Author

Topic: Is a compromised bitcoin wallet secured after changing the password? (Read 986 times)

donator
Activity: 1218
Merit: 1079
Gerald Davis
No it 100% doesn't make it secure.

If the attacker has (or you think they have) access to the wallet.dat the attacker has your complete list of private keys protected only by the encryption in place IN THEIR COPY.  You changing your copy does absolutely nothing.

If you even suspect that your wallet.dat might be compromised you should immediately send funds to a NEW ADDRESS in a NEW WALLET.  By immediately I mean immediately.  It literally is a race.  Your attacker the millisecond they break your weak password will be doing the same thing and whoever gets the funds into an address they exclusively control, "owns" those funds permanently.  Once an attacker moves your funds you are SOL.
member
Activity: 77
Merit: 10
If the wallet has been stolen and not yet spent then they have your private keys and the next 100 pre-generated keys your client was planning to use.

You need to move everything to another entirely separate wallet, ASAP.  Then back up the compromised wallet and make a new one from scratch..

You should keep the old wallet in case somebody ever sends something to an old address and you want to retrieve it - before somebody else does.  Just make Damn Sure(TM) you don't reuse any of its addresses.
legendary
Activity: 1310
Merit: 1000
I think once they have the private key, they have the private key.
hero member
Activity: 588
Merit: 500
I have a question about bitcoin wallet encryption consider this scenario. A virus steals your bitcoin wallet. The password is secure enough for now but lets say one day its cracked. Does changing the password on my wallet make it secure or does the person who stole it have the copy of my wallet with the weaker password? In that case would I just consider those bitcoin addresses and keys compromised and just make a new wallet? Or would I transfer the bitcoins out of those compromised address to a new secure bitcoin address that hasn't been compromised before the password is cracked?

Or do I not want to generate a new address within the same wallet file since the the attacker has the stolen wallet?
Jump to: