Bitcoin: trouble in paradise

Re: I just got hacked - any help is welcome!

Ars Technica reports that a long time Bitcoin miner says his system was compromised and Bitcoins were stolen.  I guess following the hype and valuation jump some kind of subterfuge was to be expected.

From Ars:

“The user known as “allinvain” is a long-time contributor to the Bitcoin forums. He says he’s been mining Bitcoins for over a year, and had amassed a fortune of 25,000 BTC. This was a modest sum a few months ago, when Bitcoins were worth pennies, but over the last two months the value of a Bitcoin skyrocketed to around $20, which means 25,000 BTC would have been worth half a million dollars. “I remember watching the price like a hawk,” he wrote.

And then disaster struck. “I just woke up to see a very large chunk of my bitcoin balance gone,” he wrote.

Like good journalists, Ars followed up with Gavin Andresen:

“Ars Technica talked to Gavin Andresen, the leader of the Bitcoin software project, about the incident. Andresen said that it would be difficult to confirm the authenticity of the report. “All Bitcoin transactions are broadcast on the network,” he said. “So if someone wanted to claim they lost a bunch of bitcoins, they could claim that any transaction on the network belonged to them.”

Still, the kind of attack described in the post is certainly possible. Andresen says he always emphasizes that Bitcoin is an experiment, and not (yet) for the faint of heart. “Unfortunately, this is an expensive test case for the guy who lost the Bitcoins,” he said.”

Ouch, not exactly the kind of confidence inspiring message from a project lead.

In the comments on the Ars post many people said, well its only monopoly money anyway.  While I agree with that I still hold out some hope that a digital currency will raise above the geekmark and present a real solution.

In the forum post by the miner he states:

“You’re right this can only be blamed on me. I am the flaw with bitcoin, but let’s be honest the wallet should be encrypted. The developers should’ve put a very very high priority on this the moment bitcoin went over $1. They knew that this was bound to happen and someone is going to get hurt and if they taken preventative measures early this could’ve never happened. Now that’s one side of the coin, the other side is that I’m an idiot for keeping a wallet.dat file with so much  money on my day to day machine – especially one running windows.

I’d at least like to know who took them or find out how.”

Not that it makes it any better.  The forum goes on for another 20 or so pages… towards the end another miner suggests a better set up:

“First, I personally would never run “Bitcoin safe” with 25k Bitcoins on a Windows computer. Too big a security risk.

Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security. A virtual machine with Linux on truecrypt-encrypted hard drive with Bitcoin installed should be enough – it will make life much harder for any keyloggers & hackers to infiltrate it.

With computers it is quite easy to do virtually infinately complex system of safes to store your Bitcoins. You can create a virtual “room of mirrors” using VM in Truecrypt in VM in VM in Truecrypt in VM in Truecrypt and such.

Such an installation could look like this:
Truecrypt(VirtualBox(VirtualBox(Truecrypt(VirtualBox(Truecrypt(Your Bitcoins))))))

You can store some Bitcoins on every layer of this onion, but you should only store large sums on the last layer.”

About Daniel Davenport

Daniel is a digital media executive with internet and broadcast experience. Daniel is currently the executive strategy director at THINK Interactive.

Trackbacks/Pingbacks

  1. Chad Pankewitz: Ruxum, Bitcoin and Namecoin | thinkd2c - July 19, 2011

    […] Bitcoin had some issues.  The main trading platform MT Gox went down, people got accounts hacked and the general instability of Bitcoin valuations cause many people to wonder if it was done before […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: