SECURITY, Have you been a victim? How safe are your bitcoins?

[fresh_lettuce]

New to bitcoin.

Has this community or you (individual) ever been the victim of a clever attacker?
Has anybody exploited a weakness in your system?
If so, id like to hear your experience & the security practices you implement today.

From modding timestamps & using custom clients for double spend attacks,
to DNS hijacks, keyloggers, botnets & malware. Have any of you ran into savvy users throughout your
bitcoin experience, or better yet have any of you caught them in the act?

Whats your method of security to keep your BTC safe?
Is there any physical measures you can take?
Cold storage?

(Note i am not talking about scammers or basic human error, Im talking about a situation where you were "outguned" with skill & knowledge of computer science)



Curious & interested

- Fresh lettuce

[unamis76]

There are many points of failure in protecting Bitcoins, even for skilled and knowledgeable people. Many things can go wrong in setting up cold storage or printing paper wallets... Or even backing up your wallet.

You can have malicious binaries, you can have a malicious OS install, you can have the OS access the internet prior to wallet creation and have it somehow hacked, you can have a broken RNG, you can install broken code or with bugs, you can have your printer exploited, you can insert and exploited USB drive in your machine, you can insert an SD card into a laptop reader thinking it is not connected via USB internally... The list is pretty much endless.

You can take many measures of security: verifying binary hashes, using very well audited code, use dummy printers, have your computer always offline, etc, but you never know if you are truly ready for a strong attack or an undiscovered bug This is my view on it. Meanwhile, I employ all I know in protecting my coins. Cold storage is definitely the safest method (for me).

[BitcoinSupremo]

While COLD storage and hardware wallet is the best, you can still make some steps which can make you tougher to break even for skilled and experienced computer savvies. First of all install a safe OS(Linux is the best out there for the moment and hopefully will continue to be) , do all updates after the OS asks you. Once done, open up Firefox and go to electrum webpage and download and install it, make sure you save your seed in different USB or different offline PC (a PC which never accessed the internet) and then after doing this start your work normally. This way you are sure you have installed the wallet in a safe envoironment, and last but not least add a strong password to your wallet.

This is the best practice to store your btc online

[Lauda]

I have never been a victim of a hack nor any sort of scams out here. It really comes down to the user itself, I hardly doubt that people with small amount of money are going to get targeted directly. As long as you don't click on shady stuff or download it in addition to having the necessary protective software you are going to be fine. My Bitcoin should be safe as both wallets use Core, both are encrypted and the main one is offline.

-snip-
This is the best practice to store your btc online

What you described is not storing online, it is storing offline.

[7788bitcoin]

So far I haven't encountered any incidence of cold wallet being hacked. Just need to practice caution when creating paper wallet using offline computer and printer.

Most of the time I will transfer 0.1 BTC into a newly created paper wallet and monitor it for some time (a few weeks). If it is not moved I assume the address is secure. I think some people may think it is still not a good test. Anyway, the maximum amount per paper wallet for me is 1BTC. So far so good- most of my coins have been hibernating in paper wallets since end of 2013.

Yes, I know I bought those expensive ones...

[KenR]

Never been a victim of any kind of attacks.Nothing extra superficial methods I use to store my bitcoins,just a light weight wallet like electrum and not opening or downloading random links posted by users.Barely have seen members having their wallets hacked or cracked.The more possibility of one losing their bitcoins is by not taking measures such as storing the private keys safely or forgetting their passwords and deleting their wallet.dat "by mistake ".

[NeuroticFish]

I know of people complaining that they've lost BTC - some had a browser extension that supposed to be a price ticker, but actually stole their money, some had (too) big amounts on exchanges that got "hacked".

My BTC are safe .... until proven otherwise 

[Lauda]

if i'd periodically updating my windows defender or atleast using updated antivirus software,this one will not going to be happen

Windows Defender is useless and would probably not help you. You need good AV software (e.g. Kaspersky or Bitdefender).

Bitcoin network/system is very secure and it's fixed over time, so modding timestamp or double spend is almost impossible unless someone use sybil attack or something similar.

Wrong. A double spend is very much possible if one accepts zero confirmation transactions.

Meanwhile, keep bitcoin wallet is easy as long as it's 100% offline (cold storage).

The problem does not lie in the Bitcoin wallet, but rather the OS itself.

So, i don't make effort to protect my bitcoin, just use clean OS, antivirus and never click anything suspicious.

Since when is there a thing called "clean OS"?

[ebliever]

I'll add one thought: In addition to losing your bitcoin to a thief,  you need to be aware of the risk of losing bitcoins due to loss of a private key (or your password to access a private key). You need a strategy that copes with both risks. Having a single paper wallet printed from an offline machine with all the security precautions in the world won't save you if you subsequently lose the paper wallet in a house fire, for example.

From prior discussion here, it seems the best strategy for large amount of BTC may involve a multi-signature strategy (m of n keys required to spend) with multiple copies of each key carefully distributed in safe places. In this way the loss of one (or more) keys to a thief will not result in stolen bitcoin, and the loss of single password or private key will likewise not cut off your ability to access your own bitcoin.

[Amph]

no never none of my coin were even stolen once, and i'm not talking about bitcoin only but about altcoin also

and i can assure you that i've installed at least 200 altcoin since i'm here

obviously i know what i'm doing, and i have some defences to deal with possible infection, like VM, separate phisical machine, good antivirus, checking abnormal activities, identifying folder that were not there etc...

and anyway keeping the big amount on a cold storage

[NeuroticFish]

I'll add one thought: In addition to losing your bitcoin to a thief,  you need to be aware of the risk of losing bitcoins due to loss of a private key (or your password to access a private key). You need a strategy that copes with both risks. Having a single paper wallet printed from an offline machine with all the security precautions in the world won't save you if you subsequently lose the paper wallet in a house fire, for example.

From prior discussion here, it seems the best strategy for large amount of BTC may involve a multi-signature strategy (m of n keys required to spend) with multiple copies of each key carefully distributed in safe places. In this way the loss of one (or more) keys to a thief will not result in stolen bitcoin, and the loss of single password or private key will likewise not cut off your ability to access your own bitcoin.

This is an interesting idea. You can give out 2 of the private key to people you trust, for safe keeping, without telling them what is that. Of course, you have to trust them they will never actually know what you gave them and that if they team up they can get your money.

And if it's about trust and not telling what is that, you can have normal wallets and hide (a copy of) the private keys inside a fake letter or anything and give to your parents for safe keeping. Or you can hide the private keys on USB sticks inside certain files only you know about.

Really, there are plenty of options. The actual enemy of paper wallets is yourself. Because over time you start forgetting. And you have to keep in mind the actions you did for safe keeping. More sophisticated is the security, more you have to remember after some years.

[DimensionZ]

I have only used online Bitcoin wallets till now and haven't been a victim of any attacks yet. I don't take any special precautions other than running an antivirus program like Nod32. I am trying not to click on any shady links from emails and such. I think it's not the hackers who are dangerous but the Bitcoin exchanges which can always scam you and blame a random breach in security.

[bitdumper]

I am a victim of Pishing. I entered the same email and password on a betting website that I was using for my email and btc-e, within few days my half Btc were gone. OTP was not activated, from that day I use good securities measures.

[katiecbell]

Bread Wallet is most saved and cannot be hacked

[LiteCoinGuy]

never lost a bit.

cold storage. antivirus. encryption. brain.


you could buy a hardware wallet for extra security:

https://bitcointalk.org/index.php?topic=899253.0

[BitcoinHodler]

i have never been a victim of any of these things, i always try to be safe by keeping my coins offline and in cold storage and never install what i don't know or click on suspicious links.

also all the victims that i have ever seen was the victim of their own carelessness, for example there are a lot of victims of losing bitcoin because they use online wallets with a simple 123 password and no 2fa

[Kprawn]

Nearly lost some coin on "copy & paste" malware that replaced my pasted address with their own. I quickly got onto it and reported it on several platforms. I wiped OS with a clean image and it was gone. I now

double check everything I "Copy & Paste" and I re-image my desktop every other day to wipe any malware or virus that might come my way. You have to double check everything these days, because the

scammers are getting very clever. I also make backups every day now... different sets to prevent Ransomware attacks. 

[RodeoX]

I think of my wallet as just another computer file. So I keep it safe by:

1. keeping the overwhelming majority of my coins offline always. I keep a small amount on my phone for daily spending, an amount less than the value of the phone.

2. I only use Linux for transferring any larger amount or reloading the phone.  Windows is out of the question for me. I use open source tools that I compile myself. It's freekin crazy to just download some bitcoin related software to a winxx computer.

3. Keep the back-up "real world" safe! If you want a copy of my wallet file you can find it in my safe deposit box at the bank.

4. trust no one. Satoshi gave us trustless cash for a reason.

[BellaBitBit]

Nothing for me so far.  I use 2 factor auth whenever offered and have most coins stored offline in cold wallets.  So important to use 2FA ALL THE TIME, it is an extra step but soooooo worth it. 2FA!

[eternalgloom]

I've never been the victim of a Bitcoin theft, though in the past someone has tried to access my blockchain.info account.
Luckily I have 2 factor auth enabled, so I get a message when someone tries to log in.