<

Go Premium for a chance to win a PS4. Enter to Win

x

5 Steps to Protecting Your BitCoins from Internet Thieves and Wallet Stealing Viruses

Published on
21,353 Points
10,853 Views
10 Endorsements
Last Modified:
Awarded
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet.

BitCoin is an incredible invention. It is a decentralized currency system, which is the freest of all currency and trade systems conceived to date. Send and receive money with anyone in the world right from your computer without the need of any special subscription service or bank account.

But there's a problem: your money can be easily stolen.

The BitCoin application stores your BitCoins in a file called wallet.dat. The file, under normal circumstances and when it is in use, is unencrypted and vulnerable to theft.

And so comes the classic dichotomy between security and usability. If you're savvy enough to be using BitCoin, then you don't need to be told that ease of use and security are at odds with one another. Further, you also know that the more valuable something is, the more it needs to be protected because it becomes a larger target for the "bad guys".

BitCoin is no exception. Imagine the hundreds of thousands of computers on the internet who are actively running a BitCoin application. Now imagine that you have written a virus, which you cleverly distribute as "update" software or via email. Once run, the virus exploits the system with one goal: find your wallet.dat file, and send it back home to the mothership.

Now, imagine that you were only successful 1% of the time. As of this writing, there are approximately 6,809,350 BitCoins (BTC) valued at $14USD each. That's $95M USD. If you were to scam just 1% you would have yourself your first million dollars.

Now comes the ultimate question: am I the first one to think of this? Of course not. It has already been done. On June 14th, a member of the BitCoin user forum reported being hacked and losing 25,000 BTC ($350,000 USD) in a single evening.

It has already happened. It WILL happen to you if you do not take immediate action to protect yourself.

Five Steps to Protecting your BitCoins


1. Use Two Wallets


Because you need to be able to accept BitCoins at any given time, you must have the BitCoin program running at all times. Moreover, the system itself needs the processing and computing power. But, in order to receive BitCoins, you must have an active, unencrypted, and usable wallet.dat file. Thus, as a best practice, use a bank wallet and an operating wallet. The concept is easy and simple: use your operating wallet to receive money, and use your bank wallet to store it. Keep a minimum amount of BitCoin in your operating wallet, and keep your "bank roll" in your bank wallet.

2. Rename Your Wallet

Viruses, hackers, and thieves are going to be on the lookout for a file called "wallet.dat". They will know where it is normally located, and they will search for it. Rename your wallet.dat file to something like bank.dat, and move it from the default directory. Making it harder to find is the first step in protecting your BitCoins.

3. Encrypt Your Bank Wallet


Your bank wallet should be encrypted. Many recommend having it on an encrypted drive, and while this may be a good idea in theory, it is not the best and most ideal case because an encrypted drive may stay mounted on your operating system for days or weeks at a time. You may inadvertently (or stupidly) set it to automatically mount under some condition (such as a reboot), which will leave the wallet available. The preferred methodology is to use GPG encryption. The technology relies on a public / private key system, and can be used to encrypt files on a file-by-file basis. By Encrypting the bank.dat file, you are ensuring that even if it is stolen, it will be completely unusable. (Of course, this brings up another topic: keep your secret key private. See the notes at the end of this chapter for a best practice on that).

4. Backup Your Bank Wallet


Now that you have successfully moved the vast majority of your BitCoins to a secondary, "bank" wallet, you need to back it up. You need multiple copies of that wallet in secure locations. Because the wallet is encrypted using your GPG (or PGP) keys, you can safely use whatever off-site backup method you find the most convenient. You can use Mozy Online Backup for Free, or any other remote backup system that encrypts your data as well as provides automatic backup against fire, flood, and other disasters. (Dropbox is frequently used, but does not provide automatic backups unless you are actually storing your encrypted wallet in DropBox).

5. Don't Trust the Backup


We are talking about money here. You don't trust any one source with your backups. Keep a current copy of your Bank Wallet on an encrypted thumb drive, and keep that thumb drive under lock and key. Believe in yourself above all other people. That includes banks and corporations. You are the only person who truly cares whether or not your investments pan out. No one puts your financial safety as high of a priority as you do. So, don't count on your backup to work. Don't count on your DSL to stay online to backup your files after you just received a big transfer. Keep copies yourself!

The Nitty Gritty: Finding your files


Finding your files on different operating systems may be daunting if you don't know where to look. So, I've made it convenient for you:

Windows XP:
C:\Documents and Settings\USERNAME\Application Data\Bitcoin\wallet.dat

Windows Vista & 7:
C:\Users\USERNAME\AppData\Roaming\Bitcoin\wallet.dat

Ubuntu/Linux:
/home/user/.bitcoin/wallet.dat

Mac OSX:
/Users/user/Library/Application Support/Bitcoin/wallet.dat*

*The Mac OSX location has not been verified. If you can verify this, please do so by leaving a comment below.

If your system has been compromised


If your computer is infected with a virus or is otherwise compromised, take the following action immediately:

1. On a separate, secure computer, create a new BitCoin wallet
2. Transfer your BitCoins from your compromised wallet to the new wallet (Do not delete the compromised wallet!)
3. Change your passwords (especially those for your encrypted drives, password managers such as Keepass, and your backup service).
4. Ensure the security of the Bank Wallet.
5. Restore order to the system.

Conclusion


Your security is first and foremost your own responsibility. By treating your BitCoin data files with the same reverence and protective instincts you would cash or gold, you can easily and significantly limit your exposure. The beauty of a P2P virtual currency like BitCoin is the freedom it bestows upon us. But, like all freedom, it is a double edge sword: it comes with responsibility.

Recommended Programs and Services

Mozy Online Backup (Free up to 2GB) (Recommended because it is automatic).
Dropbox (Free up to 2GB)
Cryptophane - Windows GUI for GnuPG Encryption (Recommended to encrypt your Bank Wallet)
TrueCrypt - Encrypt Your USB Drive (Recommended for the on-site, do-it-yourself backup of your Bank Wallet)
BitCoin.org - Download Your BitCoin Client
Keepass Password Safe - Use this to generate random, strong passwords for your account and to keep a copy of your private GPG / PGP keys stored securely in the notes field in Keepass database. Be sure to back this up too!

Pariticpate!

Want to know more about BitCoin? Like the Facebook Fan Page for news, updates, and how-to's!
Get to know the Author on Facebook!
10
Comment
Author:DrDamnit
7 Comments
 
LVL 18

Expert Comment

by:WaterStreet
Voted Yes at the top of the article.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
Nice.  +1
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
Hypothetical situation: let's say you didn't encrypt your wallet, but you did make backups. I am confused as to how having a backup of your wallet protects you if a person or virus steals your wallet. Wouldn't spending the captured BitCoins be the first thing done after acquiring them? How would having a backup file negate this?
0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 60

Expert Comment

by:Kevin Cross
Michael,

Thank you for writing this. As usual, a very interesting read; you definitely have my Yes vote above. Your five tips in conjunction with TerryAtOpus's "Risks of Bitcoins - Don't Get Virtually Mugged" Article will hopefully allow me to hold on to the tiny bits of coin I do have. *smile*

Best regards,
Kevin
0
 
LVL 35

Expert Comment

by:Terry Woods
I only just discovered this article, after I wrote my 2nd one relating to Bitcoins - fortunately we haven't overlapped much! I will have to investigate how to set up alerts for new articles.

Your comment "Because you need to be able to accept BitCoins at any given time, you must have the BitCoin program running at all times" doesn't entirely make sense - you can receive Bitcoins at any time to a wallet address that isn't currently being accessed by any Bitcoin client (ie to your banking wallet addresses). It doesn't matter if the only wallet file containing the data for the address is in your encrypted backup file (hopefully, with multiple copies stored in multiple physical locations). You can find the balance against each receiving address using http://blockexplorer.com so you don't even need to open the wallet in a Bitcoin client to determine your balance. There would be no harm in storing an online list of your wallet's receiving addresses with an untrusted 3rd party so that you can easily get a total balance whenever you like.

The technique you describe is definitely still useful for when you want to spend a small number of Bitcoins without going through the hassle of booting a Live CD with your secure wallet (or whatever technique you use). A nice analogy might be how businesses have a petty cash box for convenience, but everyone knows it's vulnerable to theft and it never holds an amount that will bankrupt the business.

Voted helpful!

Cheers,
Terry
0
 
LVL 8

Expert Comment

by:coolfiger
there is allready a bitcoin minig botnet . Security sites are reporting a large botnet seeking to rip off bitcoin users

btw nice article
0
 

Expert Comment

by:Kaley Scott
This is a great post, I should say! I have recently read a review of the most popular bitcoin wallets and have chosen one for myself. It is supposed to be secure, and I hope my cryptocurrency will be kept in safe. But I think it won't hurt to take the additional precautions. So, thanks for the useful tips!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month