Pages:
Author

Topic: Can my Bitcoins be stolen? - page 2. (Read 12861 times)

sr. member
Activity: 322
Merit: 250
March 02, 2011, 05:12:24 PM
#21
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

And fiat currencies are like chains with similarly weak links at either end and a middleman who keeps adding more links?
newbie
Activity: 35
Merit: 0
March 02, 2011, 04:23:52 PM
#20
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 02, 2011, 09:58:16 AM
#19
tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.

Indeed. The "flat" nature of internet text communication means sudden left turns like this usually get misunderstood.

My apologies. Smiley
full member
Activity: 143
Merit: 100
March 02, 2011, 09:53:01 AM
#18
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend.
tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.
full member
Activity: 263
Merit: 100
YGOLD is a Defi platform
March 01, 2011, 10:27:12 PM
#17
Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.
Exactly. This is as much a "security hole" as someone breaking into your house and stealing your jewelry.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 01, 2011, 06:19:37 PM
#16
Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.
sr. member
Activity: 322
Merit: 250
March 01, 2011, 04:27:14 PM
#15
Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?
He's saying that if Bitcoin goes mainstream, we'll see a huge demand for really good security. However, we'll also see a demand for really good thieves.

To reassure you, I'll say that you'll have less vulnerability to theft with bitcoins than with regular paper money. It's harder to counterfeit, and no one can print it on a whim. Also, you can't back up paper.
newbie
Activity: 35
Merit: 0
March 01, 2011, 03:57:36 PM
#14
This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.

Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?
legendary
Activity: 1106
Merit: 1004
March 01, 2011, 03:51:54 PM
#13
This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.
newbie
Activity: 35
Merit: 0
March 01, 2011, 03:37:23 PM
#12
I am pleased to get all your helpful answers but disappointed Bitcoin has this security hole. My fear is not that I will get my coins stolen as I am very careful not to allow my Linux system to be attacked. My worry is that where a shop does decides to accept Bitcoins, only then to see their takings randomly disappear, surely this would effectively strangle Bitcoin at birth.
legendary
Activity: 2940
Merit: 1090
March 01, 2011, 05:52:09 AM
#11
Any user accounts on any of your machines that are used to run untrusted software such as random screensavers and such that you impulse download while surfing the net should probably not also be used for financial applications, at least if one feels the concern that you feel.

Log in to your user account that has the financial apps only when you have finances to transact. For recreational computing log in to your recreational account.

It is much the same as not using your system-administrator account for recreation. Regard your financial-administration account similarly.

Treat your recreational account like En Guard's "red light district" activity: each time you visit you might be mugged so only take as much money there as you are prepared to lose.

-MarkM-
legendary
Activity: 1106
Merit: 1004
March 01, 2011, 04:38:30 AM
#10
What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Yes. If you suspect your wallet has been compromised, you should:
  • Generate 100 new addresses, and discard them (never use)
  • Transfer any remaining coins on that wallet to a address generated after the 100 above.
  • Never use any of the older addresses for any transaction.
  • Most important, try to understand what happened in order not to keep your new addresses in the same compromised machine. Maybe a format if it was a virus, a divorce if it was your wife etc.

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

I agree, the thing is that it's just not that simple. If you keep your wallet on the same machine you use to surf the web, there's always risk. If besides that you use windows, the risk is greater. It's impossible to fully protect a user's computer if the user executes malicious code or if s/he trusts in people s/he shouldn't. And sometimes you may get a worm just for viewing the wrong web site, without executing anything else but normal browsing...

I think that the best solution for those who don't feel comfortable in keeping their own coins is:
  • Have an offline wallet for your savings, as suggested before.
  • Use a "bank" (MyBitcoin, MtGox, Bitcoin-central...) to keep the bitcoins you want to move more frequently.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 01, 2011, 02:37:48 AM
#9
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend. I sincerely hope it is the former. Even if you couldn't just load up his wallet and send his coins to yourself, several threads have been written (and the bounty collected) about collecting coins using nothing but the private key, which is included in the wallet.dat. Other threads have been written about extracting the private key from a wallet (again, bounty collected).

tl;dr: don't send your wallet to anyone.
full member
Activity: 143
Merit: 100
March 01, 2011, 02:27:12 AM
#8
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
February 28, 2011, 06:53:03 PM
#7
I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.


Your wallet is data. If you connect a computer to the internet, there is the possibility that the data on that computer may be compromised. Take precautions. Use a secure operating system. Encrypt your wallet. Do not install programs from sources you do not trust. Practice safe computing, and you don't need to worry about your wallet.
newbie
Activity: 35
Merit: 0
February 28, 2011, 05:43:53 PM
#6
I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.
sr. member
Activity: 411
Merit: 250
February 28, 2011, 05:00:28 PM
#5
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so that’s not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

If somebody steals your wallet, they have complete control over any addresses that are a part of that wallet. That's one reason you may want to keep using different wallets, to mitigate that threat.
newbie
Activity: 35
Merit: 0
February 28, 2011, 04:58:09 PM
#4
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so that’s not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0
legendary
Activity: 1106
Merit: 1004
February 28, 2011, 04:18:52 PM
#3
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.
legendary
Activity: 860
Merit: 1026
February 28, 2011, 04:17:02 PM
#2
Quote
Can my Bitcoins be stolen?
short answer: yes.
with the Bitcoin client you are your own bank and you have the full responsibility for storing and using your wallet in a safe way.

Also, there is at least one thread about this topic already.
-> https://www.bitcoin.org/smf/index.php?topic=2698.0
Pages:
Jump to: