How secure are Mt Gox wallets?

[phatefolder]

I see there is a thread on here for how to make a 100% secure wallet, but wouldn't having your bitcoins on Mt Gox just be an easy and secure way to have your bitcoins? That would also mean you could (theoretically) liquify your bitcoins easily if you wanted to. Am I missing something here? Are the hacks that go through Mt Gox every now and then undermining it as a secure wallet?

Cheers,
Phatefolder

[RandomQ]

I see there is a thread on here for how to make a 100% secure wallet, but wouldn't having your bitcoins on Mt Gox just be an easy and secure way to have your bitcoins? That would also mean you could (theoretically) liquify your bitcoins easily if you wanted to. Am I missing something here? Are the hacks that go through Mt Gox every now and then undermining it as a secure wallet?

Cheers,
Phatefolder

if you use MtGox without a 2factor device(yubikey or google auth) you are asking for trouble. Many people have had there coins stolen using just a password to secure there account.
Current security standards for using an account with bitcoins stored in them is to used a 2factor device.
I have yet to see an account with 2factor used get stolen on MtGox. There have been some password dumps from different sites including mtgox, that have also led to losing coins.
Mtgox also lets you use 3 2factor devices to control security to make it even more secure, IE use a yubikey to login,google auth on your ipad to withdraw, google auth on your phone to change the settings.

I'm up to 14 accounts that use 2factor to secure them, its going to be the standard in security going foward.

Another option is blockchain.info wallet, the way they secure the wallets seems to be far more secure than other Hot Wallets services. They encrypted your wallet and allow 2 factor.

[Intrinsic]

Keeping all your BTC on an online wallet seems to me like it could be risky. It is certainly possible for any of those services to go down, be hacked, or otherwise compromised. Read around a bit, MtGox has been hacked before (the exchange part it looked like), and other online wallet services have been hacked and had wallet info/BTC stolen.

I think following the advice in the 100% secure wallet thread is very wise: keep the BTC you are using in a public wallet, and transfer out amounts you are not going to use. As an analogy:
 You might use a checking account for your weekly/monthly bills, but the bulk of your money goes into savings/IRA/portfolio to earn interest, because it would be foolish for that money to just be sitting in your checking account doing nothing.  
For BTC, think of the online wallet as your checking account, and offline wallet as savings. However the bulk savings isn't moved for interest purposes, but for security purposes.

You don't need to even access the offline wallet to deposit BTC into it, or to even see how many BTC are in there, you only need to access your offline wallet to take out your BTC, and that should not be very often at all.

[Otoh]

also if you do choose to keep a sizable balance on Mt. Gox for convenience &/or trading then as well as their Yubikey being essential, I would recommend the email address associated with it to be something like a gmail one with 2FA (can be just SMS to a non smart phone) & the passwords to both Mt. Gox & gmail to be stored & accessed with www.lastpass.com premium service that uses another Yubikey, you can also generate good different random passwords on Lasspass - say 20 characters with a-z, CAPS, 0-9 & specials eg: 2IyR0^3Zv%#p#Nworb01*RC

[RandomQ]

also if you do choose to keep a sizable balance on Mt. Gox for convenience &/or trading then as well as their Yubikey being essential, I would recommend the email address associated with it to be something like a gmail one with 2FA (can be just SMS to a non smart phone) & the passwords to both Mt. Gox & gmail to be stored & accessed with www.lastpass.com premium service that uses another Yubikey, you can also generate good different random passwords on Lasspass - say 20 characters with a-z, CAPS, 0-9 & specials eg: 2IyR0^3Zv%#p#Nworb01*RC

+1

I forgot to add the part about the 2FA email, because it helps prevent password resets. Thats why I moved 95% of my email accounts to gmail/google apps.


Also you have to remember that MtGox handles 85% of bitcoin sales, and they almost give you Yubikeys for free if you have any volume.
I would say the chances of breaking 1 2FA is very low under 1% but breaking 2 different 2FA is Very very low.
That would leave only Exchange hacks, if an exchange hack happened to MtGox and affected under 5-10% of accounts, I think they could absorb the Cost to repay customers.
I think MtGox is almost to a point of being too big to fail because they control so much of the bitcoin sales.
But there is always the chance of a Zero Day exploit that could cause losses on MtGox.

But I think the only Safe Bitcoin Wallet at home, is an Air Gapped System.
Did you see that hack last week on a linux based system, someone was able to remote into 2 of his systems and find an unecrypted wallet backup.

I used to use VMware to setup each wallet on its own VM OS. But this route wasn't secure against key-logging.

[coincollectingenterprises]

also if you do choose to keep a sizable balance on Mt. Gox for convenience &/or trading then as well as their Yubikey being essential, I would recommend the email address associated with it to be something like a gmail one with 2FA (can be just SMS to a non smart phone) & the passwords to both Mt. Gox & gmail to be stored & accessed with www.lastpass.com premium service that uses another Yubikey, you can also generate good different random passwords on Lasspass - say 20 characters with a-z, CAPS, 0-9 & specials eg: 2IyR0^3Zv%#p#Nworb01*RC

+1

I forgot to add the part about the 2FA email, because it helps prevent password resets. Thats why I moved 95% of my email accounts to gmail/google apps.


Also you have to remember that MtGox handles 85% of bitcoin sales, and they almost give you Yubikeys for free if you have any volume.
I would say the chances of breaking 1 2FA is very low under 1% but breaking 2 different 2FA is Very very low.
That would leave only Exchange hacks, if an exchange hack happened to MtGox and affected under 5-10% of accounts, I think they could absorb the Cost to repay customers.
I think MtGox is almost to a point of being too big to fail because they control so much of the bitcoin sales.
But there is always the chance of a Zero Day exploit that could cause losses on MtGox.

But I think the only Safe Bitcoin Wallet at home, is an Air Gapped System.
Did you see that hack last week on a linux based system, someone was able to remote into 2 of his systems and find an unecrypted wallet backup.

I used to use VMware to setup each wallet on its own VM OS. But this route wasn't secure against key-logging.

Great advice, thank you for posting this!