Topic: The bitomat exchange lost their wallet - selling exchange for 17,000 BTC!! (Read 9382 times)

I can understand (well, I can't really, but I can pretend to understand) not quite understanding how Amazon's instances work. What I can't even begin to understand is having all the coins in one wallet and not having backups of the wallet spread across multiple places. What kind of fucking businesses are these?

I hope that they get their asses sued off in court and all the users recover their money.

I did a translate on the page and they indeed say they are back up.  They are back up with everyone having ZERO BTC.  No accounts I assume as well.  Like a clean slate.   Would you trust them or mybitcoin.com if they came back up?

I was wondering exactly this. How is it operating if it was destroyed?

Just for my understanding: Bitomat is still operating as we speak, correct?

+1

True. Is there a list anywhere that people could add to?

Any person in their right mind wanting to spend 17,000 BTC to buy the third largest exchange's name should put some of that 17,000 BTC towards the construction of a new exchange and have some btc left over after the exchange is complete.

I don't believe this .

It's actually quite easy to create a complex password that you can remember - just string together a set of other passwords (from facebook, gmail etc) , your mothers maiden name, the year Henry VIII died followed by 6 $ signs and your Autie's name spelt backwards. The important thing is not to type them in. Copy and paste them from a large text document with random letters and symbols (so to avoid key loggers).
Also if you create a large wallet file by creating thousands of addresses it will be less likely that is can be stolen, if you just open it quickly to make a transaction (depending on your upload bandwidth) and then delete it

I like (and use) the above technique.  A couple of other suggestions if I may.  These are simply my own personal thoughts on things and I encourage people to think about things and roll their own...avoiding a monoculture is a good thing in my opinion.

--

When encrypting a wallet.dat, do NOT use a password you can remember (unless you are really good at this stuff) and for the love of God, don't forget your password(s).  That means keeping it/them written down in a secure place or several.

If someone is trying to break into an on-line account, there are a limited number of attempts they can try.  If someone has the encrypted wallet.dat file in their possession, they can try at a much higher rate, and with software akin to mining rigs.  So the password should be much better.

(If someone has a password hash from a dump stolen from some web site's database, they can use rainbow tables and other tricks to try to obtain the password.  That is a different beast.)

--

I also suggest re-naming the encrypted wallet.dat to reflect info about it.  e.g., 'wallet.dat__sav-2_20_20110802.enc-1'.  I can see at a glance that this is my second savings wallet, it contains 20 BTC, it was created today, and it uses my '1' encryption scheme.

It sorts nicely with my other savings wallets as well.  I personally keep an active working wallet with spending money and don't bother to back it up at all.  My savings wallets are in cold storage.

On mistake I made was forgetting to properly document the addresses of each savings wallet (so I could check the balances on blockexplorer and make sure all was as expected over time.)  Had to open a bunch of them back up to get it.

--

I also suggest if one is puttering around with command line tools, be most careful indeed to not overwrite or prematurely throw away a wallet.dat, and to double check that the end result can be turned back into a functional wallet.dat file when a technique is decided upon (and documented.)

Most people will want to use a canned tool for such an operation.  Fine, but be careful about where the tool came from and be advised that attackers will know exactly how it works and how to exploit whatever weaknesses it has even if the tool is perfectly legitimate.

--

Lastly, I suggest that deleting a file off a hard drive, pen drive, etc, is not as definitive as a lot of people think.  There could be a whole lot of 'deleted' wallet.dat files to be found if one's HDD is stolen and if the person who is looking is proficient.  There are programs which can securely and reliably nuke a file.  Depending on your risk profile, keep this in mind.

Is it so hard to make a client that show me the total amount of address in a wallet? And that let me add new address to it? Why i have to mess with text files? Do they think i'm using windows 3.1?

I've just created a wallet with 20000 addresses to see what happened (creating a Bitcoin.conf file - copy and pasting from here: https://en.bitcoin.it/wiki/Running_Bitcoin and changing keypool to 20000). It took about half an hour on my computer to create the addresses with a final 14MB Wallet.dat file (about 2.4MB in an encrypted zip).
I think the default 100 addresses is too small and will lead to people losing bitcoins (especially newbies who don't understand that the wallet is actually a set of keys). Any computer can handle a 14MB file - I'm tempted to try it overnight and create 200000 addresses. I doubt I'll ever use that many addresses in my life, and it would still only be an 160mb file.

Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

A big +1 to this. All this recent nonsense is horrible for adoption.

How I can instruct bitcoin client to not generate new addresses, but use existing ones? This is what I really do not like about it - not being able to tell when client used new address for change or reused already genereated one.

The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

True Bitcoin hackers create a small, GPG-encrypted wallet and back it up by embedding it in the block chain itself, globally replicated around the world 

How could they not even have an old backup copy of their wallet? Even if it was missing some addresses they could get some of their money back. (and why not just create a lifetimes worth of addresses in the wallet and backup that first).
You don't ever need to make more than one backup of a wallet if you have prepared it with enough potential addresses.

 I can provide backup of your wallet on 3 different dedicated server, hosted in 3 different datacenters ( wether you are an individual or an exchange ) .
 For trust concerns you can check my gpg Wot and my otc ratings

 more on my bitcoin services :
http://bitcointalk.org/?topic=1687.0

Any sane person would have created an offline backup. So I'm with you, I think it's just an excuse to say that they don't have the BTC.

I sure am glad I learned my lesson after the mt. gox hack and kept my btc offline and in my possession.