Pages:
Author

Topic: May want to move your funds from MtGox this week (Read 3550 times)

legendary
Activity: 1288
Merit: 1227
Away on an extended break
Normally I'd be against alarmist posts, but since there isn't much reason to have MtGox holding your private wallet contents in the first place, this post just rings of common sense and nothing else. Bitcoins should always be under your own control until you're ready to spend them.

This. I personally use a 4-tier system:
Amount of bitcoins stored increases from left to right.

MT.Gox/Centralized exchange < Blockchain.info < Hot wallet using Bitcoin-QT < Paper Wallet from Offline Armory
legendary
Activity: 1036
Merit: 1000
Get a public key/private key...tattoo it to your penis.

Find a nice lady and ask her if she want you to store your key in a private place...  Or ask her if she accepts deposits Tongue

Reminded me of http://www.youtube.com/watch?v=N9L7UUp0FxY
hero member
Activity: 868
Merit: 1000
Just want to remind everybody about this:

https://en.bitcoin.it/wiki/Paper_wallet
sr. member
Activity: 378
Merit: 250
Get a public key/private key...tattoo it to your penis.

Find a nice lady and ask her if she want you to store your key in a private place...  Or ask her if she accepts deposits Tongue
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
Get a public key/private key...tattoo it to your penis.

Walk into MtGox HQ, whip it out and thrust forward while announcing, "IM ALL IN!!!"
I wish I could fit a whole private key.  Embarrassed
Bummer dude...
legendary
Activity: 2072
Merit: 1006
this space intentionally left blank
Get a public key/private key...tattoo it to your penis.

Walk into MtGox HQ, whip it out and thrust forward while announcing, "IM ALL IN!!!"
I wish I could fit a whole private key.  Embarrassed


mini-key?
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
Get a public key/private key...tattoo it to your penis.

Walk into MtGox HQ, whip it out and thrust forward while announcing, "IM ALL IN!!!"
I wish I could fit a whole private key.  Embarrassed
legendary
Activity: 1036
Merit: 1000
Get a public key/private key...tattoo it to your penis.

Walk into MtGox HQ, whip it out and thrust forward while announcing, "IM ALL IN!!!"
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
The biggest weakness is a full blown raid of their office.

Or legal complications involving their new US presence or other draconian threats that would lead to accounts being limited or frozen. I'm not much of a conspiracy theorist, but there is plenty of evidence on these forums of "special" cases where people have found their funds suddenly unavailable, especially at the Paypal of Bitcoin, MtGox. The excuse for which is irrelevant imo, but is usually under the blanket guise of "AML compliance". So you can't process a transfer to the bank? Fine, send the funds back to the owner then.

If you value your bitcoins, treat it like you would gold. Stop lending in USD, stop gambling it away, stop investing. Bitcoin *is* the investment vehicle so long as the price is so volatile (it will settle one day, and then investment again might make sense) and unless I'm mistaken, there are no insured exchanges nor exchanges that are willing to go to jail to keep their customers happy in any situation.
legendary
Activity: 1400
Merit: 1013
I guess it's good for BTC you want to keep away.  But not useful for doing every day transactions.  So, I guess one could keep a large amount offline, and keep a few BTC in a "hot" wallet (online).
Armory is good for an offline savings wallet, and blockchain.info is good for a convenient spending wallet.
sr. member
Activity: 378
Merit: 250
I guess it's good for BTC you want to keep away.  But not useful for doing every day transactions.  So, I guess one could keep a large amount offline, and keep a few BTC in a "hot" wallet (online).
hero member
Activity: 700
Merit: 500
I guess one thing that can be done is create a second wallet, by starting bitcoin-qt specifying an alternate directory (for ex: bitcoin-qt.exe -datadir=%APPDATA%\BitcoinAlternateDir).  Then, a new wallet.dat is created.  Encrypt that wallet, copy  the 'receive coin' address to clipboard.

Or you just do an offline wallet with armory. You can see the balance but never spend the coins as the wallet is held on an offline computer.

When you send funds you take your USB stick to the offline computer for a signature and bring it back to send.
hero member
Activity: 634
Merit: 500
LOL - everybody should work remotely in unknown locations! Smiley

They should come up with some kind of currency that facilitates this.
hero member
Activity: 868
Merit: 1000
You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.



Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

The private keys aren't even held on the gox servers. The worst a hacker could do is get hold of all the password hashes, which doesn't matter if you use 2 factor authentication.

The biggest weakness is a full blown raid of their office.


LOL - everybody should work remotely in unknown locations! Smiley
hero member
Activity: 868
Merit: 1000
Normally I'd be against alarmist posts, but since there isn't much reason to have MtGox holding your private wallet contents in the first place, this post just rings of common sense and nothing else. Bitcoins should always be under your own control until you're ready to spend them.

It is common sense for most of us but when I first started trading I kept almost all of my BTC on my exchange accounts. Fortunately someone posted something similar about not trusting your BTC on exchanges. I pulled almost all of my BTC out of Bitcoinica soon after that. A week later they got hacked.

Dang ! Yes, it's good advice you're giving out here!
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
Use an offline computer.

Run VanityGen (https://bitcointalksearch.org/topic/vanitygen-vanity-bitcoin-address-generatorminer-v022-25804)

Get a public key/private key.

Write them down/engrave it on a ring/tattoo it to your penis.

Go to MtGox and withdraw to Bitcoin, give your public key.

No hacker can get to your private key unless they had some screen recording virus going on, even then you can encrypt your vanitygen key with a password that is not displayed.

Just do not lose that private key.
sr. member
Activity: 378
Merit: 250
I guess one thing that can be done is create a second wallet, by starting bitcoin-qt specifying an alternate directory (for ex: bitcoin-qt.exe -datadir=%APPDATA%\BitcoinAlternateDir).  Then, a new wallet.dat is created.  Encrypt that wallet, copy  the 'receive coin' address to clipboard.

Now, from the client where you have your coins, transfer to the new wallet address.  If you go to your new client, you should be able to confirm you have received the transaction.  From there, there's no point to wait for the 6 confirmations.  In fact, you don't even have to check the new client that you 'received transaction'.  It's in the global blockchain, and your new wallet.dat is just the private key.

Close the new client and copy the new client wallet.dat to a safe place.  Do multiple offline copies (USB stick, DVD, floppy disk, audio cassette using Comodore-64 dataset, punch card, whatever! Tongue), as long as those stays offline.  You have the password in your head, and the key file offline.  Now, if you delete the new client wallet.dat from computer, it's safe from hacking.

The fun thing is you can even split for example 20BTC to one wallet.dat file.  40BTC to another, etc.

The day you do need this money, you just do as above, creating a new work directory, but then, copy the wallet.dat from storage to the new work directory.  Start bitcoin-qt, and use your funds as needed.

So, is this correct?  Does it make sense?  Am I missing something?  I think you can even run multiple instances of bitcoin-qt simultaneously each in their own workdir.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

That is where I keep my wallet file.
legendary
Activity: 1414
Merit: 1000
You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.



Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

You will have hard time not to buy at $1000,
hero member
Activity: 700
Merit: 500
You guys are making me nervous.

I keep a lot of cash in mtgox cause I keep hoping for a major crash lol.



Yeah me too! hehe But I prefer the dollars to sit and wait in my ordinary bank account. If that happens then I will send the money again to MtGox.

Now the BTC is so expensieve... it looks like really interesting for hackers to thief. Also since BTC is anonymous you can't sue or track the thief... to thief bit coins is a no-brainer, it's almost sure you won't go to jail! A friend of mine works as security auditor and I've learnt that no system is really safe, the only safe place for a server is under water and unplugged.

The private keys aren't even held on the gox servers. The worst a hacker could do is get hold of all the password hashes, which doesn't matter if you use 2 factor authentication.

The biggest weakness is a full blown raid of their office.
Pages:
Jump to: