The bitomat exchange lost their wallet - selling exchange for 17,000 BTC!!

[smoothie]

third biggest exchange loses all it's coin

Someone really believe they "lost" 17000btc? 

Any sane person would have created an offline backup. So I'm with you, I think it's just an excuse to say that they don't have the BTC.

I sure am glad I learned my lesson after the mt. gox hack and kept my btc offline and in my possession.

[neofutur]

https://bitomat.pl/Home/Statement (In polish)
http://reddit.com/r/Bitcoin/comments/j4t58/3rd_largest_bitcoin_exchange_has_lost_its/

 I can provide backup of your wallet on 3 different dedicated server, hosted in 3 different datacenters ( wether you are an individual or an exchange ) .
 For trust concerns you can check my gpg Wot and my otc ratings

 more on my bitcoin services :
http://bitcointalk.org/?topic=1687.0

[dancupid]

How could they not even have an old backup copy of their wallet? Even if it was missing some addresses they could get some of their money back. (and why not just create a lifetimes worth of addresses in the wallet and backup that first).
You don't ever need to make more than one backup of a wallet if you have prepared it with enough potential addresses.

[mrb]

I can provide backup of your wallet on 3 different dedicated server, hosted in 3 different datacenters ( wether you are an individual or an exchange ) .
 For trust concerns you can check my gpg Wot and my otc ratings

True Bitcoin hackers create a small, GPG-encrypted wallet and back it up by embedding it in the block chain itself, globally replicated around the world 

[giantdragon]

The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

[hippich]

The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

How I can instruct bitcoin client to not generate new addresses, but use existing ones? This is what I really do not like about it - not being able to tell when client used new address for change or reused already genereated one.

[Melbustus]

But this is actually bullish news for BTC, 17000 BTC has just been destroyed, this should increase the value of the rest of the BTC by almost 2%.

It's not really good news, the decrease in supply is dwarfed by the increases of anxiety over bitcoin.

If you are a relatively new investor to bitcoin and read about the 25l stolen, the mtgox hack, third biggest exchange loses all it's coin, mtgox shows coins at 1.3 million each, the dwolla charge back hack and mybitcoin one of the largest and most recommended online wallet services went dark this weekend and their doesnt seem to be any way to contact the owner or any info on it.

This is a dark day for the coin, and this shit needs to stop happening for it to become mainstream. A stock exchange can fall but they will still eventually find your stocks. These coins just vanished.

A big +1 to this. All this recent nonsense is horrible for adoption.

[Gabi]

Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

[dancupid]

The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

How I can instruct bitcoin client to not generate new addresses, but use existing ones? This is what I really do not like about it - not being able to tell when client used new address for change or reused already genereated one.

I've just created a wallet with 20000 addresses to see what happened (creating a Bitcoin.conf file - copy and pasting from here: https://en.bitcoin.it/wiki/Running_Bitcoin and changing keypool to 20000). It took about half an hour on my computer to create the addresses with a final 14MB Wallet.dat file (about 2.4MB in an encrypted zip).
I think the default 100 addresses is too small and will lead to people losing bitcoins (especially newbies who don't understand that the wallet is actually a set of keys). Any computer can handle a 14MB file - I'm tempted to try it overnight and create 200000 addresses. I doubt I'll ever use that many addresses in my life, and it would still only be an 160mb file.

[Gabi]

Is it so hard to make a client that show me the total amount of address in a wallet? And that let me add new address to it? Why i have to mess with text files? Do they think i'm using windows 3.1?

[tvbcof]

Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

I like (and use) the above technique.  A couple of other suggestions if I may.  These are simply my own personal thoughts on things and I encourage people to think about things and roll their own...avoiding a monoculture is a good thing in my opinion.

--

When encrypting a wallet.dat, do NOT use a password you can remember (unless you are really good at this stuff) and for the love of God, don't forget your password(s).  That means keeping it/them written down in a secure place or several.

If someone is trying to break into an on-line account, there are a limited number of attempts they can try.  If someone has the encrypted wallet.dat file in their possession, they can try at a much higher rate, and with software akin to mining rigs.  So the password should be much better.

(If someone has a password hash from a dump stolen from some web site's database, they can use rainbow tables and other tricks to try to obtain the password.  That is a different beast.)

--

I also suggest re-naming the encrypted wallet.dat to reflect info about it.  e.g., 'wallet.dat__sav-2_20_20110802.enc-1'.  I can see at a glance that this is my second savings wallet, it contains 20 BTC, it was created today, and it uses my '1' encryption scheme.

It sorts nicely with my other savings wallets as well.  I personally keep an active working wallet with spending money and don't bother to back it up at all.  My savings wallets are in cold storage.

On mistake I made was forgetting to properly document the addresses of each savings wallet (so I could check the balances on blockexplorer and make sure all was as expected over time.)  Had to open a bunch of them back up to get it.

--

I also suggest if one is puttering around with command line tools, be most careful indeed to not overwrite or prematurely throw away a wallet.dat, and to double check that the end result can be turned back into a functional wallet.dat file when a technique is decided upon (and documented.)

Most people will want to use a canned tool for such an operation.  Fine, but be careful about where the tool came from and be advised that attackers will know exactly how it works and how to exploit whatever weaknesses it has even if the tool is perfectly legitimate.

--

Lastly, I suggest that deleting a file off a hard drive, pen drive, etc, is not as definitive as a lot of people think.  There could be a whole lot of 'deleted' wallet.dat files to be found if one's HDD is stolen and if the person who is looking is proficient.  There are programs which can securely and reliably nuke a file.  Depending on your risk profile, keep this in mind.

[dancupid]

Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

I like (and use) the above technique.  A couple of other suggestions if I may.  These are simply my own personal thoughts on things and I encourage people to think about things and roll their own...avoiding a monoculture is a good thing in my opinion.

--

When encrypting a wallet.dat, do NOT use a password you can remember (unless you are really good at this stuff) and for the love of God, don't forget your password(s).  That means keeping it/them written down in a secure place or several.

If someone is trying to break into an on-line account, there are a limited number of attempts they can try.  If someone has the encrypted wallet.dat file in their possession, they can try at a much higher rate, and with software akin to mining rigs.  So the password should be much better.

(If someone has a password hash from a dump stolen from some web site's database, they can use rainbow tables and other tricks to try to obtain the password.  That is a different beast.)

--

I also suggest re-naming the encrypted wallet.dat to reflect info about it.  e.g., 'wallet.dat__sav-2_20_20110802.enc-1'.  I can see at a glance that this is my second savings wallet, it contains 20 BTC, it was created today, and it uses my '1' encryption scheme.

It sorts nicely with my other savings wallets as well.  I personally keep an active working wallet with spending money and don't bother to back it up at all.  My savings wallets are in cold storage.

On mistake I made was forgetting to properly document the addresses of each savings wallet (so I could check the balances on blockexplorer and make sure all was as expected over time.)  Had to open a bunch of them back up to get it.

--

I also suggest if one is puttering around with command line tools, be most careful indeed to not overwrite or prematurely throw away a wallet.dat, and to double check that the end result can be turned back into a functional wallet.dat file when a technique is decided upon (and documented.)

Most people will want to use a canned tool for such an operation.  Fine, but be careful about where the tool came from and be advised that attackers will know exactly how it works and how to exploit whatever weaknesses it has even if the tool is perfectly legitimate.

--

Lastly, I suggest that deleting a file off a hard drive, pen drive, etc, is not as definitive as a lot of people think.  There could be a whole lot of 'deleted' wallet.dat files to be found if one's HDD is stolen and if the person who is looking is proficient.  There are programs which can securely and reliably nuke a file.  Depending on your risk profile, keep this in mind.

It's actually quite easy to create a complex password that you can remember - just string together a set of other passwords (from facebook, gmail etc) , your mothers maiden name, the year Henry VIII died followed by 6 $ signs and your Autie's name spelt backwards. The important thing is not to type them in. Copy and paste them from a large text document with random letters and symbols (so to avoid key loggers).
Also if you create a large wallet file by creating thousands of addresses it will be less likely that is can be stolen, if you just open it quickly to make a transaction (depending on your upload bandwidth) and then delete it

[deuxmill]

I don't believe this .

[smoothie]

Any person in their right mind wanting to spend 17,000 BTC to buy the third largest exchange's name should put some of that 17,000 BTC towards the construction of a new exchange and have some btc left over after the exchange is complete.

[spruce]

This can be easily and conclusively proven if any of those coins ever move again in blockchain.

True. Is there a list anywhere that people could add to?

[ptshamrock]

You just could not make it up. The only unlimited commodity in universe is indeed stupidity. Fools and money are parted quickly.


On a positive note, give it a year or two and idiots will get washed out of the system by free market.

+1

[S3052]

Just for my understanding: Bitomat is still operating as we speak, correct?

[hugolp]

Just for my understanding: Bitomat is still operating as we speak, correct?

I was wondering exactly this. How is it operating if it was destroyed?

[Littleshop]

I did a translate on the page and they indeed say they are back up.  They are back up with everyone having ZERO BTC.  No accounts I assume as well.  Like a clean slate.   Would you trust them or mybitcoin.com if they came back up?

[lemonginger]

I can understand (well, I can't really, but I can pretend to understand) not quite understanding how Amazon's instances work. What I can't even begin to understand is having all the coins in one wallet and not having backups of the wallet spread across multiple places. What kind of fucking businesses are these?

I hope that they get their asses sued off in court and all the users recover their money.