As Bitcoin reached an all-time high of $327/BTC, news about yet another huge robbery hit the world of crypto-currencies. One of the relatively new “Bitcoin banking” services named inputs.io claimed it has been compromised by hackers. The attackers were able to penetrate the server on October 23 and 26 and transfer 4100 BTC (approximately US$1.2 million). According to “Tradefortress”, the service owner, the attackers used old email accounts together with a password reset technique: “They were able to bypass two-factor authorization due to a flaw on the server host side”.
Right now it is not possible to confirm that this was a real hack, and not merely a site owner scamming customers. But it is not the first time this has happened - there were a number of similar incidents in recent years on many different bitcoin storage and exchange services. Examples include, in May and July 2012, the Bitconica theft (approx. 58,000 bitcoins stolen), Linode hacks in March 2012 (approx. 46,000 bitcoins stolen) and Bitfloor Theft in September 2012 (approx. 24,000 bitcoins stolen).
All this accidents happened because of silly mistakes made by service operators. Bitfloor was robbed because its unencrypted wallet backup was mistakenly stored on some of the servers. The Bitconica theft occured when a top privileged email account was compromised giving the cybercriminals access to Bitconica’s rackspace server where the wallet was kept. There are hundreds of similar examples.
Bitcoin is a secure and viable currency, but its security ultimately depends on its users. If users are unable to establish the security of their own wallets they definitely will lose them.
The best strategy for storing and using Bitcoins securely is “Don’t keep all of your eggs in the same basket”. Use different approaches for short-term and long-term storage. The most flexible solutions are usually the least secure ones as well. You don’t want to keep all of your bitcoins on your mobile or Blockchain wallet for instance - but just enough for weekly use. At the end of the week, you can top-up your Bitcoins from your long-term storage, the one which is secured.
If you own a couple of Bitcoins, then the most important thing is how to keep them safe. Here’s a couple of tips from our side based on personal experience and watching cybercriminals at work.
First of all – the Bitcoins should not be kept in online stock exchange services or banks that are new and untrustworthy. Keep in mind that most of these services are anonymous; owners are only known by nicknames so most likely, you will not be able to get a refund of your money if something bad happens. Even if a service has a perfect reputation, it could also be compromised like any ordinary bank. To store your Bitcoins, you can use an open-source “offline” bitcoin client like Electrum or Armory. These encrypt your wallet with a strong password and protect it, ensuring that only you have access to your crypto-currency.
Passphrases for your bitcoin wallets and online storages should be complex as possible – use open source password generating software.
Once you have your bitcoins in an “offline” wallet, secured by a strong password, make sure your PC is protected with a good, solid antivirus and your PC has the latest software updates installed. If you have a huge amount of bitcoins - you should keep them in a wallet on a PC that is not connected to the Internet at all!
Some say Bitcoins will bring down governments or even the society as we know it; others advocate it as the solution to all our financial problems. To be honest, when it comes to Bitcoins, nobody knows what the future will bring. One thing is for sure, though - cybercriminals are highly interested into stealing your hard earned crypto-currencies, so we’re likely to see more attacks in the future.