massive cold storage of bitcoins?

[the_sunship]

There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.

http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/

Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....

I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?

On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.

 

[Febo]

That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.

[Don007]

That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.

Not all do, but many indeed. You know why? Because the price is still this speculative and the Bitcoin has a great potential: I think most of the users at these forums keep some of their BTC for the future, "just in case" it becomes worth much more.  And they're right.

I also use it the same way. I've got a part of my BTC at cold wallets, which I keep for the future. I've got another part to trade a bit with, for example to trade with altcoins and hope for some profit by doing that (not really successfull the lasts weeks, but I really was earlier) and i've got a small part which I USE. With this part I buy things.           I buy things from webshops which allow you to pay with Bitcoin, and I buy stuff on this forum. For example Steam codes, that works really well and fast .

[wobber]

That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.

Money do work as a store of value. Fiat doesn't.

[uhoh]

There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.

http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/

Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....

I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?

On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.

 

Definitely wasn't secure, just another good reminder not to use untrusted sites with rubbish entropy to generate wallets. Sad though, I feel for the guy. Armory Armory Armory...

[uhoh]

There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.

http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/

Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....

I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?

On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.

 

Definitely wasn't secure, just another good reminder not to use untrusted sites with rubbish entropy to generate wallets. Sad though, I feel for the guy. Armory Armory Armory...

Is bitaddress.org safe though??

bitaddress.org is properly implemented. Still wouldn't personally trust 35BTC to it though unless it was generated offline.

[Cubic Earth]

Is bitaddress.org safe though??

Personally, I don't consider any mainstream computer-implemented random number generators to be secure.  That includes bitaddress.org's built in entropy source.  My solution is to mix in my own entropy, at about 10% - 15%.  What does that look like in practice?  I accept the private keys that are supposedly randomly generated, make a few of my own 'random' modifications, swapping out 5 - 10 characters, and then turn that new private key into an address.

And, it can help to double or triple check the address derivation was carried out correctly.  Feel free to import your custom private key into different pieces of software and make sure they all give the same result.

[buzzlight]

Sorry for off topic, but is there a definitive cold storage tutorial somewhere?

[uhoh]

Sorry for off topic, but is there a definitive cold storage tutorial somewhere?

This one is quite good for armory if you have a dedicated offline machine.

http://www.youtube.com/watch?v=PGvrai3JxxI

[Hyena]

When I attempted my first cold storage I was not aware that all the balance on the address must be spent even if the slightest amount from that address is transferred to some other address. This nearly costed me all my bitcoins because I was about to delete the wallet immediately after testing if the cold storage address really works (by sending 0.0001). You can definitely shoot yourself in the leg when messing around with cold storages.

[bitcoinsrus]

Sorry for off topic, but is there a definitive cold storage tutorial somewhere?

https://www.youtube.com/watch?v=I1uefzJJ6nM
he uses bitaddress.org (not sure if you are willing to take the risk)

or do what uhoh and cubic earth said above (offline storage)

https://www.youtube.com/watch?v=K0cGvUFBNEQ
this guy is very good, watch the entire video, he does ubuntu etc (takes more time, but is much more secure)

[h0lybyte]

tl;dr -> Dont fucking use  brainwallet.org.

Furthermore, BobAlison nailed the reasoning.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihsovm

It looks like brainwallet.org still uses JavaScript's Math.random, which is known to be cryptographically insecure:

http://stackoverflow.com/questions/5651789/is-math-random-cryptographically-secure[1]

See the randomBytes function in http://brainwallet.org/js/bitcoinjs-min.js[2] - reformatting a little:
randomBytes: function (e) {
  for (var t=[]; e>0; e--) {
    t.push(Math.floor(Math.random() * 256));
    return t;
  }
}

It's up to the browser to decide how to implement Math.random. So it could be helpful to know the browser you used should someone want to follow up forensically.
This should be a wakeup call to anyone who relies on private keys generated though brainwallet.org or an insecure random number generator.
That said, how did you store your private keys? There are many ways they can fall into the wrong hands, both electronically and physically. Also, it's possible to leak information when spending. Did you by any chance spend from one or more wallets made the same way?

[EcuaMobi]

Wow!

All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj

But that was a great lesson  

Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.

[uhoh]

Wow!

All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj

But that was a great lesson  

Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.

WOW! Top man!

[Ibian]

Offline electrum install with a watch-wallet on your online machine. Full access to your financial info while at the same time keeping them physically secure.

As for online wallets, I don't use them, but I will eventually have funds on Kraken when the price starts going up. They allow the use of Yubikey (physical token required to log in), so are likely more secure than my hot multibit wallet.

[BTCfan1]

That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.

well it's definitely true of people in this sub-forum

[wobber]

When I attempted my first cold storage I was not aware that all the balance on the address must be spent even if the slightest amount from that address is transferred to some other address. This nearly costed me all my bitcoins because I was about to delete the wallet immediately after testing if the cold storage address really works (by sending 0.0001). You can definitely shoot yourself in the leg when messing around with cold storages.

What do you mean? Care to explain pls?

[gentlemand]

When I attempted my first cold storage I was not aware that all the balance on the address must be spent even if the slightest amount from that address is transferred to some other address. This nearly costed me all my bitcoins because I was about to delete the wallet immediately after testing if the cold storage address really works (by sending 0.0001). You can definitely shoot yourself in the leg when messing around with cold storages.

What do you mean? Care to explain pls?

The change address thing https://en.bitcoin.it/wiki/Change

[wobber]

When I attempted my first cold storage I was not aware that all the balance on the address must be spent even if the slightest amount from that address is transferred to some other address. This nearly costed me all my bitcoins because I was about to delete the wallet immediately after testing if the cold storage address really works (by sending 0.0001). You can definitely shoot yourself in the leg when messing around with cold storages.

What do you mean? Care to explain pls?

The change address thing https://en.bitcoin.it/wiki/Change

Oh, yea, that thing. Thanks

LE: But that applies only to Armory right? I mean, if you backup your wallet.dat you're safe.

[DannyElfman]

That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.

Since bitcoin is deflationary they use it as a speculative tool to increasing their wealth in terms of fiat.

There is little way around this issue.