[espringe]

Note: This is only safe if your computer doesn't have bitcoin stealing malware. Before you use this, it's not a bad idea to throw $5 in a Bitcoin Vigil money pot, and get notified if your computer gets any bitcoin stealing malware.

[shazow]

Even if you're not using Bitcoin, having a Bitcoin honeypot on your machine may be a great way to early-detect intrusion. It's such a tempting target for viruses and blackhats these days, I'm happy to sacrifice a few dollars to know that I've been compromised.

I'm using https://www.bitcoinvigil.com/ which is very slick but I may build my own equivalent of this at some point and shove the wallet.dat on all of my machines.

[wmf]

It seems like Bitcoin Vigil can only protect non-Bitcoin users. If you have a "money pot" and real money stored on your computer the malware will just steal both.

[jliptzin]

Exactly, I don't see how this is useful for bitcoin users at all. They notify me after all my bitcoins have been stolen? Great.

I can see this being useful as a canary to let you know someone has acquired unfettered access to your device, but it doesn't seem very practical for high value targets (who cares about $5 of bitcoin if there's far more valuable info to steal), or if the attacker decides to steal the bitcoin wallet file and only transfer coins a few weeks later after he's already taken advantage of the other info he got off the target device (and by then you probably already know you've been compromised anyway).

[gcb0]

unlock the $5 every login. it will be stolen much faster than the wallet that you load only a few times (not to buy drugs, just to count your bit coins, or maybe take a dive on all those bits in your huge storage fort)

[espringe]

Your real wallet has a password (encrypted) while the "money pot" is not. It will be stolen much faster (read: immediately) while the encrypted one relies on you entering a passphrase

[BrokenPipe]

true. if you want to try a wallet that offers multisig via 2fa, which should protects you more from the above risk, you may want to give https://greenaddress.it a go.

[jafaku]

Seems like Bitcoin haters have reached HN too. All the comments being downvoted for no reason.

[justizin]

hadn't heard of this, sounds like a _fucking_ good idea.

[nwh]

It's not really, a honeypot (ha, title relevant) like this only works if it is obscure, as soon as everybody is aware of them the game changes significantly. If being a persistent threat is more valuable than the honeypot to the attacker, they just won't touch the honeypot until they are found out or on their way out anyway.

At best it's confirmation that you have been compromised, not evidence that you have not.