A simple application to backup your wallet in Dropbox and Gmail [scam]

[Hummer]

Reported as a scam.

So, here it is

Instructions:
1. Choose the dropbox folder (or another what you want)
2. enter e-mail address, it is desirable to gmail
3. select the interval for checking the file modification
4. click "Start"
That's it! Nothing could be easier.

Screenshoot:
http://i51.tinypic.com/n66s2e.png

Download:
http://www.mediafire.com/[removed]

It is cross platform (Windows, Linux, Mac) application (Java).
You must have installed JRE.

Donations: 1DgsgSSRQDYV2VaANxEXzo1wrrRz9PUw1x

[1715152071]

1715152071

[1715152071]

1715152071

[1715152071]

1715152071

[theGECK]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

[Hummer]

The bitcoin program does not block the purse, she uses it less frequently

ps Sorry, will soon update the version, this may fail to copy. Just beta version.

[ColdHardMetal]

Does this encrypt the file it sends to gmail or anything like that?

[Tolsi]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

[theGECK]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

Since Windows XP doesn't recognize @echo off or the sleep commands by default, here's my first stab at a batch script that will do this.

:start
xcopy.exe "C:\Documents and Settings\xxx\Application Data\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\Bitcoin\Wallet Backup\" /y
ping -n 21600 127.0.0.1
goto start

It does bring up a command prompt, but I'm not sure yet how to prevent that from happening in Windows XP.

[theGECK]

If you're like me and don't have many transactions in a day, you could also edit the .bat to this:

xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
exit

That will do the backup and then close the prompt window. Didn't think about posting this with the rest of it. I figure many people will know this, but others won't.

[Drifter]

Would be nice if it could zip and encrypt the file before adding it to dropbox. I use a program called Syncback for all the backups on my computer, and can schedule intervals like this. The ability to encrypt files is important when making these backups especially if you're adding things to the cloud.

[BitterTea]

There's no reason to back up the wallet so often. Really, the only thing that needs backing up are they private keys associated from each account. Given a private key, you can create the public key, and from that, the address. Since Bitcoin keeps ~100 spare private keys in the wallet (for later use for change, etc), you no longer need to backup your wallet after every transaction. Ideally I think, you should back up your wallet when most of the keys from the prior backup's key pool have been used.

[genjix]

There's no reason to back up the wallet so often. Really, the only thing that needs backing up are they private keys associated from each account. Given a private key, you can create the public key, and from that, the address. Since Bitcoin keeps ~100 spare private keys in the wallet (for later use for change, etc), you no longer need to backup your wallet after every transaction. Ideally I think, you should back up your wallet when most of the keys from the prior backup's key pool have been used.

And how do you detect such an event?

[theymos]

And how do you detect such an event?

Getinfo reports "keypoololdest", which is the unix time of the oldest key. When this time is after the time of your last backup, then your backup is too old.

[genjix]

that's great. thanks.

[Matt Corallo]

SCAM, sends your wallet to a gmail of a Russian Scammer.

See Blitzboom in todays #bitcoin-dev logs.

[N12]

Do NOT download this. It deletes your wallet and sends it to the developer’s email so he can steal all your BTC.

Seriously, you should be banned forever.

[LZ]

And do not use the xcopy command, guys. It can make a broken wallet.dat copy if it is in use. Use hard link instead.

[Drifter]

Take the entire url out of the first post.

[Tolsi]

I downloaded it and lost my 100 bitcoins today at 17.01 -_- It's the sadness.
thanks for hard links

[[Tycho]]

It does bring up a command prompt, but I'm not sure yet how to prevent that from happening in Windows XP.

Just run the script as different user - then console window won't show up.

[kiba]

We have a new lesson:

1. Never download anything from a forum member who do not release the source code or have no history with the community.

2. You should separate your wallet into two type: A spending wallet, and a saving wallet.

[kiba]

Is this the same Russian scammer who got his wallet emptied after being tracked down? Will the owner get their bitcoin back?

[Matt Corallo]

Working on a writeup now, the owner got back most of his coins, but the scammer (who also goes by Tolsi, see the post above-lulwat?) got away with 30.

[Tolsi]

lulwat? i lose my bitcoin as you.

[Matt Corallo]

Yea Tolsi, just wait for the writeup I have enough evidence.

[Tolsi]

Yea Tolsi, just wait for the writeup I have enough evidence.

will submit, please

[Tolsi]

I still minner, gambling. Recently received money for the transfer to mobile phone. I provide this service in Russia. and you are in my something accuse...

[kiba]

Woah. Somebody actually hijacked a scammer to get back bitcoins.

[Tolsi]

What makes you think it was me? I'm not trying to get my money back, I lost them on their stupidity. I've changed my wallet. I do not understand how I was tied up with Hummer? He is not me!

[kiba]

What makes you think it was me? I'm not trying to get my money back, I lost them on their stupidity. I've changed my wallet. I do not understand how I was tied up with Hummer? He is not me!

Communication misinterpretation?

[Matt Corallo]

Write up here:
http://bitcointalk.org/index.php?topic=3628.0

[Matt Corallo]

The only person scammed was Blitzboom, not Tolsi (see the writeup).

[kiba]

The only person scammed was Blitzboom, not Tolsi (see the writeup).

Thanks for the information.

[Matt Corallo]

Oh and one last bit, Tolsi is also russian
http://bitcointalk.org/index.php?topic=2977.msg51349#msg51349
Just as one last bit of evidence.

[kiba]

Oh and one last bit, Tolsi is also russian
http://bitcointalk.org/index.php?topic=2977.msg51349#msg51349
Just as one last bit of evidence.

Ouch.

Time for a banhammer?

On the other hand, he could always registered as somebody else.

[Bruce Wagner]

This is why I rely on YOU guys to test out new software.... for me....  

I'm not into being on the bleeding edge of new things.  

So only 30 bitcoins were lost to this douchebag thief?

Maybe we could each make a little donation to him (the victim) to help make up for his loss...?

I hate to see innocent people scammed like that.

Apparently, people like this give a BAD NAME to all of their fellow Russian Countrymen.

It is very sad that it gives the entire world the impression that Russia is nothing but a land of criminals and thieves.    It's very sad.     It is a disgrace to all decent people everywhere.

PS - Mind making the word slightly more obvious in the title of this thread?    Like:  [SCAM] A simple application to backup your wallet in Dropbox and Gmail [SCAM]

[N12]

I made him a proposal. According to his PM, he’ll accept, but the question is when I will get it. The longer he waits, the more attention this will get, I guess.

Still, I always accept donations, see my signature for that.

[Drifter]

This is why I rely on YOU guys to test out new software.... for me....  

I hate to see innocent people scammed like that.

Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?

[kiba]

Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?

I sense a new business model.

[Jotto]

A possible solution might be an encrypted wallet-file, so you'd have to enter a password each time you start bitcoin.exe to decrypt it. That way a stolen wallet.dat-file would be useless for the thief.

[kiba]

A possible solution might be an encrypted wallet-file, so you'd have to enter a password each time you start bitcoin.exe to decrypt it. That way a stolen wallet.dat-file would be useless for the thief.

All these can easily be defeated if the user throw caution to the wind. However, I think it should be easier to secure one's bitcoin wallet.

[N12]

Well, the sole reason I wasn’t suspicious is simple: As this thread already had some posts I thought, it would’ve come out if the "application" is malicious. I was wrong to put my trust in this, obviously.

[kiba]

Well, the sole reason I wasn’t suspicious is simple: As this thread already had some posts I thought, it would’ve come out if the "application" is malicious. I was wrong to put my trust in this, obviously.

I simply didn't bite.

[mico]

Those russians if they were russians are making bad reputation for us - lzsaver is trying to investigate it in our russian sub-forum. That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others). Karma will punish you, russian scammers!

[bitcoinex]

That is sad how many scammers are from russia (such as Nerd and his bitcointrade.biz and others).

This is because work time of the russian programmers are cheap.

[Bruce Wagner]

The internet, as a whole, is a dangerous place for novices and the non-technical.  It's really impossible to come up with a full-proof system to protect every user from themselves.

On the otherhand, even knowledgeable and wise users can be tricked.

Lessons Learned:

(1)   Be a bit Suspicious...  especially if many people have not reported success in using something.

(2)   Don't be the first to try something new --- especially when Bitcoin (i.e. money) is involved!
 

[Anonymous]

Sadly I think this is going to become common. It's just too easy, especially if the forum was even larger and had many unknowing and unsuspecting individuals.
Could we somehow enforce rules on links to downloadable material? Create a team willing to somehow test new downloads before they are allowed on the forum? How do you protect people when the users are not as advanced in computers as 95% of the users here currently?

I sense a new business model.

I think you are right.

[ribuck]

Create a team willing to somehow test new downloads before they are allowed on the forum?

It's pretty hard to test a closed-source application. It might work perfectly, but might contain code that changes its behavior at some future date.

You can test more thoroughly by disassembling the binary and working out what it does, but that's seriously time-consuming and wouldn't be practical for apps like this one.

As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.

[kiba]

As it happens, this one did (accidentally) include the source code. So a business could have charged a fee to certify it as safe or unsafe.

A security firm would just flat out refuse to review closed source software.

[ribuck]

A security firm would just flat out refuse to review closed source software.

Security firms review closed source software all the time (e.g. viruses), but it involves reverse engineering, takes a huge amount of time, and costs a lot of money.

For most people it won't be possible to avoid running at least some closed source software that has access to wallet.dat. Even on Linux, few people are running a "whiter than white" distribution. Most people have at least some closed source drivers and codecs on their system.

Effectively securing wallet.dat is really difficult for the non-technical Bitcoin user.

[stakhanov]

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.

[BitterTea]

I am working on an app that will transparently keep multiple wallets in encrypted form until they are "opened" (extracted to the Bitcoin data directory). It also handles removable drives by storing the volume name of the drive your wallet is on. When the volume is inserted, a notification is created and the wallet is available for selection. Two things - it's Windows only, and you'll have to have a GPG keyring.

I'm just cleaning things up right now, I've open sourced any of my projects and am feeling a little self conscious about my code. I'll make a post here once it is available for download.

[bitcoinex]

I think one of the lessons there is that wallet.dat should really be encrypted by default, and unlocked with a password when starting the bitcoin client. It's still not bullet proof, but it would make it a lot harder to just steal your wallet with a simple malware app.

https://www.bitcoin.org/smf/index.php?topic=1852.0

[BitterTea]

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required) that runs in the systray and securely stores, manages, and backs up multiple wallets. Please feel free to look over the code and let me know if you have any questions.

http://bitcointalk.org/index.php?topic=3735.msg52972

[we6jbo]

In another thread I was reading that since this attack, the developer of his program was, shall I put, worried that nobody would use another 3rd party program here. At least that was my interpretation of what he said. That got me thinking that we're all computer savvy and most of us have security in mind but what about other projects such as Tor which facilities a similar P2P concept as Bitcoin and yet because their project is a lot older than Bitcoin and they have gathered a lot of users with various levels of computer experience, an attack on Bitcoin might might likely happen on Tors site and the program the the attacker writes might idle away on a Tor's computer until the user of Tor decides to try out Bitcoin.

[dishwara]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?

[BitterTea]

Also is there any way to do incremental backup (I mean n+1 files)?

WalletBuddy will do that, but I need someone to check my source code first.

[stakhanov]

Hey, just a heads up, I've released WalletBuddy, an application (for Windows, .Net 4.0 required)

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.

[BitterTea]

Why this choice? It means a lot of people (at least here) won't be able to use your app. I would have been interested...

In the long run, I still think it should be included by default in the mainstream client. If we want to see widespread bitcoin adoption, we have to make the default setting as secure as possible.

I know, but I'm familiar with the .NET framework and wanted this for myself. It was only after I started building it that I decided to release it. I wonder...

Hmm, it looks like Mono is .NET 4.0 compatible except WPF and some other things which I'm not using. I'm going to test it with their compatibility tool, and then I'll update my thread.

edit... I just need to replace my use of WqlEventQuery to detect drive changes. I should be able to just can periodically instead. Then, I think it should work using Mono 2.8 on Linux.

[we6jbo]

This only backs up the wallet, correct? I'm assuming it cannot copy while the bitcoin program is running, but I don't know how bitcoin uses the wallet file and if it locks it or not. Could you let me know?

This looks to be what I have been looking for.

just create .bat file (for windows 7, in xp other path to wallet.dat):

Code:

@echo off
:start
xcopy.exe "C:\Users\%username%\AppData\Roaming\Bitcoin\wallet.dat" "C:\%Dropbox_folder%\" /y
sleep 1800
goto start

and do not trust third-party programs

when i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?
Also is there any way to do incremental backup (I mean n+1 files)?

The command might be delay or pause. Alternatively I believe windows comes with a built in crontab type tool in the lower right hand corner. It's been a long time since I've used windows.

[theymos]

When i run this i got this error
C:\Users\Administrator\Desktop>sleep 1800
'sleep' is not recognized as an internal or external command,
operable program or batch file.

How to solve it?

Replace "sleep" with "timeout". (This only works with Vista and later.)

[grondilu]

I'd like to show off my own bash script:

Code:

#!/bin/bash

name=grondilu
sftp_address=grondilu@somewhere.fr
email=grondilu@nospam.fr
bluetoothaddr="00:XX:YY:ZZ:UU:TT"

private="$HOME/Private"
backup="wallet-$(date +%s).dat"

error() {
    echo $1 returned error code $2
    rm -f $private/"$backup"{,.gpg}
    exit $2
}

if
    echo -n "making backup file..."
    bitcoind backupwallet "$private/$backup"
    r=$? ; ((r != 0))
then error bitcoind $r
elif
    echo ok
    cd $private
    echo -n "encrypting..."
    gpg -e -r $name "$backup" 
    r=$? ; ((r != 0))
then error gpg $r
elif
    echo ok
    rm "$backup"
    echo -n "copying to distant server..."
    scp "$backup.gpg" $sftp_address:
    r=$? ; ((r != 0))
then error scp $r
elif
    echo ok
    echo -n "adding to distant archive..."
    ssh $sftp_address <<< "tar rf wallet-backup.tar $backup.gpg && rm $backup.gpg"
    r=$? ; ((r != 0))
then error ssh $r
elif
    echo ok
    echo -n "copying to smartphone..."
    obexftp -b "$bluetoothaddr" -c /Data/backups -p "$backup.gpg"
    r=$? ; ((r != 0))
then error obexftp $r
elif
    echo ok
    echo -n "sending backup via email..."
    mutt $email -s backup -a $backup.gpg < /dev/null
    r=$? ; ((r != 0))
then error mutt $r
else
    echo ok
    rm "$backup.gpg"
fi

[snedie]

Using the batch file method of backup works, and if you want it to run 24/7 in the background just add it to your startup programs. If you want it without the CMD window consult this:
http://www.winhelponline.com/blog/run-bat-files-invisibly-without-displaying-command-prompt/

Simple add the vbs file instead of the bat file to the startup programs.