The sad story.... I generated vanity addresses* (online) for two wallets to easily keep them separate. Moved them into MultiBit and locked the wallets with a 14 character LastPass generated password.
I did NOT break from the internet when I combined the vanity secret keys.
The next morning MultiBit showed a transfer out of 5 coins to an unrecognized address, the transfer took place two hours after I left the computer.
I have all of the normal security, e.g. behind a router, Norton firewall and virus protection. I did have both Flash and Java on the machine. They are gone now!
I believe two factor would have been my only protection. Are there any offline wallets with two factor? I am installing Armory now.
Until someone writes an easily useable, safe, wallet Bitcoin is going to be held back. I thought I was being more conservative moving my coins out of Coinbase. Guess not since they use two factor.
I would love to know how it was done. There should be a centeralized reporting place to see if there are similar problems with specific websites.
*https://bitcoinvanity.appspot.com/ < the site I used. I am NOT accusing them!
