Bitcoin Forum

Yep thats right another thread on some idiot having his coins stolen. Long story short i had a small amount stolen from my blockchain wallet, now i didnt have any protection on this wallet other than a good password because it only had about $2 in it and its a good way 2 find out if someone is getting into my phone. So question is, i only use internet on my phone as i dont have a computer and always on the move and now ive been hacked or something whats the best way to upgrade protection on a andriod smart phone? If u need anymore info just ask.

Even with a weak password an attacker would still need to know the identifier in order to access your wallet

I would never store coins on a phone, especially on an android. Look into cold storage for long term large storage, and I would only ever keep 0.1BTC maximum on a hot wallet on a phone or online wallet.

I'd start looking at what applications you've installed in the past 2-4 weeks. Especially the most recent ones.

I don't know Android very well, but there are chances that you haven't been hacked in the usual sense but you could have granted yourself too much permissions to some app. If I were you I would start to look at what I installed on my phone.

There are applications like Xprivacy that let you set what permissions you want to grant to which app, but you need a rooted device and also the learning curve to use Xprivacy could be a bit long.

This is an infamous problem with Android's apps. IMO Google should really improve the overall security and privacy aspects of this OS.

Any ideas on how some1 would get my identifier or password so i know what to start looking for. Im not interested in coins back as i know thats not going 2 happen just dont want it 2 happen again. Today will b spent reading into secure storage.
Edit.. only recent app download is shazam and only 2 others long time ago.

Hint hint use xapo.com. They are fully insured

This is why im still a bit sus on using bitcoin, i want to use it but if i cant keep any on my phone without the risk of it being stolen how am i ment to use it on the go, the way it needs to b used to get into mainstream.

I'm not sure why exactly you would be hacked for $2 worth of bitcoin, lol.  I would use google authenticator to minimize the chances of being hacked, but then you'll have to treat your phone a bit more carefully.

Their withdrawal process is a bit timely and a pain in the ass, I hear.  I would just use a paper wallet.

Go to https://www.bitaddress.org  and turn off your internet, then generate a new address, and print multiple copies of it to store into safe places.

Someone likely had physical access to your phone and stole the bitcoin that you had stored on it.

Paper wallets are good if u just want 2 store your coins but i want some to use anytime i need them when im out and dont really want to dig out a piece of paper everytime i pay for something. Still along way to go before many people in mainstream will want the stress of usong bitcoin.
No 1 has used my phone but me and it dosent leave my sight.

Then it might have been compromised by an app, which is what everyone else is suggesting.  If you want to store some bitcoins for day to day use, I suggest you signup for blockchain.info (website) and use google authenticator on your phone.  Be sure you don't have any dangerous/suspicious programs installed. 

Probably the best most simple tip i've ever received, thanks ill try that

Be sure you have read the last sentence of monbux's post.
Because if you have given to some random app the permission to read/send text messages, then I don't think we can consider a 2 Factor Autentication so sure anymore.

i'd hate to be limited to a phone with bitcoin. if i were, i'd try to have a separate phone for apps, and never download anything onto the phone holding the wallet. too many apps out to get your coins. :-\

The strange thing is that someone could argue that the less "smart" these phone are, the safer.
I mean, were the older phones so unsecure?

Well, I'm just joking, but in the meanwhile... could someone send me a copy of that bitcoin client for Symbian or Nokia OS? :)

Perhaps you accidentally sent someone 2$ worth of coins? Or did and forgot about it?
Seems odd that the hacker has control of your wallet but only takes 2$.

It does seems odd yes. Generally the human element is involved and we messed up in some way.

Perhaps someone has access to your email address where you saved your blockhain.info identifier and they also know your password  :o .

Use a long random password that has never been used on any other sites, enable 2FA, avoid clicking suspicious links or downloading suspicious files.

how do you even begin to start cracking into wallets?

Using a long password is by far the best security.

More important that the entropy (length) of a password is the exclusivity of the passphrase.  If you use the same password of JO98h%$&hkCD43SD on every website you visit, the hacker simply needs to hack into any retail website you used the passphrase on and now he has your email and passphrase.

You can use crappy passwords on most every site, for you Bitcoins use a passphrase you don't use anywhere else.

A long password doesn't equal to a strong password.
"abcdefghijklmnopqrstuvwxyz" is long but is not as good as "%1Q&wc8r9!S8".

Also, if you have malware on your computer, your password will get compromised as soon as you set it up...

That's only true if you're assuming the attacker would only use roman alphabet dictionary for the attack.  This first password you noted "abcdefghijklmnopqrstuvwxyz" while having a smaller dictionary is significantly longer to have a much higher entropy.

Ideally if you're going to use long passwords, just jumble some words together and flip one word backwards (radio in this case) like "froghitbananaeschewnineteenpinkcamelotoidar" - even a dictionary based attack would take years if it had to try to guess 1 or more words backwards.

Remember - if you make it too hard to remember you will lose those coins for good.  Search for all the people who came on here posting that they can't remember their password or they must have miskeyed a word - it's sad.

same way you bruteforce into anything, you can use
bruteforce - trying every combination and lenght
dictionary - trying every pass(word) that is located in dictionary file
rainbowtable- pre-hashed attempt that increases speed insanely, but also takes insane amount of time to initialy create one.

if you use combination of lowercase,uppercase and symbols, and use like 10 chars, i doubt anyone could break it, but even with that applied, you cant be fooligh and write password somewhere on your computer (in a .txt file or something) because attacker will probably search for that first.

If you connect the device you're using for this to the Internet after creating your wallet, you're not better of than before, because a backdoor program or a keylogger could still have captured your private key.

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

Now you've got to be paranoid that people claiming to show you a safe way of creating such a safe cold wallet won't actually lure you into a trap where they can easily access your coins!  :P

Armory has a step by step guide for how to make an offline cold storage wallet:
https://bitcoinarmory.com/about/using-our-wallet/ (https://bitcoinarmory.com/about/using-our-wallet/)

Disconnect your pc from the Internet, and then generate an offline wallet (no Internet connection afterwards) or a paper wallet (with BIP38 encryption).
Your wallet would be immune to all hacking and malware. :D

Not if you re-connect that computer again afterwards. Geez, that's such an important fact to the whole idea that many people just leave out!

Most stolen wallet cases ive heard is just huge mistakes.

It's pointless to have coins in your phone. brb lose phone, lose your money.

Yeah I would never leave a sizeable amount of btc on a phone / online wallet, way too many risks involved.

I've already had a few btc stolen so I made a point of brushing up on my security, offline paper wallets are the way forward  :)

Like everyone else is saying, storing your BTC on a phone is not the greatest of ideas.
I would switch to a more secure wallet that is not as easy to compromise such as blockchain or Armory.

Just make a true cold storage wallet using a linux live cd without internet connection and copying the wallets on different usb drives.
Place them in some different locations, there's no need for passwords.

Do they contain the whole key? If yes: What if someone gets access to one of the flash drives? If no: What if one gets corrupted/stolen/lost in a fire, etc...?

If yes: The wallet should be encrypted with a strong password, which makes brute-forcing highly improbable.
If no: He could use m-of-n multisig address, and put all those backups in different places so that it is highly unlikely to have a few of them destroyed at the same time. :)