Bitcoin cold storage - HACKED easily

[Envrin]

Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.

[rio3232]

Don't use wallet software provided by someone who goes by a name like l33tHaxorKid, and you'll be fine.

haha who is he dude ?
scammer people ?

[mayax]

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

[ranochigo]

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

[mayax]

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer.

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...

[MrTeal]

What if your base os is compromised and you use a livecd whilst being offline to store the coins.....can this make you unsafe?

"Even if the manufacturer (https://bitcoin.org/) claims that it runs open-source code, how do you tell whether it is actually running what you compiled?" Verbücheln said.

in other words: MANY developers worldwide are working in their free time to a project, in this case, Bitcoin. That's why it's called OPEN SOURCE.

These developers can put anything they want IN the source code.

Verbücheln: ".... that some pieces of open-source code are so large and complex that even a dedicated community of developers may not detect a malicious addition."

This is pretty much impossible. I believe only selected, trusted and knowledgeable members are able to commit, they probably are reviewed by a lot of people before changes can be committed. It is not possible for anyone to just insert changes without the approval of core developers and those changes are usually fairly small.

Ok. it's good that you are believer.

Please let tell me the names of those who develop the Bitcoin application and the auditors for it...

https://github.com/bitcoin/bitcoin/graphs/contributors

[grendel25]

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

[mayax]

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.

[spazzdla]

Use paper wallets, many of them.  Once you import the private keys from them destroy that wallet.

[jonald_fyookball]

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.

You could argue that a closed source currency issued by a central
authority couldn't have malicious code sneaked into a release by an
outside party, but the trade off is that you have to trust that
central authority completely...Not only their integrity, but their
resistance to manipulation, attacks,
outside influences, as well as their robustness and longevity.

Recent history has shown that centralized e-currencies are easily
shut down by governments.

[rax]

Easily. Because fuck yeah.

[tokeweed]

Your funds are not safe neither in "cold storage". Read:

https://www2.informatik.hu-berlin.de/~verbuech/klepto-ecdsa/klepto-ecdsa.pdf  

or

http://www.coindesk.com/research-hackers-install-backdoor-bitcoin-cold-storage/


many of you said "cold storage is the best". well. it is not. that explains many hacks in Bitcoin which some of the bitcoiners considered to be very safe.

What's next? Mass withdrawals from Bitcoin. What can you do when you KNOW that your cold storage is exposed to be stolen? You must be stupid to keep your earnings there.

Only few people knew about this exploit. Now, any russian or ukrainian kid will try to hack the cold storages and guess what?! THEY WILL DO IT !    

[rz20]

If it is so easy why don't you get the funds from primedice or from bitstamp?

[SargeR33]

Seems like a load of bull. This is open source, sure people can sneak code into it but it will be picked up. I'm also sure most people here now have found a wallet they trust and tested and will stick to it. I have no reason to swap wallets. I am happy with the wallet I am using and I can trust it and trust the machine I use.

If in doubt, use offline files from paper wallet websites, check the code and generate cold storage that way. If the code is clean, it is impossible for the hacker to obtain any private key since the machine used is offline, there is no leaked data and only you can have this information. Then just transfer your btc to that and store them in a safe.

This is why people don't use BTC. People who don't know what they're doing will probably get stung by a dodgy wallet or website and be deterred from bitcoin forever. Bitcoin is not user friendly.

[Flashman]

being "open source" is much more vulnerable than any other centralized e-currency.

True, coz nobody would put that open source linux shit on teh interwebs servers for same reason 

[Rum152]

I can think of no money that can't be hacked easily.  Bitcoin may have different risk factors but it can be stolen just as easily as any other money.  It's not security that makes bitcoin better but there are security aspects of bitcoin that other currencies can't enjoy as readily.  But it can all be obfuscated at any time by a myriad of 'forks' bitcoin could take.

being "open source" is much more vulnerable than any other centralized e-currency.

This is not true. Having something open source means that many people can and will audit the code to ensure that it is secure. When you have something closed source and centralized you have one central point of failure and do not get this kind of testing - at least not until it is too late

[tokeweed]

If it is so easy why don't you get the funds from primedice or from bitstamp?

yup.  or hack satoshi's wallet/s.  duh.

[RoadStress]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

[newIndia]

Isn't the ECDSA attack possible only when you re-use addresses? I thought that if you always use new addresses you are immune to this type of attack.

I think, if u keep receiving coins then also you are safe. You need to change, only when you are sending.

[smoothie]

OP is obviously not painting a complete picture. Obviously a compromised pc or set of code can be hacked because in essence it is already hacked by it being compromised with a backdoor etc.

Problem with this guy's post is he doesn't paint a clear picture of the security that exists when code that is reviewed by the public (many parties) and how that secures people's funds from a software standpoint.

Better open sourced than closed. But oh let's not bring that up buddy lol