Topic: Too many vulnerability/Hacks (Read 484 times)

Indeed, the problem is the HARDWARE itself is compromised, specially modern computers. Anything after 2008 is insanity tier levels of compromised hardware to use within Bitcoin stuff it seems. So basically, i3, i5, i7 computers as well as AMD have built in backdoors, exploits, at the hardware layer, this means that not even Gentoo Linux will save you, if you are using modern computers.

We are STUCK with old ass computers. It is unfortunate, but what can you do? The more advanced computers become, the bigger range of exploits, built-in-OS in constant communication with NSA and so on.

So to sum it up, if one wanted maximum security levels, you would need to use a pre-2008 computer, with Linux, a decent distro... that's about as good as it gets, still not perfect, but it's all we got, until we can get open source computers somehow.

Just keep your details to yourself, by doing so, u'll be able to protect yourself from hackers

a hacker needs money, perhaps because that's how much hacker's ambition to profit from it, which is why blockchain privacy should be more powerful and developed

As long as we have a peer to peer node we cant avoid the hacker to do intentionally by their own we must accept that hacking our account would be possible for them, the only good thing for us is that we have a lot of good developers always find another way so that the attackers wont find a ways to hack again and again. There's a lot of security has been implemented to avoid some of the hackers.

it depend on your account security. always use secure computers with security applications and my suggest pay money and get a hardware wallet. its more secure

Depends on what you mean by "offline"
Offline usually means airgapped : that is, never connected to the internet at all, or in a different storage medium apart from digital media eg a paper.
It's impossible to hack a piece of paper or for malware to infect it.

A hardware wallet provides a combination of both: the chip where the private key is stored is never exposed to the internet or computer so it can't be compromised, and you're expected to physically write down the seed phrase on a piece of paper.

You can't go wrong with that.

It mostly depends on your own security conception. If your computer is already compromised, your offline wallet is probably not very secure.

Is offline wallet safe?

In your opinion, any particular flavor of Linux or even Ubuntu is a better option than Windows or MacOS?  I used to have a dual boot on my older Acer laptop back in the day but haven't felt the need to on Macbook

The issue isn't with Bitcoin itself but more the nature of computing, bank accounts get hacked from the same methods as crypto

1. Key loggers on computers
2. Weak security on exchanges
3. Exchanges stealing and claiming hacks

Best thing to do is make sure you have another layer over a password, 2FA is a must when money is involved and it can be the difference between you losing money when exposed.

Well, where there is money, there is “pishing”. I don’t believe the problem is about Bitcoin, not even about the wallet. The problem is about internet security and how we move in it. For instance: a wallet itself is designed to be really secure. But if you use windows, and commonly download games, tv serials, music (whatever..) from insecure webpages… well, then probably you will be “phishing”. Any hacker will probably be able to get into your computer and just get a copy of your wallet.dat file just with a conventional malware. The point is to get those private information really really hidden and, if possible, encrypted.

Recently there was this new about how hackers has stolen crucial information from wallets by using google. Yes, google: they just bought google adds in order to get position in the search console. When a wallet use typed words like “Wallet/data…), google suggested in the first place a corrupt address, for the hackers really did a great job positioning their fake wallet address. Now, the page looked the same as the original, so the common user put all the data, as always. The problem: the user doesn’t now there is not the original webpage, this is not “blockchain”, for instance, but “blckchain”. Now, if you don’t put enought attention, you will enter all your private data, and you will be robbed, for sure.
So the system is the same to those who want to steal money (any kind of money) from users in the internet. Same thing happens everyday with bank accounts, and, since BTC is money, is happening now with BTC.

The difference? How to recover your lost BTC? Thats the hole point, I'm afraid… since there is not such a program of protection as in banks, there is much less possibilities you can get back your BTC.

Will we see more hacks? Of course yes because as we improve and expand so also the people staging the attacks are getting more smarter but all we need is to be more careful.

Can we trust wallets to protect our coins, if we don't trust them, I don't see us taking our coins the bank instead or keeping it at home we just have to trust one and be more careful about it. The future when all the wallet providers will be on their toes to ensure that its no longer purely our responsibility to be safe, as they will be held responsible for a major glitch then they will sit up and 80% of the hacks we see will be avoided or prevented.

Price raise and many new things around with many people don't even look at the security at first. Even some new exchanges and apps that are being developed are looked at the way of functionality in mind at first and not much about security. There is no 100% secure system as probability is high that you will miss something which is why AI and other systems could come handy.
Another thing if you have noticed is lately there is growing attacks on IOT devices to mine crypto currency because it is so easy to gain access to them, what I said above not many are looking at setting up somewhat good security.

We will defenetly see more attacks I see the problem is both you have lack of good software and more and more attackers. Even some people protect their coins poorly which could be another reason.

Was reading the other day some guy posted on reddit how he installed some 3rd party app on his andoid phone, which had email , 2FA and crypto exchanges apps installed and an attacker succeeded to steal some coins thankfully he haven't got access to all of the exchanges but as I said it is sometimes even fault from user point of view.

We all need to raise awareness of security, honestly I started to care much more about security after I tied something meaningless such as random string of my private key words to something valuable, something that matters to me. That is why I think on the one hand it is good since it raises awareness a bit about security and other things but more adoption also pull with itself more hackers, more breaches, more hacks such as WannaCry etc.

/thread


Blackhat hackers are finally able to turn security vulnerabilities straight into cash, without having to go through secondary markets by either selling stolen data or the exploits themselves. Questionable security has always been a problem with online businesses, it's only now that in the case of crypto people are actually aware of being hacked because money is missing. No one notices stolen data because the "original" is still there. How many corporate databases do you think got silently stolen and sold on the black market without companies noticing? IT Security is neglected most of the time. The majority of people barely give a fuck about it until they painfully learn that properly securing a server is more than just an academic excercise.

Luckily with Bitcoin itself the security aspect is an inherent property. It's a solid technology, it's just that people need to learn how to handle it properly.

Bad code: https://bitcointalksearch.org/topic/bad-code-has-lost-500m-of-cryptocurrency-in-under-a-year-2940686

The value of the bitcoin is definitely making this a lucrative opportunity for the dark community, so more attacks will follow.
The weakest link is always between the monitor and the chair 
It's people writing these programs, so that is usually the weakest link. Even banking systems are less secure than the bitcoin software, if you ask me.
The wallets are safe, the problem is with the third party services who suffer the attacks at most.

I´ll add another reason why using a different OS than Windows is a
good idea.

Malware developers obviously develop viruses and keyloggers for the OS that most
people use, because this increases the number of potential victims.
Therefore I´d estimate that 99 % of malware is targeting Windows and
simply by using an alternative OS you are decreasing the risk of running
your Bitcoin wallet on a malware-infested computer.

Besides, most Linux distributions nowadays are comparable in usability to Windows
or even have better usability. The huge advantages in terms of security make switching to
Linux (or other OS like OpenBSD) a no-brainer.

A fairly general statement, leading to speculation...
If there were possible security issues in a none-defined incident, what do you want to explain?
And one could say: Bitcoin was not attacked, the people handling bitcoins got attacked.
So some generic thoughts:

a general pattern in bitcoin is: only if you hold the private keys, you are the owner of the bitcoin (and they are secure with you).
If you loose your private key, or someone else has the private key, its a matter of trust into the person, who now holds the private keys. Similiar to your fiat-wallet. People can give it back, or they keep it for themselves.
So: only put the trading amount into your exchange, and keep the rest with your personal wallet.

Now the second approach for theft of bitcoins is the protection of your operating system. Similiar to the protection of your house. If there is nothing inside, you don't need to have high walls and an electric fence around it... This translates to:

- small funds can use an online wallet
- monthly values have a need for a full node on unixoide systems (yes, really!), and maybe already hardware wallet
- and yearly values need to be protected with cold storage and multisigs

I am not a Windows hater, I was using it all the time. But when sound drivers have key loggers, and Win10 is sending keystrokes into log files back to Microsoft, it requires a good piece of knowledge, to secure the OS at an appropriate level. By default installation this system is insecure, and a good entrance door to remote attacks. (Compare this to OpenBSD).

Then there are additional layers of security, were people fall victim:
phishing - we all know about the different approaches of phishing, and obviously this reoccurs all the time. This is a social issue, not a technical.

java script - well, this is probably one of the best, cause it brings unverified code via the internet to your local machine. If you are dealing with high valued funds, and have priv keys on your internet connected machine, and java script activated, how can you protect your system?

booking system - on many exchanges there were booking systems not adequatly protected, leading to losses

verification - I have even heard about systems, that put the verification of a transaction or a block to the clients machine

So in summary: Bitcoin per se is secure, the code is verified and reviewed, and only professionals develop it :-) On other crypto currencies one would have to evaluate first the level of security (or again: trust tht "these people" do a correct job, but then don't be surprised if funds are lost).

A good security is a trade-off: if you need to protect high values, you need to invest also higher efforst in security. You need to get away from trusting a mobile device, an operating system or the code to be secure just with their default installation. INVEST IN SECURITY!

It's really misguiding to call it "Bitcoin hacks", since the Bitcoin protocol and reference implementation were not attacked. This confusion makes a lot of people not familiar with crypto actually think that Bitcoin is being hacked. But in reallity, those hacks only reassure us that centralized & closed-source systems are inherently weak, and we should look for solutions that avoid them, like decentralized exchanges, for example. Also, storing your coins online is against the basic principles of Bitcoin - you are meant to be your own bank, and don't trust anyone but yourself.

Hackers find stealing crypto's and bitcoin as very lucrative business nowadays specially when the prices skyrocketed. And I believed that's its not just one person who is attacking, but they are group of hackers who will pinpoint certain exchanges and see how can they exploit the system.

It doesn't matter how long those guys take to attack and find the vulnerability, as long as they can execute and stole anything that they can get their hands to.

As far as wallets, the community is very active (reddit) reporting possible exploits. And devs are also active to upgrade their software such as we saw during the Electrum vulnerability.

I would say that we are going to see more bold attacks in the future. As customers, we need to be one step ahead, protect our coins at all cost.