Thursday, June 16, 2011

Report: $500,000 Bitcoin Robbery

Online theft is a fact of life nowadays, but yesterday a BitCoin user woke to find his haul of virtual currency had been plundered, reports PC World.

A user with the handle allinvain found 25,000 BitCoins had been stolen. If the thief were to cash-out he or she would net just about $500,000 at current BitCoin-US Dollar exchange rates.

PC World continues:
Although BitCoins are cryptographically protected and traded, the weak point is the user's computer where the wallet.dat file is stored. This stores the cryptographic keys that unlocks the entire BitCoin account and provides the ability to transfer funds. It's up to the user to protect this file and it appears somebody hacked into allinvain's home PC to access the unencrypted file.

Frustratingly, the nature of the BitCoin network means allinvain knows the thief's BitCoin ID, and is able to track him or her as they launder the money through various other accounts. However, the decentralized nature of the BitCoin network is designed to make tracing individuals in the real world impossible. Allinvain can do nothing more than hope somebody recognizes the thief's BitCoin ID, or spots that they're receiving some of allinvain's stolen BitCoins
Some may argue that an online bank account could be hacked by acquiring a person's password, but the point is you can have dollars without an online bank account or any account at all.

That some kind of broad based money develops is possible, but it will be many years away. The pioneers will be tested in many different ways.



  1. If holding your own wallet.dat is a risk, there could be a market for a 3rd party bitcoin wallet operator - the equivalent of putting your valuables in a safety deposit box. They could implement a more secure method for releasing bitcoins for transactions, for example using an RSA hardware-based solution at the time of transaction, phone verification for suspicious-looking activity, etc. They would bear the cost of creating a secure environment for storage of wallets that would probably not be terribly different than what banks have today.

    There are definitely problems to overcome, though I think they will end up being more on the government regulation side than the technical side

  2. Shoot, Bob. I am surprised that the BTC posse hasn't put a number on your head or hit your site with DDoS attack just for merely talking bad about the almighty bitcoin. As an Austro-Libertarian, I find it quite strange that the supporters of a supposed alternative currency would support offensive attacks, but they do.

  3. I was going to forward this to you. There seems to be a lot of suspicion on /. that the whole thing is a hoax.

  4. First, I have my doubts about this story.

    Second, even if the story is true, if he had encrypted his wallet.dat or, even better, kept it on a thumb drive in his pocket instead of on an unsecure computer connected to a network (the equivalent of leaving $500K cash on your kitchen table and the door to your house wide open), he'd still have his money.

    I may be misunderstanding you but you don't need an online account to use bitcoin. The guy that claims they were stolen was using an online account for trading bitcoin.

  5. I was going to comment similarly to Anon 1:26. It would be easy to have thumb drives and backups in a safe (or even an off-site safe).

    It seems to me, if this story is even true, that it's more an issue with anonymity than with digital money. Any form of exchange that carries complete anonymity will have increased risk in the case of theft. If you lose a stash of cash, there's not much that can be done -- the same with anonymous digital cash.