Lessons Not Learned From The First Ever Bitcoin Hack
June 13th, 2011:
Bitcoin's first cyber theft was worth 500,000 USD at that time.
The whole story can be read in the bitcointalk.org forum.
Also, 'The Bitcoin Historian' has created a very informative tweet about what happened.
For busy people, the short story is:
On June 13th, 2011, the Bitcoin whale 'allinvain,' who owned over 25,000 BTC, got most of his Bitcoin portfolio stolen overnight.
His computer was infected with a virus or trojan, and his unencrypted Bitocin private keys were 'stolen.'*
*The term 'stolen' is loosely used.
More correctly, it should be mentioned that the hacker copied the private keys, effectively allowing the hacker to transfer the Bitcoins from Allinvain's public address (to which both Allinvain and the hacker had access through the 'shared' private keys) to a public address for which only the hacker had the private keys. So effectively making the hacker the owner of those Bitcoins.
If you are unfamiliar with how a private key looks, this is a Bitcoin paper wallet displaying the public and private keys.
Now that you have access to the private key, you can restore this wallet (with ZERO Bitocin in it) to any of these wallets:
- Electrum: A lightweight Bitcoin wallet that allows you to import private keys directly.
- Bitcoin Core: The official Bitcoin client that supports private key import.
- Mycelium: A mobile wallet with an option to import private keys.
- Blockchain.com Wallet: Offers import functionality for private keys.
- Exodus: A user-friendly wallet that supports private key imports.
Lessons Not Learned
Much has changed in cryptocurrency technology since 2011, but nowadays, people frequently lose ownership over their crypto assets to 'stolen' private keys or seed words.
Stories like the following one happen every single day:
-A crypto user (the victim) is contacted by someone (the scammer) who offers the victim an admin position for a Web3 game. The victim downloads the game, which turns out to be malware. Crypto assets are transferred from the victim's wallet to the scammer's.
-Influencer 'lost' coins worth 27,000 USD after installing Google ads malware.
Crypto users (the victim) allow a supposed tech support engineer (the scammer) to remotely connect to the computer to solve a 'stuck' crypto wallet transaction. The scammer gets access to the wallet's seed words, and within a minute, all the crypto assets are transferred from the victim's wallet to the scammer's wallet.
-A father and son lost a fortune in crypto after their computer was hacked, their KeyPass vault was breached due to a weak password, and their Bitcoin private keys were stolen.
(Whopping 25 Bitcoin (BTC) Stolen After 10 Years Of HODLing)
-...
Preventing hacks and scams is possible, but even for the most digital security-conscious people, the probability of falling for a hack or scam is small but never zero.
After all, everybody can make a mistake while tired, distracted, or preoccupied with the thousand challenges of everyday life.
However, we all can take steps to prevent a single failure from presenting a major setback.
In your opinion, what was Allinvain's downfall?
- The computer hack?
- Or storing most of his Bitcoins on a single device, which was online most of the time and had installed plenty of third-party software?
A Single Downfall Should Not Deplete Your Crypto Portfolio
Will a single downfall deplete your portfolio?
- If your laptop fails tomorrow and recovery is impossible, how much of your portfolio will 'disappear'? Do you have a recovery plan or recovery method for your crypto wallets?
- If you are at a pub in Dublin or a bar in Madrid next week, what would happen if someone oversaw you entering the pin on your mobile and steals it? That mobile phone where you have installed all those crypto wallets for quick and convenient access. How much of your portfolio will be stolen before you can get to your hotel, power up your laptop, and transfer your crypto assets to a safe wallet?
- If your residency gets on fire next month, how much of your net worth will disappear overnight because your hardware wallet and the seed phrase were both in the residency that caught on fire and now are dust?
- If you install a browser extension that you thought was legitimate but is a key logger instead. How much in trouble are your digital and crypto assets in? Are your accounts protected by hardware keys or any other safe 2FA system, or just a password? Is your crypto safe in offline wallets or accessible through web wallets?
I am not trying to scare anyone, but we all must know that many users have lost large quantities of crypto wealth to a single downfall, such as a hack or accident.
And this is something we don't want to go through.
Please give it a thought:
What would be the consequence if your crypto wallet A, B, or C is breached by a hack or scam? Or if you permanently lose access to the wallet and the recovery phrase?
Here are some past '5-minute crypto and digital safety power-ups' articles to learn how to better protect your crypto assets from hacks, scams, or accidental losses:
How To Crack The Encryption And Recover 7,002 Bitcoins
How To Protect Your Seed Phrase From Fire Damage
Wallet Address Poisoning - How to Secure Your Transactions From Hackers
How To Recognize Ledger Scams - Three Phishing Attempts Explored
How To Identify Phishing Websites - 3 Free Tools
Be Careful! A Surprisingly Simple Way To Bypass 2FA
Our thanks to 'all in vain' and to all those who share their stories so we can all learn from them. If we are willing to.