Bitcoin API key

Beware the API Key in Yor Online Bitcoin Account

-By Milly Bitcoin - December 15, 2013.

Many new users who open Bitcoin online accounts with exchanges or online wallet programs do not fully understand the ramifications of the “API Key.” API stands for “Application Programming Interface.” This key allows for programs to interface with your account. For instance, if you have a computer program that makes automatic trades to your account. Even if you have added security to log into your account, such as 2-factor authentication where a second password is sent via text to your smart phone or a hardware key is needed to be plugged into a USB port the API key will bypass this.

One reported case involved someone who created their account without 2-factor authentication because they had not yet made deposits. Once they made deposits they enabled 2-factor authentication. However, someone had already hacked their way into the account and created an API key. They then proceeded to make withdrawals. From the perspective of the exchange operator they cannot tell if is was actual theft or a scheme by the account holder to try to get a refund they do not deserve.

In another case someone had created an API key when they opened their account and forgot about it. Now the key was somehow compromised and it was used to bypass the 2-factor authentication protection they had on their account. It would be prudent for exchange operators to provide extra confirmation steps before an API key is created so the users is better informed of the risks.

Source: cointext.com June 3, 2014 – 13:13

PSA: "My bitcoin got stolen" is now a daily post

2013-06-04 22:18:49 by ME-HEAD-WIDDA-HAMBONE

"PSA: "My bitcoin got stolen" is now a daily post here. Use paper wallets, only keep 5% of your bitcoin online."
"Almost all bitcoin thefts happen because of trojans, compromised Windows machines.
"The scenario is eerily repeating: User logs on to Mt.Gox or another exchange or online wallet and does some transactions. While they are online, their compromised browser inserts an API key into the service. A few hours later, after logging off, they get an email: "Your funds withdrawal has completed!". Their bitcoin is stolen, nothing they can do, gone forever

Related Posts

Bitcoin Yubikey

Bitcoin Aktien

Bitcoin 24/7

Bitcoin ads

Bitcoin API net