Topic: FlexCoin used 2 FA and still got hacked!!!!! I'm out of this game (Read 2271 times)

Dont keep your coins online. Simple as that.

The issue is people STORING their coins on the exchange.  Don't do that, and you probably won't get goxxed.  Comprende?

this is basic stuff here:

if you keep your gold and silver in an exchange instead of physically in ur hand then u dont own gold or silver and u risk losing whatever paper gold and silver u think u own ..

if you keep your fiat money in a bank then u risk losing ur money to a bank bail-in ..

if you keep ur bitcoins in an exchange then u risk losing ur bitcoins ..

And the someone you trust can do with your coins whatever he wants. They can act like a bank, which takes your cash without giving you a collateral, and do more or less risky things with that, they don't put it in a vault. As long nothing bad happens everyone is fine. But shit happens all the time. Nothing new.

My recommendation: get a different, personal wallet that gives you more control, create a backup, test the new wallet with a small amount, and then move all of your coins there.

Now, for the sake of newbs thinking that using Armory, running USB sticks back and forth, etc. is a lot of trouble for a few bits, it might help if if you differentiate between hot and cold wallets.

A hot wallet is one you do your spending from, keep up-to-date, and have ready-to-use. It could be the Bitcoin-Qt client (or Multibit, Electrum, etc.,) or an Android app like Mycelium. (Using an online wallet for your hot wallet is a REALLY BAD IDEA.) You should only ever keep a small portion of your bitcoins in your hot wallet.

A cold wallet is one that rarely (ideally, never) touches the internet, and stores the bulk of your bitcoins. You use it to transfer small amounts to your hot wallet as needed, to receive funds from your hot wallet when its value starts getting too high, and to store your savings. It may be something like Armory, or an instance of Bitcoin-Qt running on a clean, spare Linux system that is normally kept turned off, or even a paper wallet with several keys (created offline, of course.) Different cold wallets have different levels of security; choose accordingly.

If you have a hot wallet and one or more cold wallets set up, you'll have the convenience of ready access to spending funds, plus you'll have extra security for the bulk of your bitcoins. Granted, if you only have a small amount of bitcoin (and plan to use them regularly) it's probably not worth the hassle to create and use a cold wallet, but 3 bitcoins (~$1800) is probably beyond the point at which one should have done so.

And since it apparently can't be said often enough: DO NOT USE AN ONLINE WALLET TO STORE BITCOINS. If you have an account on an exchange, only keep enough bitcoins there to make your next sale, and make your sale ASAP. Keep everything else in your personal hot and cold wallets; there is NO NEED to have anyone else "securely" store your bitcoins for you.

2FA protects your account from unauthorized access but not from bankruptcy of the operator.
The only way to protect yoursemlf from bankruptcy of the operator is to check for regulatory compliance.

Use an exchange that is working with a regulated banking partner.
Read the ToS and check the banking information.
If you are sending fiat to a bank account by the name of the exchange, you are in hot water because they are using a corporate account to store your funds (bitstamp, btc-e, kraken, etc).
The bank account should bear the name of their banking partner (or your name) to ensure segregation of funds.

Bitcoin-central is the only exchange that is compliant (if somenone knows another please let me know!).
Anything else is illegal, period.

If you are using an OTC buyer/seller, only coinbase is working with a regulated partner (SVB) but that is only in the US.
Non real-time P2P marketplaces (such as bitcoin.de) are a different species since you do not send them fiat.

Bye! Don't let the door hit you in the ass on the way out.

This morning I checked my paper wallets against the blockchain...and found none of them were stolen. GO PAPER!

Install bitcoin-qt on a computer clean installed and never connected to the net

Start and get a wallet.

copy the address and private key (if you want)

Put the wallet in a pen drive (again, clean formatted). Write down the private key (if you want).

Send Bitcoins to that address. Confirm on blockchain.

Any time you want to send Bitcoins, plug the pen drive in a computer running bitcoin (and connected) and copy the wallet in there or import the private key. This wallet is now compromised so any change you again send to a new offline wallet.

Or just use Armory like pointed above.

Not necessarily. If you keep your cold wallet on a computer that has never been online (with Armory for example) rather than on a paper wallet, you can create a transaction on your online computer, copy it to your cold wallet machine (using a USB stick or via QR codes and a webcam if you're really paranoid), have the cold wallet machine sign the transaction and then copy it back to your online machine to be broadcast.

thats it.

But don't you have to import that cold wallet at some point to an internet connected computer to use the currency?

Again, your fault. You kept the coins on an exchange.

This.  It can't be said enough - if you don't own the keys, you don't own the coins.  You just have an IOU from someone.

You might want to have a look at www.pi-wallet.com
It uses Armory as well

HAha nice try, troll! 2 FA has NOTHING to do with a site getting hacked (with or without the complicity of the owners). 2 FA is for YOUR login, absolutely no connection to backend security, and I am sure you know this and are FUDing up the place 

No.  What you do is download a program like armory that lets you create paper wallets (make sure your computer is clean or one that isn't connected to the web) and then you create a whole new wallet and transfer your coins to that; then never use that blockchain/paper backup wallet again.

why would it matter if u had 2 FA or not?

Newbie here.  So if I have a blockchain wallet and have the backup paper wallet, do I go ahead and delete my blockchain account until my next transaction...for now?

Nuff said