Bitcoin Forum

Hello everybody i feel so bad :(, my all year mining earning was stollen by virus :( and i feel so weak because i cannot do with this anything :( my ETH wallet is 0x06e672ecd378140265bb44f682750b708c8b124d and the guy that stoll my 2 ETH is only one out ETH 0x5BFE5F416F7Ea1d0E95601700476AD140b6b7490  :((((..... what i can do? is there any option ? help me please :(

There’s nothing you can do to recover your funds. The alleged thieve/virus is quite busy wiping peoples ETH assets clean it seems, and has currently made 51,20 ETH in just under two weeks.

The best think you can do is think about how it happened, and take the necessary measures on your devices to avoid the issue happening again. Easier said than done, but if it entails reformatting and reinstalling software, then so be it.

If you happen to know how it happened (how the alleged virus was introduced into your device, if it was activated when you were performing an ETH TX (i.e. sending ETH to an address), or any other information that can help to pinpoint the origin, then please post it on this thread so it may act as a warning to others.

It's really sad to see this. Unfortunately there is nothing you can do expect report to the police. They probably will not be able to solve your case but at least you have done something.
Those are the hard lessons you have to go trough to learn to value more the security precautions you have to take when entering in the crypto world.

The threat is real but people don't understand it. You always think that it won't happen to you but when it does, then you start blaming you self for not taking the needed actions when you could.

Hope you get your funds back, and learn how to protect yourself from such mistakes in the future.

Sorry for your loss, the hacker has been sending all of other wallets ETH to that wallet address.

Would you care to explain and give us some few words on what you did before your ETH was stolen? Did you download any app that required you to enter your private key? or have you received an email that tells you are eligible for an airdrop and redirects you to a fake MEW?

Yep. Just like everyone said, your funds are gone. Learn from your mistake then move on.

Seriously. Play it safe and just grab a hardware wallet already. People who hold significant amounts of money without a hardware wallet is at a huge risk. Hackers are always looking for victims, and this is not going to change any soon. They will be making hack attempts until the day humanity becomes extinct.

Look at the bright side though, at least you're not this guy: Topic: I lost my all btc,ltc,doge coins! (https://bitcointalk.org/index.php?topic=5071183)

If it was a virus consider to use linux instead of windows. It is very unlikely to get a virus with linux.

Never give your private keys to anyone and if you use a web wallet, bookmark the legit website and check the URL and SSL certificate before you login to avoid phishing.

It is better keep your keys offline (in password encrypted text file with secure backups) and sign all transactions offline. Here is a guide from myetherwallet about how to make offline transactions: https://kb.myetherwallet.com/offline/making-offline-transaction-on-myetherwallet.html

Does anyone know how this "virus" works? I cant really imagine how it is possible to automatically transfer funds without specific compromised wallets/browsersites etc?

Sorry mate  :( There is no way to recover your funds again. But you have to do those things right now. First of all, format your computer and install a clean operating system. Next, you have to install a good virus guard and malware guard. After that make new wallets and start working with a clean mind. Just make sure, don't make deal with random people and don't click spam messages and email. Keep safe your computer.

There are multiple ways.
But i'd think the most commons are:

• Scan harddrive for private keys (e.g. in text files). If found -> create transaction
• Scan harddrive for wallets. If not password protected or encrypted -> create transaction
• If the wallet is password protected / encrypted -> wait for user to decrypt/open the wallet -> create transaction

These options apply to desktop (software-) wallets.

Online wallets (or wallets accessed via any browser interface, e.g. MEW) are way easier to steal funds from.

A virus would simply create an entry into the DNS cache. If a user tries to visit MEW, the virus is redirecting him to either (1) the attackers server or (2) a local hosted server on the targets machine. Once he enters his private key / seed --> Funds being stolen.


Those are (probably) the most easiest ways to steal user funds. I am sure that there are more tricky (but also more promising) way to steal funds.

How it EXACTLY happened in OP's case can't be said for sure without inspecting his computer.


@OP:
Did you scan your computer for malware ? I'd heavily suggest doing this.

You should probably

1) clean your drive from any software you do not recognise
2) change your password on all devices and mail
3) check if you have any keylogger, you can follow this guide: https://www.wikihow.com/Detect-and-Remove-Keyloggers

/KX

Thanks! In this case OP please wipe your entire desktop installation. Chances are really high that you not only lose ETH but sensitive data, too.

That is exactly what happened to MEW a few months ago. When Google DNS servers were hijacked and the users were redirected to a phishing site. Many users didn't notice that the site was not a secure https site and continued entering their private keys despite a warning displayed by their browser.
I cant remember how much ETH the hackers stole in the process.

@OP sorry for your loss, hopefully you can remember what you might have done wrong to avoid doing it again in the future.

Me too, i dont like when people loosing money due to common mistakes.
Please reinstall your system to avoid compromising your data yet again. Then change all password and read about computer hygiene.

You can't recover your ethereum , you just can to report that ethereum as stolen and maybe some exchanges won't accept that eth on their platform . that's all

It would be interesting for the OP to tell us is he has got any clue as to how it may have happened. Interesting enough, the thief is still at it (recent ETH TXs add up to small a amount, so total stolen has not shifted much in a couple of days, and is now at 51,87 ETH). Looking over the affected ETH addresses, nearly half seem to be ETH addresses where mining gains have been placed, originated in nanopool, ethermine and dwarfpool. So there is a some sort of connection there as to the origin.