Forum

FlexCoin was using 2 Factor authentication and it still got hacked!!!! Doesn't that scare you?

Everyone here seems to think that with 2 FA, you are covered. But your not!!!!

I lost only 3.11 bitcoins so far from cryptsy but I was a fool to think that 2 FA could have protected me if I had it turned on.

The public is turning their heads away from Bitcoin if this keeps happening. See my article here: https://bitcointalk.org/index.php?topic=469752.new#new

No.  If you have been paying much attention, you would know that 2 FA has never been fool proof.  People have still had coins taken.
2 factor authentication only stops people from logging in as you.  It doesn't mean the back end is secure (im not a developer or security guy so I may have worded that wrong).
Once again, this isn't new news.  2 FA is something everyone should have enabled as a basic precaution.
But nobody has ever claimed it was perfect.

The message is don't leave your coins online.  Period.  Until Bitcoins security infrastructure and best practices have been improved enough to provide reliable security.
You are the one who controls your coins.   Stay in control of your private key.  Period.

You haven't discovered anything new.  Sorry.

-B-

Then get out of this game until security is better. We are in the early stages of this new technology. Anybody involved now is an early adopter, meaning you can expect bumpy technology, inconveniences, and risk.

If you're not learning to secure your own coins properly then you risk losing them to somebody else's procedures.

Better security and more competent companies will rise in Bitcoin, but that takes time. A more normalized regulatory environment will free up entrepreneurs and venture capital for stronger businesses. That seems to be progressing (https://bitcointalk.org/index.php?topic=500807.0) too, but again all this takes time.

Without getting into semantics about 'back end' definitions, you're exactly right.

But that is the biggest issue. How do you defend the back end?

I use to have a website and in my control panel, if I wanted to log into the back end, they would ask for a user name and password. And that is all.

And my understanding is that a password is not needed to gain access. Technology is fucked and that's why bitcoin prices are going to be held down because of that fear.

You do not own any bitcoins if you do not own teh private keys to them.

Nuff said ;)

Newbie here.  So if I have a blockchain wallet and have the backup paper wallet, do I go ahead and delete my blockchain account until my next transaction...for now?

why would it matter if u had 2 FA or not?

No.  What you do is download a program like armory that lets you create paper wallets (make sure your computer is clean or one that isn't connected to the web) and then you create a whole new wallet and transfer your coins to that; then never use that blockchain/paper backup wallet again.

HAha nice try, troll! 2 FA has NOTHING to do with a site getting hacked (with or without the complicity of the owners). 2 FA is for YOUR login, absolutely no connection to backend security, and I am sure you know this and are FUDing up the place  ;D

You might want to have a look at www.pi-wallet.com (http://www.pi-wallet.com)
It uses Armory as well :)

This.  It can't be said enough - if you don't own the keys, you don't own the coins.  You just have an IOU from someone.

Again, your fault. You kept the coins on an exchange.

But don't you have to import that cold wallet at some point to an internet connected computer to use the currency?

thats it.

Not necessarily. If you keep your cold wallet on a computer that has never been online (with Armory for example) rather than on a paper wallet, you can create a transaction on your online computer, copy it to your cold wallet machine (using a USB stick or via QR codes and a webcam if you're really paranoid), have the cold wallet machine sign the transaction and then copy it back to your online machine to be broadcast.

Install bitcoin-qt on a computer clean installed and never connected to the net

Start and get a wallet.

copy the address and private key (if you want)

Put the wallet in a pen drive (again, clean formatted). Write down the private key (if you want).

Send Bitcoins to that address. Confirm on blockchain.

Any time you want to send Bitcoins, plug the pen drive in a computer running bitcoin (and connected) and copy the wallet in there or import the private key. This wallet is now compromised so any change you again send to a new offline wallet.

Or just use Armory like pointed above.

This morning I checked my paper wallets against the blockchain...and found none of them were stolen. GO PAPER!

Bye! Don't let the door hit you in the ass on the way out.

2FA protects your account from unauthorized access but not from bankruptcy of the operator.
The only way to protect yoursemlf from bankruptcy of the operator is to check for regulatory compliance.

Use an exchange that is working with a regulated banking partner.
Read the ToS and check the banking information.
If you are sending fiat to a bank account by the name of the exchange, you are in hot water because they are using a corporate account to store your funds (bitstamp, btc-e, kraken, etc).
The bank account should bear the name of their banking partner (or your name) to ensure segregation of funds.

Bitcoin-central is the only exchange that is compliant (if somenone knows another please let me know!).
Anything else is illegal, period.

If you are using an OTC buyer/seller, only coinbase is working with a regulated partner (SVB) but that is only in the US.
Non real-time P2P marketplaces (such as bitcoin.de) are a different species since you do not send them fiat.

My recommendation: get a different, personal wallet that gives you more control, create a backup, test the new wallet with a small amount, and then move all of your coins there.

Now, for the sake of newbs thinking that using Armory, running USB sticks back and forth, etc. is a lot of trouble for a few bits, it might help if if you differentiate between hot and cold wallets.

A hot wallet is one you do your spending from, keep up-to-date, and have ready-to-use. It could be the Bitcoin-Qt client (or Multibit, Electrum, etc.,) or an Android app like Mycelium. (Using an online wallet for your hot wallet is a REALLY BAD IDEA.) You should only ever keep a small portion of your bitcoins in your hot wallet.

A cold wallet is one that rarely (ideally, never) touches the internet, and stores the bulk of your bitcoins. You use it to transfer small amounts to your hot wallet as needed, to receive funds from your hot wallet when its value starts getting too high, and to store your savings. It may be something like Armory, or an instance of Bitcoin-Qt running on a clean, spare Linux system that is normally kept turned off, or even a paper wallet with several keys (created offline, of course.) Different cold wallets have different levels of security; choose accordingly.

If you have a hot wallet and one or more cold wallets set up, you'll have the convenience of ready access to spending funds, plus you'll have extra security for the bulk of your bitcoins. Granted, if you only have a small amount of bitcoin (and plan to use them regularly) it's probably not worth the hassle to create and use a cold wallet, but 3 bitcoins (~$1800) is probably beyond the point at which one should have done so.

And since it apparently can't be said often enough: DO NOT USE AN ONLINE WALLET TO STORE BITCOINS. If you have an account on an exchange, only keep enough bitcoins there to make your next sale, and make your sale ASAP. Keep everything else in your personal hot and cold wallets; there is NO NEED to have anyone else "securely" store your bitcoins for you.

And the someone you trust can do with your coins whatever he wants. They can act like a bank, which takes your cash without giving you a collateral, and do more or less risky things with that, they don't put it in a vault. As long nothing bad happens everyone is fine. But shit happens all the time. Nothing new.

this is basic stuff here:

if you keep your gold and silver in an exchange instead of physically in ur hand then u dont own gold or silver and u risk losing whatever paper gold and silver u think u own ..

if you keep your fiat money in a bank then u risk losing ur money to a bank bail-in ..

if you keep ur bitcoins in an exchange then u risk losing ur bitcoins ..

The issue is people STORING their coins on the exchange.  Don't do that, and you probably won't get goxxed.  Comprende?

Dont keep your coins online. Simple as that.