Bitcoin Forum

An unknown person entered my wallet with IP address 35.159.53.115 and transferred my bitcoins to this address
14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb


who can help me?

edit:
Thanks, I noticed here that the address was wrong and I corrected it
But I sent the wrong address to the computer crime police, but now the case is blocked and it does not matter because the amount withdrawn is 0.038 bitcoin and I do not know the police will pay for tracking because as I understand here, the cost is high.
But I have an opinion
If we find the hacker's address, we can empty his account and make a profit


edit:
hash:
77aa973b985badd0e915b9c72b9c5da396013ab9bb06c4b75564fdb2f2f0041c

the police but probably very little help.
you have to provide enough evidence that you owned the coins and it is indeed stolen not transferred by you yourself. but if this was a hack (of your wallet account for instance) then the IP is most probably not the real hackers IP.

This is an AWS IP (https://www.proxydocker.com/pt/iplookup/35.159.53), so you are out of luck. Which wallet were you using, and how did they steal your coins?

edit: Is this the right address? I can't look for it on most explorers.

I went to the police and they said exactly that this IP address could not be traced

The address doesn't have any transaction in it.

https://blockchair.com/search?q=14cac8EzqBKs8Wrwt5ZXippow8ZcmtYfzb

Nothing happened. Any idea of how you came up with your conclusion and what wallet you are using as well?

Yes, the police said the same

I use blockchain and a few other wallets
That the hacker hacked everyone, but I only had capital in the blockchain

hacked my Gmail too

This is for 2020.3.25
And I do not know why it does not show this address now

but this is hash for it transfer

77aa973b985badd0e915b9c72b9c5da396013ab9bb06c4b75564fdb2f2f0041c

Each person must click the confirmation email to enter the blockchain wallet

And the unknown person also had my Gmail password
And he had confirmed the email
And in my wallet written on this date 0.04 bitcoins have been transferred to this address

Did you manually copy the address? The c in the first post should be Capital.

This is the address of OP: 14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb

---

@OP Your accounts are now compromised. You should change the passwords etc. I think that's what you should do for now while waiting for the experts to check who had your funds.

https://www.blockchain.com/btc/address/14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb

You can see it here
Exactly 0.03868423 BTC was traded, which is equal to the amount withdrawn from my account

That is weird, blockchain.com's withdrawal can't be a "batched withdrawal" unless you own the input which previously had 60BTC balance.
77aa973b985badd0e915b9c72b9c5da396013ab9bb06c4b75564fdb2f2f0041c (https://www.blockchain.com/btc/tx/77aa973b985badd0e915b9c72b9c5da396013ab9bb06c4b75564fdb2f2f0041c) looks like a withdrawal from an exchange, casino or a custodial wallet.

It may look like that if it's a transaction made by blockchain to send your 'Trading wallet' funds to one of your 'normal' wallets.
In that case, 14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb can't be an external bitcoin address.
Also in that case, aba21510d34335a1f9d5c6137fff8718133ca86f487b12e6ded8a9e0f203b133 (https://www.blockchain.com/btc/tx/aba21510d34335a1f9d5c6137fff8718133ca86f487b12e6ded8a9e0f203b133) may be the transaction that spent all of your wallet's balance.

Was it a different "blockchain" wallet?
Or are you certain of what happened (because it's been 8 months since based from the timestamp)?

I have yet to see one law enforcement officer (Street Cop) capable of recovering any stolen coins. A thief (not a hacker or a true Crypto enthusiast) might make mistakes and they might leave breadcrumbs to their own IP address... but it is highly unlikely that a more experienced thief will do that.  ::)

What wallet did you use? It is always good to dissect the whole process to find the vulnerability or the exploit and use that information to warn other vulnerable targets. (Using a Gmail or webmail service was one of your mistakes)  ::)

                           Doing this will also help you not to repeat the same mistake in the future.   

It is quite funny that you ask whether someone is able to help you to recover your funds / trace the thief (No. No one is. Your funds are gone.), but don't care about how it happened or how to protect against that.

You gave us as little information as possible, didn't you?

One thing is sure: If you don't find out how it happened and don't care about protecting your keys (or any other personal information stored on your device), similar things will happen again.


So, instead of trying to get your funds back (which you won't, give up), better find out how it happened and what exactly your mistakes were. Then improve.

That IP address (35.159.53.115) is in a subnet owned by AWS, in the eu-central-1 region. Your seed phrase must have been stolen by malware, which sent it to a script on that IP address to make the transaction. (Why would someone create a remote Desktop on a VPS just to open a browser when they can do it locally?)


Why didn't you secure your gmail account with two-factor authentication?

Google gave you plenty of options to require a second authentication to log in, so you could've verified by phone number or Google Authenticator. Why didn't you do those things beforehand?

For some reason Blockchair.com doesn't say when an address is incorrect.

Did you type the address instead of copy/pasting it?
14cac8EzqBKs8Wrwt5ZXippow8ZcmtYfzb is wrong.
14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb is correct.

Why did you wait 8 months before you post about this?

Correct. I now wonder how hosseinh110 got that IP address, and why he thinks it's related to a transaction that can't be made by his Blockchain.com online wallet.

14cac8EzqBKs8Wrwt5ZXippow8ZCmtYfzb

this is correct

---

yes
right
what mean OP

---

Yes, I was wrong
This transaction was done from the site https://freebitco.in/?op=home, which was the total inventory of this site
This happened after I sent some bitcoins from this site to another site. Is it possible that this site hacked my account address?
But the hacker also had access to my blockchain account and entered it because a confirmation email was sent to me, but fortunately I had no money in the blockchain.

---

I just got acquainted with this forum
Yes I made a mistake this is a deal for another site
But the hacker also hacked my blockchain wallet and entered it, which fortunately I did not have any money in, and this IP is in the confirmation email sent by blockchain

Yes, the address was wrong and I do not know why because I copied it
But can you teach me how you found out what my correct address is?

---

Yes, I made a mistake and after that it followed the security tips

[moderator's note: consecutive posts merged]

If you're positive that it's the exact URL that you've been using, then it's legitimate and probably won't hack your balance.
Here's their official Bitcointalk thread: https://bitcointalk.org/index.php?topic=320959.0 (https://bitcointalk.org/index.php?topic=320959.0).

For the hacker, he also got the email password so it's pretty easy to withdraw from freebitco(in) if you didn't set 2FA on.

I use blockchain as well and I was surprised, almost all the other popular explorers reject the address with the small c letter.

---

OP, it's against the forum rules to post twice in a row without waiting for

1- 24 hours to pass
2- someone else to post

You had 5 consecutive posts and that is SO against the rules, please edit this post (https://bitcointalk.org/index.php?topic=5292762.msg55682756#msg55682756) and include the other 4 posts in it.

To mask their IP address of course... they were most likely NOT running a remote desktop, but a proxy server to redirect their traffic and mask their real IP address. I would not be surprised if they actually used several proxy servers to bounce their connection around to try and prevent anyone from tracking them.

I searched your txid on blockchair.com (https://blockchair.com/):

No, it's impossible to control someone else's address without its private key.
Bitcoin isn't designed to be controlled by a central authority.

However, if you can track it and found out that it's in a centralized service like an Exchange or Gambling site,
then it's possible to contact their support to inform them about the hacking incident (with enough proof)
in order for them to freeze the hacker's account.
But if it's in a non-custodial wallet like Bitcoin Core, Electrum, blockchain.com (except trading wallet), etc., there's nothing you can do.