May want to move your funds from MtGox this week

[Elwar]

I have confidence in MtGox and I tend to trust a portion of my BTC in my account, but with their transition to the US and with prices going up so much bad things could happen.

Transfer most of your coins to an offline wallet for a while, keep your private key secure.

[Matthew N. Wright]

Normally I'd be against alarmist posts, but since there isn't much reason to have MtGox holding your private wallet contents in the first place, this post just rings of common sense and nothing else. Bitcoins should always be under your own control until you're ready to spend them.

[Elwar]

Normally I'd be against alarmist posts, but since there isn't much reason to have MtGox holding your private wallet contents in the first place, this post just rings of common sense and nothing else. Bitcoins should always be under your own control until you're ready to spend them.

It is common sense for most of us but when I first started trading I kept almost all of my BTC on my exchange accounts. Fortunately someone posted something similar about not trusting your BTC on exchanges. I pulled almost all of my BTC out of Bitcoinica soon after that. A week later they got hacked.

[blackreplica]

Personally I pulled all of mine off Mt Gox to a blockchain wallet, encrypted it with 2 passwords and set my mobile number for 2FA, just last week. Prior to that everything just sat in my trading account (though i did have a yubikey 2FA on my Gox account)

The main reason was simply because with the recent price runup, the value of my holdings was just too substantial now to just leave on an exchange rather than any doubts on Mt Gox in particular. The incentive to hack is really high now though, who knows Gox may get hacked again in future.

Never hurts to be careful, especially with something so easily movable as bitcoin

[RodeoX]

I try to keep only a few hundred dollars worth of coins at the exchange. But it keeps going up so I am constantly pulling more out.
Not a bad problem to have.

[ehoffman]

Well, I was thinking of that, but you know, the incentive is as great to write a virus that could get your wallet.dat and keystokes of your password...  Maybe diversifying, in 3 exchanges plus your wallet, so if one get hacked, you only lose 25%...

[jgarzik]

Who would keep their money at a centralized website, rather than a decentralized wallet? 

[Jrock]

You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.

[RodeoX]

Well, I was thinking of that, but you know, the incentive is as great to write a virus that could get your wallet.dat and keystokes of your password...  Maybe diversifying, in 3 exchanges plus your wallet, so if one get hacked, you only lose 25%...

That would help. Better yet, come get mine. They are on a USB stick right behind me and my arsenal of assault weapons.

[Tirapon]

Well, I was thinking of that, but you know, the incentive is as great to write a virus that could get your wallet.dat and keystokes of your password...  Maybe diversifying, in 3 exchanges plus your wallet, so if one get hacked, you only lose 25%...

Learn to use secure offline storage. Armory is great.

[Mae]

You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.

Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

[yokosan]

You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.

Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

The private keys aren't even held on the gox servers. The worst a hacker could do is get hold of all the password hashes, which doesn't matter if you use 2 factor authentication.

The biggest weakness is a full blown raid of their office.

[Odalv]

You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.

Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

You will have hard time not to buy at $1000,

[Elwar]

I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

That is where I keep my wallet file.

[ehoffman]

I guess one thing that can be done is create a second wallet, by starting bitcoin-qt specifying an alternate directory (for ex: bitcoin-qt.exe -datadir=%APPDATA%\BitcoinAlternateDir).  Then, a new wallet.dat is created.  Encrypt that wallet, copy  the 'receive coin' address to clipboard.

Now, from the client where you have your coins, transfer to the new wallet address.  If you go to your new client, you should be able to confirm you have received the transaction.  From there, there's no point to wait for the 6 confirmations.  In fact, you don't even have to check the new client that you 'received transaction'.  It's in the global blockchain, and your new wallet.dat is just the private key.

Close the new client and copy the new client wallet.dat to a safe place.  Do multiple offline copies (USB stick, DVD, floppy disk, audio cassette using Comodore-64 dataset, punch card, whatever! ), as long as those stays offline.  You have the password in your head, and the key file offline.  Now, if you delete the new client wallet.dat from computer, it's safe from hacking.

The fun thing is you can even split for example 20BTC to one wallet.dat file.  40BTC to another, etc.

The day you do need this money, you just do as above, creating a new work directory, but then, copy the wallet.dat from storage to the new work directory.  Start bitcoin-qt, and use your funds as needed.

So, is this correct?  Does it make sense?  Am I missing something?  I think you can even run multiple instances of bitcoin-qt simultaneously each in their own workdir.

[Elwar]

Use an offline computer.

Run VanityGen (https://bitcointalk.org/index.php?topic=25804.0)

Get a public key/private key.

Write them down/engrave it on a ring/tattoo it to your penis.

Go to MtGox and withdraw to Bitcoin, give your public key.

No hacker can get to your private key unless they had some screen recording virus going on, even then you can encrypt your vanitygen key with a password that is not displayed.

Just do not lose that private key.

[Herodes]

Normally I'd be against alarmist posts, but since there isn't much reason to have MtGox holding your private wallet contents in the first place, this post just rings of common sense and nothing else. Bitcoins should always be under your own control until you're ready to spend them.

It is common sense for most of us but when I first started trading I kept almost all of my BTC on my exchange accounts. Fortunately someone posted something similar about not trusting your BTC on exchanges. I pulled almost all of my BTC out of Bitcoinica soon after that. A week later they got hacked.

Dang ! Yes, it's good advice you're giving out here!

[Herodes]

You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.

Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

The private keys aren't even held on the gox servers. The worst a hacker could do is get hold of all the password hashes, which doesn't matter if you use 2 factor authentication.

The biggest weakness is a full blown raid of their office.

LOL - everybody should work remotely in unknown locations!

[Le Happy Merchant]

LOL - everybody should work remotely in unknown locations!

They should come up with some kind of currency that facilitates this.

[yokosan]

I guess one thing that can be done is create a second wallet, by starting bitcoin-qt specifying an alternate directory (for ex: bitcoin-qt.exe -datadir=%APPDATA%\BitcoinAlternateDir).  Then, a new wallet.dat is created.  Encrypt that wallet, copy  the 'receive coin' address to clipboard.

Or you just do an offline wallet with armory. You can see the balance but never spend the coins as the wallet is held on an offline computer.

When you send funds you take your USB stick to the offline computer for a signature and bring it back to send.