Bitcoin Forum

As I noticed that the bitcoin price is rising over last month, I wanted to sell some for extra pocket money...
Upon opening my bitcoin client I found out most of them were gone...

On 16-9-2013 20:15 11.79406039 BTC were withdrawn from my Bitcoin wallet to the following address 18nVNeiaQ22ajSzV9i3jce5VqQL4VJqEJt

Trying to accept my loss, struggling with anger, sadness and most of all the fact that I do not have a clue how "they" did it...
Since I'm not expecting to see any of my GPU produced coins again, I would like to try and make my loss a lesson for any other (honest) bitcoin owner.

I hope this community can help me find out what I did wrong, and what would be the method most likely used to do the job.
The answer might be very obvious to some of you, but with the knowledge I posses I can't figure out where I've gone wrong.

My situation: (In which of course my new wallet won't be...)

My wallet was stored (encrypted) on my local server. The password is stored on a USB thumbdrive using KeePass in a TrueCrypt partition.
My server runs Windows Server 2008 R2
My PC runs Windows 8 SP1, both having all updates installed.
My Bitcoin-QT software was version 0.8.3
I've never used my browser on my server.
My PC uses FireFox, the only add-on I could think of that would improve my security would be Ghostery.
I access my server using Remote Desktop or Clover, witch enables tab browsing. I mainly use it for storage, downloading and streaming.

I feel so stupid and really don't have a clue on how they got to me. Please help me out, so I can make sure this won't happen again.

was the password easy/short/dictionary?
do anyone else knew about it?
"local server" was serving anything on the internets?

First of all we need to know what kinda place your wallet was at, as you should know inputs.io does give back the stolen property in some means, only if it's able too see the stolen goods taken to that address at very many transactions going to that account.

Also having to scan your computer with bitdefender and Ad-aware by lavasoft, that can peek into discovery of some keyloggers. But again as I know the best solution for home computer is using ZoneAlarm Firewall, from that point some keyloggers cannot get inside.

I'm really sorry about your encounter with hackers, thieves. But there might be some precautions that you did not keep. As for iputs.io it got hacked recently all those who had amounts there could easly loose them.

sorry to hear this man. First thing to know is that you did nothing "wrong". It was the thief who did a wrong.
From what you said, I would be most suspicious of remote desktop.  But as the value of btc goes up, so does the sophistication of thieves. Security will be an ongoing problem in bitcoin. I think keeping all but a small amount of coins in cold storage is the best option now.

Thanks for your responses.

@conspirosphere
The password is 228 Bits and was generated by the pw generator that KeePass supplies.
My server is only used for streaming within my network, and downloading via torrents or usenet.

@Dealazer
My wallet was in the default location.
The reason I did not have any anti-virus (ect.) protection was because at the time I installed my server I could not find a free software that would allow installation on a server.
I will try bitdefender and Ad-Aware.
About inputs.io, what does that have to do with my sitiation? I did not use that wallet...? What am I missing here?

Nothing. He just has no idea what he's talking about.

hm.. seems secured.... KeePass is the problem maybe?

inputs.io is an online wallet, I would say Bitcoin-qt should be more secure compare to inputs...

Damn, pretty tight security operation and they still got you...
No idea how they got you, but sorry for your loss.

Hate to be the one to say but I call BS

Would the client version have been the problem? I know from what Gavin had mentioned there were several serious issues with
the older version and as a result he issued another update of the app almost immediately after having released Bitcoin-Qt version 0.8.4.

The latest version is 0.8.5

Huh? What do you mean?

Have to go back to work but I'll explain later

Seems like whoever took your coins, they re-distributed quite a few times in so many chunks

Please do so. I'm really curious why you think this is "BS"...

For those who did try to cuntribute anything usefull to this topic, I thank you.

Server connected to internet without anti-virus and firewall and running torrents ?

Seems hackable to me, it might be the problem

and the encrypted wallet?
that takes a keylogger or an insider

FTFY :D
Recipe for disaster!

Ad-Aware by lavasoft.com will most likely make an display of all keyloggers available on the internet. As for bitdefender it would not display what was inside computer.
As for the wallet it's connected through email if you in most cases used the same email at places where bitcoin talk is available, but in most cases that could not happen since your wallet code was unbreakable for most hackers.

Is then your wallet trustable?, does it contain trustworthy wallet security?, in most cases it can be insider of the firm that has the wallet for you.

1st security issue is that you're running windows

2nd you're running downloadable torrents off of you're server

3rd You had no firewall and a p2p torrent operation

4th I'm sure you told someone that runs your server about the coins they likely stole it

Problem solved!  8)

Sorry to hear that.

I consider Windows and binary blobs to be a major security risk by design, its literally a 30 GB wormhole, hence I always advice people to stick to Linux and open source.

That said, the most likely reason is the most obvious one, like someone with access to your PC. Or spyware of some sort

Or not.  The largest thefts and hacks in Bitcoin history all involved linux based systems.   Security goes way beyond the choice of operating system.  

Still I find the scenario and choice of username suspect.

Cool story bro, tell it again.


So these coins were supposedly lost back in September?

You haven't looked at them since April?

What's with the micro transaction in October?


To me, it seems you are forgetting part of the story. Especially if the wallet was encrypted.

As far as I know a key logger can't be the problem, because I used the Two-channel auto-type obfuscation that KeePass offers. http://keepass.info/help/v2/autotype_obfuscation.html (http://keepass.info/help/v2/autotype_obfuscation.html)
An inside could be, but is very unlikely. The people who knew about my bitcoins never were near my computer or server unguarded.

@wtfvanity
that was the remaining amount of bitcoins left in my wallet. I wanted to send them to my Mt.Gox account. But in a hurry I forgot they used one address per transaction so I never received it.
No I don't often check my balance, since I assumed it was safe. And I'm not a active BTC user, it was just a savings account.

As far as I am aware of, I'm the only person with access to my server. I download my torrents from a private tracker and I never said a word about bitcoins in that community.
My nickname is about 9 years old. I was a fat kid and walked like a penguin (my friends thought so). Thus the nickname Linuxxl. I never used Linux until last month, for creating a bootable USB stick to store my new wallet.

I understand your scepticism but I can assure you I'm not trolling or whatever. If you have doubts about my story feel free to ask any questions. Preferably before you start judging.

That is incorrect.  Old addresses can still be used.  Many people use them everyday. MtGox adds coins received at any one of you addresses to your account balance.

So you moved the rest of the coins out, a month ago. But are just posting the story today? Continues to be a great story, start it again from the top. It gets better with each addition.

Man that is terrible, I think i'd break down over it. Thats like 3 grand gone. I hope you find them or get a break from someone!

I was in doubt if I should share my story. Since I get the part where I will never see those coins back again.
And I thought perhaps I'm painting a nice big bullseye on my newly created wallet... You see?
But then I thought I should post my story so that others could learn about it. And I would like to make sure this won't happen again, or to anyone else.

So yes, it took me a while to decide if I would post it or not. What seems so unrealistic to you then?

And for those who sympathise, thank you, I appreciate your comments.

Why didn't the hacker take all your coins? Why would he leave you with $50?

I don't know why he left me anything. Not a clue.

@DeathAndTaxes
You were right, I found the coins in my Mt.Gox account.

Why does my bitcoin-qt client state that I only transfered -0.0003008 while I received 0.14901709 BTC in my Mt.Gox account?

Ad-Aware didn't find anything btw...