Bitcoin Forum

Hi, I got hacked today and lost 1.22 bitcoins(About $175).

I guess its pretty much impossible to get this back?

Firstly I got an mail, where someone with the ip adress: 222.73.10.150 were trying reset my password, which they had done. Nothing stolen from there.

Then, I got an email saying that there has been a withrawal from my account:

Transaction reference: c3e19ab2-64df-4985-9dfd-a7753d648c13
Date: 2013-09-30 12:35:57 GMT
IP: 23.106.64.2


Withdraw                  1.22132480 BTC
Bitcoin withdraw to 1CDjhXpqro96hSGk9QzGGm3qBMaYKxGp8f


Any help is greatly appreciated!

Where did they hack to get the btc from?  What site?

Did you use an online wallet?

I had my $175 on my Mt.Gox account, they bought 1.22 bitcoins and then sent the BTC to himself.

Sorry :(

Don't leave money or btc in exchanges for any longer than you have to.

Hmm, all the hacker needed was access to your email.

It seems like you didn't have 2FA enabled. You should use (when withdrewing) it for a added level of security, consider yubikey or G.AUTH

You should always use 2FA .....
And use difficult password, secure your computer, and do not go into fishing attempts.

Unfortunately MtGox cannot be recommended until they improve their security features.

this was an exchange account, sounds like? unfortunately, they are not particularly safe. i am sorry to hear about your loss...  :-\

And start processing USD withdravals much faster ;)

Just don't use Gox at all. Personally, I would recommend that you store your BTC in an offline wallet or in a very secure online wallet (blockchain.info, inputs.io, etc.) and then only transfer to exchanges for a short period of time when you are actually ready to exchange them.

Now you MUST:

scan your computer for viruses  and malware

change all of your passwods (email, Facebook , bitcointalk, whatever)

stop allowing javascript, java, flash and other crap on your browser

You should install new windows or whatever you are using to delete that virus just to make sure that your computer is clean and no virus can acess you wallet or mtgox.

The 2nd IP resolves to 23.106.64.2.rdns.ubiquity.io

 13   109 ms   107 ms   115 ms  xe-5-2-0.cr1.dca2.us.above.net [64.125.26.21]
 14   145 ms   147 ms   145 ms  xe-0-2-0.cr1.iah1.us.above.net [64.125.25.114]
 15   147 ms   181 ms   176 ms  xe-5-1-0.cr1.dfw2.us.above.net [64.125.21.129]
 16   147 ms   153 ms   147 ms  xe-0-1-0.er1.dfw2.us.above.net [64.125.27.74]
 17   142 ms   148 ms   149 ms  209.66.115.54.t01344-01.above.net [209.66.115.54]
 18   155 ms   153 ms   162 ms  23.106.64.2.rdns.ubiquity.io [23.106.64.2]

Go to the http://ubiquity.io website. There's a contact phone number there.

Use as much security options as you can when you have money on internet and don't keep it online for a long time.

Use 2FA if you absolutely must use an online wallet.

Online wallets are not safe, period.
Offline wallets on a USB with armory and other shit also ain't safe, nothing is safe, this is the internet.

to the OP
you have a trojan or logger on your machine
1) clean your machine of all virus and learn how to do safe surfing.
2) never ever ever use the same username and password on any site
3) having cleaned your machine go and change your email address passowrd
4) go to lastpass.com and generate a good password and associate it with your newly cleaned email
5) change all your forum username | passwords to something different for each one.

Offline wallets are very very safe, if done correctly.

lost 34,35 btc on instawallet, filled out a claim, and ..... nothing!

that hurts!

Offline wallets aren't connected to the internet.  That's what offline means.

USB stick is the achilles heel. But more secure than online computer, i agree

Thanks, I'll give them a call! Maybe they can give me the name of the owner of that IP adress.
 If they won't agree on giving it to me private, I guess I gotta file a police report. If the police asks them to hand out his name/adress etc, they are required to do so, right?

its good you must do this its very important for all to catch these hackers and bring them into public

Did you call them?

You should have enabled the OTP

I haven't called them yet, I sent an email instead.

Got this reply:
"We have forwarded your complaint to our customer. Thank you!




Ticket Details
---------------------------------
Ticket ID: ***-***-*****
Department: Abuse
Type: Issue
Status: Closed
Priority: Medium

Support Center: https://support.ubiquityhosting.com/index.php?"


It seems like a company called "Nobistech" is using Ubiquity as their hosting-service. Hence they have forwarded the complaint directly to Nobistech.

It's quite likely that the computer from which the connection was made was itself hacked.
Using hacked servers to cover their tracks is pretty standard behavior of internet criminals - much easier than installing TOR and using it correctly :-)

Onkel Paul

Maybe it's time to use VM and linux for your wallet?

Or learn to use paper wallets. It is complicated, but worth the troubles

Looks like you lost out..Sorry for your loss!

Huge loss... Be careful on next time dude, and save your btc's offline

ALWAYS 2-factor. Always.

I havent heard anything from the company I sent the email to. Been allmost 2 months now.

Is there anything at all I can do or do I just have to deal with the loss?  :-\

no body covering you loss just you have to manage this and carful about future and change passwords and never use one password on different sites good luck for future  :)

https://bitcointalk.org/index.php?topic=305166.msg3285211#msg3285211
+ file a police report

2FA should be enabled, and you should keep your fund in your own wallet (offline wallet is even better).

I doubt police will do anything.

@OP deal with the loss and make your cryptocoins safer.

Great information, thanks! I am trying to figure the online/offline wallet thing out right now so this helps a lot!

It's probably some person in China. Looks like they thought they wouldn't be tracked. They probably used a stolen credit card to create a VPS at Nobistech, chained a proxy and moved your bitcoins.

 http://www.nobistech.net/companies

Or it could be someone else using a proxy in China, but usually those proxies are slow. There would be better alternatives. It doesn't add up. Why not choose Transnistria?

I am sorry for your loss, I know how you fell right now.

I know this might not bring much comfort, but there are positive and negative in every action, try see the positive and then will you feel better.

Use this incident as a learning experience:
Start making it a custom to have a strong password policy (Most people are sometimes too sloppy with this).

And all the other good safety stuff:
Use different password for different sites.
Use 2-3 way authentication (when available)
Use special email account for you bitcoin business.

This might save you much more money in the future than you have lost today, if you learn your self to be "paranoid" on the internet.

Again, sorry for your loss, I hope the best for you and I am sure you will recover.

Thanks mate! That really helped. You learn best from your mistakes!

Luckily he didn't steal my Litecoins, probably because they weren't worth much at that time. Now its worth like 10 times more. I've got it set up with 2-way authentication with Google authenticator.