Nullary Sources

I’m just going to go ahead and quote the OP in its entirety:

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:

1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)

I feel like killing myself now. This get me so f’ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!

Over the course of the thread it emerges that the victim was, allegedly, storing an unencrypted Bitcoin wallet¹ on a Windows PC that had a bunch of malware on it, while idling on IRC in Bitcoin related channels. So not only is Bitcoin a tremendously bad idea, it appears that the implementation of it is uh… somewhat irresponsible in its approach to security.

Why would I say something like that? Doesn’t this seem to be his fault? And would an encrypted wallet file — not something supported by the Bitcoin client as far as I can tell — really have helped him? For example, there are a lot of people in the above thread saying that “oh it doesn’t matter if he had it encrypted or not, they could have just gotten his password with a keylogger”.

This all-or-nothing approach to security is an extremely dangerous game to play. When talking about systems security (rather than cryptography or something more abstract), it is an acknowledged fact that there are no perfectly secure systems. Every single computer system ever built has been hacked and exploited. This greatly informs the approach one should take when designing a system with security in mind. Once we discard the idea of security as a binary state, we must instead think of security as a continuum: thus, designing a secure system is a matter of getting to that “secure enough” for for whatever we’re doing with that system. Since Bitcoin is storing what amounts to literal money, that bar is should be pretty high.

With that in mind, let’s examine this situation again:

• From the thread, it seems likely that the wallet was hacked via either malware running on his PC or via an exploit in the victim’s IRC client.
• Since the wallet was unencrypted, all the attacker had to was copy the wallet to their machine and the execute the transaction.

It’s unclear exactly how the attacker gained access to the machine as of this writing (just after noon on Tuesday) so we don’t have a much more information than that. If the wallet file itself had been encrypted:

• The attacker would have tried to copy the wallet and found that it was encrypted.
• The attacker would then need to key log or screen scrape which may (I’m not a Windows security expert by any means) require more privilege than simply exploiting an IRC client would provide.
• Furthermore, even if the attacker did, technically, have the privilege to perform key logging or screen scraping to obtain the victim’s password, they may not have had the expertise or time or even motivation to do.

I think it should be clear now that it’s a significant bump up in security just to have the Bitcoin wallet secured with a password. Even better would be to have the secured Bitcoin wallet itself stored somewhere the attacker could not easily access it, like on an encrypted volume. Or storing your Bitcoin wallet on a completely separate machine that has very little connection to the outside internet. There are a whole host of other things this guy could have done differently, but even the simplest steps can make a big, big difference — a $500,000 difference.²