If you’ve lost bitcoins or if you’ve just got yourself into the world of Bitcoins, then this is a must read. Bitcoin is one of the incredible inventions of the internet era. It is a decentralized currency system, which is the freest of all currency and trade systems conceived to date. With Bitcoin, you can send and receive money immediately without subscribing to anyone.
But there’s a problem: your money can be easily stolen.
BitCoin stores your BitData in a file called wallet.dat locally on your computer. This file is unencrypted and can be stolen (just like you wallet, with all the money in)
And so comes the classic dichotomy between security and usability. If you’re savvy enough to be using BitCoin, then you don’t need to be told that ease of use and security are at odds with one another. Further, you also know that the more valuable something is, the more it needs to be protected because it becomes a larger target for the “bad guys”.
BitCoin is no exception. Imagine the hundreds of thousands of computers on the internet who are actively running a BitCoin application. Now imagine that you have written a virus, which you cleverly distribute as “update” software or via email. Once run, the virus exploits the system with one goal: find your wallet.dat file, and send it back home to the mothership.
Now, imagine that you were only successful 1% of the time. As of this writing, there are approximately 6,809,350 BitCoins (BTC) valued at $14USD each. That’s $95M USD. If you were to scam just 1% you would have yourself your first million dollars.
Now comes the ultimate question: am I the first one to think of this? Of course not. It has already been done. On June 14th, a member of the BitCoin user forum reported being hacked and losing 25,000 BTC ($350,000 USD) in a single evening.
It has already happened. It WILL happen to you if you do not take immediate action to protect yourself.
Five Steps to Protecting your BitCoins
1. Use Two Wallets
Because you need to be able to accept BitCoins at any given time, you must have the BitCoin program running at all times. Moreover, the system itself needs the processing and computing power. But, in order to receive BitCoins, you must have an active, unencrypted, and usable wallet.dat file. Thus, as a best practice, use a bank wallet and an operating wallet. The concept is easy and simple: use your operating wallet to receive money, and use your bank wallet to store it. Keep a minimum amount of BitCoin in your operating wallet, and keep your “bank roll” in your bank wallet.
2. Rename Your Wallet
Viruses, hackers, and thieves are going to be on the lookout for a file called “wallet.dat”. They will know where it is normally located, and they will search for it. Rename your wallet.dat file to something like bank.dat, and move it from the default directory. Making it harder to find is the first step in protecting your BitCoins.
3. Encrypt Your Bank Wallet
Your bank wallet should be encrypted. Many recommend having it on an encrypted drive, and while this may be a good idea in theory, it is not the best and most ideal case because an encrypted drive may stay mounted on your operating system for days or weeks at a time. You may inadvertently (or stupidly) set it to automatically mount under some condition (such as a reboot), which will leave the wallet available. The preferred methodology is to use GPG encryption. The technology relies on a public / private key system, and can be used to encrypt files on a file-by-file basis. By Encrypting the bank.dat file, you are ensuring that even if it is stolen, it will be completely unusable. (Of course, this brings up another topic: keep your secret key private. See the notes at the end of this chapter for a best practice on that).
4. Backup Your Bank Wallet
Now that you have successfully moved the vast majority of your BitCoins to a secondary, “bank” wallet, you need to back it up. You need multiple copies of that wallet in secure locations. Because the wallet is encrypted using your GPG (or PGP) keys, you can safely use whatever off-site backup method you find the most convenient. You can use Mozy Online Backup for Free, or any other remote backup system that encrypts your data as well as provides automatic backup against fire, flood, and other disasters. (Dropbox is frequently used, but does not provide automatic backups unless you are actually storing your encrypted wallet in DropBox).
5. Don’t Trust the Backup
We are talking about money here. You don’t trust any one source with your backups. Keep a current copy of your Bank Wallet on an encrypted thumb drive, and keep that thumb drive under lock and key. Believe in yourself above all other people. That includes banks and corporations. You are the only person who truly cares whether or not your investments pan out. No one puts your financial safety as high of a priority as you do. So, don’t count on your backup to work. Don’t count on your DSL to stay online to backup your files after you just received a big transfer. Keep copies yourself!
The Nitty Gritty: Finding your files
Finding your files on different operating systems may be daunting if you don’t know where to look. So, I’ve made it convenient for you:
C:\Documents and Settings\USERNAME\Application Data\Bitcoin\wallet.dat
Windows Vista & 7:
Mac OSX: /Users/user/Library/Application Support/Bitcoin/wallet.dat*
*The Mac OSX location has not been verified. If you can verify this, please do so by leaving a comment below.
If your system has been compromised
If your computer is infected with a virus or is otherwise compromised, take the following action immediately:
1. On a separate, secure computer, create a new BitCoin wallet
2. Transfer your BitCoins from your compromised wallet to the new wallet (Do not delete the compromised wallet!)
3. Change your passwords (especially those for your encrypted drives, password managers such as Keepass, and your backup service).
4. Ensure the security of the Bank Wallet.
5. Restore order to the system.
Your security is first and foremost your own responsibility. By treating your BitCoin data files with the same reverence and protective instincts you would cash or gold, you can easily and significantly limit your exposure. The beauty of a P2P virtual currency like BitCoin is the freedom it bestows upon us. But, like all freedom, it is a double edge sword: it comes with responsibility.
Recommended Programs and Services
Mozy Online Backup (Free up to 2GB) (Recommended because it is automatic).
Dropbox (Free up to 2GB)
Cryptophane – Windows GUI for GnuPG Encryption (Recommended to encrypt your Bank Wallet)
TrueCrypt – Encrypt Your USB Drive (Recommended for the on-site, do-it-yourself backup of your Bank Wallet)
BitCoin.org – Download Your BitCoin Client
Keepass Password Safe – Use this to generate random, strong passwords for your account and to keep a copy of your private GPG / PGP keys stored securely in the notes field in Keepass database. Be sure to back this up too!