Topic: Hacked and stolen - page 4. (Read 4028 times)

Yeah, sure. Last time I checked wallet encryption was off in Bitcoin QT by default. Do you call it ready for mainstream adoption? It's like a GMail with no password by default.

Bitcoin is ready. It has not been hacked, while wealth worth many billions of dollars has been safely transacted over years.

You are really asking are computers ready, and the answer is - it depends. Mine is.The one from the OP was not. Your question is like asking if dollars are ready. They do get stolen, right? Pickpocketed, scammed away, robbed, lost, burnt, stolen, whatever. Are our homes or pockets or banks ready for dollars and euros? It depends. Some of them are, some aren't.

Man, you should not keep a wallet online with this amount of BTC. And if you need to put it online to get money, send the change to another wallet, which was never online, and destroy the old one.

2All. But he has a valid point. Bitcoin wallet is either inconvenient to use or unsafe storage. And even if you are a geek and have no problem with going through the pain with live cd and all that crap regularly, you are still unsafe, because a gang of hoodlums can rob your house. Keeping a flash drive with 100 btc in your house is like keeping a case with cash. You can rent a bank vault and put your flash drive there, and here you go, you still depend on bank.

Wow... and what "good firewall" might you be using? Also, just having a router does not make you any safer... it just adds a couple steps to making a connection to networked equipment.

If you are really looking for security, you need to read more and listen to the people here who aren't flaming you, they are giving you good advice.

For starters, I do the following for my BTC use:

HOT WALLET: I have an active wallet on Blockchain.info that is solely used to payout directly to people I exchange with outside of BTC-e or VirCurEx... this is merely a personal choice as it makes it so I can send BTC from anywhere I have internet and everything has an email alert.

SIMMER DOWN WALLET: I have an encrypted wallet that I use to receive coins from others in exchange for services or donations etc. This wallet is located on a VPS that is ALWAYS OFF until I log in to boot it and unlock the wallet... it takes a while to get the blockchain but I only access it about once a month and track it using the blockchain.info to see if there is anything there before i even bother. This is not that secure by itself but keeping my VPS account secure and the VPS offline unless I am using it addes to it... and it is never much BTC anyways.

LUKE WARM WALLET: There is an encrypted wallet on one my HDDs in my file server at home, but it is not in any typical directory, does not have any other files in the same directory, is hidden, and can only be accessed by my administrator login, of which uses a hashed key as a password which is stored on a USB drive on my keyring. This is used as an intermediary before I send BTC to cold storage. I use this wallet to withdraw from exchanges and as my mining wallet. I try to empty it daily. Also, this server DOES NOT actually host the client I use to unlock and transfer BTC... I have to map to it from my laptop with the Administrator hash key and then I can drop a copy into the client directory, restart it, do my business, encrypt it again then overwrite it back to the server before disconnecting the mapped drive.

COLD STORAGE WALLET: I have a wallet address and privkey pair that I generated with vanitygen... at 45 BILLION difficulty... and I have NEVER used it for anything but receiving BTC. I tested another address and privkey pair by importing it into Blockchain.info and once I confirmed it worked, the harder address and privkey were generated (got mad lucky said it would take 2.5 yrs in oclvanitygen but it popped up on day 4) and tested sending it some BTC... walla Blockchain shows it has value but there is no way to get to it until the day I import it somewhere. I pay myself 30% of my mining intake and transfer that here plus any substantial payment/donations.

LONG TERM INVESTMENT WALLET: I also have a wallet I put my first 5+ BTC in... it is encrypted and exists in a handful of formats... keys printed and mailed to my mother who put it in our family safe deposit box, a copy of the encrypted wallet.dat on a USB that is also encrypted and sits in my safe deposit box at the bank, another USB that is encrypted and sits in my son's dresser with his other personal items he keeps, the encryption password for both USBs was printed (again a hash key), sealed in an envelope and given to my mother in law to put in her safe deposit box, and lastly the UNencrypted wallet.dat was burned to 2 DVDs that are locked away somewhere with my grandmother... i have no clue where as she agreed they would be sent to her personal estate storage and could not be retrieved until her estate is passed to me upon her death (dad was furious rofl that's what you get for alienating yourself from the family DAD... GG).

Anybody got any other methods that you use to keep safe? I know it sounds like a lot of work for some BTC... but I know I won't be posting here with a sob story and 100s if not 1,000s of BTC stolen.

Sad to hear but definitely not a flaw in Bitcoins, More so in security, sadly we are not an insured bank, some one is as likely to take your bank login info..

But the flaw is not within the client itself, only in how it is secured.

I'm not sure whether or not this is a legitimate claim, but the community's response should never be:


It's completely shameful if we turn an apathetic eye.  Theft is never the fault of the victim.  Putting a pie on a windowsill does not give anyone the right to take it.  Password protecting or encrypting your wallet using the bitcoin-qt client does not give anyone the right to design malware to steal your coins.  Are there steps OP could have taken to further secure his coins? Yes, but nothing, I repeat nothing is foolproof.  

If you had taken all the security measures you thought necessary even with a paper wallet, and your coins got stolen I assure you my first response would not be, "Sucks to be you, your fault."  
My immediate response would be to want to know how this happened.  I don't even use the bitcoin-qt client anymore because it's a faulty product.  A single text entered password (even a long passphrase) isn't enough security.  To the other people claiming that "amounts >100 BTC should never ever be on a networked PC," that's like admitting the failure of bitcoin itself.  Not everyone has the technical know-how or the desire to use a paper wallet.  Bitcoin is designed to service digital transactions and digital storage of value.  If we honestly can't secure any amount of BTC sitting on a computer then I consider the road ahead of us to be very long: we've got work to do.

Bitcoin's should be so easy to use and secure that you can trust your grandma with them.  If our continual response is to dismiss these security holes and laugh at the people that fall victim to them, then you'll see very dark days ahead for the BTC.  It won't become a widely accepted and trusted currency but a little-used technical oddity shunned by the masses.

Now there are plenty of ideas that might help secure coins, especially for newer users.
-2-factor Authentication should definitely be an option whenever available.
-Imagine a wallet service that allows the user to predefine a daily withdrawal limit, preventing theives from cleaning out the account all at once.
-The wallet could also offer email or text confirmation when a withdrawal is initiated, requiring more accounts to be hacked before coins can be lost.
-There also could be the option to institute a time-delay on wallet withdrawals, so that the user is notified and has a period of time to cancel a withdrawal before it is completed.
For more security the wallet could have a mode which pre-defines certain addresses it can withdraw to.  The funds are essentially "locked in" to these addresses and they are not easy to change, so they must be spent to other accounts under the users control (with different passwords, authentication, etc) before they can be sent anywhere.  

My point is that there are multiple ways to go with this.  We should always be exploring new security options to help each other.  Are there people that will make up these stories to detract from bitcoin? Yes.  Are there people who legitimately find themselves the unwitting victim of theft? Yes.  As this latest bitcoin magazine article points out, even those who take the most stringent security measures can still suffer from loss http://bitcoinmagazine.com/bitcoin-self-defense-part-i-wallet-protection/.  If our attitude is to turn a blind eye and simple say "your fault" every time this happens.  Then shame.  Shame on us all.

OP = operator, also known as thread starter.

True, the problem is, security wise bitcoin is not ready for mainstream adoption, and despite having a pretty high tolerance, having to read 10 threads where people claim bitcoin is hacked every week, without a doubt that their own computer might be infected, shakes your sympathy towards those people, resulting in the not so kind replies.

My problem still is, that 80% of the people on the internet, are technically 4 years old (internet wise, not irl). Would you let a 4 year old alone in the real world, with everything that is out there? Me neither, the amount of bad people.. not until they are 12 or preferably at least 18... (and then still, to many people get scammed etc etc) The internet works in the same way, most people are not mature enough to explore it alone, so we call in the help of anti-virus software, firewalls and other stuff. While in the end they click on the wrong link or picture, and still end up getting scammed / hacked etc etc.

While I believe bitcoin to be sound, by everything I've found so far... I gotta look at every hack claim... and thus cannot ignore these threads

It would be nice if people actually followed proper security when handling bitcoin... but since people don't we get a dozen hack claims a week Its crap, I'll try to be more polite in these threads though

OP = Original poster



But, I disagree.
I don't help people who have a attitude against me. He's basically blaming the Bitcoin community that his money has been stolen.
Bitcoin has enough hate in the news and his not needed here.
If he would of responded more polite, maybe people would of helped him.

+1

This man is right.

Until bitcoin can be used without risk by windows dummies, it should be declared a danger matter.

Don't feed the troll. It is obvious this thread is a shill thread. What he basically said is "I left my house for a month, and left front door unlocked and open, and my savings on the kitchen table. When I came back, the money was gone! Thieves stole it! Oh and BTW, they were from Iran.".

It's a pretty bold statement saying they were from Iran. For starters, I'd like to know how you came to that conclusion. Secondly, how do you know they weren't operating through a proxy? Facts > speculation.

WARNING! This is another troll/shill thread, started only to be later featured on some mass-madia article about how "unsafe" and "bad" bitcoin and bitcoin community is.

(like for example this thread https://bitcointalksearch.org/topic/warning-bitcoin-will-soon-block-small-transaction-outputs-196138 was created only to be later featured on http://www.redstate.com/2013/05/16/tech-at-night-bitcoins-central-bankers-kim-dotcom-censors-mega/ )

This is not an uncommon occurrence and I think it would strengthen the bitcoin community if we responded with some compassion when it happens. Anyone who is a victim of theft feels bad about the loss, including feelings of frustration and anger.

Instead of making bronan feel worse by calling him a whiner and stupid, or saying that we don't care, we can instead be sympathetic and supportive and try to learn something form this incident. We can reinforce the security recommendations, and perhaps devise new recommendations.

We can respond in ways that strengthen the bitcoin community or we can respond in ways that weaken the bitcoin community.

By the way, what does OP stand for?

Exactly this, WE are not the ones that stole from you. So there is no NEED to give us attitude. I do feel sorry for you, because I would be devastated, but I would still remain polite to others.

Maybe, people can help you, for future reference.

I still feel bad for you. But your attitude is really making it hard for people to sympathise.

You did not follow best practices regarding storing and securing your bitcoins. At the very least you should have had your wallet encrypted. And since you were inactive anyway, you should have been storing them in cold storage, completely offline, and this would not have happened.

Sorry.

Your correct, perhaps large Bitcoin banks will be a solution?

Imagine companies like blockchain.info hosted wallets that are extremely secure... (With a certain value of the holding insured)

This future allows people to keep their money in banks like today, but the more experienced among us can keep our money literally under our control. The same as keep cash under the mattress except its usable all over the world from our computers and phones.

Bitcoin can be the best of both worlds. Obviously a future where every single Bitcoin user controls their entire stash of Bitcoins on their computers and phones is not realistic.

Fucking Iranese...

OP actually brings up a topic no one really cares about:
Is current bitcoin ready for mainstream adoption in terms of security?
The answer is NO.

First scan your PC mate, I'm pretty sure your pc is infected and it wasn't secure.