24 comments

[ 5.9 ms ] story [ 99.5 ms ] thread
Note: This is only safe if your computer doesn't have bitcoin stealing malware. Before you use this, it's not a bad idea to throw $5 in a Bitcoin Vigil money pot, and get notified if your computer gets any bitcoin stealing malware.
hadn't heard of this, sounds like a _fucking_ good idea.
It's not really, a honeypot (ha, title relevant) like this only works if it is obscure, as soon as everybody is aware of them the game changes significantly. If being a persistent threat is more valuable than the honeypot to the attacker, they just won't touch the honeypot until they are found out or on their way out anyway.

At best it's confirmation that you have been compromised, not evidence that you have not.

Even if you're not using Bitcoin, having a Bitcoin honeypot on your machine may be a great way to early-detect intrusion. It's such a tempting target for viruses and blackhats these days, I'm happy to sacrifice a few dollars to know that I've been compromised.

I'm using https://www.bitcoinvigil.com/ which is very slick but I may build my own equivalent of this at some point and shove the wallet.dat on all of my machines.

It seems like Bitcoin Vigil can only protect non-Bitcoin users. If you have a "money pot" and real money stored on your computer the malware will just steal both.
Exactly, I don't see how this is useful for bitcoin users at all. They notify me after all my bitcoins have been stolen? Great.

I can see this being useful as a canary to let you know someone has acquired unfettered access to your device, but it doesn't seem very practical for high value targets (who cares about $5 of bitcoin if there's far more valuable info to steal), or if the attacker decides to steal the bitcoin wallet file and only transfer coins a few weeks later after he's already taken advantage of the other info he got off the target device (and by then you probably already know you've been compromised anyway).

unlock the $5 every login. it will be stolen much faster than the wallet that you load only a few times (not to buy drugs, just to count your bit coins, or maybe take a dive on all those bits in your huge storage fort)
Your real wallet has a password (encrypted) while the "money pot" is not. It will be stolen much faster (read: immediately) while the encrypted one relies on you entering a passphrase
true. if you want to try a wallet that offers multisig via 2fa, which should protects you more from the above risk, you may want to give https://greenaddress.it a go.
Seems like Bitcoin haters have reached HN too. All the comments being downvoted for no reason.
The app looks beautiful but I think the biggest thing your landing page fails to do is convince me why I need this AND Coinbase or why this is better than Coinbase.
well, coinbase and other exchanges have been known to stall your transfers due to issues with cold storage or, really, who knows what.

hive is an alternative to running something like bitcoin-qt, which uses a lot of bandwidth and compute to keep up with the bitcoin network.

hive is lighter weight, uses a different protocol which i don't entirely understand but seems well trusted and efficient. i use it and bitcoin-qt and distribute some of my BTC among the two.

Call me paranoid but having your wallet on someone else's cloud (Coinbase) is an opportunity waiting to be exploited. All it takes is some network admin or developer to transfer all of the clouds bitcoins to a personal wallet and nobody, especially you, can do anything about it.
A cloud wallet in and of itself is not a bad idea; it just needs to be secured appropriately. Multi-sig support is probably key here. You could have the best of both convenience and security with a 2-of-3 setup, where you keep one key in cold storage, one in a native app on your devices, and one with the cloud provider.
The problem with that is that the app on your device is usually developed by the same entity, meaning they could take your key and steal your coins.

What we need is to decouple the online service from the app on your device. Maybe someone could develop a secure app with a nice API or protocol that users can securely connect to 3rd party services without fearing that the key in their device could be stolen.

Yes, that's a fair point. I agree with you.

PS: Ugh, not sure what I said that was so controversial. Always annoying to get downvoted for no reason. Oh HN.

Nothing, we are all being downvoted. I guess it's the usual Bitcoin haters.
Coinbase is against the core idea of Bitcoin: there's no need for banks or middlemen.
How do I know I can trust this app?
You'd have to examine their source code, which should be prominently linked on their page:

https://github.com/hivewallet/

Personally, I would not trust a bitcoin wallet that advertises itself as "the fastest, easiest and safest way to use your bitcoins." That's a bold claim, and not one that responsible crypto developers should take lightly.

(comment deleted)
It is starting to jam me up that we have obviously arrived at the same name depletion that .com ran into when it feels like so many projects are choosing names that collide with existing project names. This is second only to projects that chose names for their programming languages that are search engine antagonistic.

I freely grant that the Map Reduce community and the whatever this does for the Bitcoin community are unlikely to land on each other's search terms, but maybe that's only a matter of time.

Alternatively, thank goodness the DNS TLDs have expanded so one could name their project hive.java and hive.bitcoin.

We're building a distributed system and just decided on Hive as the codename for the control plane. One of our engineers that is familiar with Hadoop brought this up.. now there is this as well.

"There are only two hard things in Computer Science: cache invalidation and naming things."