Tips so you don't get your coins stolen.

DrG

legendary

Activity: 2086

Merit: 1035

Quote from: notlist3d on July 21, 2014, 11:10:08 PM

Quote from: Shogen on July 21, 2014, 08:29:05 AM

Quote from: obocaman on July 21, 2014, 08:07:26 AM

Would you trust storing it into the cloud or in some email provider like gmai?

Definitely not, unless you have encrypted the file with good strong password.

I would not trust any cloud. Use cold storage for it. Any online use 2factor.

Some offer SMS/google authenticator which add another level. Also use decent passwords, and DO NOT use the same passwords. If you use different passwords for different places chances are less of worst case scenario.

If you use a deterministic wallet you don't need to store the keys anywhere as long as you can reseed the wallet. In the case of Armory, for example, you can make an M of N wallet where you would need M of N pieces to restore the wallet. You can make it so you need 3 out of 8 pieces and scatter the 8 pieces around the world - most people can't break into 3 locations to get your coins. You can even put one of the 8 pieces on the cloud - it would be meaningless for anybody unless they were hellbent on targeting just you. So cloud/online can be safe as long as it's not able to recreate a wallet in its entirety.

I can't see a justifiable reason for spreading out your coins into multiple wallets unless you're so well off you don't want people to know you have 10K coins, and in that case you can have your Butler do it Cheesy

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: Shogen on July 21, 2014, 08:29:05 AM

Quote from: obocaman on July 21, 2014, 08:07:26 AM

Would you trust storing it into the cloud or in some email provider like gmai?

Definitely not, unless you have encrypted the file with good strong password.

I would not trust any cloud. Use cold storage for it. Any online use 2factor.

Some offer SMS/google authenticator which add another level. Also use decent passwords, and DO NOT use the same passwords. If you use different passwords for different places chances are less of worst case scenario.

williamj2543

hero member

Activity: 588

Merit: 500

Get ready for PrimeDice Sig Campaign!

Quote from: bitkilo on July 21, 2014, 07:24:57 PM

Quote from: ArbatDeli on July 21, 2014, 01:12:52 AM

Most important thing is not visiting suspicious sites/downloading suspicious files.

What would u call a suspicious site?

Just be careful. Anything seeming too good to be true probably is not legitimate, and don't click the green download buttons. Ever.

bitkilo

legendary

Activity: 1638

Merit: 1010

https://www.bitcoin.com/

Quote from: ArbatDeli on July 21, 2014, 01:12:52 AM

Most important thing is not visiting suspicious sites/downloading suspicious files.

What would u call a suspicious site?

monbux

legendary

Activity: 1736

Merit: 1029

Quote from: williamj2543 on July 21, 2014, 06:48:22 PM

I would probably use xapo.com. Their vault is fully insured and I don't have to worry about encryption and losing paper wallets and stuff like that.

IMO the log out time is way too messed up, for some random reason I always log out lol. And now I can't log back it, whenever I enter my username and PIN, it just clears and refreshes the page :-/

williamj2543

hero member

Activity: 588

Merit: 500

Get ready for PrimeDice Sig Campaign!

I would probably use xapo.com. Their vault is fully insured and I don't have to worry about encryption and losing paper wallets and stuff like that.

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: ReRunRod on July 21, 2014, 10:53:29 AM

Quote from: Remember remember the 5th of November on July 21, 2014, 10:41:32 AM

Quote from: ReRunRod on July 21, 2014, 10:39:28 AM

I keep my coins in my android wallet and back everything up! Wink

Your android phone is much more vulnerable than you think. There are many apps out there that are malicious and can potentially steal your coins.

Understood on that account. I develop for Android. I remove all coding that has to do with location and data storing. I only have a total of 10 apps that I install nothing more. Phone is rooted and running a program called "Logging Remover" made by Trev-E @ xda developers. Linux is much harder to crack than windows

http://www.xda-developers.com/android/carrier-iq-sues-treve/
http://www.xda-developers.com/android/logging-test-by-treve-sassibob-review/

Here is somebody that had his Android phone compromised https://bitcointalksearch.org/topic/m.7960933

Also, Linux is not inherently harder to crack, it's just that hackers have not shifted focus on it.

ReRunRod

full member

Activity: 168

Merit: 100

Quote from: Remember remember the 5th of November on July 21, 2014, 10:41:32 AM

Quote from: ReRunRod on July 21, 2014, 10:39:28 AM

I keep my coins in my android wallet and back everything up! Wink

Your android phone is much more vulnerable than you think. There are many apps out there that are malicious and can potentially steal your coins.

Understood on that account. I develop for Android. I remove all coding that has to do with location and data storing. I only have a total of 10 apps that I install nothing more. Phone is rooted and running a program called "Logging Remover" made by Trev-E @ xda developers. Linux is much harder to crack than windows

http://www.xda-developers.com/android/carrier-iq-sues-treve/
http://www.xda-developers.com/android/logging-test-by-treve-sassibob-review/

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: ReRunRod on July 21, 2014, 10:39:28 AM

I keep my coins in my android wallet and back everything up! Wink

Your android phone is much more vulnerable than you think. There are many apps out there that are malicious and can potentially steal your coins.

ReRunRod

full member

Activity: 168

Merit: 100

I keep my coins in my android wallet and back everything up! Wink

whiteflight31

newbie

Activity: 28

Merit: 0

Quote from: Remember remember the 5th of November on July 21, 2014, 10:26:06 AM

Quote from: resya on July 21, 2014, 01:35:20 AM

Quote from: Remember remember the 5th of November on July 20, 2014, 06:52:20 PM

1.Disable Flash on everything but youtube(or anything you deem safe)
2. Disable or delete Java.
3. Don't download cracked programs OR download only those older than 2012 or older.
4. Don't store your wallet on Dropbox.

Follow above steps, and you don't even need to run an anti-virus, which is btw, recommended. You can thank me when your 1btc you kept safe is worth $100k.

5. Encrypt your wallet with a strong password, 10 - 15 chars in length with random characters. Do not store your wallet and password in the same storage
6. Install no-script addon to protect our computer from malicious scripts when visiting untrusted site

Encrypting the wallet does nothing if you install a keylogger. I will let you on a secret. These 3 years, I've never encrypted my wallet, don't even have an anti-virus but my computer is squeaky clean. I just follow those three steps above.
I've also gained the skill of reverse engineering allowing me to peek into the assembly of potentially malicious exes before I run them. I've also thought of implementing custom software to specifically protect from suspicious programs reading wallet.dat or installing keyloggers.

This software would be nice, I don't think there's a program like this on the market / on the web.

Remember remember the 5th of November

legendary

Activity: 1862

Merit: 1011

Reverse engineer from time to time

Quote from: resya on July 21, 2014, 01:35:20 AM

Quote from: Remember remember the 5th of November on July 20, 2014, 06:52:20 PM

1.Disable Flash on everything but youtube(or anything you deem safe)
2. Disable or delete Java.
3. Don't download cracked programs OR download only those older than 2012 or older.
4. Don't store your wallet on Dropbox.

Follow above steps, and you don't even need to run an anti-virus, which is btw, recommended. You can thank me when your 1btc you kept safe is worth $100k.

5. Encrypt your wallet with a strong password, 10 - 15 chars in length with random characters. Do not store your wallet and password in the same storage
6. Install no-script addon to protect our computer from malicious scripts when visiting untrusted site

Encrypting the wallet does nothing if you install a keylogger. I will let you on a secret. These 3 years, I've never encrypted my wallet, don't even have an anti-virus but my computer is squeaky clean. I just follow those three steps above.
I've also gained the skill of reverse engineering allowing me to peek into the assembly of potentially malicious exes before I run them. I've also thought of implementing custom software to specifically protect from suspicious programs reading wallet.dat or installing keyloggers.

Shogen

legendary

Activity: 966

Merit: 1001

Quote from: obocaman on July 21, 2014, 08:07:26 AM

Would you trust storing it into the cloud or in some email provider like gmai?

Definitely not, unless you have encrypted the file with good strong password.

Baitty

hero member

Activity: 532

Merit: 500

Currently held as collateral by monbux

Quote from: Remember remember the 5th of November on July 20, 2014, 06:52:20 PM

1.Disable Flash on everything but youtube(or anything you deem safe)
2. Disable or delete Java.
3. Don't download cracked programs OR download only those older than 2012 or older.
4. Don't store your wallet on Dropbox.

Follow above steps, and you don't even need to run an anti-virus, which is btw, recommended. You can thank me when your 1btc you kept safe is worth $100k.

Basic steps but something which not a lot of people listen too.

obocaman

member

Activity: 70

Merit: 10

Would you trust storing it into the cloud or in some email provider like gmai?

Kprawn

legendary

Activity: 1904

Merit: 1074

Quote from: obocaman on July 21, 2014, 07:27:59 AM

Quote from: Kprawn on July 21, 2014, 07:17:04 AM

Best bet, Create Paper wallets on a computer not connected to the internet. {Even a old computer, when you upgrade} But it must never be connected to the internet again.

Then create loads of "dummy" wallets. {These are used for confusion and frustration and to serve as honey traps}

Dump all coins not being used on a daily basis into Paper wallets {Spread them across many wallets} So if you need to import coins, you would not need to import everything you have.

Only put coins online, for small DAILY transactions. {Paying for cofee etc.}

This just lower your risk, too loose massive amounts at any given time. {Example : Klee Hack} Keep some "dummy" wallets around the house too. {If they get "picked" up, you know someone is trying to steal from you}

Cover your WEBCAM! / Use AV / Firewalls / ToR / 2FA etc.. etc.

I do all this and more for VERY little satoshi's, but you need to do more than this if you have loads of coins. {If someone hacked me, he would have been better off working for a day at Mc Donalds}

But that seem very inconvenient. If bitcoin goes mainstream, will people do this? how many coins will be lost forever if they lose their wallets? Huh

If you have a lot of coins and it's distributed and stored at different locations, you would not loose a lot, if say your house burned down. Why would you keep them all together?
You could even have "backup" copies stored at different locations. {Bank safe deposit box / Friends house etc.} Just keep the private key, seperate from the Public key, assosiated with it, if you store it
at a friends house or parents. Wink

And write some sort of code on both, only you know, to identify what joins the 2 together.

And laminate the paper wallets. {Very important} To keep it safe from water damage or insects.

obocaman

member

Activity: 70

Merit: 10

Quote from: Kprawn on July 21, 2014, 07:17:04 AM

Best bet, Create Paper wallets on a computer not connected to the internet. {Even a old computer, when you upgrade} But it must never be connected to the internet again.

Then create loads of "dummy" wallets. {These are used for confusion and frustration and to serve as honey traps}

Dump all coins not being used on a daily basis into Paper wallets {Spread them across many wallets} So if you need to import coins, you would not need to import everything you have.

Only put coins online, for small DAILY transactions. {Paying for cofee etc.}

This just lower your risk, too loose massive amounts at any given time. {Example : Klee Hack} Keep some "dummy" wallets around the house too. {If they get "picked" up, you know someone is trying to steal from you}

Cover your WEBCAM! / Use AV / Firewalls / ToR / 2FA etc.. etc.

I do all this and more for VERY little satoshi's, but you need to do more than this if you have loads of coins. {If someone hacked me, he would have been better off working for a day at Mc Donalds}

But that seem very inconvenient. If bitcoin goes mainstream, will people do this? how many coins will be lost forever if they lose their wallets? Huh

Kprawn

legendary

Activity: 1904

Merit: 1074

Best bet, Create Paper wallets on a computer not connected to the internet. {Even a old computer, when you upgrade} But it must never be connected to the internet again.

Then create loads of "dummy" wallets. {These are used for confusion and frustration and to serve as honey traps}

Dump all coins not being used on a daily basis into Paper wallets {Spread them across many wallets} So if you need to import coins, you would not need to import everything you have.

Only put coins online, for small DAILY transactions. {Paying for cofee etc.}

This just lower your risk, too loose massive amounts at any given time. {Example : Klee Hack} Keep some "dummy" wallets around the house too. {If they get "picked" up, you know someone is trying to steal from you}

Cover your WEBCAM! / Use AV / Firewalls / ToR / 2FA etc.. etc.

I do all this and more for VERY little satoshi's, but you need to do more than this if you have loads of coins. {If someone hacked me, he would have been better off working for a day at Mc Donalds}

obocaman

member

Activity: 70

Merit: 10

Quote from: Yuki1988 on July 21, 2014, 03:13:45 AM

Quote from: resya on July 21, 2014, 01:35:20 AM

Quote from: Remember remember the 5th of November on July 20, 2014, 06:52:20 PM

1.Disable Flash on everything but youtube(or anything you deem safe)
2. Disable or delete Java.
3. Don't download cracked programs OR download only those older than 2012 or older.
4. Don't store your wallet on Dropbox.

Follow above steps, and you don't even need to run an anti-virus, which is btw, recommended. You can thank me when your 1btc you kept safe is worth $100k.

5. Encrypt your wallet with a strong password, 10 - 15 chars in length with random characters. Do not store your wallet and password in the same storage
6. Install no-script addon to protect our computer from malicious scripts when visiting untrusted site

1. Checked, flashblock installed.
2. Checked.
3. Checked.
4. I used truecrypt to first encrypt my wallet file before putting it on dropbox.
5. Checked. Plus, my entire HDD is encrypted with truecrypt.
6. Checked.

Grin

Is truecrypt still safe? the website says its not :S

obocaman

member

Activity: 70

Merit: 10

When do you think 1btc will go to 100k? Huh

Topic: Tips so you don't get your coins stolen. (Read 1828 times)