Author

Topic: We should stop recommending Multibit on bitcoin.org, NOW (Read 3278 times)

sed
hero member
Activity: 532
Merit: 500
Yes I bailed on multibit months ago.  It is just too flawed and got tired of it losing my BTC, even though I eventually recovered it.

It happened more than once?  Are you just trolling or is this for real?
newbie
Activity: 21
Merit: 0
Yes I bailed on multibit months ago.  It is just too flawed and got tired of it losing my BTC, even though I eventually recovered it.
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
A mobile device could potentially be stolen/lost, even if the point of the theft of the device is not to steal the bitcoin they would be significant risk.

Online wallets carry their own risk that is separate from using MultiBit in this manner. More risk? I am not sure
Everything in life has a risk. Even if someone secures their bitcoins in the most effective way, they can't rule out that they might have an accident tomorrow, leaving the coins unspendable if only they know about how to retrieve them (passwords, cold storage location, etc).

The problem with online wallets is when they actually know your private keys. They could one day just decide to spend them without your consent. As far as I know, Blockchain.info encrypts the keys so that they are only known in the browser at the time the user logs in, and never by Blockchain.info themselves.
My post was about trying to minimize risk, not eliminate it.
sr. member
Activity: 317
Merit: 275
If you are storing _serious_ amounts of money then I'd suggest using an offline solution such as Armory rather than MultiBit
Why is Armory better in this case?
sed
hero member
Activity: 532
Merit: 500
I think R2D221 is right - it's about knowing the risks of the different wallet solutions.

For example, desktop wallets can all be compromised by malware and a key logger (which is why we want to support Trezor in MBHD as that's a tougher target for attackers to compromise).

If you are storing _serious_ amounts of money then I'd suggest using an offline solution such as Armory rather than MultiBit and having a dedicated computer with the offline data that is ONLY used for that.


Well if I had "serious" amounts of money, I wouldn't want to trust my keys to potential hardware failure.  So I have a printout of my keys which I can then use to import to any wallet I feel like using.

I really feel like this is the most "secure" solution.  Having a couple of hard-copies of your keys means they're safe from online theives, and let's be honest, even if you had a problem with burglary, it's unlikely that the burglers are going to recognize the value of a bitcoin private key even if they do run across the paper, they are looking for other types of stuff.
legendary
Activity: 1708
Merit: 1066
I think R2D221 is right - it's about knowing the risks of the different wallet solutions.

For example, desktop wallets can all be compromised by malware and a key logger (which is why we want to support Trezor in MBHD as that's a tougher target for attackers to compromise).

If you are storing _serious_ amounts of money then I'd suggest using an offline solution such as Armory rather than MultiBit and having a dedicated computer with the offline data that is ONLY used for that.




hero member
Activity: 658
Merit: 500
A mobile device could potentially be stolen/lost, even if the point of the theft of the device is not to steal the bitcoin they would be significant risk.

Online wallets carry their own risk that is separate from using MultiBit in this manner. More risk? I am not sure
Everything in life has a risk. Even if someone secures their bitcoins in the most effective way, they can't rule out that they might have an accident tomorrow, leaving the coins unspendable if only they know about how to retrieve them (passwords, cold storage location, etc).

The problem with online wallets is when they actually know your private keys. They could one day just decide to spend them without your consent. As far as I know, Blockchain.info encrypts the keys so that they are only known in the browser at the time the user logs in, and never by Blockchain.info themselves.
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
What about a person who actually needs to potentially spend his bitcoin from two (or more computers) but has no real way of knowing in advance when they would need this.
As much as all of us would like to use our MultiBit as much as possible, I guess I'd suggest this situation might better be handled by a secure online wallet -- which would hold whatever balance was needed in both or all locations.  Or, one could carry his/her single MultiBit wallet on a portable device to carry with them.

A mobile device could potentially be stolen/lost, even if the point of the theft of the device is not to steal the bitcoin they would be significant risk.

Online wallets carry their own risk that is separate from using MultiBit in this manner. More risk? I am not sure
sr. member
Activity: 270
Merit: 250
What's the precarious part?  I don't fully understand.

I have my wallet in an encrypted text file that i have on a flash stick.  I also have that file decrypted and printed on paper as a back up.  So, I can decrypt the wallet file and then import it.  Anyway, as far as i can tell, even if the import goes wrong on a particular wallet software, I can just try again with better software or double check the installation or something.  I'm sure there's something I'm missing.
From the dictionary: Precarious..
a :  dependent on chance circumstances, unknown conditions, or uncertain developments
b :  characterized by a lack of security or stability that threatens with danger

You might be fine, sed -- though that decrypted paper backup is a point of risk. You're possibly having to back it up often [at least every time to add coin to the wallet], and juggling/keeping track of/disposing of decrypted paper files introduces some real risk in the equation.

But again.. just stating an opinion here.. I think most users would be better served sending coins from one wallet to another via the blockchain, rather than doing the export/import of keys procedure for coin transfers.
sr. member
Activity: 270
Merit: 250
What about a person who actually needs to potentially spend his bitcoin from two (or more computers) but has no real way of knowing in advance when they would need this.
As much as all of us would like to use our MultiBit as much as possible, I guess I'd suggest this situation might better be handled by a secure online wallet -- which would hold whatever balance was needed in both or all locations.  Or, one could carry his/her single MultiBit wallet on a portable device to carry with them.
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
IMHO, passing keys around from an installation on one computer to another, or one wallet to another, is always more precarious than sending coins from one wallet to another via the blockchain. I would never import a key except for disaster recovery. It's too inexpensive to send balances over the blockchain, and much less fraught with potential problems. A little paid in transaction fees goes a long way toward peace of mind.

What about a person who actually needs to potentially spend his bitcoin from two (or more computers) but has no real way of knowing in advance when they would need this.

An example of this would be someone who owns a small business and could have to send coins from home or from the office at any given time. It would be cheap to send coins from one address to another one time but this cost would add up if this had to be repeated every day 2 (or more times per day). 
sed
hero member
Activity: 532
Merit: 500
IMHO, passing keys around from an installation on one computer to another, or one wallet to another, is always more precarious than sending coins from one wallet to another via the blockchain. I would never import a key except for disaster recovery. It's too inexpensive to send balances over the blockchain, and much less fraught with potential problems. A little paid in transaction fees goes a long way toward peace of mind.

What's the precarious part?  I don't fully understand.

I have my wallet in an encrypted text file that i have on a flash stick.  I also have that file decrypted and printed on paper as a back up.  So, I can decrypt the wallet file and then import it.  Anyway, as far as i can tell, even if the import goes wrong on a particular wallet software, I can just try again with better software or double check the installation or something.  I'm sure there's something I'm missing.
sr. member
Activity: 270
Merit: 250
IMHO, passing keys around from an installation on one computer to another, or one wallet to another, is always more precarious than sending coins from one wallet to another via the blockchain. I would never import a key except for disaster recovery. It's too inexpensive to send balances over the blockchain, and much less fraught with potential problems. A little paid in transaction fees goes a long way toward peace of mind.
sed
hero member
Activity: 532
Merit: 500
The bug was related to incorrectly importing Blockchain.info keys. If you have never imported anything then you have nothing to worry about. Also, it was fixed in the latest release.

I see, well I do often import my keys.  That is, from time to time I install multibit or another wallet on a computer and import my keys to do transactions.  I'm going to be sure to update my multibit before I use any old installs.  Also, looking through that reddit, i wondered if it was because the op created like 500keypairs before using them, maybe filling some presized array, idk.
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
I've definitely used multibit quite a bit without issue.  I also have my keys printed out and stored in a safe place.  I need to look through that reddit, but what's not clear to me is:

1) is the bug something that 'eats your coin' as in sends it so some null address or something?  or does it just corrupt your wallet, etc?  If the latter, I'm not so worried since I have backups of all the  keys.

2) is this resolved?  If it is, can OP modify the thread name, it's kinda alarmist to leave it up if there's not a current issue anymore.

According to the release notes the issue has been resolved.
hero member
Activity: 658
Merit: 500
The bug was related to incorrectly importing Blockchain.info keys. If you have never imported anything then you have nothing to worry about. Also, it was fixed in the latest release.
sed
hero member
Activity: 532
Merit: 500
I've definitely used multibit quite a bit without issue.  I also have my keys printed out and stored in a safe place.  I need to look through that reddit, but what's not clear to me is:

1) is the bug something that 'eats your coin' as in sends it so some null address or something?  or does it just corrupt your wallet, etc?  If the latter, I'm not so worried since I have backups of all the  keys.

2) is this resolved?  If it is, can OP modify the thread name, it's kinda alarmist to leave it up if there's not a current issue anymore.
hero member
Activity: 672
Merit: 500
Because this is a 2 months' old thread and may be the bug was fixed. Besides, the bug doesn't happen all the time.
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
Had 2 wallets in Multibit, sent coins from the 1st to the 2nd.

Now half of the coins have disappeared.

And I can tell its gonna be a nightmare to get help from the dev.

Back to Electrum, after a 7k loss Sad
Could you post some kind of supporting evidence?

I have transferred coins within a wallet on Multibit before, it looked weird on the transaction history but did not have any issues with the change address.
legendary
Activity: 2268
Merit: 1278
Had 2 wallets in Multibit, sent coins from the 1st to the 2nd.

Now half of the coins have disappeared.

And I can tell its gonna be a nightmare to get help from the dev.

Back to Electrum, after a 7k loss Sad
Could you post some kind of supporting evidence?
sr. member
Activity: 270
Merit: 250
WOW! This is real old stuff! Old stories. Old complaints. Aired here and on reddit time and time again. And all resolved by the Multibit team to the satisfaction of thousands and thousands of users. It's unfortunate stuff like this happens. But it happens with Multibit, happens with Coinbase, happens with Electrum, happens with Blockchain, happens with every wallet service. It's unfortunate; but FUD really doesn't help, folks. The venting is often misguided and always toxic. If you have problems, just state them fully and carefully here, and you'll find plenty of voices willing to walk you through them, if possible.
newbie
Activity: 1
Merit: 0
Had 2 wallets in Multibit, sent coins from the 1st to the 2nd.

Now half of the coins have disappeared.

And I can tell its gonna be a nightmare to get help from the dev.

Back to Electrum, after a 7k loss Sad
legendary
Activity: 1498
Merit: 1000
I agree Jim should have been more helpful. I am pretty sure as the move to MultibitHD they said they would support some major bug fixes to the classic version, this sounds like a rare but major bug. I think jim should be more hopefully and honestly if you need to do something, you can put the code down for three days and get some lights for your house come on we aren't north korea.

I would have multi-bit removed from the bitcoin.org page. Also as Java developer I didn't see any code for multi-bit HD I would gladly help them if they are that stressed out. I don't have much free time but I know bitcoinj very well.
hero member
Activity: 672
Merit: 500
I just read the thread on reddit. i had no idea Multibit had such a bug  Shocked

i tried Multibit at one time and didn't like the layout, so went with Electrum. Is the bug fixed in the latest release or is the dev still working on it?
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
I support op's motion as I had trouble with MB that no noob should go through, too.
legendary
Activity: 981
Merit: 1005
No maps for these territories
Thank you for posting this, I'm moving to Electrum.

Maybe ypu can briefly explain what NOT TO DO if you are using Multibit to prevent other users losses.
full member
Activity: 209
Merit: 148
The coin-eating bug discussed on reddit today, and perhaps even more so, the dev's negligent and downright silly response towards it has been appalling.  IMHO security of funds and private keys should be the top priority of any wallet software.  The prominent link to multibit from bitcoin.org puts users at risk and should be discontinued immediately, at least until this is resolved.  

Discussion of the infamous bug:
http://www.reddit.com/r/Bitcoin/comments/22gt4r/major_mulitibit_bug_btc_gone_it_cost_me_all_of_my/
Jump to: