Bitcoin Forum

Hello,
 I would like to stake my bitcoin address, but what will happen if someone steals my private key? Then, he can steal my bitcointalk account by sending signed message to moderators? Could he do that without email access?   

I am writing this because I have an experience that my private key was abused.

Stake a SECURE address. Get an airgapped computer or a hardware device if you can't store something on a hot wallet without fearing your keys will be exposed.

Can you give any information a bit more specifically? Like how the key might have been taken.

The admins must take action if he presents a signed message. If he doesn't have the password to your account or access to your email then he can't control it unless he signs the message and the admins gives him the login.

It is still good practice to stake an address and better secure your private keys.

Well in that case you will lose your Bitcoin before even getting the bitcointalk account stolen by whoever do it LOL
How can you not keep your private key secure?  ::)


Wait... Before even asking the mods by sending the singed message, the theft will need your BitcoinTalk password too!
Are you saying you will lose your Private key and bitcoinTalk password at the same time?(!) I guess the timing will be once in a  Quattuordecillion time (10⁴²) :P

I assume you'll have a backup, so the thief can't take away your access to the private key. That means you can still sign a message by yourself, so you'll have this scenario:
-thief trying to steal your account: signs a message and posts it from a different account
-you: sign a message and post it from your own account

You should be fine.

I accidentally copied the private key to my staked address (https://bitcointalk.org/index.php?topic=996318.msg14134041#msg14134041) into Google 2 years ago (don't ask how, but yes, I felt stupid!). It even has some funds at the moment, I don't think Google is going to abuse it.

Update: I just looked at pat25's profile:
http://i63.tinypic.com/9tg8ro.gif
I doubt anyone would want to steal it.

Thank you guys!
I am changing my password regularly to prevent hack, but I can´t regularly change my private key :(.

But also do you know how hackers steal accounts?
And how moderators find that the account is hacked? Because I see many red tagged hacked accounts.
For me it is very interesting because I did not believe in malwares, hacker attacks until I used Bitcoin and Bitcointalk forum  ;D

The owner signs the address of that specific account to prove ownership and get red trust on it. Accounts can also be locked by using the change password link in your email.

You can change private keys regularly if you particularly want to also, just make a new address, it won't do much but still.

Hackers can steal accounts in many ways. There are ways to get hold of hashed account passwords and bruteforcing them to find users with simple passwords, like if someone uses the password "password" which, if they do, they deserve their account to be stolen IMO then that can be found in that way.

But I don´t think that Hero and Legendary members are so stupid to have such simple passwords, or?

You'd be suprised...
Anyone can come up with a bad password that hasn't been hacked (yet) and it's not sometimes that simple either to try to get a complex password.

My forum account is much easier to crack than accounts that actually hold money in them for example. I always suggest, that if you deal with a high ranking member just off their trust, it's good to get their signature to ensure that it is them before you trade with them (it can't hurt).

I don't think that many users who got account hacked used simple passwords. The problem that many people are using same passwords pretty much everywhere. And if one website get hacked or sell login data of their users, hacker just need to try enter same login data on bitcointalk and voila
And another reason why there are so many hacked accounts - phishing website

Interesting. Thank you for the explanation.
And how are the hacked accounts discovered? Only administrators can view the IP change or? Because I posted in my second thread probably hacked/bought accounts - swicth language, time gap and still they aren´t tagged, how DT moderators evaluate what is hacked/bought and what is not?

The person who gets hacked has to create a new account and prove that he is the real owner of the account and that it got hacked. The message containing
message signed by staked address is sent to theymos / Cyrus which then look into your account recovery case.

The only person that can get IP address related information is theymos (admin).

Apart from IP address, on the trust page anyone can view whether the password, email or both of the account was changed recently or not.
When original user posts his signed message using stacked address publicly, DT or any other users can verify it and identify the hacked account.

apoorvlathey gave you good answers. I will only add few things. Only theymos can check IP addresses, but it's bad indicator. People are using Proxies, TOR, VPN, dynamic IP addresses, so it's proof that account was sold/hacked when IP address change.
Language is one of indicators. If account owner posted only in English and then immediately starts to post in Russian for example, it's likely that account was bought/hacked.
And if high ranked user with good history of posts start to make low quality posts - it's another sign of bought/hacked account.

I would like to stake my ETH address because I don´t have BTC, is that possible? I think that ethereum could sign message too or?

It's possible.

You can use MEW for this. Just follow this tutorial: https://blog.chronologic.network/sending-a-signed-message-from-your-myetherwallet-332e73066f98

Well, it is an indicator (language switch and low quality posts) but look at my thread: https://bitcointalk.org/index.php?topic=3761515 nobody wants to tag them all, why? It is tolerated that member could post low quality but Hero can´t?

Your IP address is stored everytime you post, moderators can also get hold of this information. Not sure whether they can get hold of registration IP, but, if you make a post, they can access that IP, and if you don't make a post - unless your username is really catchy - you don't need to recover the accoutn as it won't have any value. Also, if you do something like edit someone's trust or send a pm, your IP will also be stored.

Eth addresses can be signed, where is the eth address? I'd consider asking you to download an ethereum client rather that using an online client (as tryninja suggested above). It'll make your address, funds and this account a bit more secure.

As few person on your thread said, there aren't sufficient information which would prove that these accounts were bought or they are alts.
Low quality posts aren't tolerated for all ranks. But spammers aren't getting red trust ratings. They just wont get Merit and will never rank up, if their posts extremely low quality - it will be deleted by mods.
It's possible, but there are no reasons to stake ETH address. If your account will be hacked and you will want to recover it - only Bitcoin signed messages are accepted by admins.
So, I would recommend to create Bitcoin wallet (even if you don't BTC currently) and then try to stake your Bitcoin address with signed message. If you don't know how to do it, here is tutorial:
https://bitcointalk.org/index.php?topic=990345.0

You can have several other addresses used in the forum and prove with them still be the owner of the account. But I found your Trust summary curious.

Understand, but a lot of people could have same IP address and also multiaccounts are allowed, so only way how to red tag them is when they sending tokens to each others, right? (This means abusing bounties)

If their posting style suddenly changes, that's one way to get them. You can prove ownership if you use a static IP that belongs to you but that's not great as you can host openssl and tor exit nodes that give people your IP.

Vpns, tor exit nodes and other masking services can sometimes leave a trace that they belong to that service or can leave a trace that can track you back to the original user (if the user is not intelligent enough to hide that data, IE using a VPN on a regular browser without noscript and other adaptations means your IP can be traced with some simple js code).