https://www.cyphertite.com/why-cyphertite.php
they also do free encrypted backup storage and is run by two openbsd developers
still wouldn't trust any cloud backup, just encrypt it yourself in harmless looking container and backup
Topic: The 0.4.0 encrypted wallet has been exploited - for sure - page 2. (Read 4168 times)
Meh... I still prefer an offsite backup. You know, in case of meteor strike.
I don't leave my home, without a phone, that often - in such case I'd probably die together with my bitcoins 
My dropbox backup is wrapped in a trucrypt volume. I recommend doing the same with any sensitive information you are thinking about uploading anywhere.
Oh, I don't think I will be using dropbox anymore, for anything.I don't like people sniffing into my pants - even if they were encrypted
I have 2 PCs running 24/7, with 3 different disks at home, plus my phone accessible via ssh - this should be enough for a backup.
Screw dropbox if it screws you!
Meh... I still prefer an offsite backup. You know, in case of meteor strike.
Easy for that to have happened. Hard to prove though
Indeed - I cannot prove it.But if someone would have hacked into my PC, he would obviously install a trojan there to steal much more. I have Windows XP using Administrator account - wouldn't be too hard.
I was also doing backups to my gmail account, but that file in the email was PGP encrypted with a key stored at dropbox.
So dropbox is pretty much most likely.
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Easy for that to have happened. Hard to prove though,
But yes, reusing old keys either from before encryption or when the encryption was still flawed is something of a concern and was brought up here:
- http://bitcoin.stackexchange.com/questions/1243/can-i-force-my-wallet-to-only-have-news-keys-post-encryption
And if you'ld rather not have all your funds joined together when transferring to a new wallet, there's this method:
- http://bitcoin.stackexchange.com/questions/1272/how-can-i-transfer-all-funds-to-new-keys
My dropbox backup is wrapped in a trucrypt volume. I recommend doing the same with any sensitive information you are thinking about uploading anywhere.
Oh, I don't think I will be using dropbox anymore, for anything.I don't like people sniffing into my pants - even if they were encrypted
I have 2 PCs running 24/7, with 3 different disks at home, plus my phone accessible via ssh - this should be enough for a backup.
Screw dropbox if it screws you!
Since I encrypted my wallet with 0.4.0 I have been doing daily backups to my dropbox account, simply by coping wallet.dat to a dropbox folder.
Then after 0.5.0 was released and the security issue was announced:
Nothing had been stolen.
But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it...
And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.
So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.
This post is only to warn you - no comments necessary.
Then after 0.5.0 was released and the security issue was announced:
Quote
The wallet encryption feature introduced in Bitcoin version 0.4.0 did not sufficiently secure the private keys. An attacker who managed to get a copy of your encrypted wallet.dat file might be able to recover some or all of the unencrypted keys and steal the associated coins.
... I did what it said: generated new addresses and moved all my funds there.Nothing had been stolen.
But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it...
And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.
So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.
This post is only to warn you - no comments necessary.
My dropbox backup is wrapped in a trucrypt volume. I recommend doing the same with any sensitive information you are thinking about uploading anywhere.
Since I encrypted my wallet with 0.4.0 I have been doing daily backups to my dropbox account, simply by coping wallet.dat to a dropbox folder.
Then after 0.5.0 was released and the security issue was announced:
Nothing had been stolen.
But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it...
And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.
So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.
This post is only to warn you - no comments necessary.
Then after 0.5.0 was released and the security issue was announced:
Quote
The wallet encryption feature introduced in Bitcoin version 0.4.0 did not sufficiently secure the private keys. An attacker who managed to get a copy of your encrypted wallet.dat file might be able to recover some or all of the unencrypted keys and steal the associated coins.
... I did what it said: generated new addresses and moved all my funds there.Nothing had been stolen.
But today I was withdrawing funds from some service...
As it turned out later, I had an old withdrawal address configured in there (a one generated/encrypted by the 0.4.0).
Since the amount was insignificant I didn't bother to re-check this address - just pressed "withdraw" and went to my bitcoin client to see the unconfirmed transaction.
Imagine how surprised I was seeing not one, but two unconfirmed transactions; first one going to my wallet, the other one going from it...
And then I realized what happened:
Obviously someone (either a dropbox hacker or a dropbox employee) got my encrypted wallet.dat which I backed up there (it wasn't hard to find it since I didn't even rename it)
Then he managed to recover the private key from it.
And he obviously also has a software that is monitoring all the transactions to the stolen addresses he has and forwarding each of them immediately to his own wallet.
So be careful - with both; wallets encrypted by 0.4.0 and with Dropbox.
This post is only to warn you - no comments necessary.
Jump to: