This shows a fundamental misunderstanding of how cryptocurrency works. Bitcoins aren't stored anywhere. You don't need to get hacked; to have your bitcoins stolen.
I think this is really the sticking point that makes consumer Bitcoin adoption pretty much impossible, as the level of computer security required to keep Bitcoin safe and easy to use at the same time is just not something available to your average joe.
If your private key is compromised, the thief takes your entire balance, and there's nothing you can do about it. So you really want to keep it safe.
Lose your private key, lose everything it was protecting. So keeping the key in only one place, and one place where only you can access, is a big problem. There is nobody out there to give access to your money if you pass away. A hardware failure can be catastrophic.
The problem is that everything that makes the private key survive accidents makes it easier to hack. The way we treat something like this in a corporation is with things like shared secrets: Need 3 out of 5 people to use their issued keys so that the real private key protecting everything is revealed. And even with that level of effort, getting the key is still possible with enough effort.
> You can store your bitcoins online (in multiple places for redundancy) in encrypted file you never decrypt.
> Then you don't have to worry about burglars, fires or hackers. You just need to worry about remembering your password. And about the portion of bitcoins you keep elsewhere to pay for things or trade.
This accounts for confidentiality but does not preserve the integrity or availability of the wallet and for those reasons is far less secure than you believe.
Reminds me of attacks people were running on 'brainwallets' a while back - i.e. wallets whose initial key material was just a passphrase you'd remember. The idea was that you could keep the passphrase stored nowhere and not have to worry about it being stolen by... well, any of the 10,000 things out there looking for cryptocurrency keys. Of course, there is no way in hell you can actually make the human brain store enough entropy perfectly, and once people realized that these wallets were crackable, they all got drained pretty quick.
Owning Bitcoin is like paying into an involuntary bug bounty program. Every time someone finds a bug, your life savings get wiped out.
If Bitcoin truly becomes this disruptive all anyone needs to do is go into your home and rob you of your private key. Are you investing in weapons? How is this safer? It actually seems like it would be easier to take someone’s private key than other pieces of property.
When things like this happen, I try to explain to the skeptics why I will always have faith in Bitcoin.
Suppose you make a Bitcoin service where they print your keys onto pieces of paper and store them in a big vault. When people want to withdraw coins, they must visit the vault location and take money out, where the transaction is verified by a physically present person. The owner of the vault could also release an API to allow trusted third parties to conduct transactions on behalf of the people who deposited Bitcoins in the vault.
We wouldn't need to worry about hackers, and if the vault is strong enough we wouldn't need to worry about thieves.
But we would have to worry about the banker. The owner of the vault can devise ways to increase the apparent value of his vault, through financial mechanisms like derivatives and credit default swaps. To prevent this from happening, we could get a big organization with lots of guns and power to regulate the actions of the banker.
But then again, the banker controls all your Bitcoins, so he can just use your money to pay off the people with all the guns and power. Nowadays, everything is for sale, everything can be stolen, and nothing is what it seems.
That's why I have a lot of faith in Bitcoin. Even though we haven't figured out how to make a good vault, there's no real place for crooked bankers and powerful organizations.
In an authority-less and irreversible transaction currency it still surprises me when I hear about someone losing money to a service such as this - without an authority the burden of security truly is on the user themselves and they are at the mercy of the (supposed) security of whatever exchange or service they are attempting to use. In this case, having someone manage your wallet for you.
I personally keep my bitcoin wallet encrypted with GPG, I manually (like a safe) decrypt it when I want to make a bitcoin transaction and encrypt it when I'm done.
Some guy lost 4 Bitcoins that were encrypted with a line from some obscure afrikaans poem, because someone was crazy enough to brute-force all possible private keys that you can come up with using basically any phrase you can find on the internet [0]. So as someone else already said - if it's online, it's not safe.
But you can't spend any Bitcoin unless you possess some wallet's secret key. Explain to me how that poses a comparable risk to the egg baskets that are today's financial institutions. If your secret key isn't compromised, there's just no way your coins can be transferred. Furthermore, in the event that any kind of mass fraud takes place which exploits some flaw in the protocol itself (contrasted with a flaw in an exchange platform or something similar), the ledger could be hard-forked. It was done after Ethereum's DAO debacle with /relatively/ little consequence.
I'm surprised that people with large amounts of bitcoin don't have better security measures. For that amount of money, I'd consider securing the private key in a safety deposit box. Probably several safety deposit boxes, actually.
>That's a partial answer to only one question which, if a quick google search is correct, ignores all but the easiest problem: BIP38 appears to offer a way to backup a primary key using a printout and a memorized passphrase. That doesn't answer what happens if they lose one of those two things, much less what happens if someone malicious gets either the primary or the backup.
Bitcoin's slogan is 'be your own bank' which means you're ultimately responsible for your own security. If you're hacked, you're hacked. This is no different from modern day identity theft.
>Remember that I didn't say your favorite toy sucks, only that not everyone else has your level of appreciation for it. Most people aren't going to put serious amounts of money into something which they don't trust and the status quo works fairly well for the average person: increasingly few people carry significant amounts of cash, most people use bank accounts and credit cards, etc. which means that the maximum cost is usually either capped or otherwise (e.g. you lose your ATM card but the recovery cost is only the time it takes to go to the bank with photo ID).
Bitcoin isn't ready for the average user, much like computers in the 80s weren't ready for the average user. That isn't stopping developers who can see the writing on the wall.
I think there is a very good argument to be made that traditional currencies are not as safe as they once were as the federal reserve continues it's historically unprecedented experiments.
On a related note, I wonder how much value is orphaned due to lost keys. If people forget their passwords, they can forget their keys/passphrases. Myself, I just had a hard drive failure. Of course, I have backups, but how many non tech savvy people are diligent about backups?
Considering the total amount of bitcoins is limited by design, this will eventually be a problem. I really dont think bitcoin is a viable currency for mainstream use.
I'm surprised no one mentioned bitcoin. For a couple of years (2018-2020) I had the private keys to 11 BTC sitting in an unencrypted text file on my desktop. During that time I was pretty sure my system wasn't compromised.
If Bitcoin is ever going to get used by the masses, it needs to be easier to secure your coins. My dad can barely check his email without clicking on an obvious phishing scam.
Bitcoin reality: “Buy me because number go up; make the rich richer. Also, use a bank.”
Ledger Hack - What Happened with Pascal Gauthier:
«Peter McCormack: Yeah. Well, the point is, would you keep $20,000, $30,000, $50,000, $100,000 in your house? No, that would be crazy; you'd keep it in the bank. And, you have to consider your security is your own personal bank. I mean, I recommend, ever since I've been with Casa, I would recommend everybody who has a serious amount of Bitcoin to consider setting themselves up with that, because it does protect you in so many ways.
Pascal Gauthier: Just on this, you're right, because you asked me the question offline, but multisig is definitely -- this is why I'm saying today, like in the present.» —https://www.whatbitcoindid.com/wbd290-pascal-gauthier
He then proceeds to say that he backed up his unencrypted wallet to "dropbox, wuala, and spideroak", which doesn't strike me as extremely clever when you're talking about something in the half a million price range.
On the other end it's a good cautionary tale. I'm quite curious about this bitcoin thing, but this reminds me I definitely don't want to secure all my money myself without any insurance or guarantees. A stupid mistake and shazam you lost all your money.
Regarding the issue of whether the application should encrypt the wallet by default, it'd probably be a good thing to have but I'm not sure it would have helped in this case. The wallet would have to be decrypted in order to mine or execute any transaction and the attacker was obviously targeting the bitcoin wallet specifically, so it could just have installed a keylogger or whatever to catch the passphrase, like they do with banking sites (or wait until the walled is decrypted and dump it then, or install a backdoored version of the bitcoin client...).
I can't believe someone would even allow a system with that balance to even connect to the internet. It's like filling a car with gold bars, driving it around town, and hoping nothing bad happens. He could have created another wallet, preferably a multisig, created the transaction with the software wallet offline, copied the signed transaction off and broadcast it from another system.
What he did was reckless. Some people are going cry that Bitcoin is unsafe because of this. It's not. You must handle large amounts of cash or gold or other valuables with care.
I feel like some of these comments are autogenerated from some GPT3 running in the cloud.
Cryptography ensures that transaction amounts, sender, receiver are encrypted. There is no way to decrypt the data. You can verify the encrypted data without decrypting it. Everything works similar to Bitcoin but now you and others have no way of figuring out anything valuable by looking at the blockchain, because everything on the blockchain is just encrypted bytes.
Even the node that is the first one to receive all bytes has no idea who is sending, receiving and the amount. Everything is always encrypted.
When I create a transaction that includes my wallet address and the address that receiver gave me, once the transaction is made, the receiver cannot see the original address of my wallet, the 3rd party cannot see the amounts or addresses in the transaction and the receiver can move the money to a different address and I would have no way of figuring out that happened. Similarly, receiver can send me back the amount and I would have no idea from which wallet address it came.
That's the absurd confirmation bias going on in this thread.
Cryptos piffy catchphrase is be your own bank. you can own security far beyond a bank vault for like £40 if you get a ledger nano...
reply