Bitcoin Forum
March 28, 2024, 10:16:21 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
Author Topic: Trojan Wallet stealer be careful  (Read 50212 times)
ikonic
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
June 21, 2011, 03:19:56 AM
 #61

I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!

The idea is to create an encrypted back up of the wallet, not just a copy.
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
1711664181
Hero Member
*
Offline Offline

Posts: 1711664181

View Profile Personal Message (Offline)

Ignore
1711664181
Reply with quote  #2

1711664181
Report to moderator
Gary13579
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
June 21, 2011, 08:09:18 AM
 #62

encrypted wallets don't do anything when you've already been trojan'd, they can just steal your passphrase/key. it makes you feel better at best and prevents someone from stealing your hard drive to get your wallet, but other than that it's a waste.
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
June 21, 2011, 08:43:50 PM
 #63

I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!

Theft if not the only thing you have to secure against: you have to secure your wallet against data loss as well. If you don't make back-up copies, you disk may fail tomorrow, taking all of your bitcoin with it. If you do make backup copies, you disk may still fail tomorrow, but you would be able to recover you wallet from the back-ups.

For the paranoid: you don't really have back-ups until they are verified and stored off-site (preferably encrypted).

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
jsttn
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
June 22, 2011, 02:15:18 AM
 #64

Thank you for bringing this to our attention.
GhostGum
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 22, 2011, 03:15:19 AM
 #65

sadly, it would be only too easy for even the lamest of script kiddies to make a wallet stealer.
It would be nice if bitcoin would auto encrypt wallet file based on a password, which you enter every time you open bitcoin client.
That would atleast slow down the script kiddies.
Just be sure to move your main bitcoins to a secure (& preferable offline) wallet & you should* be safe.
minor_miner
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 22, 2011, 07:42:21 AM
 #66

Even though I'm running a Windows7 machine, I should still be safe if I generally don't open attachments, use a Virus Scanner, have all programs patched up-to-date and No-script active in FireFox?

Don't want my precious BTC to get stolen  Cheesy
eramus
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
June 22, 2011, 08:24:18 AM
 #67

It would be nice if bitcoin would auto encrypt wallet file based on a password, which you enter every time you open bitcoin client.
but thats the problem. its not "bitcoin"'s responsibility to encrypt wallets. bitcoin is only a network for moving btc between two accounts. its the users that need to be secure about their usage. it might be nice if the apps that connect to bitcoin start to offer certain protections, but the users are the first line of defense: unique passwords everywhere, encrypted and backedup wallets and smarter, safer browsing
cothoms
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 22, 2011, 04:22:13 PM
 #68

And this is also a problem because until there is a standardized, easy way to secure your wallet, BTC will have a difficult time gaining mainstream approval.
http
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 22, 2011, 04:44:42 PM
 #69

Even though I'm running a Windows7 machine, I should still be safe if I generally don't open attachments, use a Virus Scanner, have all programs patched up-to-date and No-script active in FireFox?

Don't want my precious BTC to get stolen  Cheesy
That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.
minor_miner
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 22, 2011, 06:04:08 PM
 #70

That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.

Ok, but wouldn't that make any payments i should get fail because the program doesn't have write access to the wallet?

I mean, i could create a copy of the wallet and encrypt it, but then the original would still be insecure  Grin

I'm still new to the whole infrastructure of the program, sorry.
TiWu
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
June 22, 2011, 09:12:40 PM
 #71

That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.

Ok, but wouldn't that make any payments i should get fail because the program doesn't have write access to the wallet?

I mean, i could create a copy of the wallet and encrypt it, but then the original would still be insecure  Grin

I'm still new to the whole infrastructure of the program, sorry.

In fact you should create a separate 'savings' wallet where you keep the most of your coins. Create it on a system (preferably via a linux live cd) of which you are sure it has not been compromised. Instructions can be found here https://en.bitcoin.it/wiki/Securing_your_wallet.

In fact the point is to create a new wallet on a secure system, then shutdown the bitcoin client, make an encrypted backup of the wallet.dat file and delete the whole thing again (the live OS, I mean)
Then regulary move funds from your 'normal' wallet to the secure one (make a payment to one of those addresses). The balance of a wallet is kept on the network, and it is not needed to keep the savings account "live".

I've came across another link the other day with a clear explanation about this, I'll see if i can find it again.
rocker340
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
June 23, 2011, 12:07:46 AM
 #72

Thanks for the warning i will be watching out
  you should tell us how we are supposed to report someone if we find out they are scamming
tschaboo
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 23, 2011, 12:10:06 AM
 #73

its not "bitcoin"'s responsibility to encrypt wallets. [.....] bitcoin is only a network for moving btc between two accounts.

It's helpful to keep bitcoin open all the time to see if transactions are coming in. If I do that, keeping the wallet inside an encrypted container doesn't help much, as others already explained. If you have a trojan with a keylogger it also doesn't help if bitcoin itself encrypts the file.

But I'd suggest that bitcoin separates the private keys out of the wallet.dat and keeps those encrypted. Because you need them only for sending coins. This way you can at least prevent people that have only temporary access to your computer (like physically walking in front of it) from stealing your coins and if some offsite-backup gets stolen your coins are safe even if you didn't encrypt it [1]! I don't want to argue if bitcoin is responsible or not, but I say if you are able to make it more secure, it really should be a priority task.

To sum up, i'd suggest that bitcoin should:
* Store the private keys encrypted on disk.
* Ask the user for the passphrase when coins are about to be sent.
* Delete (=overwrite) the keys and the passphrase in memory immediately after sending the transaction.

This would improve security a lot and can be only implemented in bitcoin. You can't do that as user.

[1] You should still encrypt it, because there is other information to be gained. Like how much money you have, where you got it from, etc.
eramus
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
June 23, 2011, 06:03:06 AM
 #74

In fact the point is to create a new wallet on a secure system, then shutdown the bitcoin client, make an encrypted backup of the wallet.dat file and delete the whole thing again (the live OS, I mean)
Then regulary move funds from your 'normal' wallet to the secure one (make a payment to one of those addresses). The balance of a wallet is kept on the network, and it is not needed to keep the savings account "live".
i think this is probably the best solution and also the beauty of bitcoin. going this route, a user could leave their savings account wallet offline for X number of years. the only reason ever to load the wallet would be to make withdrawls. actually, combine this with jrwr's offline paper storage and you have a pretty secure system. it might be a lot of hoops to jump through, but it would be difficult to crack.
harmal
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
June 23, 2011, 08:03:08 AM
 #75

I assumed i would hear about something like this pretty soon. if they make trojans to steal from banks, then bitcoins make a tasty target because there easier to transfer and more anonymous.
nexticeage
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 23, 2011, 08:34:16 AM
 #76

Even if I don't end up making much profit from BTC, my security standards online have already been raised threefold in the past month. ✓+
NANO
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 23, 2011, 08:59:47 AM
 #77

my wallet is running on a macbook pro so is safe! thanks god Smiley
TiWu
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
June 23, 2011, 11:08:50 AM
 #78

my wallet is running on a macbook pro so is safe! thanks god Smiley

And why would a Macbook pro be any safer then whichever other system? Care to explain, or are you just ignorant and do you think that website cannot install stuff on your system?
karoshi
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
June 23, 2011, 12:50:36 PM
 #79

I'm using keepass for my passwords, but you can also store wallet.dat and other important files inside the encrypted password db.
bitcoin-rigs.com
Member
**
Offline Offline

Activity: 77
Merit: 10



View Profile
June 23, 2011, 02:12:51 PM
 #80

my wallet is running on a macbook pro so is safe! thanks god Smiley

And why would a Macbook pro be any safer then whichever other system? Care to explain, or are you just ignorant and do you think that website cannot install stuff on your system?

While macs maybe safer, it isn't wise to just assume your safe because you're on a mac...Since they are rising in popularity more people are working hard to find ways to hack them like anything else....PROTECT YOUR WALLET.DAT!

NOTE: Even though my username is bitcoin-rigs.com, I let the domain run out and now it is owned by someone trying to sell it for rip-off prices.  I am not the one selling it and I have no control of it :-(
Pages: « 1 2 3 [4] 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!