Bitcoin Forum

Hi guys,

I used bitcoin-qt as my bitcoin wallet and I forgot to setup a password :(

So today I checked my wallet and a very small amount of bitcoins were stolen:

https://blockchain.info/de/address/1CPEdjFu6TaZpPFGQ81zHaW7prtJ1pk8LV

Is there any chance I get these BTC back? Or do I have to pay to learn the lesson?

After that, I moved to multibit and saved it on several USB-Sticks with a strong password using KeyPass obfuscating. Is there anything else I have to take care of?

Thx for your help!

Regards

Mix it and send to a complete different address stored on a USB stick. There is no way you will get your money back unless the thief sends it back for some reason.

Leider Gottes hatt es schon Bestätigungen du hättest www.bitundo.com benutzen können, ist aber schon zu spät.

Sorry but it is confirmed you should use www.bitundo.com next time

But do I have to change my BTC address or can I use the same as before?

You should assume that they have your private key, so yes, you should change your address.

I'm not really impressed w/ these stories popping up about certain cold storage options getting people hacked or stolen. It's almost easier and safer to leave them at Blockchain.info w/ 2FA on or vault them w/ Xapo.

This will not happen if you have a clean pc!! Stop downloading crap and you will not have this problem anymore. Do a full system scan with up2date antivirus.

I think that the blockchain.info wallet with 2FA is a mighty fine idea for those wanting to store small holdings of bitcoins. There are so many stories being posted on here of people having their wallet looted, sometimes due to no password, sometimes keyloggers, sometimes even by those close to you.

There's no realistic way to get your money back, DrRobotto. The most likely scenario is that the thief will send some or all of the BTC back to you - and that's unlikely given that they committed the crime with intent. Thankfully it wasn't considerably more - you will have to use it as a lesson.

Hm, I did not download anything suspicious. The pc is a computer with a newly installed windows on it. I think the main mistake was that I did not set a password on my BTC wallet. I think the program should force you to use a password, but nevermind. Thx for the replies!

Whatever happened to that hardware wallet that was suppose to be shipping about a year ago or so?

My suggestion is to not use Microsoft Windows and to use GNU/Linux instead, and yes encrypt your wallet. If one originally created the wallet on Microsoft Windows move the coins to a new wallet created on GNU/Linux. I have been involved with Bitcoin since 2011 and have not lost a single satoshi to malware; however I would not let a single of my satoshi near Microsoft Windows. Make sure to make multiple redundant backups of wallet.dat and keep in mind that after 100 transactions the change or received funds are no longer backed up when using Bitcoin-qt. A good habit is to back up wallet.dat after 20 transactions or so.

By the way I stopped using Microsoft Windows for fiat banking back in 2006 before Bitcoin even existed for the same reasons.

Sorry your bitcoin was stolen. Small amounts are easier to store at the places mentioned above. For large amounts it really is worth your time to do a paper wallet.

You mean the Trezor?
If that is the case, it is coming really soon.

http://satoshilabs.com/news/2014-07-18-first-edition-classics-getting-ready-for-tour-de-globe/

I am sorry for your loss, but I am afraid there is no way you can get it back. :(


Don't go to some strange websites.
Don't click strange links.
Don't download strange email attachments and files.

Switch to an offline wallet when one day you have a significant amount of bitcoin. :)

Learn about cold storage, too. And do format or just scan your computer, you definitely have malware there...
Be careful what you download, internet is a dark place

The question still stands: how did the attacker get your wallet.dat file. Unprotected or not it still has to leave your computer in order to spend your coins. The encryption is an added security feature, but files should not just leave your computer and end up somewhere else.

This is the first thing I'm trying to learn, I don't have much btc money but cold storage seems to be a must read here.

did he take the whole amount or just some?

bitcoin is making me paranoid as hell about everything being a virus  :'(

Mixing it doesn't improve the security, mixing only increase the privacy. OP, I suggest you to create a cold storage paper wallet using a offline linux computer and bitaddress.org.

From the blockchain.info link in OP, it seems the thief has stolen 0.145 btc and has left 0.00055266 BTC in the address. :)

You allready paid the lession, and no u cant get those bitcoins back.
You probably picked up trojan, and your password was taken from built-in keylogger that comes with it.

Best thing u can do now is make a clean install of OS, and make a new wallet, be advised that sending coins to that compromised address/wallet wil probably make you loose more bitcoins.

cheers

First, the thief took all the BTC in my wallet. This was the transaction:
https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecf

I used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it.

As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC:
https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861

Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC.

Thx for your advise and best regards

No, running bitcoin core does not make you vulnerable. No matter if your wallet is encrypted or not.

Importing a compromised private key is a bad idea. Someone else also has that key, using it is not advised. Change the payout address on your pool.

The compromised private key can not compromise any other keys in your new wallet.

Finally: what do you consider "nothing special"? Some Altcoin wallets have trojans in them...

Hm, I just downloaded the the DOGE-Coin wallet and right after the BTC were stolen. But I downloaded it from the official site. Seems very strange to me.

I already changed my payout address on the pool and will delete it later when all the BTC arrived.

Sorry to hear your loss.
Have you clicked any suspicious links, downloaded email attachments, or received suspicious files through skype before your bitcoin get stolen?

No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...

Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are:
#1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup).
#2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing
#3 data leak (e.g. shared the data via dropbox with your colleges)
#4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something)
#5 drive by infection
#6 you use(d) WinXP or older

You figured it out by yourself: " Or do I have to pay to learn the lesson?" that's it, keep your BTC safe.

The OS is a legit copy, but after a complete scan of the system the antivir found three threats:
#1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved"
#2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved"
#3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved"

I think we found the colprits, but again, it seems very strange to me how they could infect the system. Inever opened any suspicious software nor I am using IE as my browser. I am on Win7 using a brand new Cisco X3500 router and it is the only cmputer in my appartment, but I have learned my lesson: be paranoid as possible, but I doubt that BTC ever arrive to the "normal" users since it is that easy to get stolen and it is to complicated to be on a save side, e.g., using linux, live cds etc.

Are you sure you didn't visit some kind of website and got infected there? You probably used IE to download the other browser at first. During the process, you might have been infected. Also, did you use a security lock and a strong password on your router?

Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.

At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?

OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses

Setting password on your wallet is a must....

I think the main issue of the BTC stolen was not setting up a password in my wallet, because the software does not force you to do so. Atm I am just tired of all these security procedures in order to keep your wallet save. As I already said, I now use blockchain.info as my wallet and activated every security settings provided by the mentioned wallet. For me the effort is to high to keep your wallet save. I hope now it is^^

If ever again some BTC get stolen from my wallet, I will try a linux live cd or I quit the adventure.

In the latest Ct (a highly esteemed computer magazin from Germany) Microsoft Essentials was the best free virus protection on the market, before that I used AVG, but was not satisified at all.

Why not? I've been using Microsoft Essentials since years and have never had any problem with it.
Obviously I don't create cold storage wallets in this OS, but for trading small quantity of coin I think it's enough secure.

It can be a good antivirus but FUD viruses can easily get pass antiviruses. No prevention can 100% prevent malware from being installed. Relating to your claim, http://www.howtogeek.com/173291/goodbye-microsoft-security-essentials-microsoft-now-recommends-you-use-a-third-party-antivirus/. They scored pretty low in the recent years.

Whats the best av? Essentials used to get listed as a good av.

The best is Bitdefender, the best free is the 3rd best called 360 Internet Security

I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.

Yes a password is a must, with keepass you are also protected against keyloggers. Anti Virus is not a critical issue anymore. It is something you keep to make you feel safe and to hold of the old shit from last year, but the viruses and trojans that are currently active are seldomly known to anti viruses devs. I am a bit behind with my Ct reading, but I trust their judgement.



From #3 and #1 I think you got infected while using IE, so a drive by infection most likely. Those few minutes while you are out there to get a safe browser... Oh well. Whats buddha.dll though? A quick research suggests sleeping dogs or Call of Duty Black Ops 2. I didnt dig to deep, but I suspect a pirated version/cheat/etc. I wouldnt know why an official release would require a download via 2shared. So #1 and #3 might have followed after you got the dll somewhere insecure. Again, I dont judge, I dont require an answer, just think about where you might have gotten the file.

Aaanyway seems like you are taking a safer route for now. While I usually argue that your own machine is safer than some server on the internet, this depends on what you are doing with your machine.

Bleib wachsam :)

so this all happened due to a trojan? :(

I think, yes.


Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.

I cannot explain it in a different way, because otherwise buddha.dll should be in a folder named "D:\CallOfDuty\buddha.dll" or something?!? Just as a guess.

Nevertheless, I learned my lesson and how "easy" BTC can be stolen from your wallet even if it was reckless to have a wallet without a password, since bitcoin-qt does not enforce it (!!) as for instance multibit does.

I think we know how you got infected now. Your colleague should probably get a clean OS as well now.


Yes its a strange path for the dll to be, but probably thats just the path you copied it to.

anyone can explain how to anticipate for stolen a bitcoin from wallet?

What do you mean? how to prepare your wallet so its harder for it to get stolen?

For maximum security, use maximum paranoia. Assume that any script or wallet he gives you is invasive malware that's intent on stealing your bitcoins.

Create a brand new wallet (on a different machine, that's never had his stuff installed) using the standard client and configuration (not anything that he set up for you), and send any remaining bitcoins from your old wallet to your new one.

Then delete both the bitcoind wallet and game script, and if in doubt, wipe the computer(s) that had them installed and only reinstall trusted things.

For a lower, but still reasonable, level of security/paranoia, create a new wallet with a new password and transfer the old wallet's bitcoins to it. It's important to not reuse a possibly-compromised wallet, even with a new password and new addresses, because of the key pool. This pool basically means that he's (possibly) already downloaded your private keys, not just for your past addresses, but for your next 100, too.

And if possible, inspect the game script for anything suspicious, or simply stop using it. Or use it only on a computer that cannot access the bitcoins, and in which you never type your wallet password.

In any case, do not use any passwords (RPC, wallet, etc.) or wallets that he gave you, since they could be compromised.

You would be likely infected if you download the wallet, even if you copied it from elsewhere, your other computer could have been infected and you loaded the drive to the other computer, resulting in another infected computer. To be honest, I'm thinking some viruses can immediately dump your private key once you have generated a wallet, it is the best to use it on a offline computer.

Just follow the steps of creating a paper wallet downloading the wallet is a huge risk and being connected to the internet is also a huge risk.

If my pc is secure, do I have to worry about other people on the same network, their PC being not secure (ie filled with virus/malware)?

You have to worry about them somehow, there are viruses that can be spread across the same network and you have a chance of being infected too. Especially if you are using a Windows OS.

For maximum security, you could simply just format the disk, get a clean install of Linux and create a new offline wallet or paper wallet. :)

My stolen BTC ended up in this accout:
https://blockchain.info/address/1Crspt3Fbx1jdWMmm2uFwzfQfvsmZvnwHg

and he/she continues in my opinion to steal from other wallets, too!

This guy had received about 0.88990851 BTC and the final balance is now about 0.0001 BTC and nobody can't stop these machinations.

There are many stickies about security, you should read it before doing anything with BTC.
If you have money, try to make bounty thread.

Just learn from your mistake, theres nothing you can do to recover any coin.

That may or may not be his actual address, he might have used a mixer and mixed his coins. It can also be a shared wallet which everyone's balance is sent to one address.

Unless you make $120 an hour, if you spend 5 hours in this subforum reading you will learn how to secure a wallet and also be able to pick a wallet that suits your needs.  1 Bitcoin is about $620, so 5 hours is about $120 saved per hour if you have even 1 coin in your wallet.

https://bitcointalk.org/index.php?board=37.0 (https://bitcointalk.org/index.php?board=37.0)

Must also remember install updates (if not configured automatic). Otherwise malware like Mayhem (http://www.net-security.org/malware_news.php?id=2813) can hit.

You can move the wallet to linux

Install bitcoin-qt in linux ( ubuntu ) and move the existing wallet.dat to that

This makes the wallet more secure than windows

If he used it on Windows before, it would be pretty much useless. Your wallet.dat might be exposed to all kinds of malware on Windows. Therefore, if you move it to Linux, the attacker would have your key and can steal your BTC.

Do you realize how difficult you are making this?  How many Windows based people would know how to find an Ubuntu install and burn a copy.  Of those, how many would be able to get the OS installed and run bitcoin-qt in under 1 day?  Telling Windows based people to move to Linux is not helpful.  People who are familiar with Linux can do this, people who are young and have time can do this.  With the exception of miners, I would say Windows based bitcoin-qt easily accounts for 85% of all the offline wallets.

All this talk of malware is quite useless.  If you still have the coins in your wallet, use this thread https://bitcointalk.org/index.php?board=37.0 (https://bitcointalk.org/index.php?board=37.0) and pick a wallet on an OS that you're comfortable using.  Switching to a new OS while trying to secure your wallet = lost coins.  Once you have a secured wallet, simply move your coins from the unsecured wallet to the secured wallet - problem solved.

I'm wondering is this necessarily true.  Considering that there are a lot more windows viruses BUT a lot more windows users compared to less linux viruses but a lot less linux users.

Virus creators just don't care to target Linux machines. The majority is using Windows. Also, people who use Linux statistically are more savvy and less prone to fall for an attack. Also, you could argue whether people using Linux actually have that much money as people using Windows or OS X do. But that discussion could end violently.

I know for a fact the average american wouldnt know what the fuck ubuntu is and explain why would they change their current OS lol.

Exactly.  It would be wise for the Windows users to learn Linux if they plan on getting involved with mining or have an intense need to minimize their risks, but playing with a OS they're not familiar with is asking for disaster.  BAMT is pretty much mindless plug and play mining and still 95% of computer users wouldn't be able to mine in 1 day with it.

There are plenty of viable and secure Windows options as I linked - people should use them.  Linux users usually know where their vulnerabilities are.