|
Title: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: manixrock on January 09, 2011, 03:29:06 AM With worms and viruses having access to millions of computers (botnets) and stealing private information so easily, it's not hard to envisions adding a setting to those bots to steal someone's bitcoins. Unlike stealing credit card information, this gives an immediate and anonymous reward with zero extra effort.
Is there anything in place to try to prevent such theft? Providing an option for username/password encryption would be a good start, but if people (especially people inexperienced with computers) are going to use bitcoins with large sums of money, they should have a way to protect it. Another issue is one of backup. If a hard drive fails and there is no backup of the bitcoins purse you loose it all. There should be a way to back up the latest version of the purse file in another place (either on another computer or on the internet), and that one needs to be at least as secure as the one you're using. Finally there's the issue of mobility. If you use bitcoins on a non-mobile platform, there should be an easy way to access the funds from other places. People who aren't very good with computers will find it hard to move the bitcoins program along with the purse to another device. These three issues seem to need a good balance of ease of usability and security. Banks can achieve a good level of security because everyone using their services is identifiable. How can we achieve high security in an anonymous environment? Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: fabianhjr on January 09, 2011, 03:46:57 AM As of security if you don't want to get infected don't install or download shit. :)
As of the hardrive failure use a RAID 1 or 5 and do remote backups to a box you have in a vacation house or with a trusted party.(With your wallet encrypted over there + stego) As of the mobility part there is a bounty for an Android app. Maybe that is what you are searching. Basically there are ways to prevent this scenarios(theft || loses) from happening and once they happen you are pretty much srewed. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: davux on January 09, 2011, 04:35:08 AM I totally agree that the keypairs should be stored or exportable/importable as files that one can carry around, backup etc., pretty much like GPG and SSH keys. They would then need to be passphrase-protected, too.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Mike Hearn on January 09, 2011, 12:53:19 PM I'm not sure I agree that "banks achieve a high level of security", there is an endless stream of horror stories of people getting their online banking sessions stolen by Zeus and having tens of thousands of dollars drained out of it. Some banks do security right and others don't.
For BitCoin, I think the right approach here is mobile apps that automatically make encrypted backups (which is why I'm working on one). Mobile OS' aren't 100% bulletproof but they're a lot harder to infect than Windows/MacOSX/Linux, so that's a good place to start. If you want something more like what regular banks provide, you could host your wallet at a remote "BitCoin Bank" like mybitcoin, and use a 2-factor calculator to sign transactions. This is how my bank (UBS) handles it and it works pretty well, at a cost of convenience. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: brocktice on January 09, 2011, 06:59:46 PM For backups, I recommend just scripting a dump of the wallet backup from bitcoin, encrypting it to yourself with GPG, and putting it anywhere. I like Dropbox or JungleDisk, but whatever floats your boat.
I'm less clear about the best way to protect one's wallet in case of compromise. I think distributing one's wallet contents around a few machines might help reduce risk, but I don't want thousands of bitcoins to be susceptible to compromise of my computer, even if I try very hard to keep things secure. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Nefario on January 09, 2011, 08:12:10 PM Once your system is compromised (you have a virus/trojan) then you have lost. Even with encryption, at some point you must enter a password to access your bitcoins, and once you do the virus/trojan will have your password, with which it can use to decrypt your wallet.
Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: brocktice on January 09, 2011, 08:46:57 PM Once your system is compromised (you have a virus/trojan) then you have lost. Even with encryption, at some point you must enter a password to access your bitcoins, and once you do the virus/trojan will have your password, with which it can use to decrypt your wallet. Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future. Well, I use Linux for everything, but I'm sure if the financial motives are high enough, someone will find a way to sneak something on to Linux boxes. I try to be secure, but there's only so much I can do. I might consider keeping my wallet in a maximally-isolated and locked-down machine. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: jgarzik on January 09, 2011, 10:48:06 PM First step: the devs should enable the db4 database feature that AES-encrypts the wallet.dat database on disk. The wallet should never be stored unencrypted by default, IMO.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Gavin Andresen on January 10, 2011, 12:32:55 AM "Just turn on Berkeley db encryption and you're done" -- ummm:
First, unless I'm reading the bdb docs wrong, you specify a password at database creation time. And then can't change it. So, at the very least, somebody would have to write code that (safely) rewrote wallet.dat when you set or unset or changed the password. Second, encrypting everything in wallet.dat means you'd have to enter your wallet password as soon as you started bitcoin (because user preference are stored in there right now), when ideally you should only enter the password as you're sending coins. And third, there are all sorts of usability issues with passwords. Users forget their passwords. They mis-type them. I wouldn't be terribly surprised if doing the simple thing and just encrypting the whole wallet with one password resulted in more lost bitcoins due to forgotten passwords than wallets stolen by trojans. I think creating a safe, useful wallet protection feature isn't easy, and there a lot of wrong ways to do it. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: davux on January 10, 2011, 01:09:17 AM encrypting everything in wallet.dat means you'd have to enter your wallet password as soon as you started bitcoin (because user preference are stored in there right now), Are there plans to change this? bitcoin.conf or any other file would sound like a better place than the very wallet for storing user preferences. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ByteCoin on January 10, 2011, 01:17:27 AM There is no effective solution to this problem until the wallet handling code can be completely separated from the networking client. See http://bitcointalk.org/index.php?topic=1691.msg20718#msg20718
Attempting to improve security by having a password on the client is no improvement as noted by Nefario and has significant problems as noted by gavinandresen. ByteCoin Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: brocktice on January 10, 2011, 02:18:03 AM IMO there is a market for a very secure bitcoin bank. Not sure how that would best be done, nor how people could know to trust it, but I would certainly be interested. Bonus points for being in a jurisdiction that's likely to give any government that comes calling the finger.
No, mybitcoin and mtgox are not suitable. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: bitcoinex on January 10, 2011, 02:32:37 AM Platinum threads of the bitcoin.org
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: jgarzik on January 10, 2011, 04:47:39 AM Sure there are all sorts of problems with passwords and passphrases; those are at least a well known and defined solution space.
But most modern crypto software has the ability to ensure your private keys remain in an encrypted store on the filesystem. Good software has that encryption enabled by default. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Local on January 10, 2011, 07:42:40 AM IMO there is a market for a very secure bitcoin bank. Not sure how that would best be done, nor how people could know to trust it, but I would certainly be interested. Bonus points for being in a jurisdiction that's likely to give any government that comes calling the finger. No, mybitcoin and mtgox are not suitable. Double bonus points from me not existing legally and existing physically in two unrelated jurisdictions so called. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: asdf on January 10, 2011, 09:04:50 AM A cheap solution could be to store your "savings" in an offline "vault" and keep smaller amounts in your online client for day to day spending. this limits your risk.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: doublec on January 10, 2011, 09:45:44 AM Don't get infected, don't become compromised. Use an Apple computer with OSX or Linux, these are the safest options. Staying with windows will become very risky in the future. Linux servers get compromised all the time thanks to badly written web applications (just to pick one common vector). If I was a malware author the first servers I'd be targeting would be those offering bitcoin services so I could get access to the wallet. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Hal on January 10, 2011, 08:10:20 PM If the private keys in the wallet were encrypted, then the virus couldn't get them until you entered your password to make a payment. This might give you a chance to discover and eliminate the virus before it can do harm.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 10, 2011, 08:57:42 PM If you're using Linux for bitcoin & only install software from signed repositories & keep system up to date, then probability of infection is almost unexistant.
You should be more worried if You're using Windows however. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: jgarzik on January 10, 2011, 10:31:49 PM If you're using Linux for bitcoin & only install software from signed repositories & keep system up to date, then probability of infection is almost unexistant. You should be more worried if You're using Windows however. Sadly Linux installs with outdated patches tend to get penetrated quite often. Hosting software, in particular, is often copied into a webspace by an "install script" and just left to rot, unpatched. The rate of infection on Windows is very high, much higher than Linux, but I'd argue that is due as much to raw numbers -- the largest attack audience with a single binary -- as shoddy engineering, today. And I say this as a die-hard Linux hacker, who was proudly Microsoft-free for over ten years (sadly this is no longer the case, with the Xbox and wife's laptop). Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 11, 2011, 04:40:03 AM If you're using Linux for bitcoin & only install software from signed repositories & keep system up to date, then probability of infection is almost unexistant. You should be more worried if You're using Windows however. Sadly Linux installs with outdated patches tend to get penetrated quite often. Hosting software, in particular, is often copied into a webspace by an "install script" and just left to rot, unpatched. I'm not saying about hosting software, I'm saying about a Desktop computer with newest version of Firefox installed. And contrary to some hostings which use such install scripts installing unstable & unsecure shit (by the way, what hosting companies are these ? i will know what to avoid - thx), standard desktops are not so suspectible to infections - of course only if you install software from signed repos and keep updated. That's because "standard desktops" do not serve anything to outgoing world as hostings do. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: jgarzik on January 11, 2011, 05:31:13 AM And contrary to some hostings which use such install scripts installing unstable & unsecure shit (by the way, what hosting companies are these ? i will know what to avoid - thx), Any web host -- it's the whole workflow that is insecure. Install scripts are downloaded and run by the webmaster, which installs (for example) the latest version of phpBB inside their webspace. Time passes, phpBB is not automatically updated, and the eventual intrusion occurs. Most software offered by the webhost themselves is more likely to be patched regularly, and stay up-to-date on security. Quote That's because "standard desktops" do not serve anything to outgoing world as hostings do. Quite true. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Stephen Gornick on January 11, 2011, 09:08:16 AM I almost felt like I needed another shower after reading up on this:
http://www.viruszoo.com (http://www.viruszoo.com) Fortunately searching for bitcoin there still returns "Found (0) viruses." but i suspect with this project's wider visibility that to become no longer true at some point. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Stephen Gornick on January 14, 2011, 11:35:58 AM Worm_Rixobot.A
Quote Having taken over a user’s machine the worm terminates a range of Windows and security programs and block access to websites while a splash screen demands that users pay the Russian rouble equivalent of $12 by texting a premium-rate SMS number in order to receive an unlock key. http://ecommerce-journal.com/node/30836http://c1958612.cdn.cloudfiles.rackspacecloud.com/lolcoin.jpg Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 14, 2011, 03:55:19 PM with newest version of Firefox installed. http://www.mozilla.org/security/known-vulnerabilities/firefox36.html Web browsers have proven to be one of the most difficult types of application to secure against buffer overflows, off by one errors, heap corruption, race conditions, etc. Once local access has been obtained, the attacker can probably do what he needs to do in order to steal your wallet. How many Linux users leave bitcoind somewhere in their home directory and writable by their user account? The attacker could replace bitcoind with his own version and your wallet would be emptied the next time you restart it. :) 0-day exploits would become even more godly if something like bitcoin ever becomes relatively mainstream. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: Anonymous on January 15, 2011, 04:11:13 AM Backups are like condoms...if they only save you once a year...its a goodyear.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 15, 2011, 09:41:57 AM Backups are like condoms...if they only save you once a year...its a goodyear. A backup of an empty wallet isn't going to be very useful, though backups, in general, are a good thing. :) Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 16, 2011, 02:43:29 AM with newest version of Firefox installed. http://www.mozilla.org/security/known-vulnerabilities/firefox36.html Web browsers have proven to be one of the most difficult types of application to secure against buffer overflows, off by one errors, heap corruption, race conditions, etc. Once local access has been obtained, the attacker can probably do what he needs to do in order to steal your wallet. How many Linux users leave bitcoind somewhere in their home directory and writable by their user account? The attacker could replace bitcoind with his own version and your wallet would be emptied the next time you restart it. :) 0-day exploits would become even more godly if something like bitcoin ever becomes relatively mainstream. 1. Use Noscript, Adblock, Flashblock 2. Run bitcoin with a different user (making this default option in bitcoin client shouldn't be very difficult, at least in Linux/UNIX), perhaps in chroot. Problem solved. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 16, 2011, 03:38:37 AM 1. Use Noscript, Adblock, Flashblock 2. Run bitcoin with a different user (making this default option in bitcoin client shouldn't be very difficult, at least in Linux/UNIX), perhaps in chroot. Problem solved. 1. Noscript/Adblock/Flashblock don't protect against a large subset of the vulnerabilities found to date in Firefox. The browser itself is insecure in almost all areas (but so are all the others, too). 2. This is a good idea. To add another level of paranoia, you could compile a static version of bitcoind so that you don't have to rely on potentially compromised shared libraries. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 16, 2011, 04:31:15 AM 1. Use Noscript, Adblock, Flashblock 2. Run bitcoin with a different user (making this default option in bitcoin client shouldn't be very difficult, at least in Linux/UNIX), perhaps in chroot. Problem solved. 1. Noscript/Adblock/Flashblock don't protect against a large subset of the vulnerabilities found to date in Firefox. The browser itself is insecure in almost all areas (but so are all the others, too). Incorrect. Noscript protects against almost ALL possible vulnerabilities, because it disables simply everything that can cause security problems (Javascript, JAVA, Iframes, HTML5 storage and such). I dare you to show me a 0-day vulnerabitilty that will still work after i install Noscript. Also, i wouldn't call firefox a buggy/insecure browser. It is quite secure, because vulnerabilities are very quickly (48 hours AFAIK) fixed. This is the power of open source. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 16, 2011, 05:57:10 AM I dare you to show me a 0-day vulnerabitilty that will still work after i install Noscript. This was 0-day at the time: http://www.mozilla.org/security/announce/2010/mfsa2010-41.html There's more in the link I provided to Mozilla's "Security Advisories" page. NoScript is a good plugin, but it's not going to keep you 100% safe. This mentality is dangerous. Even the plugin architecture itself is not infallible (http://www.mozilla.org/security/announce/2010/mfsa2010-28.html). Also, i wouldn't call firefox a buggy/insecure browser. It is quite secure, because vulnerabilities are very quickly (48 hours AFAIK) fixed. This is the power of open source. Firefox has failed to survive (along with almost every other major browser (http://www.computerworld.com/s/article/9174078/iPhone_Safari_IE8_Firefox_all_fall_on_day_one_of_Pwn2Own)) the last two annual Pwn2Own contests. Open Source projects generally do react more quickly to security issues than their closed source brethren, but that's a moot point when your wallet is now empty. The browsers can, also, only be patched after the vulnerabilities/exploits are public. Until then, you're screwed. I've established in this thread that web browsers (all of them) are generally insecure and would likely be a primary attack vector. Disabling plugins (Java, Flash), using NoScript with Firefox, and keeping your browser up-to-date are your best bets for now. I'll provide shellcode later for siphoning BTC out of the official Windows Bitcoin client if anyone is interested. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 16, 2011, 07:18:53 AM Open Source projects generally do react more quickly to security issues than their closed source brethren, but that's a moot point when your wallet is now empty. The browsers can, also, only be patched after the vulnerabilities/exploits are public. Until then, you're screwed. Well, you've got a point here. I guess that 1) There is still possibility of running Bitcoin as a different user, or 2) Perhaps everybody should keep their bitcoins on an small, specialized system which is not directly connected to internet (can only be accessed over SSH from your home). That would be a kind of "personal digital safe". I think that once Bitcoin becomes really popular, somebody may start producing/selling such "digital personal safes" from 2) and advertise them around bitcoiners. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 16, 2011, 10:42:42 AM 1) There is still possibility of running Bitcoin as a different user, or Hmm, I've been thinking about this issue now that we're discussing it. Running the bitcoin process as a separate user has a few considerations: 1. The bitcoin binary/libraries/wallet cannot be writable by the main, non-root user account on the system. As I stated earlier, a modified binary could be silently slipped into place. 2. The main, non-root user cannot be allowed to interact with bitcoin in any manner. This precludes the use of setuid and setgid to force bitcoin to run as a different user and still have the GUI or command-line interfaces available. Exploit code can simply manipulate the controls of the GUI by sending them messages (I'll post a Windows example later) or communicate with the command-line client via spawning a process or some method of interprocess communication available on the OS. 3. Because of 2., you might as well just log out of the main user account completely before logging into your secondary account to run bitcoin. The only way (I can think of at the moment) for someone to interfere with that process is to have subverted your OS at the kernel level (custom kernel driver/rootkit) or to trick a privileged process into spawning another privileged process that can manipulate bitcoin or your wallet (see: Confused Deputy Problem). This is a situation where the inversely proportional relationship between security and usability becomes evident. I will probably use an encrypted thumbdrive with a minimalist bootable Linux image for bitcoin if we ever get to this point. For now, it's fun to speculate, though. We should create a threat flowchart. :) 2) Perhaps everybody should keep their bitcoins on an small, specialized system which is not directly connected to internet (can only be accessed over SSH from your home). That would be a kind of "personal digital safe". This made me think of something interesting. In addition to having a specialised system or bootable disc image exclusively for bitcoin, you could also configure it with an inward facing firewall that only allows outbound traffic that is part of bitcoin. Maybe you'd want to allow other small exceptions for debugging network issues (like ICMP traffic), but that would greatly reduce the number of potentially exploitable applications interfacing with the network. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on January 16, 2011, 12:49:36 PM This made me think of something interesting. In addition to having a specialised system or bootable disc image exclusively for bitcoin, you could also configure it with an inward facing firewall that only allows outbound traffic that is part of bitcoin. Maybe you'd want to allow other small exceptions for debugging network issues (like ICMP traffic), but that would greatly reduce the number of potentially exploitable applications interfacing with the network. This is completely doable using existing technologies in a reasonable time - you could create a custom Linux distro with specialized scripts & QoS software preinstalled. All the needed software already exists. Shoudln't be very difficult for an average Linux-geek. Once bitcoin becomes mainstream, i guess we're going to see many of these. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: brocktice on January 16, 2011, 10:13:26 PM I will probably use an encrypted thumbdrive with a minimalist bootable Linux image for bitcoin if we ever get to this point. For now, it's fun to speculate, though. We should create a threat flowchart. :) I understand that with root access on the host machine, very few things are impossible, but would running a VM in kvm or vmware player for example, used only for Bitcoin, provide a reasonable improvement in isolation for the required effort? I mean here a linux guest on a linux host. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on January 17, 2011, 01:33:24 AM I understand that with root access on the host machine, very few things are impossible, but would running a VM in kvm or vmware player for example, used only for Bitcoin, provide a reasonable improvement in isolation for the required effort? I mean here a linux guest on a linux host. It would up until a large subset of people started using a system like this. Then you'd likely start to see VM-traversing code. Running in a VM wouldn't increase security on its own (since it's just another level of indirection for an attacker to overcome once they're aware of it), but it would initially keep you safer since you'd be in a minority on which an attacker would not spend development time. Less "bang for your buck". That layer of indirection becomes less valuable when/if the minority grows. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: caveden on January 17, 2011, 09:58:36 AM it disables simply everything that can cause security problems (Javascript, JAVA, Iframes, HTML5 storage and such). Wow, basically, it disables the web... It's comparable to live in a plastic bubble in order not to get air contagious diseases. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ribuck on January 17, 2011, 10:27:56 AM Wow, basically, it disables the web... It's comparable to live in a plastic bubble in order not to get air contagious diseases. It's comparable to diabetics who only inject themselves using syringes from trusted sources. You can disable restrictions for sites that use the blocked technologies in ways that are useful to you, provided you trust those sites. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: caveden on January 17, 2011, 01:32:37 PM You can disable restrictions for sites that use the blocked technologies in ways that are useful to you, provided you trust those sites. Ok, seems fair enough... I will give it a try. ;) Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: brocktice on January 17, 2011, 03:24:03 PM You can disable restrictions for sites that use the blocked technologies in ways that are useful to you, provided you trust those sites. Ok, seems fair enough... I will give it a try. ;) I use NoScript. It's a pain, but it really reduces your exposure to attack vectors. As has been discussed in this thread, it does not completely protect you, but it's a good first step. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: alowm on February 01, 2011, 12:50:05 AM Completely forgot to post this! Here's my proof of concept Win32 code that steals a Windows user's bitcoin balance: https://gist.github.com/c7d025a44b352f4c955f
Read the notes before you rush off to convert it to shellcode. :P Notes:
In the course of writing this, it revealed that this section of Win32 code in init.cpp in bitcoin's codebase does not even work: Code: // Show the previous instance and exit That should be: FindWindowW(L"wxWindow@00C9E8A0NR", L"Bitcoin") And here's a copy of the code in case the github gist goes away at some point: Code: #define WIN32_LEAN_AND_MEAN Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: benjamindees on February 11, 2011, 05:43:52 PM I have to admit I'm not completely up to speed on this stuff, but if a bitcoin is just a private key, then it should be easy in theory to make your wallet write-only and redirect it to a printer or some type of write-only media. That way whenever you receive a bitcoin it is safely stored away, and an attacker would have to setup some kind of monitoring and wait for new ones.
Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ShadowOfHarbringer on February 11, 2011, 06:41:11 PM I have to admit I'm not completely up to speed on this stuff, but if a bitcoin is just a private key, then it should be easy in theory to make your wallet write-only and redirect it to a printer or some type of write-only media. That way whenever you receive a bitcoin it is safely stored away, and an attacker would have to setup some kind of monitoring and wait for new ones. Why so difficult ? It is very easy to set up a 20-line max shell script or PHP script that will do exactly the same - send money to another wallet. Title: Re: Can viruses steal people's bitcoin purses? What can be done for protection? Post by: ribuck on February 11, 2011, 11:01:05 PM That way whenever you receive a bitcoin it is safely stored away... You don't even need to have your wallet online to receive a bitcoin. The signed transaction giving you the right to that coin gets sent to the whole network, so the network will know that the coin is yours to spend whenever you come back online. You only need access to the key at the time you spend the coin. |
