Bitcoin Forum

Looks like coins went to this wallet 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

This guy " Tazja" admitted to controlling the address my coins went to in this post

Anyone know him?

https://bitcointalk.org/index.php?topic=259649.3240

Quote:

I use 2 adress,

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 (i receive 0.018 btc in this adress)

And

1FtRXz2KdjttgSY9ojcQB7mQ5SBmf2cXLz


Link to transaction occurred on 4/6/2014:

https://blockchain.info/tx/cf8c8247490f9cabd976fdd47c87eb8b19b30a20109685592802d53f05f6991d
I am still not sure how thief got access but suspect a key logger from Usenet. I was running virus checker but it was either AVG or K labs and did not trigger anything. Any and all help tracking these down would be appreciated

Looks like he gets payments from mining, contact the pools he uses maybe they have some info.

Or hes just getting small wallets, and fucked up by sending to his real.

big lose guy :'(

You mean "tazja" right? I am assuming from the link to that thread. https://bitcointalk.org/index.php?action=profile;u=109937

Wish I could help. That is truly unfortunate. If you offer a bounty, you may get some helping doxxing this guy.

Yup, he's right. Offering a bounty in the Service section would be your best bet.

Don't know the service section part, but I will send two BTC for the safe return of the stolen coins to the 1HUJt.... address

Why would you send the coins back to that address when you already know it's compromised

Why don't you just contact your credit card company, report the fraud and have them reverse the transaction?

Create a thread in this section offering your 2 BTC bounty => https://bitcointalk.org/index.php?board=52.0

Be clear about giving the thief's profile URL and the related thread link. You'll see the secret detectives of the forum are jumping in to help u out...

That sucks man. I hope you get your coins back. Paper wallet time?

Sorry for your loss OP.

May I ask what do these detectives do exactly, can they reverse the payment or do they just track who was responsible for this sort of stuff and provide their whereabouts? And when they do, what happens after that?

Did you encrypt your wallet with password?

Next time don't use Windows. Use Mac OS X or GNU/Linux. If you store large amount of bitcoin, you may use cold storage / paper wallet.

How did you get your Bitcoins stolen? I would try to get a DOX of this guy.

harsh man, to many hackers about you got be carefull.

how do these key loggers ect get past the router do they use upnp? or just go down a known open port like 80?

Sorry to hear your loss.
I can see that you have already made a post in "service" to provide a bounty. Good luck.

the wallet had passphrase encryption.  Not sure about the firewall.  Kasperski and AVG were on and nether triggered.   ran Malwarebytes.org scan and it did flag a bunch of stuff that the AV programs missed.  Certainly learned a lesson about importance of paper wallets.   

this character has posted to this community in the past.  I am hopeful moderators can DOXX him and hopefully together we can shame/coerce the guy to return the coins.

Yeah, that's not gonna happen. When Bitcoins are gone they're gone. That's the greatest feature of Bitcoin - irreversible transactions and no fraud controls. Those stupid bankers would return your funds by crediting your debit card and prosecute the criminal.

hehe, funny guy.

It's a bit of a stretch but here is what I came up with:

Tazja is known as tazbox on a hackers forum (http://jomgegar.com/)
16th post in this topic shows tazbox probably is up to no good/linked to bitcoin (http://jomgegar.com/topic/2801-question-about-bitcoin/?hl=tazbox)

Then if we look a bit further we find this topic about tazja being a hacker: https://bitcointalk.org/index.php?topic=543660.0
If you look at post 18, you see a post of bitdonkey. He stated he also got hacked by tazja.
If we look up bitdonkey's post we see this post about him purchasing a VPS host: https://bitcointalk.org/index.php?topic=342443.msg5598973#msg5598973

Domain is tazbox. As stated previously, that is the username of Tazja. So either bitdonkey is tazja, or he wanted to make a website dedicated to his own hacker?

The extension of the domainname is not stated, but let's assume it's .fr, as he is french. Then we come up with:
contact:     Dubas Julien
address:     18, place de la mairie
address:     07200 Aubenas
country:     FR
phone:       +33 7 53 76 03 40
e-mail:      taznact@gmail.com
Possible second email: taznact@yahoo.com

And what if we search for taznact? Then this comes up as first result:
Antivirus scan for ... - VirusTotal
https://www.virustotal.com/latest-report.html?resource...
SHA256: 6debde863fce2217b8e7e8a58dd948f00c441eb15d5cba30a5a7103d469e07b8. File name: Taznact.exe. Detection ratio: 24 / 47. Analysis date ...


So the domainname tazbox.fr is now linked to not only sha256, but also to a file with the name taznact.exe (same as his email) which most likely contains a virus.

And the virus made you lose your bitcoin.
By the way, he seems to spread his virus through NZB (download website).
Look at his uploaded files: http://www.nzbking.com/poster/Taznact@yahoo.com%20(Taznact)/

Hope this helps!

If you manage to get your btc back, this is my address for a donation:
btc:1AHkjqevi3DcebECujHFAbJjLad58Dqt6A

Sorry to hear about the lost coins.

Why are you running kaspersky and avg at the same time though? You shouldn't be running 2 antivirus's like that at the same time.

Often times they can negate each other. Then neither one is effective at catching anything. Just run kaspersky, make sure it is up to date and run a full scan.

You can also try running adwcleaner http://www.bleepingcomputer.com/download/adwcleaner/ (http://www.bleepingcomputer.com/download/adwcleaner/) and combofix http://www.bleepingcomputer.com/download/combofix/ (http://www.bleepingcomputer.com/download/combofix/).

You should not be using the same wallet anymore until you figure out what happened on your machine(or at all really). At this point consider the machine that had the BTC stollen from compromised.

It may not be a bad idea to change passwords on any accounts you have as you may have a keylogger. Clean your computer first before changing the passwords as if you have a keylogger it will capture the new passwords too.

Hopefully you can get all of this figured out.

Great sleuthing.  I imagined he was french (as another victim described him( and yes the NZB file reminds me of something i downloaded on usenet that was supposed to be a movie file and instead ended up being an executable that i clicked on, but then nothing seemed to happen.  I will follow up on this.  Much appreciated and will keep you in mind for compensation.

Everyone really should look into a wallet or wallet service with good reviews and multi-factor authentication.  If you have a unencrypted wallet file on your computer it's just trouble waiting to happen. 

I am sorry for your loss, I hope others read this and use multi-authenticaiton and encryption.

Everyone learned from mistake. I also learned a lesson not to store my bitcoin on exchange even if it has big name. I lost significant bitcoin on Mt Gox.

Many malware are targeting Bitcoin wallet now. Windows system especially Windows XP and older are not supported by Microsoft anymore. This system are vulnerable to malware. Don't use it for important task (bitcoin wallet, online transaction, server)

my thoughts exactly, anyway I would go into cold storage. Is definatly safe from hackers. Some how many BTC did you lose?

Windows is actually the worst choice of OS for security, especially if you do not have Anti Virus. Next time, move a portion of your coins to cold storage so it cannot be stolen.

what if i told you i run win7 on a comp with about 30 different wallets; no antivirus, no firewall, no nothing.
last time i did a reinstall was 2.5 years ago, and was never infected.
all it takes is common sence, and u will never pick up infection (unless there realy is a zero-day exploit lol)

For the most part, yes, all it takes is common sense. But every once in a while, even the most sensible people can make a lapse in judgment. :)

This is very true. Its important to keep a watchful eye at all times and not to get complacent

11.76. Well over $7k worth

Is this guy still active?