Bitcoin Forum
July 22, 2019, 10:46:59 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: online wallet security question  (Read 1041 times)
buycoin.cc
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 24, 2015, 01:05:10 AM
 #1

Hi, all:

I develop a bitcoin trading platform, that include one online wallet.

I think that all users be able to withdraw cash in any time, so I don't use
any offline wallet. I call my online wallet is "pure hot wallet" :-)

I will set password in online wallet, only I know the password, and will
create 100000+ users, every user will have at least one transaction of
recharge bitcoin and withdraw cash.

I have two question now:
1. If nobody can get file "wallet.dat", does my wallet is security?
2. If somebody can get the file wallet.dat, does he or she can get all the bitcoin?

Thank you.
1563792419
Hero Member
*
Offline Offline

Posts: 1563792419

View Profile Personal Message (Offline)

Ignore
1563792419
Reply with quote  #2

1563792419
Report to moderator
1563792419
Hero Member
*
Offline Offline

Posts: 1563792419

View Profile Personal Message (Offline)

Ignore
1563792419
Reply with quote  #2

1563792419
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563792419
Hero Member
*
Offline Offline

Posts: 1563792419

View Profile Personal Message (Offline)

Ignore
1563792419
Reply with quote  #2

1563792419
Report to moderator
1563792419
Hero Member
*
Offline Offline

Posts: 1563792419

View Profile Personal Message (Offline)

Ignore
1563792419
Reply with quote  #2

1563792419
Report to moderator
pedrog
Legendary
*
Offline Offline

Activity: 2212
Merit: 1005



View Profile
March 24, 2015, 02:47:58 AM
 #2

1. It's secure.

2. No.

In order to spend the balance in that wallet it is necessary the wallet.dat and the wallet's passphrase, only with these two the bitcoins in that wallet can be spent.

buycoin.cc
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 24, 2015, 03:39:25 AM
 #3

1. It's secure.

2. No.

In order to spend the balance in that wallet it is necessary the wallet.dat and the wallet's passphrase, only with these two the bitcoins in that wallet can be spent.

Thanks. Maybe I am not say clear.
I means my wallet had encrypt, and only I know the wallet's passphrase.

If somebody know a lot of bitcoin address of my wallet, and also can get the
file 'wallet.dat', does he or she can get all the bitcoin?

Thank very much.
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
March 24, 2015, 04:26:29 AM
 #4

.....

I think that all users be able to withdraw cash in any time, so I don't use
any offline wallet. I call my online wallet is "pure hot wallet" :-)
....
I have two question now:
1. If nobody can get file "wallet.dat", does my wallet is security?
2. If somebody can get the file wallet.dat, does he or she can get all the bitcoin?

Just using a "hot" wallet is VERY risky.  Look at other exchanges and a few have lost it all for doing this.  Unless you just have a insane amount to spend to test it's security I would move majority into a cold wallet.

With a massive amount of BTC you sadly will attract a good amount of "bad guys".  As far as how they do it... we cannot really say.  If they find a exploit it could be part of lots of things you use on your website.
emrebey
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
March 24, 2015, 06:15:42 AM
 #5

%100 hot wallet is a bad idea - it's not just about wallet's passphrase. if your server compromised, your connection to daemon can be compromised too. so, hackers/crackers can use the bitcoin daemon to move the funds.

I think there are a lot of companies for security on this field. I suggest you to use them to audit your systems.
notlist3d
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile
March 24, 2015, 06:19:33 AM
 #6

%100 hot wallet is a bad idea - it's not just about wallet's passphrase. if your server compromised, your connection to daemon can be compromised too. so, hackers/crackers can use the bitcoin daemon to move the funds.

I think there are a lot of companies for security on this field. I suggest you to use them to audit your systems.

The hard part if even if you higher great security companies it can possibly not detect it all.  Or a exploit comes out months that works on part of the website. 

If you brag about 100 percent hot wallet you will be putting up a target for "bad guys".
buycoin.cc
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 24, 2015, 09:11:03 AM
 #7

Thanks a lot.

I knew the hot wallet is very risky, but I like hot wallet :-)

I think the cold wallet is difficult to operate, and the cold wallet will prevent some user to get they bitcoins if they want to withdraw cash , so I don't like cold wallet.

I use LFS to create a very security trading platform, so I don't worry about system security. Because I already change almost all the Linux kernel syscall, make the root user will not get the bitcoin. In addition, I rewrite the bitcoin RPC, and more.

So I only have one question:
If someone know many many bitcoin address of my wallet, and can get the file "wallet.dat", but not know the wallet passphrase. Does he or she can spend all the bitcoin in some days?

If the answer is yes. Maybe I will use two hot wallet.

I will release my platform in next month, and all users can get the root privileges. But, I believe the root user can't get any bitcoin.

Thanks again.
Amph
Legendary
*
Offline Offline

Activity: 2226
Merit: 1003



View Profile
March 24, 2015, 04:51:50 PM
 #8

Thanks a lot.

I knew the hot wallet is very risky, but I like hot wallet :-)

I think the cold wallet is difficult to operate, and the cold wallet will prevent some user to get they bitcoins if they want to withdraw cash , so I don't like cold wallet.

I use LFS to create a very security trading platform, so I don't worry about system security. Because I already change almost all the Linux kernel syscall, make the root user will not get the bitcoin. In addition, I rewrite the bitcoin RPC, and more.

So I only have one question:
If someone know many many bitcoin address of my wallet, and can get the file "wallet.dat", but not know the wallet passphrase. Does he or she can spend all the bitcoin in some days?

If the answer is yes. Maybe I will use two hot wallet.

I will release my platform in next month, and all users can get the root privileges. But, I believe the root user can't get any bitcoin.

Thanks again.

if you mean the private key then yes, he just need to import it to his wallet.dat to spend all the btc related to it

why doon't you just run the hot wallet on a separate machine, with isolated network? and another want to manage the trasaction if you need to surf the internet
buycoin.cc
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 25, 2015, 12:38:55 AM
 #9


if you mean the private key then yes, he just need to import it to his wallet.dat to spend all the btc related to it

why doon't you just run the hot wallet on a separate machine, with isolated network? and another want to manage the trasaction if you need to surf the internet

Thank you. I understand now.
The answer is I can use one hot wallet. Because I will encrypt the wallet, no one knows the private key.

Yes, I need Internet. I am lazy to use the cold wallet. I think the best design for bitcoin trading platform that is use the hot wallet, and, only use hot wallet can do all things automatically.
JJ12880
Hero Member
*****
Offline Offline

Activity: 668
Merit: 501


Blockchain and stuff


View Profile
March 25, 2015, 01:19:13 AM
 #10

Like the others have said, using a 100% hot wallet is a bad idea. Even if your wallet.dat is encrypted, you will need to store the password somewhere in your application for it to work. All an attacker would need to do, is gain access to the source files of your application, and then they could find your password.

You should also consider that an attacker can cause alot of damage, even if they do not take your bitcoin. If an attacker can access your wallet.dat, they can also delete it, and crash your system for a period of time.

On my systems I have both hot and cold wallets, and the hot wallets never have enough funds in them to make it worth a hackers time. I would suggest storing your wallet on an independent server somewhere, other than the server than runs your application. That gives you more security and more control.

JJ

Radium  Bringing Advanced Utility to the Blockchain!
BTC Thread | Telegram
Jeremycoin
Legendary
*
Offline Offline

Activity: 1008
Merit: 1003


𝓗𝓞𝓓𝓛


View Profile
March 25, 2015, 01:17:39 PM
 #11

So the passphrase of the wallet is on your brain? [So, it's secure]
But the wallet.data, although someone don't know the pass they cann damage it [So, it's not secure enough]

faucet used to be profitable
soowein
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
March 25, 2015, 10:17:51 PM
 #12

How to keep safe for Bitcoin wallet? I really afraid of losing it. I am very poor. I have working hard for 1 year to have it .

Sincere thanks !
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!