So how exactly do you steal bitcoin out of a password protected wallet, when I have never written the password anywhere, it is "reasonably secure" (no dictionary, mixed notation, 16+ characters) and it is encrypted AES-256, which has not been cracked yet? I'm not talking about online wallets which are just as untrustworthy as banks unless they FOSS their implementation, and even then you are trusting their system administration, especially if they keep backups of your password and thus have access to the contents on their end.
I'm wondering how I'm going to get a virus on a curated Arch installation without usb autoexecute, also considering its on my office and usually locked, behind two firewalls without any inbound ports default open. They would need to get an executable on my system - shell or not - somehow give it executable permissions (which reminds me, there really should be some mechanism in almost any file transfer protocol to deny-execute on downloaded files so users need to manually allow it), run it somehow, and have it running when I'm accessing my wallet, via somehow injecting itself into an autorun mechanism. And I have PAX disabled access to xinitrc, bashrc, bash_profile, ~/.config/systemd, ~/.pam_environment, and ~/.config/autostart.
I'll take my chances. If I heard of wallets getting keylogged, I'd just access my wallet via a TTY without my desktop running without any user autostart configuration. It is also a partial advantage that X is horribly implemented and since the window manager grabs the keyboard, you need to exploit the window manager to listen to keystrokes like that, if you deny /dev access to keystroke polling. I think it gets even better in Wayland where the system compositor controls keyboard access, so you can stay diligent in only passing keystrokes to the actually selected application, and take steps to avoid situations like false frames over the GUI login prompt that passthrough keystrokes from an invisible keylogger (I'm not aware of if thats even possible on X or Wayland, though, should look into that).
What program are you using to make the actual transaction? It needs knowledge of the blockchain, is that coming from another computer or is it connecting to the network? A firewall isn't going to protect you in the latter case.
I would want a nearly completely airgapped machine before I would be comfortable using it to self-manage significant quantities of bitcoin. Maybe feed blockchain info over a one-way serial cable. Definitely no disk sharing.
With a bank I know that a hack might happen but nothing is irrevocable. If they want to use bad security it only hurts their insurance premiums.
