[Obi_Juan_Kenobi]

How are they cold storage paper wallets?

They certainly aren't paper. They also aren't cold, being on a networked computer.

I don't like victim-blaming, especially because this is really a usability issue for crypto, but I have never heard anyone say that a pw protected .rar file is appropriate security. If you're going to make a significant investment into crypto, I just don't understand how you can ignore all the security advice.

[brianwawok]

Which is one reason I could never see my parents using a cryptocurrency. So many things can go wrong.

[bbcbasic]

It's the reason I don't (seriously) use it. I have 3 bitcoins or so floating about somewhere.

[_RPM]

The fact that he uses RAR, a non open format makes it even worse.

[mtmail]

I don't think we need to suspect the RAR encryption is broken. By default, at least on Linux, even if an archive is encrypted a 'rar l <file>' will show a file list though. So if the files had relevant filenames like mybitcoins.txt then it made searching the harddrive for money easier. At least I suspect crackers look for files called creditcards.txt, passwords.txt etc.

If the crackers knows the archive contains coins, then bruteforcing is worth it.