Bitcoin Forum

 >:(

After many months not being active on bitcoins i was reading about some person busy developing something so i decided i wanted to send him a small donation.
The reason for my inactivity is that i am waiting for for butterfly labs to send me my ordered single SC which seems to be the second scam at present.

Anyway I installed the new version of bitcoin-qt and fired it up

After it opened i instant spotted a huge transaction being send from my client about a month ago to this address which is obvious one of hundreds addresses which are constant being used to resend it to another address since this thief tries to cover his tracks (1BxFY9cD3KPJMtvKEDTbLj7ZoijoTpzNyb)
I also traced back that the culpritt operated from IRAN where his ip address resides

So this made me painfully clear that bitcoin is far form being a safe community and that your painfully mined bitcoins are not safe at all from thiefs, scammers and other bad persons luring to get them from you.

So in the years i have been active on bitcoin i got scammed and stolen several hundred bitcoins

nice going bad memebers of the bitcoin community

 

i dont want to laugh at you, but you are basically blaming the community for your problem which makes no sense. Because your computer wasnt protected well enough you blame others?

Sorry for your loss, but it has nothing to do with bitcoin. If you had secured your coins this would not have happened.

Thanks, Obama.

your statement that my pc is not protected well enough is first of all a joke. my pc is very well protected, but a good hacker does have no problem hacking into even goverments, banks and big companies.
So assuming that your safe .... think again having a good firewall and and a router does not mean your safe at all

well... sounds like you don't know how to secure your computer... then again... having 100's of bitcoins... cold storage would've been so much smarter...

Still love it how people don't lock their computer... and then complain when something gets taken out of it... (like not locking your car, and being mad someone stole your 1000 bucks photo camera you left in your unlocked car, its theft but insurance won't pay you back for it.)

I've had a client with minimal btc running on a honeypot, and it still hasn't been hacked after over 6 months. (ofc I'm not so stupid to login and unlock the wallet for them... or it would've been gone months ago) So the btc client is fine... you just need to learn to use proper security on your computer when handling money.

Get yourself a live cd, or you'll get scammed again.

Owh and a side note, you don't wanna know how many thieves, scammers and other bad people you will meet when going out of your house... Internet is just the same, and you need to apply the same rules in a different format to them. (as ofc you can't be pickpocketed online, but they can still steal your money, aka you still need to watch your wallet)

update, same story as above three, if you properly secured your computer, none of this would've happened. (hope you just learned to lock your "car")

Your fault, next time make a better bitcoin client and a better protection system. What? The only thing you did was "whine"?

omg... your explaining to us how to be safe... while not understanding what you are saying?

if you follow your own advice, you know that anything more than a 100 BTC, should NEVER EVER EVER EVER be on a NETWORKED PC, EVER!

you can not hack, that which is not networked, unless you have physical access...

His/Her statement is correct, your computer is not secure enough, not even mine is. However my Bitcoins are not stored on a computer, but a paper wallet.
So unless someone comes and takes it away from me physically, then it's pretty darn safe. (It's not even at my house, but a secure location).


It's also known that governments do not have the biggest protections systems, read some articles online from Whitehats, they will tell you that their computer at home is more secure.

I'm confused, you say that your computer is safe, so what are you saying? That the Bitcoin system was hacked?

What exactly are you complaining about?

If your computer was never compromised then that means the Bitcoin system is broken. The thing is though, this is considered highly improbable and so far you are the only person to have been hacked with a secure computer. Perhaps your wallet was laying around on another computer from a longer time ago?

As a hint, if you change the password on a encrypted wallet, the older backups can still be used to steal the Bitcoins. Personally I would not bother changing passwords for a wallet because that means two passwords can be used to steal my coins (because of old backups). Instead I will create a brand new wallet on a offline computer and send my coins to that one. And leave the old wallet as ruined.

First scan your PC mate, I'm pretty sure your pc is infected and it wasn't secure.

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

Fucking Iranese...

Your correct, perhaps large Bitcoin banks will be a solution?

Imagine companies like blockchain.info hosted wallets that are extremely secure... (With a certain value of the holding insured)

This future allows people to keep their money in banks like today, but the more experienced among us can keep our money literally under our control. The same as keep cash under the mattress except its usable all over the world from our computers and phones.

Bitcoin can be the best of both worlds. Obviously a future where every single Bitcoin user controls their entire stash of Bitcoins on their computers and phones is not realistic.

I still feel bad for you. But your attitude is really making it hard for people to sympathise.

You did not follow best practices regarding storing and securing your bitcoins. At the very least you should have had your wallet encrypted. And since you were inactive anyway, you should have been storing them in cold storage, completely offline, and this would not have happened.

Sorry.

Exactly this, WE are not the ones that stole from you. So there is no NEED to give us attitude. I do feel sorry for you, because I would be devastated, but I would still remain polite to others.

Maybe, people can help you, for future reference.

This is not an uncommon occurrence and I think it would strengthen the bitcoin community if we responded with some compassion when it happens. Anyone who is a victim of theft feels bad about the loss, including feelings of frustration and anger.

Instead of making bronan feel worse by calling him a whiner and stupid, or saying that we don't care, we can instead be sympathetic and supportive and try to learn something form this incident. We can reinforce the security recommendations, and perhaps devise new recommendations.

We can respond in ways that strengthen the bitcoin community or we can respond in ways that weaken the bitcoin community.

By the way, what does OP stand for?

WARNING! This is another troll/shill thread, started only to be later featured on some mass-madia article about how "unsafe" and "bad" bitcoin and bitcoin community is.

(like for example this thread https://bitcointalk.org/index.php?topic=196138.0 was created only to be later featured on http://www.redstate.com/2013/05/16/tech-at-night-bitcoins-central-bankers-kim-dotcom-censors-mega/ )

It's a pretty bold statement saying they were from Iran. For starters, I'd like to know how you came to that conclusion. Secondly, how do you know they weren't operating through a proxy? Facts > speculation.

Don't feed the troll. It is obvious this thread is a shill thread. What he basically said is "I left my house for a month, and left front door unlocked and open, and my savings on the kitchen table. When I came back, the money was gone! Thieves stole it! Oh and BTW, they were from Iran.".

This man is right.

Until bitcoin can be used without risk by windows dummies, it should be declared a danger matter.

+1

OP = Original poster



But, I disagree.
I don't help people who have a attitude against me. He's basically blaming the Bitcoin community that his money has been stolen.
Bitcoin has enough hate in the news and his not needed here.
If he would of responded more polite, maybe people would of helped him.

OP = operator, also known as thread starter.

True, the problem is, security wise bitcoin is not ready for mainstream adoption, and despite having a pretty high tolerance, having to read 10 threads where people claim bitcoin is hacked every week, without a doubt that their own computer might be infected, shakes your sympathy towards those people, resulting in the not so kind replies.

My problem still is, that 80% of the people on the internet, are technically 4 years old (internet wise, not irl). Would you let a 4 year old alone in the real world, with everything that is out there? Me neither, the amount of bad people.. not until they are 12 or preferably at least 18... (and then still, to many people get scammed etc etc) The internet works in the same way, most people are not mature enough to explore it alone, so we call in the help of anti-virus software, firewalls and other stuff. While in the end they click on the wrong link or picture, and still end up getting scammed / hacked etc etc.

While I believe bitcoin to be sound, by everything I've found so far... I gotta look at every hack claim... and thus cannot ignore these threads :(

It would be nice if people actually followed proper security when handling bitcoin... but since people don't we get a dozen hack claims a week :( Its crap, I'll try to be more polite in these threads though

I'm not sure whether or not this is a legitimate claim, but the community's response should never be:


It's completely shameful if we turn an apathetic eye.  Theft is never the fault of the victim.  Putting a pie on a windowsill does not give anyone the right to take it.  Password protecting or encrypting your wallet using the bitcoin-qt client does not give anyone the right to design malware to steal your coins.  Are there steps OP could have taken to further secure his coins? Yes, but nothing, I repeat nothing is foolproof.  

If you had taken all the security measures you thought necessary even with a paper wallet, and your coins got stolen I assure you my first response would not be, "Sucks to be you, your fault."  
My immediate response would be to want to know how this happened.  I don't even use the bitcoin-qt client anymore because it's a faulty product.  A single text entered password (even a long passphrase) isn't enough security.  To the other people claiming that "amounts >100 BTC should never ever be on a networked PC," that's like admitting the failure of bitcoin itself.  Not everyone has the technical know-how or the desire to use a paper wallet.  Bitcoin is designed to service digital transactions and digital storage of value.  If we honestly can't secure any amount of BTC sitting on a computer then I consider the road ahead of us to be very long: we've got work to do.

Bitcoin's should be so easy to use and secure that you can trust your grandma with them.  If our continual response is to dismiss these security holes and laugh at the people that fall victim to them, then you'll see very dark days ahead for the BTC.  It won't become a widely accepted and trusted currency but a little-used technical oddity shunned by the masses.

Now there are plenty of ideas that might help secure coins, especially for newer users.
-2-factor Authentication should definitely be an option whenever available.
-Imagine a wallet service that allows the user to predefine a daily withdrawal limit, preventing theives from cleaning out the account all at once.
-The wallet could also offer email or text confirmation when a withdrawal is initiated, requiring more accounts to be hacked before coins can be lost.
-There also could be the option to institute a time-delay on wallet withdrawals, so that the user is notified and has a period of time to cancel a withdrawal before it is completed.
For more security the wallet could have a mode which pre-defines certain addresses it can withdraw to.  The funds are essentially "locked in" to these addresses and they are not easy to change, so they must be spent to other accounts under the users control (with different passwords, authentication, etc) before they can be sent anywhere.  

My point is that there are multiple ways to go with this.  We should always be exploring new security options to help each other.  Are there people that will make up these stories to detract from bitcoin? Yes.  Are there people who legitimately find themselves the unwitting victim of theft? Yes.  As this latest bitcoin magazine article points out, even those who take the most stringent security measures can still suffer from loss http://bitcoinmagazine.com/bitcoin-self-defense-part-i-wallet-protection/.  If our attitude is to turn a blind eye and simple say "your fault" every time this happens.  Then shame.  Shame on us all.

Sad to hear but definitely not a flaw in Bitcoins, More so in security, sadly we are not an insured bank, some one is as likely to take your bank login info..

But the flaw is not within the client itself, only in how it is secured.

Wow... and what "good firewall" might you be using? Also, just having a router does not make you any safer... it just adds a couple steps to making a connection to networked equipment.

If you are really looking for security, you need to read more and listen to the people here who aren't flaming you, they are giving you good advice.

For starters, I do the following for my BTC use:

HOT WALLET: I have an active wallet on Blockchain.info that is solely used to payout directly to people I exchange with outside of BTC-e or VirCurEx... this is merely a personal choice as it makes it so I can send BTC from anywhere I have internet and everything has an email alert.

SIMMER DOWN WALLET: I have an encrypted wallet that I use to receive coins from others in exchange for services or donations etc. This wallet is located on a VPS that is ALWAYS OFF until I log in to boot it and unlock the wallet... it takes a while to get the blockchain but I only access it about once a month and track it using the blockchain.info to see if there is anything there before i even bother. This is not that secure by itself but keeping my VPS account secure and the VPS offline unless I am using it addes to it... and it is never much BTC anyways.

LUKE WARM WALLET: There is an encrypted wallet on one my HDDs in my file server at home, but it is not in any typical directory, does not have any other files in the same directory, is hidden, and can only be accessed by my administrator login, of which uses a hashed key as a password which is stored on a USB drive on my keyring. This is used as an intermediary before I send BTC to cold storage. I use this wallet to withdraw from exchanges and as my mining wallet. I try to empty it daily. Also, this server DOES NOT actually host the client I use to unlock and transfer BTC... I have to map to it from my laptop with the Administrator hash key and then I can drop a copy into the client directory, restart it, do my business, encrypt it again then overwrite it back to the server before disconnecting the mapped drive.

COLD STORAGE WALLET: I have a wallet address and privkey pair that I generated with vanitygen... at 45 BILLION difficulty... and I have NEVER used it for anything but receiving BTC. I tested another address and privkey pair by importing it into Blockchain.info and once I confirmed it worked, the harder address and privkey were generated (got mad lucky said it would take 2.5 yrs in oclvanitygen but it popped up on day 4) and tested sending it some BTC... walla Blockchain shows it has value but there is no way to get to it until the day I import it somewhere. I pay myself 30% of my mining intake and transfer that here plus any substantial payment/donations.

LONG TERM INVESTMENT WALLET: I also have a wallet I put my first 5+ BTC in... it is encrypted and exists in a handful of formats... keys printed and mailed to my mother who put it in our family safe deposit box, a copy of the encrypted wallet.dat on a USB that is also encrypted and sits in my safe deposit box at the bank, another USB that is encrypted and sits in my son's dresser with his other personal items he keeps, the encryption password for both USBs was printed (again a hash key), sealed in an envelope and given to my mother in law to put in her safe deposit box, and lastly the UNencrypted wallet.dat was burned to 2 DVDs that are locked away somewhere with my grandmother... i have no clue where as she agreed they would be sent to her personal estate storage and could not be retrieved until her estate is passed to me upon her death (dad was furious rofl that's what you get for alienating yourself from the family DAD... GG).

Anybody got any other methods that you use to keep safe? I know it sounds like a lot of work for some BTC... but I know I won't be posting here with a sob story and 100s if not 1,000s of BTC stolen.

Man, you should not keep a wallet online with this amount of BTC. And if you need to put it online to get money, send the change to another wallet, which was never online, and destroy the old one.

2All. But he has a valid point. Bitcoin wallet is either inconvenient to use or unsafe storage. And even if you are a geek and have no problem with going through the pain with live cd and all that crap regularly, you are still unsafe, because a gang of hoodlums can rob your house. Keeping a flash drive with 100 btc in your house is like keeping a case with cash. You can rent a bank vault and put your flash drive there, and here you go, you still depend on bank.

Bitcoin is ready. It has not been hacked, while wealth worth many billions of dollars has been safely transacted over years.

You are really asking are computers ready, and the answer is - it depends. Mine is.The one from the OP was not. Your question is like asking if dollars are ready. They do get stolen, right? Pickpocketed, scammed away, robbed, lost, burnt, stolen, whatever. Are our homes or pockets or banks ready for dollars and euros? It depends. Some of them are, some aren't.

Yeah, sure. Last time I checked wallet encryption was off in Bitcoin QT by default. Do you call it ready for mainstream adoption? It's like a GMail with no password by default.

Would you keep $10,000 in cash sitting around your house with only a simple door lock protecting it? No. You would take it and put it somewhere more safe. Yet you do the equivalent with bitcoins and suddenly it's everybody else's fault.

If you don't know how computer security works then use blockchain.info wallet with google authenticator and a random password.

Unfortunately, you are right. It is very risky to keep large part of your assets in btc, even if you are IT security pro.

+1, Bitcoin is ready, Bitcoin it's self has not had a problem.
Only the people who are using Bitcoin has had problems, for example this post. Because the currency is a online currency, it's more prone to attacks, but this is just the same as having your bank account online.
If you have your bank account online, it's the exactly the same as having your Bitcoin online, however, Bitcoin can be easier to get because it's located on your HD and more easier to access.
But, to counteract that in a few ways.
You could if you really wanted to, store your Bitcoins on your own dedicated server but to be quite honest, your better of having a paper wallet, they are more secure than any of the methods I have came across.

The truth is that we need a real hardware wallet wich allow you to make transactions without the risk of being infected.  Totally air-gapped. Otherwise you will have your private key in your pc/smartphone, wich can be infected.

Also a note about virus scans: if the computer is infected, scans may be totally useless because the virus might have comprimised the antivirus too. An infected pc is TOTALLY unreliable, the only safe way to fix it is to format it and every hard disks on it and probably whatever you connected to it (usb keys, external drives etc). Otherwise a clever virus may happily survive.

What do you think of my suggestion in my second post on page 1 of this thread?

So, you think BANKS are more secure than storing your own money? If that's the case look at the Cyprus case.
To be honest, Banks are about as safe as storing your money in a fire proof safe.
However, I wouldn't put my money around my house, I would have it in a external location.

I like your post, you said about encryption and how back ups can be used, and that is 100% correct.
Encryption basically does nothing, at all with the Bitcoin client.

Imaging that bitcoin gains adoption and people start buying and massively using bitcoin tomorrow. After a few cases like OP has, mass media will destroy bitcoin's reputation claiming that it's insecure. That's it.

Bitcoin-QT has wallet encryption off by default. It's like your interenet banking is with empty password by default. Do you call this ready?

Just like mass media destroyed internet reputation claiming that is is insecure? Yeah well, mass media probably will cry about that, but people will still use bitcoin, more secure ways will appear.

More secure ways will and should appear. But now it's far from being ready for an ordinary user to use in terms of security.

AGAIN, that is not BITCOIN itself, that's the users who mess up. Bitcoin can be stored safe on a paper wallet.
Internet  banking is the safe, I don't use it personally, why?
One of my friends has had their money taken, yes it was returned, but that's not the point.

People who understand, know how to make a paper wallet, now say that your house get's broken into and they find this 'paper wallet' this paper wallet can be disguised and not look like anything but a product key, someone who doesn't know what Bitcoin is, will not have a clue.

Anyway, I don't even store my paper wallet in my house, but in a external location.

OP,

I wish you the best and hope you CAN recover from this.
It's not nice at all, I have never had my Bitcoins stolen like this, but I have been scammed which is pretty much the same.



Best of luck!

The problem about paperwallet bitcoins is that to use them you need to get the private key on a pc. And if it is not offline, you risk to lose everything no matter what.

The only safe way is to have an OFFLINE computer, create a transaction on it and then copy the transaction on the online computer.

I see i have posted in my anger a statement which i should not have made

For that i do make my apology to the good members of the community.

But i sincerely would like to see some kinda secure system or a bank where you can put the coins for safe keeping with some kind of protection if it is being hacked.

I sure as hell would have instant used it if it existed in the first place.

I can tell you that when i retrace the bitcoin address that several hundreds of bitcoins are being processed so i am sure many more people have lost their belongings besides me.

Also the stealing from me is shortly after i reported the botnetter which had infected many friends their pc's with a secret miner to some pool owners, another fact is that i retraced on all those pc's that they was infiltrated from ip's originated which are located within Iran
Ofcourse those pc's also could have been victims of the culprit(s) for that i can not provide enough proof, i just can state they was all in iran.

Second i do think if bitcoin wants to become a system which all can use that there should be some kinda way to to get the money back if this kinda things happen
At our banking system you can reclaim a payement if it has been made in error. That ofcourse needs some kinda group of persons who would see if that claim is valid or just another try for scamming someone. If a bank goes bancrupt you get payed by a governement fund up to 100.000 euro.

I would like to thank those who expressed their sympathie as well by this post. These criminals make a promising iniative very bad

I was thinking of something very similar to your suggestion.  Some type of hardware wallet that can be used to store/transfer BTC without worrying about the host OS/Software being an attack vector.  I also like some of the other suggestions further up the list.  2 factor authentication in the client, daily limits, email confirmation before sending coin, user defined send delays that allows a cancel action during that delay.  

Many of you work in IT and have supported non-IT "users/customers" at some point, so you know this is truth:  There isn't enough education in the world that will make users behave intelligently on a computer.  We must find a way to make it "Grandma Proof" not spend effort on educating folks.  One in ten may take heed but that isn't enough to drive universal acceptance.  Perception is reality, and if people perceive BTC as unsafe then it is unsafe for them.

That's exactly what I do.
Really I don't need a paper wallet because I have a OFFLINE computer, but I always like to go the extra step.

FYI: bitcoinarmory.com

Could you elaborate, please. This sounds interesting, but how do you copy a transaction? How do you sync the blockchain on offline computer?
 

I think there needs to be some kind of dedicated offline hardware wallet... Not a whole separate computer that you keep offline, but just like a $50 device, maybe powered by a raspberry pi or something, and with a small touch screen and an SD slot, and the only thing you can do with it is create private/public keys, transactions, and send the public key/transaction to the SD card to distribute to an online computer.

Like an Android wallet you use on a device that has no cell service connected to it and wifi off until you are ready to send the transaction to your online device?

The same could be said about the internet in general.

There is no need to sync the blockchain to use bitcoin and make transactions! The two things are totally unrelated. The blockchain is required to check your balance and to check if you received transactions, and  of course, since bitcoin is a p2p network, to relay blocks to other nodes, but not to make transactions. You just need the private key for that.

How to copy? You can for example display it as a qr-code and use a smartphone to read and send it to internet. This way no virus can enter the offline computer.

Thanks!

No, you are wrong. I already gave you an example that you ignored. The most popular bitcoin client comes with the encryption turned off by default. It's not users who mess up, it's bitcoin community and developes who mess up here.

Paper wallet is just for storage. If you want Gold 2.0 only, then it's fine. Let's tell people the truth then: the only secure way is to store BTC on the paper (unless you have a PhD in CS). Period. Don't use it for anything else. And please forget about wide adoption, payments, etc. in this case.

Internet in general doesn't put at risk your money. Bitcoin does.

This post seems to me very contradictory.
- First he is asserting that he had a very good secured PC which was hacked and his BTCs where stolen. If this is true the attacker must be very professional or the BTC holder very beginner.
- On the other side he is saying that he was able to track the IP of the thief even if as stated it was used as relay an intermediary BTC address. Which presumes that he (the former BTC holder) was very professional (it is not easy to track the IP of a thief) or the thief was very stupid.

no, the Internet + Bitcoin does. The internet is not required at all for Bitcoin storage.

Thanks! I have too few btc to worry about safety now, but I am going to play with wallet which is permanently offline to be ready to become bitcoin millionaire in the future :)
 

A good idea warpio that might work as well as long as it is able to be compatible with the current bitcoin clients
Which i think plays also also a small minor contribution into my drama.
I had to update the client/wallet so thats why the wallet was on my pc.
Ofcourse i should have put it back on the removable disc but i simply forgot to do it because of all kinda personal problems
Their is nothing i can do to change the events which have lead to this event.
Should i have not reported these botnetters to the pool owners ?, should i not have reported them to internet police ?

It is the same as blaming a door manufacturer, because you didn't lock your door and got robbed.

As far as I know, offline clients shouldn't need to be updated. Since the algorithm for creating private/public keys and transactions never changes. The only reason for updating the client would be if you need to check your balance on it, but that would be best done a different computer than where your wallet is stored.

A fool and his money are soon parted.  We can hand-hold and point the finger at the devs all day long, but there's a good reason why the PIN on my debit card isn't 1111.

Something like an offline/paper wallet, perhaps?  ::)

Then using Bitcoin is like learning how to make doors, locks, keys before you can pay.

Yes! And you know why your pin is not 1111? It's because your bank won't allow this.
In any good bank, changing your default pin to 1111 is prohibited. And even default PIN generation process is tuned to avoid this kind of PINs. You cannot even get pin 1111 by chance.
Do you know see the difference? This exactly what I mean when I say that default security must be in-place for a mainstream users.

If you want to use a car safely, you need to know how a car is made and how it works.
If you want to use a door and a lock safely, you need to know how doors, locks and keys are made and how they work.
If you want to use bitcoin safely, you need to know how it works.

It is pretty much common sense.

See, here's the thing: people should already know that setting their debit card to 1111 is a stupid idea.  The guy who does try it should be allowed to have his PIN as 1111, or else he'll never understand why it's a bad combo.

The reason is obviously not because "the bank won't allow this."  The reason is, literally, because it's extremely easy to guess.  As I said, hand-holding, and it needs to stop.  Bill needs to be robbed of every last of his BTC for being dumb enough not to use encryption.  You may disagree, and say something like, "Well if the devs would FORCE you to use encryption, it couldn't have happened!", but lets be honest, nobody likes to be forced, and if you wanted to use an unencrypted wallet, for whatever reason, you should have the right.  The devs shouldn't be responsible for stupidity.

I fully agree that you must know something about Bitcoin before using them. But it's too much to ask for a user to be a IT security expert just to send a payment. At least if you want a mainstream adoption.

I seriously doubt that many people know how locks work in their doors. Still they manage to use it.
I seriously doubt that many people know how engines work in their car. Still they manage to use it.

This whole debate is stupid, you shouldn't rely on the bitcoin client's encryption anyway. It could have bugs or backdoors or who knows what. The only way to truly be safe is to generate your transactions offline.

I never talked about forcing someone to use encryption. There must be an option for advanced users to turn it off. But by default it must be on.
Compare 2 options:

1. banks sending out credit cards with the same default PIN 1111 and allow you to change it
2. banks sending out credit cards with random default PIN and allow you to change it to 1111

I hope this shows the difference.

Storing private keys on a computer that is connected to the Internet is suitable only for a trivial amount of funds.

Everything else should be stored offline.

I don't want to be sarcastic but this is the same as:

This whole debate is stupid, you shouldn't rely on the doors in your home anyway. It could be lockpiced or just broken or who knows what. The only way to truly be safe is to dig yourself underground as deep as possible.

True, this is why most of the people do not have A LOT of money in one drawer in their houses unless they have some REAL security. Most of the people have 95% of their money in banks, security boxes, etc.

no, I'm pretty sure using an offline computer is not the same as digging yourself deep underground.

using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.

True, but the problem is that nothing in Bitcoin clients facilitates this.

Just a rough example: there can be a popup window saying "You are storing 1000 BTC on unencrypted wallet. It's not secure. Do you want to transfer them to a paper wallet and print 10 copies of it?" with buttons, "Yes", "No", "Remind me later". And yet again: this is for regular users. Advanced users always can turn it off.

The difference is that you are treating bitcoin as gold 2.0. I'm treating it as a mean of payment.  In this case it is exactly the same as digging yourself deep underground.

This is a very old debate. Use the search. We all know that Bitcoin is not noob friendly. Your grandma won't even be able to understand it. But, it's still improving with time, step by step.

And yes, devs know this and they are trying to find the best ways to improve both user-friendliness and Bitcoin-QT built in security.

Yes, I know. I just wanted to stress it once again as I believe it's important.

A wise person taught me something a long time ago... and it stuck.

Locks only keep HONEST PEOPLE HONEST.

A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.

As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.

If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.

Not really, it's very simple to use your bitcoins for payment even from an offline computer. It's just a matter of sending the transaction from the offline client to an online client. Still MUCH easier than moving gold around.

"I can't get into my wallet anymore I lost my password" implies your fault only.
"All my bitcoins are stolen" implies either your fault or that bitcoins payment infrastructure is not secure (as the whole, I'm not talking about blockchain or cryptography).

Guess what is worse for bitcoin adoption?

You are not 100% on that second part... the Bitcoin payment system IS SECURE... it is the PLATFORM users choose to deploy and use it on that is getting them in trouble.

If the bank can't keep its servers secure... what good is a PIN and passcode? Especially in this age of compute power... brute force is more realistic today than ever before... hence why a database breach requires you change your password, even if the data lifted was encrypted.

Just owning a PC that is online should require the same amount of security whether you use it for Bitcoin or just everyday web surfing. Securing one AT AN APPROPRIATE LEVEL is the same as doing so for the other... you dont want you online account passwords hacked or captured right... even if it is just for youtube logins and webmail? Same thing if you add Bitcoin into the mix... safety is safety and there should be no gray area... either you care and you do it right... or you fuck off and get fucked... excuse my language but it hits the point home.

I am glad to hear another person got a lesson on computer security for only the price of bitcoins.

In some Arabic countries where Sharia law is present they will chop off body parts of thieves, so gold store owners can leave the store open while they attend their daily prayers without being afraid.

my 2 cents

I am not a regular poster, hence my post count, but I could not let this go by unnoticed in a thread about theft. There are a couple of misconceptions in this post that reveal that you have invented these security measures yourself. Please, do not take these practices as advice, and poster: please get informed before giving security advice with respect to bitcoin.

Clarification: your HOT, SIMMER DOWN, LUKEWARM wallets do not offer any different security. They are hot wallets. With respect to your 'cold' wallet: the difficulty in vanitygen is in no way related to the security of your private key. Only how difficult it is to get the first few characters equal to what you gave it. The security of a private key is the same. Also, you cannot really use this cold wallet offline, unless you know how to sign raw transactions. The idea of cold storage is that the private key never touches the internet. Not even temporarily touches a computer that is occasionally connected to the internet. But you still want to use it, right?

I recommend that you have a look into the bitcoin client Armory (https://bitcoinarmory.com/). It can give you easy to use cold storage that is truly  safe, and you can make paper backups of your wallets to put in your safety deposit box.

Come again? I am not sure how you think there is no added security in how I keep my wallets... of course the blockchain wallet is base level no added security... that's why it is my outbound wallet and is always empty when I am finished using it.

The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance,  or have my private key. Not saying it can't happen, but it is an added step between them and my coins.

How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...

I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.

As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.

Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.

Thank you for exemplifying my signature quote. :D

daemonfox I think you have missed vhaasteren's point a little bit here:

He is trying to say that your hot, luke warm and simmer down wallets, all exist as wallet files on a networked PC, therefore offering no increased protection for one another if your passwords/computers are compromised, obviously the ways of finding the wallet.dat files etc may differ...

He then mentions your cold storage system. Basically, he is saying that as you must import your private key to a networked computer to spend the funds (current arrangement) that this is only as safe as aforementioned three wallets when you come to spend the funds, although, these should be secure from theft before that happens. He was trying to imply, that in order to spend any funds from this wallet, without importing the priv key to a (potentially compromised) client/computer, you could spend funds by generating raw transactions (req. know-how and is still hard).

I must agree with him, that armoury on a second, 100% offline (never before networked) pc/netbook really looks to be the way forward, until secure bitcoin hardware wallets are sucessfully implemented.

I personally bought the cheapest Asus netbook new off amazon, disabled all network devices in BIOS, formatted to ubuntu 10.04 and loaded armoury onto it. Cost ~£150. Price worth paying for securing my coins? Absolutely.

Hope this helps.

And if you do not even want to bother to buy a new computer just for offline armory, you may well be install Ubuntu 10.04 with home folder encryption on a USB, disable or connectivity on the Ubuntu USB install, install offline armory, and then you could boot your regular computer (or any computer) from it.

Exactly.

Daemonfox, I did not mean to flame or offend you, but we are talking about advice on how to keep money safe. Unless you are one of the top minds in the scene, you do not want to invent measures yourself. The only ones that would take note of your descriptions would be newbies, and they are exactly the ones that should not follow your advice. They need an easy way of doing the right thing, with only a small possibility of human error.

If I did not explain well enough what was wrong with your methods I apologise. However, these matters are subtle, so I wanted to avoid a discussion about details. If you produce your own private key management system as you are doing, you can easily create a situation where your private key touches a computer that has been compromised, even only momentarily, thereby destroying the 'air gap' that guarantees 100% security. Armory does exactly that, with minimal effort, and you can even still spend your funds.

I myself have actually installed Armory on a Raspberry Pi (cost about $50 including all accessories), but a usb stick as Rampion suggested is cheaper.

I hope this was useful

But, but, I has firewall on, an router... I are safe, and I got stolen coins!

Obviously you didn't encrypt your wallet... Obviously a firewall is about as much protection as a sticky-note on your screen... Obviously you are using your normal computer for things it should not be doing... (Hope you don't bank with that same computer, or buy things with your credit-cards!)

Nothing is safe, unless YOU MAKE IT SAFE... what did YOU DO to MAKE IT SAFE? Nothing, you just expected it to be safe, and expected your firewall and router to make it safe. That is NOT the purpose of a WALLET program, or a FIREWALL or a ROUTER.

Besides, firewalls have not worked since they were created. They only STOP legitimate programs from doing legitimate things, not illegitimate programs from doing illegitimate things. They don't talk to firewalls, they go around them, through holes you ALLOW. Your router has nothing to do with security, it simply stops others from joining your internet if they are not allowed... you protected the internet from strangers using your wifi, and that protection was defeated years ago.

Don't tell me... you also have a virus scanner! That won't find crap that is just made, only crap that is old, and possibly a generic virus... but not a real, new virus/trojan/web-page-key-logger/html-5-virus or any other real serious threat... like downloading a non-virus program that just takes things off your computer or activates remote snapshots of your screen, or uses any other common low-tech method to take your crap. Like reading your COPY-PASTE clipboard... many people copy long passwords from a file, and paste them into the password field... but NEVER remove it from the clipboard once pasted. The next site can READ that from your computer, without being a virus.

Stop using your computer for cheap entertainment, and stop browsing all over to strange sites, that are obviously infecting your computer. (Like sites related to bitcoins.)