|
Title: Money stolen from an older wallet version Post by: Dhomochevsky on January 19, 2016, 03:08:36 PM First of all, if this is the wrong section for this, sorry, let me know where I should post it.
Now, there's a friend of mine that used version 1.9.8 and didn't check his wallet in a pretty long time. He had a grand total of 39 BTC in it for some time. A couple of days ago he opened his wallet only to find a transaction (https://blockchain.info/ro/tx/8d2efc0ef83ab6202394d5bc211ef1c14046cc35824e62cc88954d293beaf425) from December that sent the cash to an unknown address. From the looks of it, the person that took the money waited for one confirmation and then sent them through some mixing process. Which means any chances of recovery are basically zero. The question is - how could this have happened? He had the wallet secured with an unique password. The first thing I thought was a vulnerability in Teamviewer that did the rounds some time ago, but he never had TV installed. Then I thought some sort of trojan/virus/whatever, but he claims to have had antivirus/firewall software installed and active at all times. As far as I can see, there are only 2 possibilities left: he either has a rootkit on his computer or somebody that had physical access to his computer did the deed. The second option is more unlikely, since he is careful about who he lets on the computer and what they do. However, maybe there was some sort of vulnerability in that version of Electrum that I don't know about. Any ideas? [edit] - he says the wallet was online all the time and that his computer is on most of the time. Title: Re: Money stolen from an older wallet version Post by: BitcoinNewsMagazine on January 19, 2016, 03:16:31 PM First of all, if this is the wrong section for this, sorry, let me know where I should post it. Now, there's a friend of mine that used version 1.9.8 and didn't check his wallet in a pretty long time. He had a grand total of 39 BTC in it for some time. A couple of days ago he opened his wallet only to find a transaction (https://blockchain.info/ro/tx/8d2efc0ef83ab6202394d5bc211ef1c14046cc35824e62cc88954d293beaf425) from December that sent the cash to an unknown address. From the looks of it, the person that took the money waited for one confirmation and then sent them through some mixing process. Which means any chances of recovery are basically zero. The question is - how could this have happened? He had the wallet secured with an unique password. The first thing I thought was a vulnerability in Teamviewer that did the rounds some time ago, but he never had TV installed. Then I thought some sort of trojan/virus/whatever, but he claims to have had antivirus/firewall software installed and active at all times. As far as I can see, there are only 2 possibilities left: he either has a rootkit on his computer or somebody that had physical access to his computer did the deed. The second option is more unlikely, since he is careful about who he lets on the computer and what they do. However, maybe there was some sort of vulnerability in that version of Electrum that I don't know about. Any ideas? [edit] - he says the wallet was online all the time and that his computer is on most of the time. Sounds like malware, has he used Malwarebytes to check his computer? I had a small amount of coin stolen from a password protected official client a year ago before I became serious about security. That incident caused me to move to cold storage. Title: Re: Money stolen from an older wallet version Post by: Dhomochevsky on January 20, 2016, 09:56:46 AM Well, he actually DID a Malwarebytes scan, it returned nothing suspicious. Is it possible for a rootkit to squeeze through the cracks and not be detected?
Title: Re: Money stolen from an older wallet version Post by: torusJKL on January 20, 2016, 11:40:12 AM Could it be that he exported the private key at some point in time?
Well, he actually DID a Malwarebytes scan, it returned nothing suspicious. Is it possible for a rootkit to squeeze through the cracks and not be detected? You should boot the computer with a live system and check for malware from the live system.The only malware that could avoid such a scan would be in the bios. Title: Re: Money stolen from an older wallet version Post by: twister on January 20, 2016, 03:13:09 PM Was his wallet encrypted? Because it is much easier for malwares to steal the wallet and funds from inside it, if the wallet is unencrypted as they contain the private keys in simple form.
I have used 1.9.8 in the past for a long time but am not aware of any vulnerabilities in it and never had anything stolen from it either, although, I never had/kept that much funds in it. Title: Re: Money stolen from an older wallet version Post by: Dhomochevsky on January 20, 2016, 03:27:19 PM Yes, the wallet was encrypted. Will suggest the live boot/scan idea.
Title: Re: Money stolen from an older wallet version Post by: AussieHash on January 21, 2016, 09:00:12 AM Does your friend download any backups from torrent sites ?
http://bitcoinist.net/fallout-4-player-gets-bitcoins-stolen-dilemma-piracy/ |