Author

Topic: Can my Bitcoins be stolen? (Read 12864 times)

member
Activity: 98
Merit: 20
April 03, 2011, 10:35:59 PM
#41
What if someone else just so happens to randomly generate the same keypair and someone else?
As 'error' noted, it's extremely unlikely to happen. If by some chance it did happen, then any bitcoins sent to that address would appear in both users' wallets. When one of them spent the money (even partially) the entire amount of the original transaction would disappear from the other person's wallet.

Quote
Like what if someone were to setup their machine to do nothing but generate keypairs until they found one that matched an account with coins in it?  Hell, while your at it, same all the keypairs you make and check them periodically for matches.
The entire science of cryptography is geared towards making sure that kind of attack is computationally infeasible. For you and me, "computationally infeasible" essentially means "impossible."
hero member
Activity: 588
Merit: 500
April 01, 2011, 12:22:45 PM
#40
What if someone else just so happens to randomly generate the same keypair and someone else?  Like what if someone where to setup their machine to do nothing but generate keypairs until they found one that matched an account with coins in it?  Hell, while your at it, same all the keypairs you make and check them periodically for matches.

This is about as likely as a black hole appearing in your bedroom. Unlikely in the extreme, but still technically possible. Not much need to worry about it until a black hole actually does appear in your bedroom.
member
Activity: 61
Merit: 10
April 01, 2011, 12:07:50 PM
#39
What if someone else just so happens to randomly generate the same keypair and someone else?  Like what if someone where to setup their machine to do nothing but generate keypairs until they found one that matched an account with coins in it?  Hell, while your at it, same all the keypairs you make and check them periodically for matches.
sr. member
Activity: 294
Merit: 252
March 03, 2011, 06:28:27 PM
#38
The point is that high quality paper and ink will decay far slower than any optical media.
Additionally, you don't have to worry about not being able to find a CD-ROM drive when you fetch the stored keys out of your safety deposit box. Smiley
sr. member
Activity: 406
Merit: 256
March 03, 2011, 05:49:11 PM
#37
This was assuming you're holding onto the wallet.dat as a long term value storage option - print out the wallet, mark down the addresses, and delete the original file. Then store someplace safe Smiley Easy to deposit coins to the wallet, but hard to withdraw.

Or, for that matter, burn the thing onto a CD, place the disk in a safety deposit box, and delete the original.

If there's enough demand, a 2-d barcode format suitable for printing a wallet and rapidly scanning it back in can and will be developed. That way, you can have the relative permanence of paper, and the ease of digital data.

The point is that high quality paper and ink will decay far slower than any optical media.
N12
donator
Activity: 1610
Merit: 1010
March 03, 2011, 05:29:58 PM
#36
Are we re-inventing the banknote here?  Undecided
No. It’s just the key to your BTC wealth.
newbie
Activity: 35
Merit: 0
March 03, 2011, 05:27:27 PM
#35
This was assuming you're holding onto the wallet.dat as a long term value storage option - print out the wallet, mark down the addresses, and delete the original file. Then store someplace safe Smiley Easy to deposit coins to the wallet, but hard to withdraw.

Or, for that matter, burn the thing onto a CD, place the disk in a safety deposit box, and delete the original.

If there's enough demand, a 2-d barcode format suitable for printing a wallet and rapidly scanning it back in can and will be developed. That way, you can have the relative permanence of paper, and the ease of digital data.

Are we re-inventing the banknote here?  Undecided
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 03, 2011, 05:06:18 PM
#34
This was assuming you're holding onto the wallet.dat as a long term value storage option - print out the wallet, mark down the addresses, and delete the original file. Then store someplace safe Smiley Easy to deposit coins to the wallet, but hard to withdraw.

Or, for that matter, burn the thing onto a CD, place the disk in a safety deposit box, and delete the original.

If there's enough demand, a 2-d barcode format suitable for printing a wallet and rapidly scanning it back in can and will be developed. That way, you can have the relative permanence of paper, and the ease of digital data.
sr. member
Activity: 406
Merit: 256
March 03, 2011, 04:57:27 PM
#33
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).


As I've mentioned in other threads - a bitcoin wallet isn't that big - you could easily print it out with a high quality printer and some fancy software, then store it in a bank.

I don't see how printing your wallet.dat would help to protect you from theft of your coins.

This was assuming you're holding onto the wallet.dat as a long term value storage option - print out the wallet, mark down the addresses, and delete the original file. Then store someplace safe Smiley Easy to deposit coins to the wallet, but hard to withdraw.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 03, 2011, 04:42:41 PM
#32
If I coded so much as a comma in the Bitcoin Client, the whole system would crash and fall apart. Coding is just one of the millions of things I can't do.  Sad

If you can type, you can code. Programming is a skill, not an inborn trait, you simply need to learn. The fact that you mastered english grammar tells me that c++ grammar is not beyond you. If you must decline on inability to code, say it right:

"Coding is just one of the million things I do not have the dedication to learn"

Wink
newbie
Activity: 35
Merit: 0
March 03, 2011, 04:07:26 PM
#31
Agreed, I am so convinced of Bitcoins potential that I want to see it develop into the best possible payment system. No excuses by saying the competition can't do that either!

Well, what you waiting for?

Get coding!

If I coded so much as a comma in the Bitcoin Client, the whole system would crash and fall apart. Coding is just one of the millions of things I can't do.  Sad
I could print fiat currency though - any dummy can do that.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 03, 2011, 03:59:56 PM
#30
Agreed, I am so convinced of Bitcoins potential that I want to see it develop into the best possible payment system. No excuses by saying the competition can't do that either!

Well, what you waiting for?

Get coding!
newbie
Activity: 35
Merit: 0
March 03, 2011, 03:38:16 PM
#29
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

And fiat currencies are like chains with similarly weak links at either end and a middleman who keeps adding more links?

This is like saying gold is flawed because someone can mug you.

Agreed, I am so convinced of Bitcoins potential that I want to see it develop into the best possible payment system. No excuses by saying the competition can't do that either!
newbie
Activity: 35
Merit: 0
March 03, 2011, 03:32:24 PM
#28
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).


As I've mentioned in other threads - a bitcoin wallet isn't that big - you could easily print it out with a high quality printer and some fancy software, then store it in a bank.

I don't see how printing your wallet.dat would help to protect you from theft of your coins.
newbie
Activity: 35
Merit: 0
March 03, 2011, 03:29:38 PM
#27
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

And fiat currencies are like chains with similarly weak links at either end and a middleman who keeps adding more links?

Yes sure thing but the Open Source community can do thousands of times better than proprietary systems. Open Source wouldn't be proud to have developed another version of MS Windows.  Grin
newbie
Activity: 35
Merit: 0
March 03, 2011, 03:24:24 PM
#26
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).


Its encouraging that you take this problem seriously rather than some on this forum that would rather blame any weakness on the end user. I really don't think anyone can be 100% sure that their PC is totally free of malicious software if they have been online or plugged in a memory devices from other PCs.

A password would substantially protect your wallet.dat and it could be made less intrusive if it was only required to SEND coins. Also if an eight character password is used, the client should ask for three random characters input via drop down lists on screen (no keyboard entry). Also password input should be limited to two attempts per minute. And the icing on the cake would be an alert message if two simultaneous connections exist of the same wallet so the real owner (with the complete password) could send their coins to safety before the crook can get the full password.

While not 100% secure it would make collecting the complete password to steal coins extremely difficult. I hope further debate could contribute to the development of the Bitcoin client and the USB backup routine you refer to would be a massive usability enhancement.


hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 02, 2011, 09:45:08 PM
#25
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

And fiat currencies are like chains with similarly weak links at either end and a middleman who keeps adding more links?

This is like saying gold is flawed because someone can mug you.
sr. member
Activity: 406
Merit: 256
March 02, 2011, 08:05:40 PM
#24
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).


As I've mentioned in other threads - a bitcoin wallet isn't that big - you could easily print it out with a high quality printer and some fancy software, then store it in a bank.
sr. member
Activity: 322
Merit: 250
March 02, 2011, 06:32:17 PM
#23
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).

I'd like to add that nothing about Bitcoin precludes the features that Gavin mentioned. It's an open source project, and someone just has to program them.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
March 02, 2011, 06:18:48 PM
#22
If there is a virus on your computer, and your bitcoins are stored on that computer, then there is nothing the bitcoin software can do to prevent that virus from eventually stealing your coins.

That said, allowing you to 'lock' your coins with a password, and requiring that you enter that password to send coins, is high on the list of things I'd like to see bitcoin do.  That would make it harder for a virus to steal your coins.

But even then, a smart virus could lay in wait until you typed your password to unlock your wallet and take that opportunity to either capture your password or send the coins to a bad guy.  If you can't trust your computer, don't store your life savings on it (and yes, bitcoin software also should make it easy to save some of your bitcoins on USB sticks or CD-R disks so they can be stored safely in your safe deposit box at your bank).
sr. member
Activity: 322
Merit: 250
March 02, 2011, 05:12:24 PM
#21
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.

And fiat currencies are like chains with similarly weak links at either end and a middleman who keeps adding more links?
newbie
Activity: 35
Merit: 0
March 02, 2011, 04:23:52 PM
#20
Bitcoin currently is like an unbreakable titanium chain linking two computers but attached each end with cotton thread.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 02, 2011, 09:58:16 AM
#19
tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.

Indeed. The "flat" nature of internet text communication means sudden left turns like this usually get misunderstood.

My apologies. Smiley
full member
Activity: 143
Merit: 100
March 02, 2011, 09:53:01 AM
#18
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend.
tl;dr: don't send your wallet to anyone.

Third option -> I was joking.  It's as if he said, can my cash be stolen and I say, "No way, give me your wallet and I'll prove it to you."  I would no more expect him to mail me his wallet.dat than the wallet in his back pocket.
full member
Activity: 263
Merit: 100
YGOLD is a Defi platform
March 01, 2011, 10:27:12 PM
#17
Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.
Exactly. This is as much a "security hole" as someone breaking into your house and stealing your jewelry.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 01, 2011, 06:19:37 PM
#16
Perfect security is an illusion. Physical currency can be stolen, too... no vault is completely secure. Bitcoins even have a few advantages over physical currency, just as FatherMcGruder explained.
sr. member
Activity: 322
Merit: 250
March 01, 2011, 04:27:14 PM
#15
Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?
He's saying that if Bitcoin goes mainstream, we'll see a huge demand for really good security. However, we'll also see a demand for really good thieves.

To reassure you, I'll say that you'll have less vulnerability to theft with bitcoins than with regular paper money. It's harder to counterfeit, and no one can print it on a whim. Also, you can't back up paper.
newbie
Activity: 35
Merit: 0
March 01, 2011, 03:57:36 PM
#14
This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.

Are you saying that if I had an online shop all my Bitcoin receipts would go straight into my online Bitcoin bank and so would be retained securely for me?
legendary
Activity: 1106
Merit: 1004
March 01, 2011, 03:51:54 PM
#13
This is not a security hole of bitcoins, Scarecrow. Any sensitive data is vulnerable if not properly protected.

If bitcoins go mainstream, people will just trust their assets to bitcoin banks.
newbie
Activity: 35
Merit: 0
March 01, 2011, 03:37:23 PM
#12
I am pleased to get all your helpful answers but disappointed Bitcoin has this security hole. My fear is not that I will get my coins stolen as I am very careful not to allow my Linux system to be attacked. My worry is that where a shop does decides to accept Bitcoins, only then to see their takings randomly disappear, surely this would effectively strangle Bitcoin at birth.
legendary
Activity: 2940
Merit: 1090
March 01, 2011, 05:52:09 AM
#11
Any user accounts on any of your machines that are used to run untrusted software such as random screensavers and such that you impulse download while surfing the net should probably not also be used for financial applications, at least if one feels the concern that you feel.

Log in to your user account that has the financial apps only when you have finances to transact. For recreational computing log in to your recreational account.

It is much the same as not using your system-administrator account for recreation. Regard your financial-administration account similarly.

Treat your recreational account like En Guard's "red light district" activity: each time you visit you might be mugged so only take as much money there as you are prepared to lose.

-MarkM-
legendary
Activity: 1106
Merit: 1004
March 01, 2011, 04:38:30 AM
#10
What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Yes. If you suspect your wallet has been compromised, you should:
  • Generate 100 new addresses, and discard them (never use)
  • Transfer any remaining coins on that wallet to a address generated after the 100 above.
  • Never use any of the older addresses for any transaction.
  • Most important, try to understand what happened in order not to keep your new addresses in the same compromised machine. Maybe a format if it was a virus, a divorce if it was your wife etc.

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

I agree, the thing is that it's just not that simple. If you keep your wallet on the same machine you use to surf the web, there's always risk. If besides that you use windows, the risk is greater. It's impossible to fully protect a user's computer if the user executes malicious code or if s/he trusts in people s/he shouldn't. And sometimes you may get a worm just for viewing the wrong web site, without executing anything else but normal browsing...

I think that the best solution for those who don't feel comfortable in keeping their own coins is:
  • Have an offline wallet for your savings, as suggested before.
  • Use a "bank" (MyBitcoin, MtGox, Bitcoin-central...) to keep the bitcoins you want to move more frequently.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
March 01, 2011, 02:37:48 AM
#9
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.

Either you are mis-informed, or attempting to defraud our new friend. I sincerely hope it is the former. Even if you couldn't just load up his wallet and send his coins to yourself, several threads have been written (and the bounty collected) about collecting coins using nothing but the private key, which is included in the wallet.dat. Other threads have been written about extracting the private key from a wallet (again, bounty collected).

tl;dr: don't send your wallet to anyone.
full member
Activity: 143
Merit: 100
March 01, 2011, 02:27:12 AM
#8
No.  It is technologically impossible and THAT is the value of Bitcoins.  Send me your wallet.dat file and I will prove to you what you need to know.
hero member
Activity: 532
Merit: 500
FIAT LIBERTAS RVAT CAELVM
February 28, 2011, 06:53:03 PM
#7
I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.


Your wallet is data. If you connect a computer to the internet, there is the possibility that the data on that computer may be compromised. Take precautions. Use a secure operating system. Encrypt your wallet. Do not install programs from sources you do not trust. Practice safe computing, and you don't need to worry about your wallet.
newbie
Activity: 35
Merit: 0
February 28, 2011, 05:43:53 PM
#6
I read this thread https://www.bitcoin.org/smf/index.php?topic=2698.0 and its a bit complex for me but my conclusion so far is that if you connect your wallet to the internet at any time, there is a possibility that you have created a situation that at some time in the future you will lose any coins associated with that wallet. If so, there is still much work to be done.
sr. member
Activity: 411
Merit: 250
February 28, 2011, 05:00:28 PM
#5
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so that’s not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0

If somebody steals your wallet, they have complete control over any addresses that are a part of that wallet. That's one reason you may want to keep using different wallets, to mitigate that threat.
newbie
Activity: 35
Merit: 0
February 28, 2011, 04:58:09 PM
#4
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.

I am familiar with TrueCrypt so that’s not a problem. If I always use an empty online wallet.dat and keep my coins in my encrypted "savings wallet.dat", then I should be okay. But is it only the wallet.dat that needs to be copied/pasted from/to the .bitcoin folder? Can copies be made while the client is running?

Alternatively should I be running two completely separate Bitcoin clients e.g. one for hashing and receiving Bitcoins being basically empty and one for spending Bitcoins being my encrypted savings wallet.

What if my empty wallet.dat has been copied by a crook and then sometime later I am sent some coins, if the crook gets to them first they could disappear right from under my nose even though I had been taking precautions. Yes/No?

Sorry I'm so full of questions but it seems to me the client needs to be providing basic user protection prior to v1.0
legendary
Activity: 1106
Merit: 1004
February 28, 2011, 04:18:52 PM
#3
Yes, they can be stolen.

If you want to protect your bitcoins yourself (instead of trusting on a web service), best thing you do is to keep your "savings" on a wallet that's on offline media. Encrypt it (check TrueCrypt if you don't know how) and make multiple copies (on different media, of course). Save at least one copy on a remote server like Dropbox, Gmail etc.
legendary
Activity: 860
Merit: 1026
February 28, 2011, 04:17:02 PM
#2
Quote
Can my Bitcoins be stolen?
short answer: yes.
with the Bitcoin client you are your own bank and you have the full responsibility for storing and using your wallet in a safe way.

Also, there is at least one thread about this topic already.
-> https://www.bitcoin.org/smf/index.php?topic=2698.0
newbie
Activity: 35
Merit: 0
February 28, 2011, 04:07:42 PM
#1
I am really hopeful that Bitcoin emerges from Beta to become the Internet currency of the future.

For this to happen people must have confidence that their wallet cannot be emptied by some crook out on the net. So if I am running the Bitcoin software in the background, could a virus installed on my pc send a copy of my .bitcoin folder or wallet.dat to the crooks pc, who could then send all my coins to his own wallet thus stealing all my coins?

As a Newbie and not that techi, this is a concern I think many possible adopters will have. For example if I am tempted to install an animated wallpaper that happens to come with an unwanted payload designed to steal my .bitcoin folder. The wallet.dat that I think is the essential part is available unencrypted just begging to be stollen. Am I right? If not then thats a relief but if this is the case what would be the recommended procedure to protect your coins? I won't accept "don't install the wallpaper" as a fair answer.  Wink
Jump to: