Bitcoin Forum

So somehow I fucked up and all my coins were send to this address
1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

Any way to track or reverse it?

https://blockchain.info/address/1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

It was a hack ? Or you did a accidental "swaping" between service ?

I have no idea?

Status: 21 confirmations
Date: 10/18/2017 02:09
To: 1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2
Debit: -0.62667325 BTC
Transaction fee: -0.00028510 BTC
Net amount: -0.62695835 BTC
Transaction ID: a7b7a674334c2fb313de0861df79e45dc7e756b81f7d21025851dae86eccdb1b
Transaction total size: 5650 bytes
Output index: 0

I did NOT SEND THIS TX

My wallet is core and I had a passphrase and it was locked.
I changed my passphrase after the TX...

If you didn't send it then someone has access to your private key. if you have any other wallets on your computer with bitcoin in them consider them compromised and move them to a clean computers wallet straight away.

there isnt a way you can reverse transactions.

I recently tried adding  blockchain wallet and bitcoin.com wallet

One of these must have exposed me to the theft?

Passphrase and/or locked wallet ONLY affects the wallet.dat file... if the hacker had your private key, then all the passphrases in the world won't save you. Did you ever export the private key for the address: 1Q1PDnwmbFkNaYbpsiPVUBJe1pEM7m8zYH? ???

As annmarie suggested, that entire wallet should be considered compromised and you should no longer receive ANY coins to it. I recommended moving any coins you have left to a new wallet immediately. I see that 1Q1PDnwmbFkNaYbpsiPVUBJe1pEM7m8zYH just received more coins today (https://blockchain.info/tx/c4003857546fea36cd2ef7eea38535e77f87a60045750cc994792893baf2cc22). You need to STOP using that address immediately and move those coins as soon as possible.  :o

You should probably also scan your computer for viruses/malware.

I did dump the private key planning to write it out on paper...

Since the hack I deleted my hacked wallet.dat
then restarted core to generate a new address and made a new passphrase.

My anti virus scan didn't catch anything

Is my NEW address also compromised?
Does it not generate a new private key?

Most likely dumping the private key out of the wallet and into either a text file or the screen has allowed someone to get access to your private key... It is the only logical explanation for why all your coins got moved without you transferring them.

It is hard to know if your new wallet is compromised or not... The only way to be completely sure is to completely wipe the entire system, reformat and reinstall your operating system...

Fcuk they just got the latest payout to a new address and key !!!

So your PC is compromised or hacked in any way.

Remove the drive from the computer, add it to another PC as secondary and scan it for viruses and malware with more than one antivirus

If your PC's server is hacked anyhow, then I guess nothing that is put on it should be considered as "SAFE" tbh.
Btw, as you received some more coins today over your address, I want to know that were they also sent by the hacker only or you sent them to some other address? As everyone asked, did you try to IMPORT/EXPORT your key to/from somewhere else? Because it makes your key prone to getting hacked as it's all online and if not, then possibly there's someone who had access to your PC either through the network or "by personally using it from your space" < (this looks less likely).

Your NEW address is not compromised unless it has a new PRIVATE KEY (yes, it is obvious that whenever you use a new address, it has its own identity or I must say: PRIVATE KEY). But when you know now that you have had been attacked like this, why don't you stop using these services from the same PC (if everything happened offline) and start using it from another PC (not a public computer).

the drive passed several anti virus scans...

I'm wiping and formating and installing a clean fresh windows now on another comp

This drive is a clone so i must kill it also

But HOW did they know my address? and access my comp? And find My prvate key?

I want these fucking thieves to burn a slow painful death

I cannot possibly correct your Microsoft Windows Lifestyle. But allow me to remind you that "anti-virus" programs are a bunch of fraud. Never ever rely on a fraud. They are just windows with progress bars. Most probably your anti-virus is just a trojan. And most of you who uses Windows Operating System have this notion that antivirus programs are legit and you never suspect it. Antivirus program is not a god. Do not worship it. Shift to using Linux and this thing will never happen again. Study LINUX. You will never ever have this problem again. You will not need a stupid antivirus or anti-malware created by fraudsters. To steal your Bitcoins.

That's not enough: It's always wise to assume your computer has been compromised, so backup and reinstall before making a new wallet.

Satoshi recommended to never delete a wallet, so just in case: keep your old wallet too, just don't send any coins to it ever again.

You can never be sure about this, that's why it's safest to assume your computer is compromised. Unless someone found your piece of paper with the private key, the theft must have happened from your computer.

Windows can run many virusses that are designed to steal your Bitcoins.

It sucks now, but for future use: create cold storage offline! Writing down a private key from a hot wallet on a piece of paper is much riskier than creating a paper wallet offline from a Linux LIVE CD.

In that case, it probably is not a virus.  It is probably malware.  At some point in the past, you may have installed a program that you thought was legitimate, and that program was probably designed to steal your bitcoins.

Have you ever installed any pirated software on your computer?
Have you installed wallets for any altcoins on your computer?

Both of those are very common ways to unknowingly install malware.

The other possibility is that you downloaded software from a phishing site without realizing it.  Some phishing sites can look exactly like the real site.  When was the last time that you downloaded some software from a website?


Malware on your computer can look for an installed wallet. It can then capture your password as you type it.  Once it has your wallet and your password, it can access your private keys and spend your bitcoins.

You cant do much, unless you know how to monitor your outgoing traffic, there are many softwares which can help you with this. Lookout for strange ips your computer is trying to communicate with, You may get lucky and find your attackers ip, if they are not using any sorts of proxies or vpns. That's your only chance of finding out who was behind the attack. Other than that you can't do much sadly.

What OS are you running?
Did you do stuff over WiFi recently?

There's a recent WiFi vulnerability. I don't know if it's related or what kind of information can leak, but have a look:
https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

Nowadays these are practically synonyms, and antiviruses detect both.

No, they aren't.


Anti-virus software may try to detect some malware, but it would be impossible for it to detect all malware.

It is tough to know if your new wallet is compromised or not... you should completely refresh the entire system or reinstallation process.

This is why i dont really trust completely on anti-viruses which even if i do have AV i dont usually download random things online. Come to think off that they are just the online ones who do made viruses for the sake that they Anti-virus would sell off.(Just my own view). Regarding on op,that was a big loss 0.6 btc is already a big amount if you do see on current price of bitcoin and reversing the transaction isnt possible.Forget those coins and move on.

To add to this, a virus is a piece of malware but a piece of malware may not always be a virus. There are other categories such as trojans that cause issues with computers and enter them the same way viruses do.

Most wide-spread malware is protected by antivirus software. There are software that antivirus doesn't trust like some antiviruses don't trust the Bitcoin Core wallet for example.
Antiviruses measure familiarity with code and how widespread it is to determine its safety (signatures used to generate the code are also checked). Higher level languages are not checked as easily by AV software as lower level/intermediate languages are and therefore, getting a piece of software that is cleared by AV to run another piece of software/code that isn't can be a main producer of issues.


That's a good suggestion, the disk needs the operating system completely uninstalling and anything else on the disk completely removed. Then the operating system can be reinstalled and tested with smaller amounts.

---

I would say @OP as this issue has happened to you once, if you stick with Bitcoin, try and change the way you surf the web or change how you store you coins.

The coins seem to have finished up in this address: 1Kefz6BcNjK6MhTrLnr2KAQq8KyPNCeMSS
Keep track of that OP and see if the coins move anywhere else after that (though that might take a while).

Hi sir,

To avoid this type of thing from occurring, you can purchase a hardware wallet. If offers much much greater protection than the method you are using, regardless if your computer is compromised or not. With a legitimate hardware wallet, you are very likely to put the breaks on hackers.

if you didn't accidentally send on that address maybe have someone know your private key or maybe you login in net cafe that have a keyloggers...reminders to all netcafe user dont forget to clear your history and cache before leaving because some net cafe they install keylogger to copy your password...

Scary stuff, I also vote for hardware wallets as the most secure.

How about a dedicated computer just for holding wallets? we are always upgrading parts, I can probably make a no-frills offline machine just to hold my wallets, and connect to the internet only to send and receive coins.

NO! This is not how to use a "two computer" setup... As soon as you connect that 2nd PC to a network you are potentially exposing it... You want to use the 2nd one completely offline and keep it "air gapped"... No Ethernet, no WiFi, no Bluetooth... Basically no networking functionality (after the OS has been installed).

This wiki entry is probably a little outdated, but explains the concept: https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet

Also try a wallet with 2-factor authentication for added security. Use a dedicated cheap clean cellphone that's sole purpose is to generate the codes if you must. Don't let it connect to the internet often aside from syncing. It's not 100% secure as stated here https://sites.cns.utexas.edu/oit-blog/blog/can-two-factor-authentication-be-hacked (https://sites.cns.utexas.edu/oit-blog/blog/can-two-factor-authentication-be-hacked) , but it gives more protection for your wallet. If you don't plan on sending out bitcoins often then use a cold storage wallet.

"contacting customer service assistance" ?
Smile !!

They cant be of help,not them and not anyone because bitcoin transaction is not reversible. The stolen bitcoin is as good as gone !

Try to re-format your PC but turn off your internet connection before you installed and try to disable your LAN connection then proceed,it might someone is trying to hacked your entire system..

Very sorry for your loss this exact same incident happend to me last moth in my poloniex account.
there are 2-3 possibility.
1.There are key loggers in your mc.
2.Some hacker have a remote session going on your computer.

In both of the case you need to reformat your computer as sooon as possible.
Blockchain transactions cannot be reversed.Hence i am afraind you have digest this loss.
Stay safe for future.