Pages:
Author

Topic: How easy BTC could be susceptible to computer security threats? (Read 536 times)

hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
No, it won't. That will just get you amputated or killed.
That is only if your have gone about telling everyone you have a lot of money in BTC, and due to that the attackers specifically target you because they know you have a lot of coins. However, if robbers break into your house to steal fiat and valuables from you, and then find your wallet file in your device, they might believe you have just the $100-500 in your base wallet. If you have a lot of coins, then loading the base wallet with a higher amount is even better.
How would the robber find the device where the wallet files were kept if the person kept the device in a secure location if the user made security his/her priority rather easy to access the device?
To begin, I believe the best thing is to never showcase our holding, or hire good security personnel because the economic hardship has increased the cases of robber attacks in some countries.
legendary
Activity: 994
Merit: 1089
No, it won't. That will just get you amputated or killed.
That is only if your have gone about telling everyone you have a lot of money in BTC, and due to that the attackers specifically target you because they know you have a lot of coins. However, if robbers break into your house to steal fiat and valuables from you, and then find your wallet file in your device, they might believe you have just the $100-500 in your base wallet. If you have a lot of coins, then loading the base wallet with a higher amount is even better.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Could recent 'ordinals' congestion be considered as an attack to blockchain? If so, how easy is it to upload a virus into blockchain itself?

Already done a couple of years ago without the use of Ordinals as they did not even exist at the time.

At the end of the day, transactions are just bytes, and it is possible to stuff a bunch of data inside the transaction which is never evaluated. Most of the time this will make the output unspendable (pre-ordinals), but storing data on-chain is becoming expensive, so it will probably be restricted to storing malicious payloads which can be downloaded and ran to hijack a system, rather than attack the protocol itself.

Extending your seed phrase with a passphrase can save you from a $5 wrench attack through plausible deniability, if you load the base wallet with a small amount of funds, you may be lucky to deceive the attacker that it is the only coins you have, without them knowing that you have a wallet 'hidden' by a passphrase.

No, it won't. That will just get you amputated or killed.
legendary
Activity: 994
Merit: 1089
Extending your seed phrase would ensure that the adversary won't directly gain access to your wallet but it doesn't mean that you won't be susceptible to extortion or a $5 wrench attack.
Extending your seed phrase with a passphrase can save you from a $5 wrench attack through plausible deniability, if you load the base wallet with a small amount of funds, you may be lucky to deceive the attacker that it is the only coins you have, without them knowing that you have a wallet 'hidden' by a passphrase.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Your funds is only as safe as the device you store it in, i.e. if you store your funds in an airgapped wallet, it is safer that someone who stores theirs in an online machine. However, you must also know exactly what you are doing, so many people create their airgapped wallet in an unsafe environment and end up losing their funds. Opsec is also very important, as well as implementing extra layers of security, i.e. extending your seed phrase with a passphrase or setting up a multisig wallet.
Storage is important but so is the usage. You'd have to be sure to use your keys only in sanitized environment, and preferably separate from each other in the case of multisig or it'll negate the benefits. Extending your seed phrase would ensure that the adversary won't directly gain access to your wallet but it doesn't mean that you won't be susceptible to extortion or a $5 wrench attack. A good way to keep backups would be either in a safe or if you know what you're doing, hidden with steganography.
legendary
Activity: 994
Merit: 1089
They are also quite helpful techniques that helps to secure the bitcoin wallet. I'm not saying Human vigilance isn't important or essential, but I stand to believe that it's not the primary as there are things that are more important.
Your funds is only as safe as the device you store it in, i.e. if you store your funds in an airgapped wallet, it is safer that someone who stores theirs in an online machine. However, you must also know exactly what you are doing, so many people create their airgapped wallet in an unsafe environment and end up losing their funds. Opsec is also very important, as well as implementing extra layers of security, i.e. extending your seed phrase with a passphrase or setting up a multisig wallet.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Actually mobile OS usually have better security by default compared with desktop OS. For example, Android offer Application and Privacy sandbox which limit what an application can do.

That's correct. There are not much hacks that happen because of vulnerabilities present in OS but because of negligence of people. There is no way a malware can make it to your mobile unless you download some fishy app or click on some suspicious link. Rather then focusing on security of devices alone, human vigilance is also required in cyber world (or securing bitcoins). A chain is as strong as it's weakest link, and in security of Bitcoins the weakest link is human.   
It seems your major concern is basically on human vigilance. But we can all agree that, inasmuch as human vigilance and carefulness is essential when it comes to Bitcoin security, the technological advancement in Blockchain security plays a more vital role when it comes to Bitcoin security because there are so many measures provided to enhance security even when humans are not being super careful it'll be difficult for scammers and hackers to exploit them. Let's consider the Zero knowledge proofs and the multi-signature wallets for example. If you're familiar with these technologies then you'll know that these techniques makes it almost impossible for scammers and hackers to access people's wallets.

Can you tell us which Bitcoin wallet which use zero knowledge proof?

We can equally consider development and advancements in encryption and cryptography. They are also quite helpful techniques that helps to secure the bitcoin wallet. I'm not saying Human vigilance isn't important or essential, but I stand to believe that it's not the primary as there are things that are more important.

Encryption is part of cryptography. Most Bitcoin wallet software already use strong encryption cryptography (usually AES-256), assuming you don't use weak weak password.
newbie
Activity: 3
Merit: 1
Actually mobile OS usually have better security by default compared with desktop OS. For example, Android offer Application and Privacy sandbox which limit what an application can do.

That's correct. There are not much hacks that happen because of vulnerabilities present in OS but because of negligence of people. There is no way a malware can make it to your mobile unless you download some fishy app or click on some suspicious link. Rather then focusing on security of devices alone, human vigilance is also required in cyber world (or securing bitcoins). A chain is as strong as it's weakest link, and in security of Bitcoins the weakest link is human.   
It seems your major concern is basically on human vigilance. But we can all agree that, inasmuch as human vigilance and carefulness is essential when it comes to Bitcoin security, the technological advancement in Blockchain security plays a more vital role when it comes to Bitcoin security because there are so many measures provided to enhance security even when humans are not being super careful it'll be difficult for scammers and hackers to exploit them. Let's consider the Zero knowledge proofs and the multi-signature wallets for example. If you're familiar with these technologies then you'll know that these techniques makes it almost impossible for scammers and hackers to access people's wallets.

We can equally consider development and advancements in encryption and cryptography. They are also quite helpful techniques that helps to secure the bitcoin wallet. I'm not saying Human vigilance isn't important or essential, but I stand to believe that it's not the primary as there are things that are more important.
hero member
Activity: 1078
Merit: 566
20BET - Premium Casino & Sportsbook
Actually mobile OS usually have better security by default compared with desktop OS. For example, Android offer Application and Privacy sandbox which limit what an application can do.

That's correct. There are not much hacks that happen because of vulnerabilities present in OS but because of negligence of people. There is no way a malware can make it to your mobile unless you download some fishy app or click on some suspicious link. Rather then focusing on security of devices alone, human vigilance is also required in cyber world (or securing bitcoins). A chain is as strong as it's weakest link, and in security of Bitcoins the weakest link is human.   
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
and smartphones are more secure for storing Bitcoin than laptops and desktops.
This is not true, a mobile phone poses more security threat than a computer for obvious reasons, i.e. their OS. However it still depends on the user's opsec and how safely they use their device, because a desktop wallet run in an unsafe environment is more vulnerable than a mobile wallet run in a safe environment.

Actually mobile OS usually have better security by default compared with desktop OS. For example, Android offer Application and Privacy sandbox which limit what an application can do.

--snip--
Securing Bitcoin seeds is a very serious task.  I had a special notebook in which I wrote down the Bitcoin seed.  And it was very convenient for managing your satoshi.  
I like the analog world more than the digital one.  But now I constantly live with a girl and my notebook had to be destroyed (much to my regret).  
I burned it.  Because girls are very curious.  Therefore, my girlfriend would probably sooner or later discover a notebook with private keys, passwords and seeds.  And I’m not ready to share such information even with my girlfriend.  
Even if she couldn't figure out what it was, she could copy the information and show it to third parties.  
From this I concluded that storing seeds on paper is not always (unfortunately) the best option.

That's why many OS offer feature called full disk encryption. For example, bitlocker for windows and LUKS for linux.
legendary
Activity: 2254
Merit: 2003
A Bitcoiner chooses. A slave obeys.
Can you give me a few hints on what to look for on the topic?

Bitcoin itself? Not at all. The blockchain has never been hacked, exploited or abused in any way. Centralized entities that own Bitcoin like regular users, centralized cryptocurrency exchanges on the other hand, yes, those points are vulnerable to security threats.

My advice:

Do some research on the wallet software you plan to use. Has it been vetted by the Bitcointalk community? Is it open source? Is it non-custodial?

Devices that contain important data pertaining to your wallet (like your seed phrase, for example) should be disconnected from the internet and other devices - in fact, if you use the same device to download, click on a links, visit unknown websites, etc. then your Bitcoins are already not safe.

Don't share your seed phrase and don't connect your wallet to anything fishy. Be wary of strange currencies or strange transactions. When in doubt, best get a new wallet and transfer the coin to the new wallet.
sr. member
Activity: 364
Merit: 298
This is not true, a mobile phone poses more security threat than a computer for obvious reasons, i.e. their OS.

The OS is not the main problem.  The reason why mobile devices are more risky for security is because they're made to connect to lots of different networks like Wi-Fi, Bluetooth, GPS, NFC, and more.  The more networks they connect to, the more ways there are for hackers to attack them.  It also makes privacy worse for the same reason. 
hero member
Activity: 1078
Merit: 566
20BET - Premium Casino & Sportsbook
Securing Bitcoin seeds is a very serious task.  I had a special notebook in which I wrote down the Bitcoin seed.  And it was very convenient for managing your satoshi.  
I like the analog world more than the digital one.  But now I constantly live with a girl and my notebook had to be destroyed (much to my regret).  
I burned it.  Because girls are very curious.  Therefore, my girlfriend would probably sooner or later discover a notebook with private keys, passwords and seeds.  And I’m not ready to share such information even with my girlfriend.  
Even if she couldn't figure out what it was, she could copy the information and show it to third parties.  
From this I concluded that storing seeds on paper is not always (unfortunately) the best option.

I would say there must be some person apart from yourself who is aware of your seed or private keys to take care of our Bitcoins in case anything happen to owner. We live in uncertain world and there is guarantee of how long we will be around. Lots of Bitcoins are lost because there owners lost the keys or they are no more here to access them. In case you don't want your hard work to be lost forever, make sure there is next of kin to access them in case anything happen to you. 
legendary
Activity: 994
Merit: 1089
and smartphones are more secure for storing Bitcoin than laptops and desktops.
This is not true, a mobile phone poses more security threat than a computer for obvious reasons, i.e. their OS. However it still depends on the user's opsec and how safely they use their device, because a desktop wallet run in an unsafe environment is more vulnerable than a mobile wallet run in a safe environment.
 
From this I concluded that storing seeds on paper is not always (unfortunately) the best option.
So how do you now back up your seed phrase?
legendary
Activity: 2338
Merit: 1775
Catalog Websites
In my opinion, it is impossible to completely eliminate the risk of hacker attacks.  
However, you can significantly minimize the risk of successful attacks from criminals.  Your goal is to create a system to safely store and use your Bitcoins.  
This system should be as good as possible for your level of technical competence.  By creating unnecessarily complex security, you risk that you yourself will make some kind of mistake that will lead to loss of money.  The general principles of creating such a secure Bitcoin storage system are that your funds should be stored in different places (storage diversification) so that one mistake or successful hacker attack does not deprive you of all your capital.  Also, special attention should be paid to complete control over private keys (seeds).  
Hardware wallets are more secure for storing Bitcoin than smartphones, and smartphones are more secure for storing Bitcoin than laptops and desktops.

This is right that security should not go to an extent that you yourself feel uncomfortable in accessing them. There are few simple things we have to do to secure our Bitcoins. As far as seed security is concerned there is no way better to secure it but to write it on piece of paper. Seed security is first and foremost step in security of Bitcoin. If you have funds then go for Hardware wallets but if you are sticking with mobile make sure it's hardened enough to secure your Bitcoins.

Securing Bitcoin seeds is a very serious task.  I had a special notebook in which I wrote down the Bitcoin seed.  And it was very convenient for managing your satoshi.  
I like the analog world more than the digital one.  But now I constantly live with a girl and my notebook had to be destroyed (much to my regret).  
I burned it.  Because girls are very curious.  Therefore, my girlfriend would probably sooner or later discover a notebook with private keys, passwords and seeds.  And I’m not ready to share such information even with my girlfriend.  
Even if she couldn't figure out what it was, she could copy the information and show it to third parties.  
From this I concluded that storing seeds on paper is not always (unfortunately) the best option.

hero member
Activity: 1078
Merit: 566
20BET - Premium Casino & Sportsbook
In my opinion, it is impossible to completely eliminate the risk of hacker attacks.  
However, you can significantly minimize the risk of successful attacks from criminals.  Your goal is to create a system to safely store and use your Bitcoins.  
This system should be as good as possible for your level of technical competence.  By creating unnecessarily complex security, you risk that you yourself will make some kind of mistake that will lead to loss of money.  The general principles of creating such a secure Bitcoin storage system are that your funds should be stored in different places (storage diversification) so that one mistake or successful hacker attack does not deprive you of all your capital.  Also, special attention should be paid to complete control over private keys (seeds).  
Hardware wallets are more secure for storing Bitcoin than smartphones, and smartphones are more secure for storing Bitcoin than laptops and desktops.

This is right that security should not go to an extent that you yourself feel uncomfortable in accessing them. There are few simple things we have to do to secure our Bitcoins. As far as seed security is concerned there is no way better to secure it but to write it on piece of paper. Seed security is first and foremost step in security of Bitcoin. If you have funds then go for Hardware wallets but if you are sticking with mobile make sure it's hardened enough to secure your Bitcoins.
legendary
Activity: 2338
Merit: 1775
Catalog Websites
In my opinion, it is impossible to completely eliminate the risk of hacker attacks.  
However, you can significantly minimize the risk of successful attacks from criminals.  Your goal is to create a system to safely store and use your Bitcoins.  
This system should be as good as possible for your level of technical competence.  By creating unnecessarily complex security, you risk that you yourself will make some kind of mistake that will lead to loss of money.  The general principles of creating such a secure Bitcoin storage system are that your funds should be stored in different places (storage diversification) so that one mistake or successful hacker attack does not deprive you of all your capital.  Also, special attention should be paid to complete control over private keys (seeds).  
Hardware wallets are more secure for storing Bitcoin than smartphones, and smartphones are more secure for storing Bitcoin than laptops and desktops.
hero member
Activity: 1078
Merit: 566
20BET - Premium Casino & Sportsbook
You would have to know exactly what you're doing before going with a DIY approach of an airgapped device. This includes generating your seedphrase completely offline and never letting your private keys online even when signing transactions.

If you know what you're doing, it's a good approach, but definitely not 'zero' investments. You are dedicating a device entirely for your storage, and hardware wallets are not comparatively more expensive than cheap mobile devices.

It's important to understand the importance of seed and private keys only then you can define a strategy about how to secure them. Mostly we don't take the security of seed and private key seriously unless we meet with some accident. The sooner we realise the importance of security in Bitcoin the better it is.

Using old phone as cold storage is not a new idea, I've been eyeing it too in the past. And I got convinced that the minuses of such an approach are worthy to be taken into account, hence I've abandoned the idea. Maybe it worth reading this topic: https://bitcointalksearch.org/topic/old-phone-as-cold-storage-5377997

The thread is no doubt worth reading and most of replies are against the use of mobile phone. There are many thing worth noticing in that thread but the best one I find is from o_e_l_e_o (Hope he is doing good.)
If there is no precautionary measure in your electornic device then don't blame the hacker, blame yourself.

As they said --air-gapped smartphones are much safer than the air-gapped PC which are vulnerable to hacking, did you know that even fully air-gapped PC can exfiltrate information through the output radio signals generated by the computer or call [electromagnetism].
If someone knows enough about your set up to make you a target for such an attack, can gain access to your airgapped computer, bypassing all physical and all electronic protections you have in place in order to install the necessary malware to start transmitting your private keys via modulating electrical signals in various internal components, as well as bugging your house with the necessary hardware in order to pick up and transmit those signals, then every single wallet you own is at risk (not to mention literally everything that you own). Such attacks are almost entirely theoretical.

I keep seeing people telling that phones are hard to airgap and.. sorry, but I'm not convinced.
I will never trust a software airgap (i.e. a phone with airplane mode turned on or WiFi turned off) as much as I will trust a hardware airgap (i.e. a computer with no WiFi card). It is almost trivial to open up a computer and remove the WiFi card, ethernet card, etc., while it is almost impossible to remove the antenna, WiFi, Bluetooth, NFC, RFID, etc. from your average smart phone without breaking it in the process. And how does the average person verify that airplane mode is doing what you want it to be doing. Even the NSA have admitted they can still track phones which are in airplane mode, so your phone must still be sending and receiving some data.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
If you have upgraded your cell phone then it's better to place your wallet on old cell phone which is no more required and keep it offline. This way you can have an air gaped device with zero investment.
You would have to know exactly what you're doing before going with a DIY approach of an airgapped device. This includes generating your seedphrase completely offline and never letting your private keys online even when signing transactions.

If you know what you're doing, it's a good approach, but definitely not 'zero' investments. You are dedicating a device entirely for your storage, and hardware wallets are not comparatively more expensive than cheap mobile devices.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
If you have upgraded your cell phone then it's better to place your wallet on old cell phone which is no more required and keep it offline. This way you can have an air gaped device with zero investment.

Using old phone as cold storage is not a new idea, I've been eyeing it too in the past. And I got convinced that the minuses of such an approach are worthy to be taken into account, hence I've abandoned the idea. Maybe it worth reading this topic: https://bitcointalksearch.org/topic/old-phone-as-cold-storage-5377997


Your seed is your wallet. Lost your seed, lost your coins. There is no way to recover your coins in case your seed is compromised or lose your seed. We can say that's one limitation of Bitcoin

It's not a limitation or bug. It's a feature/it's by design: without this you don't have proper trustless self custody for your money.
Pages:
Jump to: