This is exactly why Bitcoin will never take off outside of the geek world. Can you imagine, in a world where millions used Bitcoin, the media fallout if users were being robbed with zero way to reclaim their money?
Knowing how little "regular" people protect their devices, this scares me.
Here's some ways to fix this and why it won't be a problem:
- Add encryption of the wallet and a password to the Bitcoin client and daemon.
This is already being worked on and there is working prototype. It should be in the mainstream client very soon.
Wallet Private Key Encryption: http://forum.bitcoin.org/index.php?topic=8728.0
- Start trusted centralized institutions that hold your Bitcoins and protect them (maybe even give you a bit of interest growth).
There are already numerous online eWallets that you can use—if you choose to keep your cash on your person then it's your decision and you should acknowledge the risks.
List of eWallets: https://en.bitcoin.it/wiki/Category:EWallets
Wallet encryption isn't any help against keyloggers and other local malware that can observe your use of the wallet. And wallet encryption simple enough for average folks — a short passphrase of their own choosing - is easy for digital pickpockets to crack.
Since Bitcoin miners have awesome GPUs, malware could use the victim's own GPU to crack their wallet. (And then go back to mining... for the malware owner.)
I have to imagine it's a lot easier to write a program that looks for a wallet.dat on my machine and mails it somewhere than it is to follow my steps into my bank account and transfer money.
It's the difference between having cash stolen from under your mattress and someone stealing your credit card.
I had someone make a fake debit card matching my account number. It didn't have my PIN, the number on the back, or my name on it, but it had my 16 digit number. That is something you can just create randomly, from the perspective of the customer there is absolutely nothing you can do to protect yourself from that. I guess they generate a bunch and test them somehow, but since the thief had a card that matched an account, he went out and tried about 9 stores in an hour. He was able to buy about $1200 in merchandise from 2 stores, the rest either rejected him or by that point the bank had declined my account.
The bank called me and told me all of this within 20 minutes of it happening. I saw the money debited from my account, my bank balance was lower, etc. They sent me 2 forms to sign saying it wasn't me, and within 24 hours the money was back in my account. Since then the bank has dealt with the merchants who took the fake card, filed a fraud report, etc. I spent less than 20 minutes dealing with this overall, it was not a big deal for me.
Contrast that with someone stealing $1200 from my safe or $1200 of my bitcoins. I'm just screwed then. I have no recourse, no one dealing with this stuff for me, etc.
While keeping your login information secure is a good thing, ultimately the banks are the ones keeping things secure. They have plenty of intelligent systems that know your typical buying habits, and you are quickly red flagged when some unusual purchases happen.
I know that transferring money out of my bank accounts over the internet at my bank REQUIRES a phone call and a piece of paper the first time. After that, sure, you can transfer instantly. But if someone installs a keylogger on my machine and transfer all the money from my checking account to my savings account or my investments, I don't really care. I'll just transfer it back. He will not be able to transfer it to his own bank account very easily, not unless he breaks the banks system. And as shown by the debit card incidident, when the bank's security fails the customer is not liable.
Well said! The ability to handle fraud in this manner has a big picture effect as well.
Banks are powerful. They can do things that you and I can't. If a bank transfers money as part of a fraudulent transfer, it can reverse that transfer electronically. This reversal traverses the banking system all the way back to the entity that accepted the payment.
This system diffuses the impact of fraudulent transfers and places the ultimate responsibility on those accepting payment, rather than those holding currency. I know that sounds harsh, but the person accepting the payment probably has the best chance of detecting a fraud. Without this check & balance, there's very little incentive for merchants to verify the validity of the funds being used.
What about your passwords to your real-life bank accounts?
Your bank has ways to make that more secure. If someone logs into your account from a strange IP (e.g. different country from the bank and customer), if someone tries to transfer money online, you might need to enter another password (which they might not have), or it might be based on a fob that generates a code. If you do manage to transfer money to your account, they can now follow the money to find out where you are and arrest you.
BitCoin stealing doesn't have any of these drawbacks, so is probably a much more tempting target.
If I might ask, and I'd be happy to take this discussion elsewhere... but why? For that much money and the risk associated, surely as an investment vehicle?
Bank accounts usually limit online transfer destinations and amounts. So password secrecy is not the sole defense, and even total ownership of an accountholder's computer is not quite 'game over' for their balances, as it is with a bitcoin wallet.
You can't really do interest with BitCoins, since it's a fixed amount. Deflation is built in, so in way just holding the BTC will make them 'grow' in value.
Bitcoins are a digital currency without a bank. If you kept all your money in cash at your house, and failed to secure your house, then someone could steal it. Sure, you could try to catch them based on the evidence they leave behind (fingerprints for cash, logfiles for bitcoin wallets), but once they have the cash, it's nearly untraceable.
But if you have banks that store Bitcoins for you, then you're trusting their security processes, not your own. We don't have Bitcoin banks yet. For BC users, maybe that's worth looking into.
I've read this real-life money / storing all your money at your house analogy a few times related to BitCoin. It seems disingenuous. There are just too many physical things that separate the dangers of BitCoin and hoarding money somewhere in your house.
- I don't have to worry about 6,500,000,000 people having access to my house. At most, there is a market of around a million or so who would live in close enough proximately to me.
- I don't have thousands of people across the world tapping on my windows to find out how easy they are to break into.
- I'd trust the chances of a local thief being caught more than a hacker across the globe stealing BitCoins being caught.
I could go on and on.
Right now, the BitCoin landscape is like the Wild West, probably even worse. Systems simply aren't in place to really protect people, and you have the potential to steal from anyone in the entire world.
In real currencies, we have systems in place to protect holders. In the U.S. we have the FDIC, which insures bank accounts up to a certain amount. This insurance incentives people to keep their money in banks instead of the house because it's safe (both physically safe from theft and safe from bank failure). My understanding is that there are BitCoin "banks" but there is nothing guaranteeing these deposits. There are also established systems in place to help prevent theft. Police departments, close physical proximity to others (neighbors being able to see odd activities), etc. to prevent thefts.
It actually would not necessarily be difficult to trace the thief of your bitcoins. All btc transactions are logged publicly; a victim can watch the blockchain and record every address that receives his stolen coins, and this may produce good leads as to the thief's identity.
Paypal regularly "freezes" peoples funds, and there is little legal recourse in those cases since Paypal cleverly has avoided making itself legally a bank in the US (even though it clearly preforms functions people usually receive from banks).
The technology is still in its beta period basically. Really, all this should've been expected, especially since we're talking about a currency and money. It was an early adopter risk, and I think most decided the risk was ok, because they could earn 10x,100x or even 1000x more money than they put in.
The only mistake was to believe Bitcoin was 100% safe. The technology will mature.
Bitcoin would function as a backend and the payment would be done through processors like banks and credit card companies. What's the difference between bitcoin and dollars in that respect. The average person still has the ability to move coins trough the system but I'm sure processors will be regulated.
Ah, Bitcoin: the new incentive to breach computer security. Why risk stealing credit card or bank information when you can steal Bitcoins safely and anonymously?
Why give them the choice? You could automatically download and apply the updates in the background, given a sufficiently sophisticated updater. That's basically Google's plan with ChromeOS.
Don't worry, we've identified the thief! Put out an arrest warrant for: f7c956f566b11751c4d3f5ca077c0406
More seriously, it's interesting that the people who have been robbed from could observe in detail exactly where their stolen money is flowing to. So close, yet so far away.
Works until the malware scans the disk for keydata remnants from 'deleted' files (or even old swap pages).
And this guy was trying to implement this 'offline savings' strategy, but didn't completely understand the privacy lifecycle and transaction details — and thus last the keys to a $180K balance:
Even 'srm' and similar tools might not work as expected on a solid-state drive with its own firmware and wear-leveling.
It's possible to protect your bitcoin keys from an arbitrarily-later malware incursion... but very hard, in ways even most power-users don't consider.
I like bitcoin. The current sharp edges and tragic mishaps are useful, for now, for learning about a new medium of exchange, which operates on a logic different from almost anything that we could easily analogize to.
If bitcoin or a successor takes off, I suspect carrying large balances will require specially hardened devices – secure VMs inside handhelds, perhaps?
And, a general desire for some recourse against instant irreversible fraudulent transfers might make the 'finalization' of certain transactions dependent on a remote secondary key approving (or failing to cancel) a payment, within a timeframe sufficient to deliver second-channel notification/confirmation.
Stealing your wallet.dat is easier. With a copy of your private keys they can spend your coins from anywhere, without having to get remote access to your PC and send them locally.
Sending bitcoins is a more involved process than simply copying the wallet.dat file, though. If the author is smart, the email cannot be tied to him anyways.
I have an idea that may fix this broken model of Bitcoin. Make sure each penny has a "history" on it on a public server. You can't spend the money unless it is posted for everyone to see. Each transfer of money is documented, and the reason for the transfer and other data. And in order to spend it, you have to validate and review each transfer of money before it. If there is anyone stealing money, it is just a matter of looking at the history of each penny and then tracking down the unique id to the offender who spent the money they didn't earn.
A safe online currency can be done, but if you champion this, the United States government are going to find you, and squish you like the insignificant bug you are. You would be circumventing the primary income stream of the united states with a global standardized currency.
Every bitcoin in existence has its history tracked back to it's origin on every single bitcoin node.
There is an optimization for some clients to to pare down that history, but, in general, when you start up a bitcoin node, you have the history of every bitcoin ever created and all of it's transactions that occurred after it.
This history, in fact, is how you can be confident that the bitcoin is authentic - unless you have greater than 50% of the computing power of the network, you can't substitute an alternative history which would result in the coin landing in your hands.
Knowing how little "regular" people protect their devices, this scares me.