BITCOIN HACKS, FUTURE HACKS (hopefully this helps you be a safer user)

[TimeBits]

I want to start off by saying bitcoin has never been hacked, many in the media make it look like bitcoin is hackable and not safe, but the truth is people are hackable and clients they use 3rd party are not safe, not bitcoin itself.

Some of the "hacks" I have encountered over the years, hopefully this helps you be a safer user. Please feel free to add more, or possibly think into the future way`s people may do to help secure bitcoin users.

1. The first thing and most common is people using a skeleton key, A skeleton key is when you use the same password for everything, If you check this site https://haveibeenpwned.com/ many big websites you have used leaked your passwords and emails (LinkedIn, This forum, Myspace, are just to name a few). If you have coins on a exchange and you use the same password as your email, consider your coins gone. In addition If you are using coins on a exchange you did not read the first sentence of the white paper and I suggest you do that before holding any bitcoins, it is meant to be p2p and not go through two financial institution.

2. Similar and common to the one above, if you are using a weak password, people can use a program(brute force as example) to figure out your email password in seconds. Make sure you password is not something small, the more numbers and the more letters and combinations of them, the more time you buy yourself. The best is if you mix your passwords up daily or make a bot that auto scrambles your passwords to a new one every few hours so you don`t have to do it manually.

3. Keyloggers, similar and common to the one above, if you are using a public computer, or maybe have malware on your own, they may be able to log all of your passwords and if they have a connection through something like remote viewing to your computer, they can steal all of your coins. Stay away from public computers when using bitcoin and regularly check your computer for viruses, just like us human`s sometimes they need a good cleaning.

4. Malware hack, This is a copy and paste hack where when you try to post your address when sending bitcoin and it get`s replaced by the hackers, Always double check to make sure the address you are sending to is the one you copy and pasted. If it is not, you probably have Malware on your computer.

5. Trusting 3rd party software, I used to play on a anti cheat client called ESEA, for counter-strike (a video game). When I would go to sleep my computer was used to mine bitcoin, in a zombie network so I would not notice.
https://www.theregister.co.uk/2013/11/20/esea_gaming_bitcoin_fine/
Trusting, things like steam client, discord app, blizzard client, (any game, client or program) On the computer you have your wallet can put you at risk. These companies can change their terms and services at any time. They also may be exposed to 3rd party hackers taking advantage of the weaknesses in their clients. Try not to have any additional app`s on your computer other than the necessary ones to run your OS.

6. A lot of people think 2FA is 100% safe, It is not.  Hackers can call up your phone companies and steal your sim card and number, some can spoof your own number. Do not have faith in 2FA on exchanges, it has been proven it is not safe 100`s of times now. I believe the best way to store bitcoins may be a hotwallet with a password mixer on your own computer not attached to the internet, but I think cold wallets may be good to. Sure some 2FA`s help, but it is not 100% secure. You probably want to use Linux to, not windows or apple shit or whatever horrid OS your phone is running on.

Just remember, if you do not hold your banana guys, you are trusting another man holding onto your banana, This defeats the purpose of bitcoin.

There is a few more things like ransomware, social engineering, scams(bitcoin doublers), phishing links(sites that look like the real one but are not) and many tricks people use on social media, so be careful.  

Perhaps some more experience members can give their two satoshi`s on the subject and experiences to help new users out (get it instead of 2 cents, ok I know it was lame). I would also love to hear some theory's how people may steal coins in the future or ones I did not list, I think I got some ideas on what will happen.

[o_e_l_e_o]

The best is if you mix your passwords up daily or make a bot that auto scrambles your passwords to a new one every few hours so you don`t have to do it manually.

I think the easiest option for most newbies is to use a password manager such as KeePass. You only need to remember one complicated password, which is your encryption key to KeePass. KeePass will generate long and truly random passwords as often as needed for any site, and never duplicate passwords.

Stay away from public computers when using bitcoin

You should never log in to anything on a public computer. If you do, you should immediately consider your credentials compromised. There are just too many vectors of attack to even begin talking about. I would also be very wary about using public WiFis. If you must use a public WiFi, use a VPN and again, don't log in to anything sensitive.

This is a copy and paste hack where when you try to post your address when sending bitcoin and it get`s replaced by the hackers

A good defense against this is to use a hardware wallet. Any transaction you make requires manual confirmation of the address being displayed on the hardware wallet's screen. This serves as an extra step and forces you to double check before just hitting "send" and losing your coins.

I believe the best way to store bitcoins may be a hotwallet with a password mixer on your own computer not attached to the internet

Any wallet which does not connect to the internet is a cold wallet. A computer which does not have, and will never have, internet access is known as "air gapped". Setting up your own wallet on an air gapped machine is a fairly popular and very secure method of storing your coins. If that's not user friendly enough for you, then the next best option is a hardware wallet.

[cr1776]

7. Storing bitcoin on exchanges.  When bitcoin is on an exchange, you don't own it, the exchange does and you have an IOU.  Given the number of hacks of exchanges over the years, storing bitcoin there is a poor choice.

[amyshek1979]

7. Storing bitcoin on exchanges.  When bitcoin is on an exchange, you don't own it, the exchange does and you have an IOU.  Given the number of hacks of exchanges over the years, storing bitcoin there is a poor choice.

Agreed. It's better to store crypto on exchanges as short as possible.

[CryptoBry]

A lot of people think 2FA is 100% safe, It is not.  Hackers can call up your phone companies and steal your sim card and number, some can spoof your own number. Do not have faith in 2FA on exchanges, it has been proven it is not safe 100`s of times now. I believe the best way to store bitcoins may be a hotwallet with a password mixer on your own computer not attached to the internet, but I think cold wallets may be good to. Sure some 2FA`s help, but it is not 100% secure. You probably want to use Linux to, not windows or apple shit or whatever horrid OS your phone is running on.

As proven in the case of the Binance hack, the 2FA security platform is not anymore safe as hackers have already gotten the advanced steps that can be taken to counter this option. This is the reason why some are already talking about 3FA but of course this can be the necessary burden we have to take just to feel that we are secured. Sadly, hackers are ahead of the game and with the resources they already hoarded and the technologies at their disposal, I am sure that hacking will be here to stay and they can be successful with rich targets from time to time. Exchanges should always be on guard as hackers are just waiting to make a big strike anytime.

[o_e_l_e_o]

As proven in the case of the Binance hack, the 2FA security platform is not anymore safe as hackers have already gotten the advanced steps that can be taken to counter this option. This is the reason why some are already talking about 3FA but of course this can be the necessary burden we have to take just to feel that we are secured.

Now, someone correct me if I'm wrong here, but I understood that the Binance hack was targeted against individuals with high-net-worth accounts. The hackers phished the victims by getting them to enter their username, password, and 2FA code on a fake site, and then used those details to steal their API permissions. If that's the case, then surely 3FA won't make any difference to this kind of attack? If the victims were phished to enter all the required information, including all three required factors, then the same result would be possible.

[piebeyb]

this is ridiculous but I often say not to trust any media about hacking bitcoin on any trading site, I always say it is done as a step to panic other traders, bitcoin cannot be hacked by hackers all depends on how we keep our money with safe
never access the wallet where your bitcoin funds are stored using other devices other than those you use everyday such as your personal laptop and make sure that only you access your laptop, prevent others from using your laptop, this is easy if you want to keep your money well

[TimeBits]

7. Storing bitcoin on exchanges.  When bitcoin is on an exchange, you don't own it, the exchange does and you have an IOU.  Given the number of hacks of exchanges over the years, storing bitcoin there is a poor choice.

7. Just remember, if you do not hold your banana guys, you are trusting another man holding onto your banana, This defeats the purpose of bitcoin.

The most common way people lose their bitcoin, is not being their own bank.


    Exchange: Silk Road
    Amount: $270,000,000 (171,955 BTC)

    Exchange: MtGox
    Amount: $700,000,000 (850,000 BTC)

    Exchange: Cryptsy
    Amount: $9,500,000 (13,000 BTC and 300,000 LTC)

    Exchange: Mintpal
    Amount: $3,200,000 (3,894 BTC)

    Exchange: Bitstamp
    Amount: $5,100,000 (19,000 BTC)

    Exchange: Bter
    Amount: $1,750,000 (7,000 BTC)

    Exchange: Bitfinex
    Amount: $72,000,000 (120,000 BTC)

    Exchange: EtherDelta
    Amount: $266,789 (308 ETH)

    Exchange: Yapizon
    Amount: $5,500,000 (3816.2028 Bitcoin)

    Exchange: Bithumb
    Amount: $7,000,000 (in BTC and ETH)

    Exchange: OKEx
    Amount: $3,000,000 (in Bitcoin)

    Exchange: Coinis
    Amount: $1,800,000 (Unknown)

    Exchange: Nicehash
    Amount: $60,000,000 (4,000 BTC)

    Exchange: Bitstamp
    Amount: $5,000,000 (18,000 BTC)

    Exchange: Coincheck
    Amount: $534,800,000 (523,000,000 NEM)

    Exchange: BitGrail
    Amount: $195,000,000 (17,000,000 NANO)

    Exchange: CoinSecure[1]
    Amount: $3,300,000 (438 BTC)

    Exchange: Bithumb
    Amount: $31,000,000 (in Ripple)

    Exchange: Zaif
    Amount: $60,000,000 (5,966 BTC)

    Exchange: MapleChange
    Amount: $6,000,000 (913 BTC)

    Exchange: Pure Bit
    Amount: $30,000,000 (ICO + 13,000 ETH)

    Exchange: HitBTC
    Amount: Unknown (A daily volume over $200 million)

    Exchange: Cryptopia
    Amount: Significant losses (Atleast 19,390 ETH)

    Exchange: Coinmama
    Amount: 450,000k user emails and passwords

    Exchange: Binance
    Amount: 7,000 BTC

There is more, but let`s just learn from these ones and from the first sentence of the white paper.


USD/EURO IS A FINANCIAL INSTITUTION, THE EXCHANGE IS A FINANCIAL INSTITUTION, TRUSTING A 3RD PARTY IS NOT P2P!

[hugeblack]

In short, the importance of cryptocurrencies is to keep your private key(wallet seed) safe, using any third party will reduce the security of your coins.
Dealing with platforms and another similar bank, you must trust them and you must follow the traditional procedures in the protection of accounts.
As for the protection of your coins, the more you are generating it without an Internet connection and the lack of Internet connection whenever making you safe, this includes generating those currencies in safe operating systems.

[TimeBits]

Attorney general William Barr says encryption backdoors are a risk Americans should accept if it means letting police get access to encrypted messages.
https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/

^So if they are allowed a backdoor it means hackers will be.

Ok let`s brain storm some more about future hacks we might see.

1. Miners getting hacked, what if hackers took over a bunch of big mining operations pooled into one and fuck the network up? How good is the security at these big mining farms? I bet 100% in the future we will see this in the news of big mining ops getting hacked and losing millions or billions. (some I bet will be a inside job)  

2. Bitcoin ATM`s, just like the ATM`s we see today, People will some how start hacking those, somehow giving the machine the hackers address once the person pays instead of theirs. Most of these bitcoin atm`s are in shops where the workers have no clue what the person may or may not be doing at that machine or any clue what bitcoin is really lol, I asked them they had no clue like 4 of these bitcoin ATM`s here. What stops me from walking in there on Halloween in a mask or just wearing a full burka and altering the machine.

[Oilacris]

1. The first thing and most common is people using a skeleton key, A skeleton key is when you use the same password for everything, If you check this site https://haveibeenpwned.com/ many big websites you have used leaked your passwords and emails (LinkedIn, This forum, Myspace, are just to name a few). If you have coins on a exchange and you use the same password as your email, consider your coins gone. In addition If you are using coins on a exchange you did not read the first sentence of the white paper and I suggest you do that before holding any bitcoins, it is meant to be p2p and not go through two financial institution.

Skeleton key is the term for this?on using up same passwords on any site you are engage into,sounds pretty new to me.

I had this mistake where using passwords the same on all accounts plus in my email and that one hack which results for me to lost up all of my savings
in a flash after that I had learned that mistake.This may sounds pretty basic but this is one of the most important thing to be done.

[TimeBits]

Skeleton key is the term for this?on using up same passwords on any site you are engage into,sounds pretty new to me.

https://en.wikipedia.org/wiki/Skeleton_key

I live in a old farm house, every door could be opened with the same key, we called it a skeleton key. The same is if you use your password the same for everything, like having the same lock on every door that one key could open. 

[Cryo06]

The best is if you mix your passwords up daily or make a bot that auto scrambles your passwords to a new one every few hours so you don`t have to do it manually.

I think the easiest option for most newbies is to use a password manager such as KeePass. You only need to remember one complicated password, which is your encryption key to KeePass. KeePass will generate long and truly random passwords as often as needed for any site, and never duplicate passwords.

I second this. I personally use LastPass, but they are both really good password manager solutions.

[bitbunnny]

The problem is that users are still too relaxed and don't care enough about security. This should be changed and therefore we need to raise awareness. People don't keep their private data enough and for some reason they don't feel much tražene when they are online. Only when something happens they look for options to be more secure but then is often too late.

[Artemis3]

Always carry a dvd or thumb drive to boot Tails from in any computer you use, and you will be much safer this way. Especially important when handling money, or cold (paper) wallet creation/handling.

Tails
Privacy for anyone anywhere

Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD.

It aims at preserving your privacy and anonymity, and helps you to:
   

• use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

Learn more about Tails.

[ViceOfBTC21]

Always carry a dvd or thumb drive to boot Tails from in any computer you use, and you will be much safer this way. Especially important when handling money, or cold (paper) wallet creation/handling.

Tails
Privacy for anyone anywhere

Tails is a live operating system that you can start on almost any computer from a USB stick or a DVD.

It aims at preserving your privacy and anonymity, and helps you to:
   

• use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network;
• leave no trace on the computer you are using unless you ask it explicitly;
• use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

Learn more about Tails.

This OS is perfect for generating cold wallets, as it can disconnected from the Internet when booting and is dseigned to have a lot of security measures, for example memory erasure, which ensures no one can recover your data from your computer's RAM. This way even Windows malware will have hard time trying to recover your private key.

[hatshepsut93]

One of the most common ways to lose coins is installing fake wallets, and hackers these days can use very sophisticated methods to distribute them. It can go from as simple as using google ads to advertise their website with fake wallet, to exploiting bugs in existing software to execute phishing attacks, like it happened with Electrum. It should be a rule for any crypto user to always verify the signatures on any software they install, most importantly the signatures of the wallets. There are many good articles that cover it, like this one.