Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.
If you absolutely must trust someone with your bitcoins, for the love,
choose carefully!
- Do you know their full name?
- Do you know where they are located?
- Have they demonstrated trustworthiness in the past?
- Are they asking you to trust them? (red flag)
- Do they have insurance?
Insurance? Impossible, you say. Not so!
When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here:
http://bitcointalk.org/index.php?topic=10008.0Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.
If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.
If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.
If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this:
https://en.bitcoin.it/wiki/Securing_your_walletHere's my summary:
1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust
Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:
My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .
You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.
In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).
I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.
And remember, this is how most bitcoins services get started:
Comic from:
http://bitcointalk.org/index.php?topic=13903.0My biggest enemy is me, i've lost 6.2 Btc due to trusting in my capability of remembering my own wallet password, and writing down the passphrase etc.. when that time came, I waved my coins farewell. off they went as orphan coins. Luckily Im not James Howell though, he lost 7,500 Btc by throwing away his HDD and realized afterwards what error he made