Bitcoin Forum

I just opened the client, and I have a transaction of -23.20 to an unknown address (it is not recognized by block explorer), that I did not make. It has 0 confirmations. Will not downloading the block chain do anything? Is there anyway to stop this? Or should I just download it and see what happens? :|

EDIT: And I am running on a Mac.

EDIT2: Now it is showing up on block explorer. http://blockexplorer.com/address/1KqNXG7wVcuxhB56mCr7mcGG1FqF1RHs7n

Am I just screwed?

even though I don't store my wallets in plaintext these topics make me nervous.

So if it says it's gone, it's really gone and I can't do anything.. correct?

Does anyone have access to your computer? These coins were in your wallet right, not in a mtgox account thing? (not sure what to call it right now, haven't used it really)

This is correct

I think they were taken from my Gmail. I was stupid enough to put it there unencrypted, because they were not worth very much when I first uploaded them.. and I just never got around to it.

Does anyone have any information about this IP address: 65.183.151.13

The wallet.dat was on your email server unencrypted? Anyone have access to that account or a computer you might have used the account on? How secure are your passwords?

IP address [?]:    65.183.151.13 [Whois] [Reverse IP]
IP country code:    US
IP address country:    ip address flag United States
IP address state:    Vermont
IP address city:    Burlington
IP postcode:    05401
IP address latitude:    44.4929
IP address longitude:    -73.2253
ISP of this IP [?]:    Burlington Telecom
Organization:    Burlington Telecom
Host of this IP: [?]:    saito.countshockula.com

Contact their abuse department with the information and time your email was accessed.  My guess though is that this is a compromised account and the thief is not the persons associated with that IP at the time of the attack.

Edit: There is a website running at http://65.183.151.13/

Also responding on port 22 for SSH

Lol.. 111 is responding as well.. He's not that bright.

I thought my password was secure, but I guess not.

I am contacting Burlington Telecom right now but they don't seem that legit to me... This sucks.

EDIT: Wow, what a strange website. Do those open ports mean anything to my situation?

http://www.networksolutions.com/whois-search/countshockula.com

More info :)

Edit2: Leon Johnson works for the ISP and is the one who registered the domain.  So he may have the information you are looking for

http://www.jigsaw.com/BC.xhtml?contactId=12877237&lastName=Johnson


Not unless you know of a specific portmap vulnerability, or can figure out his linux login/password

Wow, thanks a lot. Very handy information. Hopefully I can at least contact whoever stole from me.

Abuse report info for Burlingtontelecom

OrgAbusePhone:  +1-802-540-0007
OrgAbuseEmail:  Abuse@burlingtontelecom.com

I already sent an email. I will call tomorrow if they don't respond by then. I guess I've learned an important lesson about encrypting :/. Really beating myself up over this. But still hopefully I can contact whoever stole from me. For now I'm just going to try to sleep it off. Thanks for the help everybody.

I have a pet theory that the Anon/LulzSec folks are hard at work screwing bitcoiners over...all for lulz no doubt! :(

Wow, you didn't jump off a bridge?

Fuck LulzSec, seriously.

They accomplish absolutely nothing except screwing over normal people.  I hope they all die a slow painful death.

One of the addresses to which some of my stolen btc went belongs to them.

Someone else had their mtgox account hacked and btc sent to the very same address..

There is a trail of crime here. This is a concerted attack on bitcoin users.

How many?

Man, I feel bad for you, but give that a rest. Some funds went to a donation address, big deal. You don't know anything.

At least this will do some good:

Waking people up from the delusion that Apple products have any other security value than the jails and chains for their customers.

I want all these threads to die in a fire.

Not before they are put up as warnings for keeping personal security, though.

Today I called Burlington Telecom's abuse line and I was informed that they need a subpoena to give any information about the person. Is it worth going to the police? Would they do anything?

http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/d115cac84c243634/4c99c06553bf84b0

The IP address is in that list. But I'm not exactly sure what that means. Was the person who stole from me most likely using Tor?

Sorry about your loss. I know this doesn't help now, but here is my two cents.

This was  not a brute force attack against google. It would be impossible to hack you that way, so your password must have been hacked or compromised. A lot of insecure web pages, like the Playstation network and Codemasters have been hacked recently. So change your gmail passwords if you used those services.

I never tried hacking gmail, but if I was going to try I'd probably start by using the password recovery service and tring to guess your answer. For example, if your security question is 'what is my favorite colour' I'd try red, blue, green etc until I got it right. Maybe I'd look you up on facebook for mother maiden name or child's name or whatever. I might also be able to guess your password like this, so don't use gf / child's name. And you need to be careful with those security questions.

The weakest point I'd guess is your PC. I am always worried about my PC's integrity. There are a lot of smart guys out there trying to hack into your PC, like those lulzsec dudes for example. So maybe take at least basic security precautions like using a virus scanner (microsoft security essentials is OK), a firewall and such like. Keep your PC patched up with auto updates and install Noscript if you use firefox.

These are just basic things everyone should do routinely. But there is still a chance of being hacked even if you are careful.

And how is this theft related to the fact that the user has an Apple?  Was it a security flaw in the machine or an attack on gmail?

First thing you do when email compromised is changing email password.