Hacked and stolen

[Shevek]

This man is right.

Until bitcoin can be used without risk by windows dummies, it should be declared a danger matter.

[Gabi]

WARNING! This is another troll/shill thread, started only to be later featured on some mass-madia article about how "unsafe" and "bad" bitcoin and bitcoin community is.

(like for example this thread https://bitcointalk.org/index.php?topic=196138.0 was created only to be later featured on http://www.redstate.com/2013/05/16/tech-at-night-bitcoins-central-bankers-kim-dotcom-censors-mega/ )

+1

[Welsh]

This is not an uncommon occurrence and I think it would strengthen the bitcoin community if we responded with some compassion when it happens. Anyone who is a victim of theft feels bad about the loss, including feelings of frustration and anger.

Instead of making bronan feel worse by calling him a whiner and stupid, or saying that we don't care, we can instead be sympathetic and supportive and try to learn something form this incident. We can reinforce the security recommendations, and perhaps devise new recommendations.

We can respond in ways that strengthen the bitcoin community or we can respond in ways that weaken the bitcoin community.

By the way, what does OP stand for?

OP = Original poster



But, I disagree.
I don't help people who have a attitude against me. He's basically blaming the Bitcoin community that his money has been stolen.
Bitcoin has enough hate in the news and his not needed here.
If he would of responded more polite, maybe people would of helped him.

[Mylon]

This is not an uncommon occurrence and I think it would strengthen the bitcoin community if we responded with some compassion when it happens. Anyone who is a victim of theft feels bad about the loss, including feelings of frustration and anger.

Instead of making bronan feel worse by calling him a whiner and stupid, or saying that we don't care, we can instead be sympathetic and supportive and try to learn something form this incident. We can reinforce the security recommendations, and perhaps devise new recommendations.

We can respond in ways that strengthen the bitcoin community or we can respond in ways that weaken the bitcoin community.

By the way, what does OP stand for?

OP = operator, also known as thread starter.

True, the problem is, security wise bitcoin is not ready for mainstream adoption, and despite having a pretty high tolerance, having to read 10 threads where people claim bitcoin is hacked every week, without a doubt that their own computer might be infected, shakes your sympathy towards those people, resulting in the not so kind replies.

My problem still is, that 80% of the people on the internet, are technically 4 years old (internet wise, not irl). Would you let a 4 year old alone in the real world, with everything that is out there? Me neither, the amount of bad people.. not until they are 12 or preferably at least 18... (and then still, to many people get scammed etc etc) The internet works in the same way, most people are not mature enough to explore it alone, so we call in the help of anti-virus software, firewalls and other stuff. While in the end they click on the wrong link or picture, and still end up getting scammed / hacked etc etc.

While I believe bitcoin to be sound, by everything I've found so far... I gotta look at every hack claim... and thus cannot ignore these threads

It would be nice if people actually followed proper security when handling bitcoin... but since people don't we get a dozen hack claims a week Its crap, I'll try to be more polite in these threads though

[coastermonger]

I'm not sure whether or not this is a legitimate claim, but the community's response should never be:

Your fault, next time make a better bitcoin client and a better protection system. What? The only thing you did was "whine"?

It's completely shameful if we turn an apathetic eye.  Theft is never the fault of the victim.  Putting a pie on a windowsill does not give anyone the right to take it.  Password protecting or encrypting your wallet using the bitcoin-qt client does not give anyone the right to design malware to steal your coins.  Are there steps OP could have taken to further secure his coins? Yes, but nothing, I repeat nothing is foolproof.  

If you had taken all the security measures you thought necessary even with a paper wallet, and your coins got stolen I assure you my first response would not be, "Sucks to be you, your fault."  
My immediate response would be to want to know how this happened.  I don't even use the bitcoin-qt client anymore because it's a faulty product.  A single text entered password (even a long passphrase) isn't enough security.  To the other people claiming that "amounts >100 BTC should never ever be on a networked PC," that's like admitting the failure of bitcoin itself.  Not everyone has the technical know-how or the desire to use a paper wallet.  Bitcoin is designed to service digital transactions and digital storage of value.  If we honestly can't secure any amount of BTC sitting on a computer then I consider the road ahead of us to be very long: we've got work to do.

Bitcoin's should be so easy to use and secure that you can trust your grandma with them.  If our continual response is to dismiss these security holes and laugh at the people that fall victim to them, then you'll see very dark days ahead for the BTC.  It won't become a widely accepted and trusted currency but a little-used technical oddity shunned by the masses.

Now there are plenty of ideas that might help secure coins, especially for newer users.
-2-factor Authentication should definitely be an option whenever available.
-Imagine a wallet service that allows the user to predefine a daily withdrawal limit, preventing theives from cleaning out the account all at once.
-The wallet could also offer email or text confirmation when a withdrawal is initiated, requiring more accounts to be hacked before coins can be lost.
-There also could be the option to institute a time-delay on wallet withdrawals, so that the user is notified and has a period of time to cancel a withdrawal before it is completed.
For more security the wallet could have a mode which pre-defines certain addresses it can withdraw to.  The funds are essentially "locked in" to these addresses and they are not easy to change, so they must be spent to other accounts under the users control (with different passwords, authentication, etc) before they can be sent anywhere.  

My point is that there are multiple ways to go with this.  We should always be exploring new security options to help each other.  Are there people that will make up these stories to detract from bitcoin? Yes.  Are there people who legitimately find themselves the unwitting victim of theft? Yes.  As this latest bitcoin magazine article points out, even those who take the most stringent security measures can still suffer from loss http://bitcoinmagazine.com/bitcoin-self-defense-part-i-wallet-protection/.  If our attitude is to turn a blind eye and simple say "your fault" every time this happens.  Then shame.  Shame on us all.

[takagari]

Sad to hear but definitely not a flaw in Bitcoins, More so in security, sadly we are not an insured bank, some one is as likely to take your bank login info..

But the flaw is not within the client itself, only in how it is secured.

[daemonfox]

your statement that my pc is not protected well enough is first of all a joke. my pc is very well protected, but a good hacker does have no problem hacking into even goverments, banks and big companies.
So assuming that your safe .... think again having a good firewall and and a router does not mean your safe at all

Wow... and what "good firewall" might you be using? Also, just having a router does not make you any safer... it just adds a couple steps to making a connection to networked equipment.

If you are really looking for security, you need to read more and listen to the people here who aren't flaming you, they are giving you good advice.

For starters, I do the following for my BTC use:

HOT WALLET: I have an active wallet on Blockchain.info that is solely used to payout directly to people I exchange with outside of BTC-e or VirCurEx... this is merely a personal choice as it makes it so I can send BTC from anywhere I have internet and everything has an email alert.

SIMMER DOWN WALLET: I have an encrypted wallet that I use to receive coins from others in exchange for services or donations etc. This wallet is located on a VPS that is ALWAYS OFF until I log in to boot it and unlock the wallet... it takes a while to get the blockchain but I only access it about once a month and track it using the blockchain.info to see if there is anything there before i even bother. This is not that secure by itself but keeping my VPS account secure and the VPS offline unless I am using it addes to it... and it is never much BTC anyways.

LUKE WARM WALLET: There is an encrypted wallet on one my HDDs in my file server at home, but it is not in any typical directory, does not have any other files in the same directory, is hidden, and can only be accessed by my administrator login, of which uses a hashed key as a password which is stored on a USB drive on my keyring. This is used as an intermediary before I send BTC to cold storage. I use this wallet to withdraw from exchanges and as my mining wallet. I try to empty it daily. Also, this server DOES NOT actually host the client I use to unlock and transfer BTC... I have to map to it from my laptop with the Administrator hash key and then I can drop a copy into the client directory, restart it, do my business, encrypt it again then overwrite it back to the server before disconnecting the mapped drive.

COLD STORAGE WALLET: I have a wallet address and privkey pair that I generated with vanitygen... at 45 BILLION difficulty... and I have NEVER used it for anything but receiving BTC. I tested another address and privkey pair by importing it into Blockchain.info and once I confirmed it worked, the harder address and privkey were generated (got mad lucky said it would take 2.5 yrs in oclvanitygen but it popped up on day 4) and tested sending it some BTC... walla Blockchain shows it has value but there is no way to get to it until the day I import it somewhere. I pay myself 30% of my mining intake and transfer that here plus any substantial payment/donations.

LONG TERM INVESTMENT WALLET: I also have a wallet I put my first 5+ BTC in... it is encrypted and exists in a handful of formats... keys printed and mailed to my mother who put it in our family safe deposit box, a copy of the encrypted wallet.dat on a USB that is also encrypted and sits in my safe deposit box at the bank, another USB that is encrypted and sits in my son's dresser with his other personal items he keeps, the encryption password for both USBs was printed (again a hash key), sealed in an envelope and given to my mother in law to put in her safe deposit box, and lastly the UNencrypted wallet.dat was burned to 2 DVDs that are locked away somewhere with my grandmother... i have no clue where as she agreed they would be sent to her personal estate storage and could not be retrieved until her estate is passed to me upon her death (dad was furious rofl that's what you get for alienating yourself from the family DAD... GG).

Anybody got any other methods that you use to keep safe? I know it sounds like a lot of work for some BTC... but I know I won't be posting here with a sob story and 100s if not 1,000s of BTC stolen.

[yvv]

So in the years i have been active on bitcoin i got scammed and stolen several hundred bitcoins

Man, you should not keep a wallet online with this amount of BTC. And if you need to put it online to get money, send the change to another wallet, which was never online, and destroy the old one.

2All. But he has a valid point. Bitcoin wallet is either inconvenient to use or unsafe storage. And even if you are a geek and have no problem with going through the pain with live cd and all that crap regularly, you are still unsafe, because a gang of hoodlums can rob your house. Keeping a flash drive with 100 btc in your house is like keeping a case with cash. You can rent a bank vault and put your flash drive there, and here you go, you still depend on bank.

[niko]

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

Bitcoin is ready. It has not been hacked, while wealth worth many billions of dollars has been safely transacted over years.

You are really asking are computers ready, and the answer is - it depends. Mine is.The one from the OP was not. Your question is like asking if dollars are ready. They do get stolen, right? Pickpocketed, scammed away, robbed, lost, burnt, stolen, whatever. Are our homes or pockets or banks ready for dollars and euros? It depends. Some of them are, some aren't.

[lexxus]

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

Bitcoin is ready. It has not been hacked, while wealth worth many billions of dollars has been safely transacted over years.

Yeah, sure. Last time I checked wallet encryption was off in Bitcoin QT by default. Do you call it ready for mainstream adoption? It's like a GMail with no password by default.

[Logik]

Would you keep $10,000 in cash sitting around your house with only a simple door lock protecting it? No. You would take it and put it somewhere more safe. Yet you do the equivalent with bitcoins and suddenly it's everybody else's fault.

If you don't know how computer security works then use blockchain.info wallet with google authenticator and a random password.

[yvv]

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

Unfortunately, you are right. It is very risky to keep large part of your assets in btc, even if you are IT security pro.

[Welsh]

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

Bitcoin is ready. It has not been hacked, while wealth worth many billions of dollars has been safely transacted over years.

You are really asking are computers ready, and the answer is - it depends. Mine is.The one from the OP was not. Your question is like asking if dollars are ready. They do get stolen, right? Pickpocketed, scammed away, robbed, lost, burnt, stolen, whatever. Are our homes or pockets or banks ready for dollars and euros? It depends. Some of them are, some aren't.

+1, Bitcoin is ready, Bitcoin it's self has not had a problem.
Only the people who are using Bitcoin has had problems, for example this post. Because the currency is a online currency, it's more prone to attacks, but this is just the same as having your bank account online.
If you have your bank account online, it's the exactly the same as having your Bitcoin online, however, Bitcoin can be easier to get because it's located on your HD and more easier to access.
But, to counteract that in a few ways.
You could if you really wanted to, store your Bitcoins on your own dedicated server but to be quite honest, your better of having a paper wallet, they are more secure than any of the methods I have came across.

[Gabi]

The truth is that we need a real hardware wallet wich allow you to make transactions without the risk of being infected.  Totally air-gapped. Otherwise you will have your private key in your pc/smartphone, wich can be infected.

Also a note about virus scans: if the computer is infected, scans may be totally useless because the virus might have comprimised the antivirus too. An infected pc is TOTALLY unreliable, the only safe way to fix it is to format it and every hard disks on it and probably whatever you connected to it (usb keys, external drives etc). Otherwise a clever virus may happily survive.

[drawingthesun]

You could if you really wanted to, store your Bitcoins on your own dedicated server but to be quite honest, your better of having a paper wallet, they are more secure than any of the methods I have came across.

What do you think of my suggestion in my second post on page 1 of this thread?

[Welsh]

Would you keep $10,000 in cash sitting around your house with only a simple door lock protecting it? No. You would take it and put it somewhere more safe. Yet you do the equivalent with bitcoins and suddenly it's everybody else's fault.

If you don't know how computer security works then use blockchain.info wallet with google authenticator and a random password.

So, you think BANKS are more secure than storing your own money? If that's the case look at the Cyprus case.
To be honest, Banks are about as safe as storing your money in a fire proof safe.
However, I wouldn't put my money around my house, I would have it in a external location.

[Welsh]

You could if you really wanted to, store your Bitcoins on your own dedicated server but to be quite honest, your better of having a paper wallet, they are more secure than any of the methods I have came across.

What do you think of my suggestion in my second post on page 1 of this thread?

I like your post, you said about encryption and how back ups can be used, and that is 100% correct.
Encryption basically does nothing, at all with the Bitcoin client.

[lexxus]

+1, Bitcoin is ready, Bitcoin it's self has not had a problem.

Imaging that bitcoin gains adoption and people start buying and massively using bitcoin tomorrow. After a few cases like OP has, mass media will destroy bitcoin's reputation claiming that it's insecure. That's it.

Bitcoin-QT has wallet encryption off by default. It's like your interenet banking is with empty password by default. Do you call this ready?

[Gabi]

+1, Bitcoin is ready, Bitcoin it's self has not had a problem.

Imaging that bitcoin gains adoption and people start buying and massively using bitcoin tomorrow. After a few cases like OP has, mass media will destroy bitcoin's reputation claiming that it's insecure. That's it.

Bitcoin-QT has wallet encryption off by default. It's like your interenet banking is with empty password by default. Do you call this ready?

Just like mass media destroyed internet reputation claiming that is is insecure? Yeah well, mass media probably will cry about that, but people will still use bitcoin, more secure ways will appear.

[lexxus]

Just like mass media destroyed internet reputation claiming that is is insecure? Yeah well, mass media probably will cry about that, but people will still use bitcoin, more secure ways will appear.

More secure ways will and should appear. But now it's far from being ready for an ordinary user to use in terms of security.