Bitcoin Forum

Hi guys,

On December 15, I logged into my BTC-E account and saw that all my money was gone. Under transaction history, "someone" sold all my NMC to USD, then used that USD to buy all LTC's, then made a withdrawal of all LTC's to this address: LTKeQb8rkHAqudGWwdifjWKPpdsD7jPD3G

I have 2 factor authentication, I wasn't logged in at the time and I didn't receive any confirmation email from BTC-e to confirm the withdrawal. I don't know how the thief bypassed all of that security. Another thing is, under notifications, my last filled order was at 9:00 (which I did), but when the thief made the trades from NMC to USD, USD to LTC at 19:41 (according to the transaction history), these trades didn't show up on my notifications.

If any of you here could please provide any help in tracking down this thief (or BTC-e), I would very appreciate it!

Thanks!

Hi Sipora,

I'm really sorry to hear what you've experienced. I understand it can be depressing since I went though something similar recently.

Anyway, the first thing that I would suggest to do is to contact btc-e and ask them on how it was done (which authentication was used and any changes in the email address)
And don't forget to change your password for the btc-e account and email, since your password might have been comprimised.
Virtual currency is something that's very hard to track, since it's the main purpose of the currency in the first place. But you can track someone who login into your account, by checking it in with the btc e website.

Hope you get to see some light from contacting btc e.

Best wishes,
Lukas

Hi Lukas,

Thanks for your reply! I contacted BTC-e and all they gave me was login logs and transaction history. They said the withdrawal has been confirmed by my mail but I swear to God that I had no idea how all of this happened. Not even in my dream. I don't even bother changing my password anymore since they took all my money, there's nothing for them to take anymore. Though everytime I log in, I still need to enter the 2 factor authentication code, no idea how the heck they took my money.

I suspect it was a mistake from BTC-e but no idea. I hope the help from community here at bitcointalk.org would help me find a way. I'm almost hopeless now.

The IPs from logs was yours?
Also if somebody have access to your email, he can delete confirmation emails. Try to ask email provider if any email was deleted

Ask btc-e what IP did the withdrawal? Not many ways to go around the 2FA

Yes the IPs they gave me were all mine. There was a login at 19:24, about 15 mins before the withdrawal happened but I don't think I logged in BTC-e then. Usually I would get a "Successful Authorization" email from btc-e after I log in too but there's no email like that at that time either? I checked all over my email, including trash, spams and there's no a single email from BTC-e. I highly doubt someone could bypass by 2 factor (which needed my iPhone), logged in to my btc-e, did all the trades, made the withdrawal, went to my email, confirmed the withdrawal, then deleted the email without me knowing anything. I use gmail and I check it very often.

I just don't understand if they made the trades from NMC to USD, USD to LTC, why aren't these trades on my notifications. Usually when an order is filled, it shows up on notification right? I still have all notifications from my last trades, but not these at 19:41.

So, the ip login 15 mins before hacking was yours too? And this is really weird. I haven't use btc e before, but I assumed the email might be changed before the transation and then get changed back.

Contact btc e support and ask them if there is any changes was done in your account within the timeframe that person login until when the hacking was done

This should be btc e contacts (if it's still their current one) @btcecom
 Icq - 610112128
 Skype - btc-e.support
 E-mail - support@btc-e.com

This is what BTC-e gave me:

117 login success login [MY IP]
15.12.13
20:51 -> this is when i logged in and realized all was lost, i have this "successful authorization"
116 login success login [MY IP]
15.12.13
19:25 -> 15 mins before withdrawal, no record of this in my email
115 login success login [MY IP]
15.12.13
08:46 -> i logged in, did some trades and there's a "successful authorization" in my mailbox

How much have you lost there?

This sounds moderately scary, but you want to consider the obvious, too.

Firstly - what is the *physical* security around your computer?  Is your two factor password generator on your phone?  Are you in a shared house or dorm?

In other words, could someone have walked into your room, found your computer logged in (or used auto login) and your phone next to it, and spent two minutes cleaning you out?

Is it hacking or straight theft (or hopefully a practical joke)?

I personally don't understand how this all happened, really. I live in a highly secured apartment building, by myself, plus it was on Sunday so I was at home. My computer is finger print protected (Thinkpad X1 Carbon). 2 factor authentication is on my iPhone.

My theory is BTC-e accidentally let someone in my account and that person cleared out everything. I've been hammering BTC-e support site but only got 2 responses from them so far, both of them are obviously useless.

Sorry but looks like you're out of BTC. Looks like BTC-E did everything right, either someone physically jumped on your computer when you stepped out for a sec. Or you have a trojan on your PC.

I added Skype "btc-e.support" as suggested above and the guys said he could do a rollback service for 3 btc's. Is this a scam?
Again, there's no one that could have entered my computer. Maybe a trojan but I think btc-e is at fault too, all of this happened without a trace, how is it possible? We might need to question their security.

As long as you don't pay him to do the 'rollback' and you don't provide them with any login credentials to accounts that still hold fiat and or BTC there is nothing they can scam you off (as long as you don't give them any password you use on other sites). If they ask you for money to do this it is definitely a scam. Otherwise you have nothing to loose.

Rollback?

BTC-e executed a rollback of trades after their master password was compromised in mid 2012 - this boiled down to an exchange resetting the trading floor and covering the losses out of reserves.  However, I've never heard of an account rollback, nor do I believe it to be possible, so unless it passes the sniff test and is paid for with money recovered, I would stay well away.

Hello all, I just want to follow up on this post to see if any of you would be able to help me out. I think the reason must be BTC-e withdrawing money from the wrong account. How is it that I didn't receive any successful authorization email for the login 15 mins before the withdrawal but I received that email for EVERY other login? How is it that I did not receive any confirmation email to confirm the withdrawal? AND I did have 2 factor authentication too!

Do you guys think BTC-e should be liable for my loss?

Anybody staying with you?

Not at all. I have my own apt in a secured building.

Don't trust btc-e.support on skype. There's a number of fishy conversations posted with that account (disgruntled former employee?). It is no longer listed as a contact on the site either. The only way seems http://hdbtce.kayako.com/

Dropbox' implementation of 2FA has been hacked last year. Why not btc-e's?

What's confusing me is the missing login alert email. Since a hacker would have needed to login to turn it off.

I have no idea how someone could bypass all the security. that's why I think it might be an insider's job. Sigh* really hopeless now :(

really sad this happened to you Sipora, the problem is btc-e management is anonymous and there is no way to contact their owner directly.

Even with a trojan on your computer, how did he get through 2-factor ? that's not possible. there are 3 ways this could've happened:

1. the hack happened very quickly while you were logged in to ur btce account, you may have left your computer for a few minutes and the person executed the transfer from your computer remotely.

2. Inside job, lack of confirmation email is very fishy.

3. BTC-e system error, they withdrew from the wrong account.

the only way is to be patient and keep hammering BTCe support, look for their announcement post in this forum maybe PM the owner he might be able to help you.

Your 2 factor is needed to login or withdraw. So. If session was not closed for you, no need in 2 factor!
And you use windows-based computer. It's easy to hack! Use only linux!
So. Some one HACKED YOU. and STEAL YOUR MONEY. So why do you think, btc-e is responsible for that?

Except btc-e logs you out automatically after a short while of inactivity. The logins in question were several hours apart.

If everything you are saying is right then it sounds like a trojan... get someone that knows what they are doing to have a look at your computer.

That sucks man !

What kind of passwords did you use ? Do you use the same password for multiple sites and services ? That's pretty much the only likely option.
If so, I suggest you get into the habit of using a program like Keepass. It's free, safe, and easy. You'll only have to remember one good password, the program generates su[er strong ones for you. You can store the database ( encrypted, of course ) on dropbox, for example.

That saved me so much hassle :)

Good luck.

If the IP's were yours someone has gained remote access to your computer.  Key catchers the whole 9 yards.

You can setup your router so that it only allows devices you (their mac address's.)

Time to secure erase your HDD (SSD) and reinstall windows with all updates.  Us real time virus like MSE,  update it once a week.

Have your computer on an image backup schedule, once per week or after any big transactions to Multibit.

Also shouldn't you keep yu money in your multibit wallets,  always seems more secure to me?

Gmail 2 way comm seems exploited. I heard another story at cloudflare owner had his account under gmail 2 way comm passed.
You should contact local police about it. Interpol can help to find thief.

btc-e management is anonymous and there is no way to contact their owner directly

Hey everyone I just came across this thread because my account was hacked too. I contacted BCT-E and they basically did the same thing, just give me all the login and logout times and IP address. I came across this:
79   logout   logout use logout button   75.***(My Logout after a while of trying to figure out where my money went)   
25.01.14
23:22
78   logout   logout use logout button   62.***( Someone else's ip logout)   
25.01.14
21:45
77   login   success login   62.***(Someone else's ip that used for another login)   
25.01.14
21:43
76   login   success login   75.***(My IP)   
25.01.14
20:51


I find this very odd only because in between those other IP login's, I had an email sent to me with a withdrawal confirmation at 21:44, that i tried to cancel but there was an error. Is there a way to contact BTC-E again to explain this to them? I have all the proof, withdrawal confirmation email at 21:44, and these different IP addresses that show there was a login twice in a row and then my money was gone.

Seems odd. I also doubt that btc-e would be able to do a rollback.

Did you have 2FA on?

The more I read this, and other BTC -e related threads, I`m surprised they even have an exchange.

Like this adds on top of the whole drama of them holding funds to even trade.

it's happened to me, and lots of others too. Just look at the threads on it here. Always seems to be BTC-E too.

Sorry to hear that, I think this is somebody you now.

If you guys have malware on your PC (e.g. a RAT or keylogger), all that site related security is worthless.

How much is Keepass?

I think I could use a device like that.

OP, sorry to hear your loss.



Do you have a link for this?

sorry to hear that mate.

Hey man, sorry for your loss. Though you case sounds more logical than my case. At least there's a different IP and you received the confirmation email. I didn't get any of this yet my money still gone. :(

How much was stolen? If it was a small amount, probably not worth it for BTC-E to be involved (assuming they wanted to be dishonest).

Over 10 BTC is not small right?

It sounds like they used a keylogger to me.  Sat and gathered your log in information including your email.  I suspect they probably intercepted the confirmation emails before you saw them then deleted them.  Did BTC-E have a record that the emails were sent to that address?  If so have you contacted your mail provider to see if they have any logs of another IP address accessing your email during those times?

If they do have a log I would be going straight to the police.  The provider would have to release that information if it was part of a criminal investigation and the ISP would have to release who that IP address is registered to if it was part of a criminal investigation (depending on the laws surrounding that in the country you live in).  Then hope that the hacker was foolish enough not to have used a proxy.  Send the Feds / Fraud Cops / Interpol round to see them.  In the UK for example you can claim for financial loss to the criminal injuries compensation scheme http://www.justice.gov.uk/downloads/tribunals/criminal-injuries-compensation/FTT_CI_1_PracticeStatement_financial_loss1.pdf

I hope this can be of help to you.

Thanks! This is very helpful but I doubt BTC-e wouldn't cooperate. I asked them to investigate more but all they did was to sent me a list of my logins, which is useless. I use gmail, do you know how to get Google to release the logs?

Hi

This is going to be a long post.  I will try and keep it as concise as possible.  This is also the route I would take if this had happened to me:

1.0 Gmail:

1.1 Gmail and Account Activity

Log into your account and scroll right down to the very bottom.  In the far right hand corner you will see Last account activity: 1 hour ago with a link underneath named Details
I presume you know you static IP address for your computer/s  If you do not; type my ip into your browser and you will see Your public IP address is xxx.xxx.xxx.xx or whatever the case may be.  You can then match this with Last activity in your Gmail account.  I will talk some more about this later so I will leave it there for the moment.

1.2 Getting Google to Release Logs / information

This again will depend on laws in your country.  Some countries dictate by law that this type of information has to be made available in a criminal investigation is taking place.  In countries where this is not in force, the majority of the time the company concerned will co-operate with law enforcement.  I presume this is to avoid the possibility that they may face litigation and get sued by the victim for obstructing the investigation and preventing law enforcement catching the perpetrator.

You can contact Google and request they release the information; they might do that and you can then take that to the Police.  I would go to the police first and discuss it with them.  I would also speak to a lawyer because many law firms / lawyers will give a free consultation [usually 45 - 1 hour] free of charge to assess if you have a case.  If you have a case they make money; if you do not they wasted an hour of their time and won't really be bothered.

If you hit a brick wall; you can then request information by going to the organisation in your country who responsible for governing data protection or your rights to information.  In the UK for example it is The Information Commissioner's Office  [ICO] http://ico.org.uk/ who govern data protection and the freedom of information act.  You would submit a subject to access request; they would then approach the company concerned and deal with it from there.  In the USA there is the Freedom of Information Act.  You will need to do more research on this because in the UK FOIA includes public companies.  Google is a public company.  In the USA the FOIA does not cover public companies (unless this changed; congress did request that it was extended to cover public companies). Again this will depend on these laws in your country.  In law the court ruling is normally made in the country and laws of the country you reside in. So for example if you were in a legal battle with an american company and lived in the UK it would normally be judged in a UK court under UK law (again speak to a lawyer to be sure on this point)

Really the Police should do all of this, but if they do not take your case seriously you may need to look into this yourself.  Once you have the information; go back to the police with the evidence you have gathered.

I reiterate again to speak to the Police first because at least the crime has been logged and you will be given a Crime reference number which will add weight to any request you make from Google. It will also ensure that you can apply for criminal injuries compensation and legal aid (again depending on your country of residence and what is available).

Tell Google straight that you have reported the matter to the police and you are speaking to a lawyer (if you really want to scare them say " I am / have taken legal counsel and will take this matter legal if required).  If you are not getting a satisfactory response escalate it up the chain of command and keep going through as many tiers of management as you can.  Start at the bottom and work up and if the person you are dealing with cannot help / does not help ask to speak to their manager. E.g. contact customer services > Customer services team manager > Customer Services Operations manager > Customer Services Director / VP > Managing Director / CEO > Board of Directors.  With escalation processes you will normally find that eventually you will speak to someone who has a true understanding of the effect your complaint / litigation could have on their company and they will start to play ball.

2.0 The Police


You may find that when you make your report to the police you could find yourself dealing with some policeman plod or detective who is all "Bit what?....?" and does not take the matter seriously so you need to ram it home what you have lost financially.  Despite BTC being a non-tangible digital currency that has no legal status in many countries and is not regulated it still has a substantial value in monetary terms.

2.1 Make Your Case and Add Some Weight

I find it odd that so many people are posting about having BTC stolen from the same exchange; BTC-e and that the technique was exactly the same or very similar.  This would suggest to me that one of the following applies:

A) It is an inside job.
B) That there is a highly skilled well organised individual who is exploiting a loop hole in the system; or is for example; a very skilled hacker.
C) That there is a group of people that fit the profile of B and they are conducting BTC theft on a mass scale and generating large amounts of revenue. If this were the case we are into the realms of organised crime.  

If the answer could be C) I would then be saying to the Police "What if this is a sophisticated well organised criminal organisation such as the mafia, a drug cartel or a group using these proceeds to fund terrorism?"  The reason I would take this route is because unfortunately for society the Police have a budget and there are many crimes that go unsolved because sufficient resources have not been / could not be allocated to investigating the crime.  With modern forensics, forensic analysis, surveillance, intel etc. I would go as to far to say any crime is solvable......if enough resources /  budget are directed at it [E.g SILKROAD].  The police tend to be reactive to crime rather than pro-active due to resource.  This is why you will often see massive amounts of resource being thrown into high profile cases that are being featured heavily in the media; the Police are under pressure to solve that crime and reassure the public.  They also have governing bodies they have to answer to such as The Police Complaints Commission.

Just how many people have had BTC stolen from BTC-E?  Is there a thread dedicated to this specific subject?  If not make one and then go and do the research.  PM victims and ask them how many BTC they had stolen and what they were worth.  Are we looking at thefts totaling thousands? hundreds of thousands? millions?  If these thefts are reaching high figures you have grounds to argue your case to the police and speak with the specialist divisions within the Police Force such as the Fraud Squad, Organised Crime Office, Metropolitan Police Service - Central e-crime Unit.

3.0 Taking it Legal

3.1 As I mentioned earlier go and speak to a lawyer and get a free consultation.  If a specialist lawyer is required seek one via organisations such as The Chartered Institute of Legal Executives or The Bar council.  Do the consultation via the telephone if you have to if it means you get to speak to a specialist.  Going legal can get expensive however there are firms who do no win no fee and Legal aid which is provided by the government who pay the legal fees for people who cannot afford them.  Legal Aid can even cover the cost of a QC [Queen's Council - Member of the bar] however you have to apply and it is not always guaranteed that Legal Aid will allow it.  I think it depends on the case but you can look into that further.  If you have a QC representing you stand a far greater chance of being successful.

3.2  BTC is not regulated and does not have a legal status in many countries.  In the UK for example it us currently under examination by the government right now.  Finland I believe have given it the legal status as a commodity as it failed the money test.  In the USA it was argued that BTC are securities and a judge ruled BTC was a currency.  This is where things could be in your favor because there is "Point of law" and "Land mark case".  In point if law it is down to the Judge.  A landmark case is a case where no previous president has been set in a court of law.  Land mark cases and previous rulings normally force a point.  Like when you watch law programs and a lawyer will cite a case "Your honor; in the case of smith vs jones it was ruled that x y z = y" therefore the Judge must rule accordingly in line with previous rulings.  When new crimes appear; such as theft of BTC that have never been previously "tested in court" there is the potential for a landmark case.  A good example of this is the case in america where a company were attempting to patent an active enzyme in a washing detergent.  An enzyme is a living organism and under the law at that time you could not patent living things.  The Judge for-whatever reason decided that the use of this enzyme in the detergent resembled a chemical reaction more than it did a living thing.  This was a Land Mark case because it then opened the door for corporations such as Glaxo-Smith-Kline to patent DNA and living things.  In these types of cases this is where you see appeals to higher courts.  For example in the UK a case could be ruled in court.  An appeal is them made to the High Court to overturn the decision of The Court.  If the high court does not overturn the court ruling then an appeal can be made to the European Court of Justice.

3.3 If legal law lets you down then there is always civil law.  You could possibly file a civil case for damages against Google or BTC-e for example.  (Again....discuss this with a lawyer)



4.0 I said I would talk about your IP more


So; you know your IP address.  You have looked on Gmail Last activity details.  Last activity details will not only show you previous log ins it will also show you if someone is logged into that account while you are in it in live time.  Do you have any other mobile devices, or other computers in the house that have their own IP and would show on the logs?  For example if you have a tablet and a phone that log into your WIFI they will have an IP address too that would show on the logs if you had accessed your email account when at home.  To find this out you need to access your router.  The details of how to do this from your computer will be on a label somewhere on the router.  Alternatively you can look this information up online.  You log in via a your web browser and will be inside an admin panel.  On the menus on this web page you will has a link names something like Connected Devices or something of that nature.  Click on this and you will see a list of IP's.  If they are not named you need to disconnect things from the WIFI and see which IP disappears.  E.g go into your phone settings and disconnect from WIFI.  This will help when you get the logs to identify which IP definitely does not belong to you.

Now this could be relevant because in criminology and criminal psychology it is well know that there are certain types of people or profiles who share a personality trait that lead them to continue to revisit their victim and the victim is completely unaware that they are the perpetrator or is unaware.  The perpetrator may spy on them ; observe them.  They may contact them in someway to taunt them or even speak to them taking on the demeanor of a friendly stranger.  Some perpetrators will revisit a crime scene.  The types of people are normally sociopath personality types or have sociopathic personality traits.  They have no remorse or sympathy, they get some form of pleasure or need fulfillment through revisiting, tormenting or observing the aftermath of what they have done.  sociopaths are non-violent psychopaths they are not motivated by sexual violence and sadistic acts of torture, rape or murder.  The sociopath most commonly gets their thrills from things like stealing peoples BTC and being socially destructive.  Now this is relevant because the person responsible may still be accessing your email and have a nose around.  This person may have posted to this thread.  If that is the case they may have slipped up and their true IP is there somewhere in all that data.


5.0 I really need to sleep now - One other thing

I have work tomorrow and need to sleep now.  I hope this is of some help to you and others who have suffered thefts - PM if you have any questions or if I can point you in the right direction -  Before I go, another point someone else raised in this thread.

Is their anyone known to you who has access to your computer and may have installed a keylogger / trojan that plugs in directly using a pen drive or comes in the form of legitimate software sold aimed at things like the wife catching out her cheating husband? When she suspect he is online cyber-sexing or hitting on women via social networking or the husband catching his cheating wife by reading her emails.  These things can store information and / or send information.  If someone close to you has accessed your computer remotely the logs are going to show everything happening from your IP.  Have you manually inspected your computer to see if there is a pen drive stuck in one of the usb ports on the back of your computer and you know you did not put it there?  Have you discussed your BTC trading with anyone close to you that you trust?  A friend, relative, spouse who has permission to use or access to your computer?  If that is that case.  You need to look at all the possibilities.  If you suspect someone, keep talking to them about it.  Liars always slip up in the end.  The psychology of lying is a whole other subject and I really need to get to sleep.


I do hope this helps.  This is the route I would take as I said.  I cannot promise you will get a result; however; that said it is worth looking into and trying.  At least you have a chance that you might get your BTC back rather than taking no further action and most definitely not getting your BTC back.  Forgive my typos....I am really tired and was already gone midnight when I started writing.


Summary - Speak to the Police - Speak to a suitably qualified Lawyer - Speak to Google - Speak to BTC-e - Speak to Bitcointalk mods if you get the IPs to look for sociopath posting - Contact regulating and governing bodies - Conduct further research - Trust no one - Know your rights.

wow, this is the most meaningful post I have read in the whole newbie section this week. :)

It's maybe a big post meanwhile it's nicely explained.

This is seriously creepy.. and makes me think more and more to store all BTC in paper wallets..... that seems the most secure.. and just leave little little bits of BTC online..

Something wrong with the whole blockchain , that's all.
Anyway theres nothing better than a "cold storage" to back up your bitcoin wallet.