contagion
Newbie
 Offline
Activity: 28
Merit: 0
|
 |
December 13, 2014, 03:07:25 AM |
|
STOP USING WINDOWS FFS!
stop browsing the internet or even having browsers installed on any device containing your cryptos. This is exactly what is holding back Bitcoin. I now have to have a separate computer for all bitcoin transactions. And that is unreasonable for the typical sixpack joe. The average consumer will just say "heck no, I will just use Visa". A solution could be a custom ASIC hardware key, wherein the private key is not accessible; it would interface with your (optionally deterministic hierarchical) wallet via USB but you would be require to press a physical button to release signatures. Wallets would warn when balances are large enough that a hardware key is warranted. Price could be reduced to a few $ over time. Is there something like this already available? I think there are setups for Rasberry Pi for this, but this needs to come down to the consumer level price and plug-and-play simplicity. |
|
|
|
|
|
|
|
campycoin
|
|
December 13, 2014, 03:14:53 AM |
|
Wait... now I am confused... Multibit? You must enter your pw for any multibit send. When you click transactions on that wallet in multibit does it show it? When you say u had a good password do you mean like 16+ characters using all combos? Or 6 character 15yo3x?
|
|
|
|
|
Bitmore
Full Member
Offline
Activity: 413
Merit: 100
https://eloncity.io/
|
|
December 13, 2014, 03:38:11 AM |
|
Somewhere in this over my head analysis is the answer to the security problem. And someone a lot smarter than I will get rich. And God bless 'em. A super-app some day will address this need. |
|
|
|
|
twister
|
|
December 13, 2014, 03:54:11 AM |
|
Wait... now I am confused... Multibit? You must enter your pw for any multibit send. When you click transactions on that wallet in multibit does it show it? When you say u had a good password do you mean like 16+ characters using all combos? Or 6 character 15yo3x?
This is what I am wondering, how does hackers steal the passwords, do they have some sort of key loggers, if the wallet and keys were encrypted there's no way to steal those without knowing the password. |
|
|
|
gogxmagog (OP)
Legendary
Offline
Activity: 1456
Merit: 1010
Ad maiora!
|
|
December 13, 2014, 03:56:18 AM |
|
Yeah, it's my own damn fault for leaving those coins in the hot wallet. I guess I let my gaurd down.
My password was 16 characters, numbers and made up words... Not sure how they got past that? My btc in cold storage is untouched, I download a lot of music, and occasionally a movie, however I have been visiting viooz which is a bootleg streaming movie sight from Russia... So I dont know about that...
That's great you found the address but I'm not sure where to go with it? The "security issue" with btc sure won't help with the universal acceptance. I just lost almost 3k$ and I'm fairly careful, no expert, but fairly proficient... If I can get robbed than I would say over 80% of the general population is at far greater risk.
I'm buying a ledger wallet.
|
|
|
|
|
|
MrGreenHat
|
|
December 13, 2014, 03:59:29 AM |
|
Yeah, it's my own damn fault for leaving those coins in the hot wallet. I guess I let my gaurd down.
My password was 16 characters, numbers and made up words... Not sure how they got past that? My btc in cold storage is untouched, I download a lot of music, and occasionally a movie, however I have been visiting viooz which is a bootleg streaming movie sight from Russia... So I dont know about that...
That's great you found the address but I'm not sure where to go with it? The "security issue" with btc sure won't help with the universal acceptance. I just lost almost 3k$ and I'm fairly careful, no expert, but fairly proficient... If I can get robbed than I would say over 80% of the general population is at far greater risk.
I'm buying a ledger wallet.
Yeah, I think this might be where you may have gone wrong, but thats just a guess. |
|
|
|
|
|
campycoin
|
|
December 13, 2014, 04:03:39 AM |
|
Wait... now I am confused... Multibit? You must enter your pw for any multibit send. When you click transactions on that wallet in multibit does it show it? When you say u had a good password do you mean like 16+ characters using all combos? Or 6 character 15yo3x?
This is what I am wondering, how does hackers steal the passwords, do they have some sort of key loggers, if the wallet and keys were encrypted there's no way to steal those without knowing the password. Yeah, impossible if it is a good password. Wondering how this happened |
|
|
|
|
|
campycoin
|
|
December 13, 2014, 04:05:11 AM |
|
Yeah, it's my own damn fault for leaving those coins in the hot wallet. I guess I let my gaurd down.
My password was 16 characters, numbers and made up words... Not sure how they got past that? My btc in cold storage is untouched, I download a lot of music, and occasionally a movie, however I have been visiting viooz which is a bootleg streaming movie sight from Russia... So I dont know about that...
That's great you found the address but I'm not sure where to go with it? The "security issue" with btc sure won't help with the universal acceptance. I just lost almost 3k$ and I'm fairly careful, no expert, but fairly proficient... If I can get robbed than I would say over 80% of the general population is at far greater risk.
I'm buying a ledger wallet.
Well then you should stop everything you are doing... you have a key logger on your system |
|
|
|
|
BLKMined
Newbie
Offline
Activity: 53
Merit: 0
|
|
December 13, 2014, 04:25:08 AM |
|
I as well have a Multibit wallet set-up on my P.C. but for some odd reason felt placing money(BTC) in this particlar wallet wasn't right. Just for hearing of this I will no doubt dispose of it!
Who knows maybe Multibit took advantage from you leaving your account open and took your coins knowing there was no way of finding out???
Face it You got Goxed!
|
|
|
|
|
Levitron
Member
Offline
Activity: 63
Merit: 10
|
|
December 13, 2014, 04:36:45 AM |
|
STOP USING WINDOWS FFS!
Goodluck trying to get the average joes in bitcoin then |
|
|
|
|
|
activebiz
|
|
December 13, 2014, 06:51:28 AM |
|
from the op it looks like your PC was left on and online. I think it must be from some malware gettinginto your PC. if there is a program to view system network logs, u might be able to know exactly what happened. it also best to use Linux with your bitcoin wallets
|
|
|
|
|
picolo
|
|
December 13, 2014, 07:43:12 AM |
|
Don't just create a new wallet, you need to reformat and reinstall your OS at the very least. You should also change all your passwords.
Did you install anything new recently, in particular anything cryptocurrency related?
Use an other computer with an antivirus when you want to create a new wallet. Paper wallet are saef to hold bigger amounts of bitcoins. |
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
December 13, 2014, 07:47:54 AM |
|
Yeah, it's my own damn fault for leaving those coins in the hot wallet. I guess I let my gaurd down.
My password was 16 characters, numbers and made up words... Not sure how they got past that? My btc in cold storage is untouched, I download a lot of music, and occasionally a movie, however I have been visiting viooz which is a bootleg streaming movie sight from Russia... So I dont know about that...
That's great you found the address but I'm not sure where to go with it? The "security issue" with btc sure won't help with the universal acceptance. I just lost almost 3k$ and I'm fairly careful, no expert, but fairly proficient... If I can get robbed than I would say over 80% of the general population is at far greater risk.
I'm buying a ledger wallet.
 good choice. its the first cheap device for a mass market. we need more of these and they will be developed in the next 1-2 years. and buy a good antivirus-programm like Kaspersky  |
|
|
|
gogxmagog (OP)
Legendary
Offline
Activity: 1456
Merit: 1010
Ad maiora!
|
|
December 13, 2014, 07:58:28 AM |
|
I ran Sophos and it detected one item and deleted it. I don't think it was a key logger because I haven't sent any coins in weeks so no password was keyed in recently. It's just very weird that multibit opened up without me clicking it. All I can think is they cracked the pass with some super duper program or there is a flaw in multibit that allows the pass to be bypassed. I've cold storage for my savings, and they're fine, but ~6 btc is a big loss and I really don't understand IT enough to be 100% sure what I'm doing, like Linux or Ubuntu seem kind of daunting. I'm going to get a hardware wallet and I am never leaving more than 0.5 btc in my hot wallet ever again.
This experience has damaged my faith in btc. Not the tech itself, but the actuality of any regular joe ever trusting it. If btc is so easy to steal the banks will never have to worry.
|
|
|
|
|
Levitron
Member
Offline
Activity: 63
Merit: 10
|
|
December 13, 2014, 08:04:51 AM |
|
What was the virus called? also run malwarebytes
|
|
|
|
|
wadili89
Legendary
Offline
Activity: 1106
Merit: 1000
|
|
December 13, 2014, 08:10:24 AM |
|
It may be the thief got the wallet long back and spent the time till now trying to crack the password.
Its scary how a veteran member gets robbed.
|
|
|
|
|
Blazr
|
|
December 13, 2014, 08:50:32 AM |
|
My password was 16 characters, numbers and made up words...
You should obviously change anything else that uses that password and never use it again. Out of curiosity, what was the password? A randomly generated 16char password made up of upper & lower case letters numbers and symbols is around 104bits of entropy which is pretty much impossible to crack, it would definitely cost a hell of a lot more than 6BTC worth of computing power to crack, so I'm curious to see how strong your password really was, if it really is that strong the hacker must have keylogged you when you last entered your password and only just got around to stealing the funds. Maybe the hacker got a backup of your wallet that wasn't encrypted? |
|
|
|
contagion
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 13, 2014, 09:38:39 AM |
|
I would not assume that antivirus can detect all forms of trojans that can intercept when you type your password. Some keyloggers may intercept keys at the system level and be detected, others may be application specific (e.g. if Multibit is an application or runs in the browser, then a trojan that infects the application or browser) and thus variable and not detected. The only safe option would be hardware isolation, for hardware microcode that can't be reprogrammed dynamically, i.e. an ASIC not a CPU, since these have reprogrammable microcode (even though only Intel and the NSA are supposed to have the ability to reprogram these, a hacker might figure out how). A solution could be a custom ASIC hardware key, wherein the private key is not accessible; it would interface with your (optionally deterministic hierarchical) wallet via USB but you would be require to press a physical button to release signatures.
...
Is there something like this already available?
Ah good to see the market is already providing hardware wallets. I'm buying a ledger wallet.
good choice. its the first cheap device for a mass market. we need more of these and they will be developed in the next 1-2 years. |
|
|
|
|
|
ujka
|
|
December 13, 2014, 09:47:08 AM |
|
A solution could be a custom ASIC hardware key, wherein the private key is not accessible; it would interface with your (optionally deterministic hierarchical) wallet via USB but you would be require to press a physical button to release signatures.
Are you describing a Trezor? https://bitcointalk.org/index.php?topic=122438.0 |
|
|
|
|
|
