

Close to $500k stolen in first major Bitcoin theft - profitbaron
http://thenextweb.com/industry/2011/06/15/close-to-us500k-stolen-in-first-major-bitcoin-theft

======
Tuna-Fish
He stored 500,000$ worth of value on a desktop windows box connected to the
internet? Once he found out he had been hacked, his immediate reaction was not
to evacuate the coins to a secure wallet, but to start running antimalware
programs?

...

I'm just completely speechless.

------
noonespecial
All of the coins have unique identities. It would be possible for merchants
and exchanges to blacklist those coins would it not? (simply refuse to supply
cash or goods in exchange for them)?

The community is still small and there are few ways in or out of it via
product or cash. A cooperative effort could still deaden some of the impact of
this kind of theft.

~~~
Saavedro
Well, coins all live at a specific "address". We can see where these 25000 BTC
have gone, but it is trivial to create new addresses and move BTC to them.
This is also, of course, public. For any address we can see the chain of how
the BTC it possesses has gotten there though, and not accept BTC that have
passed through the address that these were sent to. But that is expensive to
do. Despite the network being public it's very difficult to prevent these BTC
from being "anonymized". Many bitcoin "mixing" services already exist to trade
BTC for random other BTC. You can already see these 25k BTC being distributed
across many bitcoin wallets:
[http://blockexplorer.com/tx/d878b5784c2c1f6642d83faeab86e97f...](http://blockexplorer.com/tx/d878b5784c2c1f6642d83faeab86e97faba758b2733a572d181ee823faf54278#i1156170)
(follow the "output" chains)

------
nodata
So people's computers are less secure than banks' computers.

~~~
wladimir
The average people's computer is probably less secure than the average's
bank's computer. But I wonder by how much:
<http://news.ycombinator.com/item?id=2656837>

~~~
nodata
Sorry I oversimplified. What I meant was that if you wanted to steal some
money, and you knew what you're doing, it would be way way way easier to
directly target an individual that a bank.

------
pbreit
Finally, an interesting Bitcoin thread. I hate to say it but it's pretty
difficult to feel sorry for the guy.

~~~
teyc
it is a new technology after all, people are just getting a feel of things.

I don't know anything about how Bitcoin Wallet works technically. Anyone care
to point to some references?

Incidentally, isn't the Zeus Trojan a keylogger? Would securing the private
key with One Time Passwords present another layer of protection?

~~~
wladimir
The wallet is a database file with all the private keys of the bitcoin
addresses (ECDSA keys) in it. These private keys are needed to spend the coins
in the addresses.

The private keys could be encrypted with a password, but I'm not sure how you
would use One Time Passwords here, as there is no client/server.

~~~
teyc
Neither do I. There is really no safe method if a piece of malware can read
your process memory, or read your temp files. Assuming your process memory is
safe and the seed value is safe, then we can require the user to enter another
password to unlock the wallet.

