Topic: all my coins gone today, sucks - page 2. (Read 22642 times)

First, the general public has to succumb to the fact that you're not an idiot and that mybitcoin's database was actually hacked.

Why are you using an eWallet service? That's fucking insanity. I'm so angry at you right now.

Same thing happened to me and I don't even have an mtgox account.

What can be done to this?

 
 
Your statement is only true if they're trying to crack using every possible character.  Otherwise if they're trying to crack leaving out lesser known characters, then no, the smaller password would be the more secure password in this instance.
 
Again I agree you're correct if they're using the exact same set of characters for brute-force... but some crackers may use less character to speed up their brute force attack if they're trying to get simpler/faster results.
 
here's an example.  Let's say I use 16 characters, but with 20 possible characters, it's a better password than someone who used a set of 20 characters with a set of 19 possible characters.
 
1208925819614629174706176   
vs
5242880000000000000000000

I can see why people who are new to BTC use the online wallet hosting sites to play around with the system, but why on earth would you leave almost $100k worth of BTC in the hands of some random website? Theese are not safe financial institutions, you have no guarantee that they have any measures in place to keep your money safe. You don't even know who is behind the site. For all we know they might just pack up and disappear with all the deposited BTC once the combined total reaches a certain ammount.

Would you put $100k in a suitcase and give it to a stranger you met on the bus for safekeeping?

1. Yes, it was stupid. I have several different passwords, the password I used for mybitcoin and mtgox was my "junk" password, while I was dabbling with mtgox. Anything financial or important has it's own unique password, but as I do not use a password manager I won't create a unique PW for a site that I will rarely, if ever use again. I never thought to change it after bitcoin became valuable to me.

2. My bitcoins left my account less than 24 hours after this notice went out. I went to bed on Sunday without receiving the email that something was wrong with mtgox during that day, I woke up Monday, went to work in a rush without checking my email, came home and saw the email, checked mybitcoin, and my coins were gone.

3. See above.


I don't live on the forums, nor do I regularly look at news sites, nor do I have a smartphone with mobile broadband to check email with. I do not have a TV so I would not have seen it on news. The only hint I had was that email, and by the time I actually got it, the account was already long compromised. Not everyone who is an advocate of bitcoin actually keeps up with the news on it. It really is boring to me because it will take a long time for bitcoin to become anything more than it's current effective status of "encrypted/untraceable USD funds", so I only check up on this stuff once every couple weeks.

Is it my fault? Ofcourse, in multiple ways it is. The password thing is one obvious one. The other is relying on a service to maintain it's security in exchange of my FEE PAYMENTS for them to uphold their service. The fee mtgox charges on exchanges is obviously to pay the person operating the exchange, in a way they are responsible to maintain their service's security. Since they didn't uphold proper service, scammers have made way with several hundred thousand dollars from the common users, regardless of the method achieved. It's like saying Sony isn't to blame for several people's credit cards being compromised and charged through the roof, and instead is the user's problem for not cancelling their credit card the very instant the news broke ice. Sony didn't uphold proper service, and caused the problem to happen regardless. Lots of people simply didn't even get the news of Sony being compromised, or thought it didn't effect them because they haven't used sony's services for many years, or forgot the one time they lent the nephew the credit card to buy some DLC or some crap when he was staying the night.

Completely agree.

Within an hour of the password list being leaked I changed the following

1) password manager password
2) facebook + enabled cell phone verification
3) email
4) NTLM
5) backblaze + encryption
6) paypal/bank without 2-factor

My secure Gox password wasn't even used on any of those sites.

All sites got a new 14+ character w/ all 4 groups.

Seriously don't fuck around with your security/identity.  You can't put the cat back in the bag and you've got an uphill battle if important accounts are compromised.

For me, it helps to think of the wallet file as a set of the following:
1. A Bitcoin address
2. A public key
3. A private key

The first two are public, but the third is like a very long password and needs to guarded as such.

Any one wallet can contain many sets of the listed 3 items.  But if all you do is create one offline, send coins to it, and verify the balance with Block Explorer, then you are only using one set.

Whoever is stealing these coins is making a big mistake.

They could be doubling their haul if they sent those coins to a Double Trouble game address.

While I feel bad for the people with stolen coins, but come-on ...really?

Same password on multiple sites.  *one*
Bells should have been going off as soon as it was rumoured user/pass was leaked. *two*
Confirmed list was leaked and still not changing user/pass for days.  *sorry, that's too much*

If the thief took place this morning there was plenty of time to fix this.

I like to explain it this way:  The block chain is a ledger, shared on many computers, keeping track of numerous accounts and their current balance.  Your wallet file proves that you are the owner of particular accounts.

Mine went to that same address, luckily I only had 0.01 BTC in MyBitcoin.

Ahhh, now I get it.  You're right about the wallet analogy. I was mistakenly thinking it was an actual repository for my BTC   Thanks for the explanation.

+1

The current sites are more like prototypes of the kinds of services that need to be developed

There are massive opportunities out there right now for people who understand enterprise systems, security, banking, etc

Your wallet doesn't actually hold any bitcoins. Rather, it's a private key used to sign transactions from the addresses you own. You only need your wallet in order to send bitcoins. You can send all your bitcoins to a bitcoin address belonging to an offline wallet and they'll show up in your client when you finally put that wallet online, after the client catches up with the blockchain. You can also check the balance of the address you sent to via Block Explorer, as mentioned previously in this thread.

Edit:
This whole "wallet" analogy, though intuitive, is proving super-confusing to people when they start trying to dig into the details. It seems like that confusion is starting to have security ramifications. Either we need to embark on a massive education campaign or we need to get some user-friendly security features built into the official client ASAP. Or else put together some sort of easy-to-use Bitcoin-branded tool for people to stand in the gap until such features make it into the official client.

Look in your spam folder.


It'll be right under the 10 tradehill spam mails.

Wait, how does this work?  Suppose I move my wallet over to an un-networked computer.  When I do a BTC disbursement from my pool's website, how will my wallet know about it?  Do the funds get put into my wallet the next time my computer goes online?

I don't feel sorry for anyone who didn't change email and/or password. It's not like every bitcoin related site has the hack news posted on it asking you to change your passwords.

I didn't receive an email and I can see from the released CSV of accounts that my email is correct.

Anyone who thinks that EVERYONE in the world has the patience and tollerence to monitor these forums on a daily basis, with all the bull shit and meaningless crap and know-it-all views of idiots, is pretty foolish in my opinion.  For every 30 minutes I spend reading posts in this forum, 1 minute is worth while and the other 29 minutes I feel like looking for a tall bridge.

I think it is quite concievable that there are many out there who know of bitcoin, have used bitcoin, but still haven't heard any word of the recent events spanning the past few days.

psh, everyone knows dead babies don't gain in value