Pages:
Author

Topic: ALL of my bitcoins stolen (Around 60) . What the F*CK. - page 4. (Read 16807 times)

newbie
Activity: 56
Merit: 0
But then the virus would have to just wait longer until you type your password. I favor a "secure keypad" that you input your password via mouse clicks. Next question is how to trick viruses that may take screenshots?

Make the layout of the keyboard different each time, so if the SS it, they cant auto click it in again based on its presumed location.

Grandma will use mybitcoin.com and never touch a wallet.dat.  The client will never be friendly and secure enough for ordinary folk.  It's not play money for them and they don't want to have to match wits with the best hackers from China, the former Soviet bloc, and Silicon Valley just to buy a goddamn pair of socks.

Exactly, why does gramdma even need to know she has a wallet.dat? "Well DUH grandma, you should have known by reading the dev forums that if you dont compile your client with the -abc stwitch enabled for 64bit hardware that it broadcasts your private encryption keys to the network. Geez, what a fucking tard"  Roll Eyes
legendary
Activity: 3080
Merit: 1080
I was thinking about trying namcecoin. Although I dont find it very interesting compaired to btc. Namecoin is now of my radar completely. Maybe someone could setup a honey pot to try and verify the namecoin cleint or the download mentioned in this tread. Interesting times.

I have some doubts that the namecoin client is at fault here.

In my case I was using namecoin_win32.zip but was the official namecoin client from the namecoin website. Heaven forbid that actually containing an exploit. That would be quite shitty.
legendary
Activity: 3080
Merit: 1080
This sucks and is really putting me off investing in bitcoin.

What is the point if some hacker can just come in under my nose and steal everything?

There is no security in bitcoin, it's ridiculous.

There is security in bitcoin, but it has to be YOU! Don't count on security by default...

I've been thinking and I've come to the conclusion that Satoshi and the dev team should have never released a bitcoin client for windows!!!

Then right now we'd all be a bunch of Linux geeks enjoying our geeky little currency and nobody would've had the opportunity to steal from us. Later on maybe once the security of the default client is vastly improved, then and only then release a windows version. Just my 2 cents.

Where is the security? One unencrypted desktop file compromised and, hey presto, your money is gone. This doesn't happen with internet banking.

Even a web client that you install to your own hosting would have been WAY better than a dumb desktop client.

Don't get me wrong here, I was not saying that there is security in the default bitcoin client. Read my statement a bit more carefully to gain the full meaning of what I was trying to say - albeit in a sarcastic tone.

Internet banking is different and we can't fairly compare btc to that. With BTC YOU are your own bank.

full member
Activity: 154
Merit: 100
I was thinking about trying namcecoin. Although I dont find it very interesting compaired to btc. Namecoin is now of my radar completely. Maybe someone could setup a honey pot to try and verify the namecoin cleint or the download mentioned in this tread. Interesting times.
full member
Activity: 237
Merit: 100
Grandma will use mybitcoin.com and never touch a wallet.dat.  The client will never be friendly and secure enough for ordinary folk.  It's not play money for them and they don't want to have to match wits with the best hackers from China, the former Soviet bloc, and Silicon Valley just to buy a goddamn pair of socks.
legendary
Activity: 3080
Merit: 1080
how about we add a few bits and let people do wallet locks?  i think most of us at this time are hoarders who know bitcoisn will be worth 100,000$ per bitcoin one day

a wallet lock is something that only honest users would be interested in imho.. u can use a password to lock/unlock but not to send coins

the fact is.. yeah windows has exploits that pretty much allow hackers at anytime to own your system, they are in the wild before they're even patched and no windows  box is ever totally secure at any given time.. a 0-day hacker can always rape yer bitcoinZ


But then the virus would have to just wait longer until you type your password. I favor a "secure keypad" that you input your password via mouse clicks. Next question is how to trick viruses that may take screenshots?

legendary
Activity: 3080
Merit: 1080
Is crossposting bad?

http://forum.bitcoin.org/index.php?topic=23085.0

I might look at making a bounty if I can afford one, others could think about adding a bounty too, esp if youve been a victim (I havent, but I want to see bitcoin succeed)

Hmm, even a warning saying "hey dummy, in case you haven't read the bitcoin.org page/faq your wallet.dat file where the private keys which control your bitcoin balance are stored is unencrypted and unprotected. We recommend that you do not store large sums of bitcoins in the windows client. Please visit so and so website for a how-to on securing your wallet" would suffice.
legendary
Activity: 3080
Merit: 1080
Quote
And to those that say 'encrypting the wallet will make no difference' do you really think that the devs are thus adding it to pander to 'noobs', but that is secretly known as a waste of time?

Encrypting the wallet will help, but it doesn't solve the problem. When the BitCoin client is running, it will have decrypted your private keys and they will likely be in the memory of your machine. If you have a virus on your machine, that virus can access memory and get your private keys. Even if the devs of BitCoin work real hard and keep your keys encrypted when in memory, at some point they have be decrypted so they can be used. They may only be in memory or machine registers for a few milliseconds, but if you have a smart enough virus, your keys (and your BTC) will be compromised.

Encryption will help when the Bitcoin client is not running and it will protect you against an attack against your backups or other offline copies of your data.

It is essential for security (and the safekeeping of your BTC) that you keep your machine virus and malware free. If you can get to your money on your machine, so can a virus.

There is lots of good advice out there on how to keep your machine virus free, but the basics are to keep your machine patched, use antivirus, and never, ever, under any circumstances, access the Internet when you are logged in with administrative, root, or any other kind of elevated privileges.

In the Windows world turn on auto updates and let them run every day. Use a current, supported version of windows (that means Windows 7, not XP.) The anti-virus software the Microsoft gives out for free is solid - there is no excuse to not have anti-virus protection. Make sure your login account is not an "administrator". Only log in as an administrator when you want to install software.

In the Linux world, make sure you apply security packages from your distribution frequently. Don't run as root.

I don't post this to taunt or scold the OP, just to provide advice to prevent it happening to others.

Hmm, so basically when bitcoin goes big mainstream most of the users won't be using btc clients but rather be dealing with "bitcoin banks" of some sorts? I mean it looks to me that this is the only way to ensure 100% safety of your funds..well not really 100% because now you have to trust a third party.

This is becoming more and more evident because the moment even 1 BTC gets stolen from grandma, you can be your BTC she'll never use them again.
hero member
Activity: 616
Merit: 500
Did you say all your coins on mt gox were stolen, too?
legendary
Activity: 2408
Merit: 1121
** Lights a votive candle in the "allinvain" church of shitty security precautions - chapel and whineatorium **

"Dear father, forgive me, I have kept my primary balance on my machine with not a thought to security."

"Say ten "allinvain" prayers and donate a satoshi in the name of your sin."

"Yes father, I shall reflect on my failings and pray before the patron saint of 'he-knows-not-what-he-does'."

"Bless you, my child. Sin no more."
full member
Activity: 210
Merit: 100
This sucks and is really putting me off investing in bitcoin.

What is the point if some hacker can just come in under my nose and steal everything?

There is no security in bitcoin, it's ridiculous.

There is security in bitcoin, but it has to be YOU! Don't count on security by default...

I've been thinking and I've come to the conclusion that Satoshi and the dev team should have never released a bitcoin client for windows!!!

Then right now we'd all be a bunch of Linux geeks enjoying our geeky little currency and nobody would've had the opportunity to steal from us. Later on maybe once the security of the default client is vastly improved, then and only then release a windows version. Just my 2 cents.

Where is the security? One unencrypted desktop file compromised and, hey presto, your money is gone. This doesn't happen with internet banking.

Even a web client that you install to your own hosting would have been WAY better than a dumb desktop client.
newbie
Activity: 9
Merit: 0
your coins were sent to the same address as this person:
http://forum.bitcoin.org/index.php?topic=22937.0

strange...
full member
Activity: 134
Merit: 102
I noticed many Namecoin builds had SHA1 sums so I took the SHA1 sum of my ikZZRk.zip (1e24ae15200eba151fae1d8514027666d4a2135d) and found this post. The download link gives me the same file as I already have. The guy who posts it, grue, seems to be an active and trusted member of the community, so I doubt he is behind the hackings, but this is the source of that Namecoin binary.
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
Ever since A Cost Analysis of Windows Vista Content Protection, Microsoft has been dead to me. I have been using Gnu/Linux as my primary OS since the turn of the century. That said, those people claiming "Windows is the problem" are being Naive.

Yes it is difficult to keep a Windows Installation secure, but that does not imply that GNU/Linux distros are immune to similar vulnerabilities. Windows is the market leader. It is perceived to be "easy to use." As a result, many poorly-though out features are simply copied to make Windows users feel more at home. IMO that strategy always leads to failure; with Gnu/Linux seen as "Second best" with little room to innovate. Luckily, users have a choice: they don't have to install Ubuntu if they don't want to Smiley

Examples of bad functionality copied:
  • Wine was vulnerable to the WMF exploit
  • Microsoft has finally disabled autorun on USB drives; just as Ubuntu is introducing it.
  • Icon previews and all the vulnerable code they expose.
  • I'm probably missing many more
legendary
Activity: 1246
Merit: 1016
Strength in numbers
 
Let me just put it this way. BTC was a system designed by coders for coders. It was meant to be an interesting experiment. I don't think the "elders of bitcoin" foresaw that it would grow into what it is today. They were caught off-guard.

Someone was caught off guard, but it wasn't the 'elders'.

Oh here we go..attack of the Linux nerds!

OMG OMG the default bitcoin cleint's security sucks..OMG unencrypted wallet.dat is such a good idea!

Anyways, this is the standard response most of you give...so yeah..moving on.


Yeah, leaving tens of coins in an unencrypted wallet would be fucking stupid.
legendary
Activity: 3080
Merit: 1080
Sounds very fishy.

If you had it encrypted, any ideas on how it was stolen?

If you're being honest, I'm terribly sorry for your loss. That stinks.

Yea, it does. I had /backups/ encrypted, I should have been clear. Any virus/trojan/person could have just coppied the wallet file from %appdata%/bitcoin.

Encryption cannot protect wallets in use, because your legitimate client has to decrypt it anyway. Encryption is good for backups only.

Yep you're right. Even if the client encrypted the wallet when not in use it eventually has to decrypt it when you want to spend from it. AT that moment it is vulnerable to key logger attack and to any nasty viruses that could are residing in memory (waiting for the opportunity to strike). Someone on a different thread (forget which one) suggested that the client implement a unix style permissions system. Maybe also running the client in it's own chroot (something equivalent in windows) would be a good idea. But in the end it's still quite hard to avoid all avenues of attack. My point is that still the more security measures you can implement the lower the odds that some unclever hacker is easily able to steal your coins.

newbie
Activity: 42
Merit: 0
how about we add a few bits and let people do wallet locks?  i think most of us at this time are hoarders who know bitcoisn will be worth 100,000$ per bitcoin one day

a wallet lock is something that only honest users would be interested in imho.. u can use a password to lock/unlock but not to send coins

the fact is.. yeah windows has exploits that pretty much allow hackers at anytime to own your system, they are in the wild before they're even patched and no windows  box is ever totally secure at any given time.. a 0-day hacker can always rape yer bitcoinZ
newbie
Activity: 56
Merit: 0
Is crossposting bad?

http://forum.bitcoin.org/index.php?topic=23085.0

I might look at making a bounty if I can afford one, others could think about adding a bounty too, esp if youve been a victim (I havent, but I want to see bitcoin succeed)
newbie
Activity: 24
Merit: 0
I usually read the description whenever my Win 7 box wants to download updates, and it seems like lots of times I'll see a security update that says it patches a vulnerability that could "allow an attacker to execute arbitrary code" or something ominous like that, so if anything I'd bet that it was not staying up to date that screwed you over.
full member
Activity: 134
Merit: 102
I have a copy of that Namecoin build as well. I haven't encountered any theft, but I have certain measures in place to protect my wallet.

I was sure I got that build from the original Namecoin thread, but I was unable to find it there again. That's got me suspicious.
Pages:
Jump to: