I just got hacked - any help is welcome! (25,000 BTC stolen)

[allinvain]

@LulzSec Look at your bitcoin balance. Hope you enjoy my a little percentage of my findings... ;-) (tinyurl.com/3mfngql)

Where is this posted?

The thief is probably reading this thread, too. I have to say that it is the lamest thing ever to rub someones 25k btcs. I hope all bad things he ever did are coming back to him and he never will be lucky until he sends the money back. It would be gentleman like to do this or at least >75% I think allinvain would give him a suitable finder's reward and both can sleep well again.. .

@allinvain, some days ago I got a PM from a spammer that asked me what is the best miner. it included a link to a website that hosted all recent miners and the official client - but probably infected because even the official client was hosted on this space. You have never downloaded something from such a site !?

btw: this thing is on the top at Germans biggest it-magazine/site, http://www.heise.de/newsticker/meldung/Bitcoin-Diebstahl-Eine-halbe-Million-US-Dollar-weg-1261046.html

Do you still have that PM. I'd like to know the link to that site. Can you PM it to me?

[1713493222]

1713493222

[1713493222]

1713493222

[1713493222]

1713493222

[rezin777]

I face a dillemma here. How do I get the bitcoin client into a non internet connected machine? This is assuming that you can never 100% trust the computer you're using to download the client. Along each step in the process of securing your bitcoins there is a small but every so slightly possible risk. Heck the client itself could be compromised. A hacker could break into the sourceforge servers and cleverly attach a payload into the official client. Guess how many people would not notice until it was too late.

Download a client from Bitcoin.org with a fresh OS and transfer with a USB key. I'm still using a client several versions back. Yes, if the client is compromised there is nothing you can do. But wow, how can you think this paranoid and still be the victim of a 25,000 BTC theft? Or is it that you are just now thinking this paranoid? Paranoid is a bad word for me to use, it's actually being prepared.

What I thought of is an actual bitcoin wallet device.

Basically this is what I'm saying. But this device will never connect to the internet. It doesn't need to. It's for savings only.

[allinvain]

Hmm, this is a pretty good idea. I totally forgot about LinuxCoin.

I could also boot into linuxcoin just to download the bitcoin client onto a trusted (new) usb stick.

[allinvain]

I face a dillemma here. How do I get the bitcoin client into a non internet connected machine? This is assuming that you can never 100% trust the computer you're using to download the client. Along each step in the process of securing your bitcoins there is a small but every so slightly possible risk. Heck the client itself could be compromised. A hacker could break into the sourceforge servers and cleverly attach a payload into the official client. Guess how many people would not notice until it was too late.

Download a client from Bitcoin.org with a fresh OS and transfer with a USB key. I'm still using a client several versions back. Yes, if the client is compromised there is nothing you can do. But wow, how can you think this paranoid and still be the victim of a 25,000 BTC theft? Or is it that you are just now thinking this paranoid? Paranoid is a bad word for me to use, it's actually being prepared.

What I thought of is an actual bitcoin wallet device.

Basically this is what I'm saying. But this device will never connect to the internet. It doesn't need to. It's for savings only.

It is just now that I'm this paranoid. I used to trust the bitcoin client and the various mining programs. Now I don't think I can trust anything bitcoin related except perhaps what I have no choice but to trust which is the official bitcoin client.

[Gameover]

Wow, if this story is indeed true I commend you on handling the situation and not killing yourself.  Dealing with such a huge financial loss, especially through thievery and being a victim must be very difficult.  The only solace I can think of is that the bitcoins you created were gathered in such an unskilled means that you can think of it as easy come easy go.

This points out the fundamental flaw of a currency with no central authority, no laws and no punishment for thievery.  Bitcoin will never be a popular currency in its current form because it is simply to easy to steal peoples bitcoins with no recourse.  People may hate governments but any fraud or thievery dealing with money is dealt with very well.  If you had converted your bitcoins to money you would have been much safer.

To safeguard against wallet theft the measures are quite simple.  Buy multiple brand new computers for your wallet files and only use them for your wallet transactions.  Use a totally separate internet connection (ISP, routers) for wallet machines.  Only store as much as you intend to lose in an attack on each dedicated wallet machine, so in your case have 5 machines each with 5,000 bitcoins in them, if one machine is compromised somehow the most you stand to lose is 5,000.  Use different OSes for each wallet machine so that they are not as likely to be all compromised in the same manner.

[rezin777]

This points out the fundamental flaw of a currency with no central authority, no laws and no punishment for thievery.  Bitcoin will never be a popular currency in its current form because it is simply to easy to steal peoples bitcoins with no recourse.  People may hate governments but any fraud or thievery dealing with money is dealt with very well.  If you had converted your bitcoins to money you would have been much safer.

Bullshit. It points out the fundamental flaw in people's ability to protect themselves. Probably because they've been relying on other people to do it for them for far too long. Bitcoin banks and insurance companies will come about that make Bitcoin as safe as any other property. But these securities come with a price. I'd rather not pay the price, because I am perfectly capable of securing my own property. Thankfully with Bitcoin, it's my choice.

[Gameover]

Bullshit. It points out the fundamental flaw in people's ability to protect themselves. Probably because they've been relying on other people to do it for them for far too long. Bitcoin banks and insurance companies will come about that make Bitcoin as safe as any other property. But these securities come with a price. I'd rather not pay the price, because I am perfectly capable of securing my own property. Thankfully with Bitcoin, it's my choice.

Perhaps, or most likely you have nothing of value that anyone wants to steal in the first place.  If you had a 25,000 bitcoin account it would be a different story.  I would guess allanvain would gladly place his bitcoins in a bank to protect them for a fee if there were such a thing.

[rezin777]

Perhaps, or most likely you have nothing of value that anyone wants to steal in the first place.  If you had a 25,000 bitcoin account it would be a different story.  I would guess allanvain would gladly place his bitcoins in a bank to protect them for a fee if there were such a thing.

You're right of course. I don't possess anything worth stealing. It makes life quite easy. On the other hand, if I had 25,000 Bitcoins I would create a wallet on a device that has never been connected, and will never be connected, to the internet, and then I would encrypt it, and then I would make several back ups. I guess I could pay a bank, but when it's so easy, why bother. Netbooks are $300 bucks. That's what, 15 BTC at the current exchange rate? Cheap bank if you ask me.

[gene]

This is the dumbest bullshit ever.

Of course it is, because you said so.
How can we ever doubt you, you are such a SMART-ASS !

Everybody please ignore this "advice."

Yes, and become easy prey to hackers of all sorts.

The way to secure a wallet isn't by your laughable Rube Goldberg machine.

Generate a wallet on a dedicated airgapped machine, write down some of its addresses, encrypt the wallet and back up the encrypted file. Then send BTC to the addresses.

See how that works? Now you have a bank from which you can make withdrawals to smaller wallets. Use your brain to figure out how.

Christ. How hard can this be?

It's amateur hour at forum.bitcoin.org...

[SgtSpike]

This is the dumbest bullshit ever.

Of course it is, because you said so.
How can we ever doubt you, you are such a SMART-ASS !

Everybody please ignore this "advice."

Yes, and become easy prey to hackers of all sorts.

The way to secure a wallet isn't by your laughable Rube Goldberg machine.

Generate a wallet on a dedicated airgapped machine, write down some of its addresses, encrypt the wallet and back up the encrypted file. Then send BTC to the addresses.

See how that works? Now you have a bank from which you can make withdrawals to smaller wallets. Use your brain to figure out how.

Christ. How hard can this be?

It's amateur hour at forum.bitcoin.org...

Since a wallet file is really just a collection of private keys, it seems as though keeping a text file with a collection of private key/address pairs would make just as much sense, if not more sense, than a wallet.dat file itself.  Send varying amounts of BTC to each address, and keep track of the addresses on another computer so you can check them for balances in blockexplorer.  Then, once PK importing is implemented into the client, you can simply import the private key relating to the address that you wish to "withdraw" from your savings wallet.  That way, your wallet file never has to touch the outside world, even to withdraw.  The most you ever risk is the amount related to a particular savings address, which can be limited or spread across more or less addresses based on how paranoid you are.

[cuddlefish]

I face a dillemma here. How do I get the bitcoin client into a non internet connected machine? This is assuming that you can never 100% trust the computer you're using to download the client. Along each step in the process of securing your bitcoins there is a small but every so slightly possible risk. Heck the client itself could be compromised. A hacker could break into the sourceforge servers and cleverly attach a payload into the official client. Guess how many people would not notice until it was too late.

Download a client from Bitcoin.org with a fresh OS and transfer with a USB key. I'm still using a client several versions back. Yes, if the client is compromised there is nothing you can do. But wow, how can you think this paranoid and still be the victim of a 25,000 BTC theft? Or is it that you are just now thinking this paranoid? Paranoid is a bad word for me to use, it's actually being prepared.

What I thought of is an actual bitcoin wallet device.

Basically this is what I'm saying. But this device will never connect to the internet. It doesn't need to. It's for savings only.

Run a different OS on the downloading machine and the target. If the downloader is infected, it likely won't touch the target.

[trueimage]

1. Download LinuxCoin ISO.
2. Put LinuxCoin ISO on a CD or USB device
3. Turn off PC  (hard for you guys, I know!!!)
4. UNPLUG PC from Network, and turn off any wireless open access points
5. Boot from the LinuxCoin CD or USB device
6. Run Bitcoin Client - a random wallet is created
7. Record the Bitcoin Address (public key) that is displayed in the client.  You can write it down, or store it on a CD or USB drive that is "ok to contaminate".
8. Exit the Bitcoin Client
9. Store the wallet.dat file on multiple CD's and a USB device.  heck, print it if you want.  Virgin wallet files are small enough.  These are "NOT ok to contaminate".  Never let these touch a PC connected to the internet.
10. Power off your PC.  The wallet file Never touched your hard drive (since LinuxCoin is all RAM based).  
11. Remove all your media that is "NOT ok to contaminate"
12. Power up your PC as you normally would.


At this point you have a "savings account wallet".  Any time you want to put away money for a rainy day, send BTC to the address that you recorded in Step 7.  You can verify your account balance or see all transfers via BlockExplorer.

Take your CDs and USB devices and paper, and store them in several safe places far apart from each other.  Include instructions for your next-of-kin.

If you are super paranoid, feel free to encrypt your wallet (between steps 8 and 9) , but as others have said, this is risky in that you may forget your pass phrase.  My recommendation is that if you encrypt it, you store with it some clues to your pass phrase that only you would know.  For instance "My pass phrase is the one I used in 2011.  It has 8 words.  It has to do with my favorite song and that wench girl who dumped me in 5th grade" (or whatever)


Option 2:  If you trust me, contact me, and I'll create for you 2 virgin wallets, each with 2 CDs, a USB device, and a paper printout, using the above technique.  One is for you to practice with (maybe with .5 BTC, to make sure you can recover later), the other is your permanent Savings Vault.  I'll delete any copies I have, and so if you lose it, you're on your own (i.e. you're screwed).  The benefit is, you don't have to worry about the security of my copies.  You can randomly select one of the two as practice, to make sure that withdrawal from your "savings account" will be straight forward.

I'll do this service for anyone, for 2.5 BTC (while 1 BTC is in the $20 range), including shipping.  If you receive the package un-tampered, you should be safe.  Contact me if you are interested.

Thanks for the guide. So, the wallet.dat file doesn't have to be "connected" to the internet, ever, to deposit money into it?

What about withdrawals?

[andrew.skretvedt]

Since a wallet file is really just a collection of private keys, it seems as though keeping a text file with a collection of private key/address pairs would make just as much sense, if not more sense, than a wallet.dat file itself.  Send varying amounts of BTC to each address, and keep track of the addresses on another computer so you can check them for balances in blockexplorer.  Then, once PK importing is implemented into the client, you can simply import the private key relating to the address that you wish to "withdraw" from your savings wallet.  That way, your wallet file never has to touch the outside world, even to withdraw.  The most you ever risk is the amount related to a particular savings address, which can be limited or spread across more or less addresses based on how paranoid you are.

I'm no expert, but I've made comments elsewhere about key management in the current client. It seems that in practice, this is one area of the software that has proven to be a decided weak point. It does not yet have the polish of the rest of the system or the protocol.

In the above: while your wallet file wouldn't have to touch the outside world, the private-key in question would. So in a compromised machine, the entire balance attached at least to this key would become potentially vulnerable, and I think that is what you were saying. So the object would be...keep a system of securely generated savings keys and distributed "deposit" payments such that losing the balance of any single key is tolerable.

All the "help BTC lost/stolen" posts I've read here seem to have this common thread of either getting tripped up by a non-obvious-to-the-lay-user way in which wallet.dat works, or (possibly) getting unsecured private key material pinched by malware (I haven't read the earlier posts in this thread, but what I have read does not yet include any substantial evidence of any specific attack mechanism actually in use, so I'm guessing inadvertent user mishandling of wallet.dat is far more prevalent.

I hope the dev's don't try to re-invent the wheel when addressing future improvements to wallet.dat. I guess encryption of this file is a priority for a future release. I'm hoping that's only a stopgap to calm things down while the development effort struggles to catch up to usage needs.

It's my amateur opinion that wallet.dat needs to be rethought entirely.

I much prefer the notion to key management employed by GnuPG. All key material can be independently generated and addressed. The user interface provides you with total control over all aspects of your key material. Public vs. private key material are segregated within the software and are aggregated onto separate "keyring" files, allowing discriminating treatment, if paranoia/safety concerns dictate.

Plus, they do some clever things with the private key material, like encrypting it and using a cipher with a long setup time (i think it's BLOWFISH), so that brute-force passphrase searches are made impossible (as it takes a non-trivial amount of compute time to setup the cipher after supplying a test key).

Anyway...they do it VERY well, and in much use it's proven to be quite safe and reliable. The defaults are sensible to keep newbies out of serious trouble, but the power-users have ready access exacting control without resorting to weird kludges outside of the UI.

The anonymity features of wallet.dat could (and probably ought) to be built on top of a more GnuPG-like implementation of key management. And, I don't think this should be on by default. Rather, client-software documentation or a pretty UI section could explain the mechanism and what it's implications would be, and the user can then opt-in.

I keep mentally coming back to the picture of having others sign ownership of BTC over to me by using my public key, and my spending that BTC to others by signing ownership over to them with my private key. If I want/need more accounts, I can make more keys. But let me do it. Don't keep me guessing about what the software is doing with the key material under the hood.

Anyone with experience with GnuPG or any OpenPGP platform could just sit down with Bitcoin and know what to do, and how to stay secure about it.

Again, no expert, but my understanding is it might be the case that some element of transaction history is also stored within wallet.dat. In my view, these should be separated. Something is causing me to feel that keys shouldn't mix with receipts, not because it's dangerous, but because there may be some negative impacts for proper key handling.

The current client is sort of analogous to a car where new keys for the ignition are being made inside the steering wheel as you drive, linked to the odometer. You have to be sure to take the whole steering wheel with you when you get out, or you might find yourself not just locked out of the car, but unable to ever start it again! Oh, so you have a key backup that unlocks the door? Great... But the ignition key was changed inside the wheel while you were driving. Shall I call a cab?

[DonMon]

I'll do this service for anyone, for 2.5 BTC (while 1 BTC is in the $20 range), including shipping.  If you receive the package un-tampered, you should be safe.  Contact me if you are interested.

I am not questioning your integrity personally, but if someone were to take you up on your offer, it automatically makes what you are selling completely worthless (ie. complete wallet security.)  That person could never be secure and with certain knowledge that another copy of his wallet is not out there in the ether somewhere..."trust" should never be a lynch-pin of ANY security system (at least it need not be.)

I like the method though.

[MoonShadow]

Thanks for the guide. So, the wallet.dat file doesn't have to be "connected" to the internet, ever, to deposit money into it?

No, it doesn't.  A user can create a new wallet.dat file on an unconnecte machine (by installing and starting the client, then shutting the client back down safely) copy the receiving address that the client produces onto any medium, copying the wallet.dat file onto a cheap thumbdrive, put the thumbdrive into a safe, and send coins from his mybitcoin.com account to the receiving address into the indefinate future.  This is pretty much what I do for my long term savings, as I have just such a setup.  I have a special address in my mybitcoin.com addressbook called "savings" that I send my overage to, and I don't have to take my thumbdrive out of the safe to do it.

What about withdrawals?

This requires the wallet.dat file.

[DonMon]

I'll do this service for anyone, for 2.5 BTC (while 1 BTC is in the $20 range), including shipping.  If you receive the package un-tampered, you should be safe.  Contact me if you are interested.

I am not questioning your integrity personally, but if someone were to take you up on your offer, it automatically makes what you are selling completely worthless (ie. complete wallet security.)  That person could never be secure and with certain knowledge that another copy of his wallet is not out there in the ether somewhere..."trust" should never be a lynch-pin of ANY security system (at least it need not be.)

I like the method though.

Before someone starts trolling...trust is the lynch-pin of every security system essentially....i meant specifically the social trust suggested by jerfelix.

[DonMon]

Thanks for the guide. So, the wallet.dat file doesn't have to be "connected" to the internet, ever, to deposit money into it?

No, it doesn't.  A user can create a new wallet.dat file on an unconnecte machine (by installing and starting the client, then shutting the client back down safely) copy the receiving address that the client produces onto any medium, copying the wallet.dat file onto a cheap thumbdrive, put the thumbdrive into a safe, and send coins from his mybitcoin.com account to the receiving address into the indefinate future.  This is pretty much what I do for my long term savings, as I have just such a setup.  I have a special address in my mybitcoin.com addressbook called "savings" that I send my overage to, and I don't have to take my thumbdrive out of the safe to do it.

What about withdrawals?

This requires the wallet.dat file.

Are you not concerned about bitrot?  You have only 1 single copy of your wallet on a single thumbdrive?  That is really dangerous for long-term storage.  If I had any sizeable amount of BTC (as I presume you do) I would not feel very warm and fuzzy abou this.

[jerfelix]

I'll do this service for anyone, for 2.5 BTC (while 1 BTC is in the $20 range), including shipping.  If you receive the package un-tampered, you should be safe.  Contact me if you are interested.

I am not questioning your integrity personally, but if someone were to take you up on your offer, it automatically makes what you are selling completely worthless (ie. complete wallet security.)  That person could never be secure and with certain knowledge that another copy of his wallet is not out there in the ether somewhere..."trust" should never be a lynch-pin of ANY security system (at least it need not be.)

I like the method though.

Before someone starts trolling...trust is the lynch-pin of every security system essentially....i meant specifically the social trust suggested by jerfelix.

Honestly, I have better things to do with my time.

I'm making such kits for a few of my old college roommates who trust me.  While I'm making them, I can crank out a few more.  But clearly, if you have $500K in Bitcoins, for heaven's sake don't be so lazy as to trust some anonymous person on the internet!  Frankly I don't want that sort of responsibility.  I don't want you coming after me if the method fails!

But if you're trying to stash a few hundred bucks for a rainy day, trusting some stranger on the internet isn't that far fetched.  Heck, unless you read and understood every line of code in Bitcoin client AND Linux AND your PC's firmware AND the C++ compiler AND the libraries, you are trusting someone!

So, unless you are desperate, please don't contact me.  I'm just trying to help people out, but I'd much rather not have the responsibility!

(is that better?)

[DonMon]

But if you're trying to stash a few hundred bucks for a rainy day, trusting some stranger on the internet isn't that far fetched.  Heck, unless you read and understood every line of code in Bitcoin client AND Linux AND your PC's firmware AND the C++ compiler AND the libraries, you are trusting someone!

Yes..I tried to correct myself before a comment like this...agreed. 

(is that better?)

Yes, better.  Again, nothing personal.  I don't know you...in fact, that's kinda the point.

[Alex Beckenham]

For those that missed it (or maybe I just missed the link), this story is on Slashdot.

http://yro.slashdot.org/story/11/06/16/1244205/500000-Worth-of-Bitcoins-Stolen