Bitcoin Forum

Hi, an intruder robbed my bitcoins. What can I do ? Any suggestions ?

Wait, a robber rob your computer? Sorry to hear that.

What kind of wallet you're using? If you using the bitcoin-qt, ever you backup the wallet.dat some somewhere else? (Like usb stick, disc, etc)
Also ever you write your own private key on a paper or... copying and put it on txt file or something then put it somewhere?

You can back up your wallet from it, but if you aren't, you can't. Sorry for that.
Next time don't forget to backup.

Or if the robber just access your computer to steal your bitcoin...

You can't get it back... Do you know who is it? Any security cams?
And next time please encrypt your wallet. Don't just leave them open.

encrypting is uselesses if your computer is unsafe, because at the first time he need to spend them with bitcoin core, he will lost everything anyway

so first clear you OS(in same case this can't be enough as there are some virus that target the bios, but i don't think this is the case...), and then make a new clean installation

add then malware-byte, hitman pro and zeman for protection, and next time use a "trap wallet" in your main machine and the rest in a cold storage, this is the best solution against any hacker

Thanks for your advice, I felt safe, because I had Bitdefender anti virus programme installed, but that one completely disappeared. Looks like the attacker could delete it.

My bitcoins went to this address:  1GgJkUADnzZ6kNF13toGpv7o8bCj3WYQov

One attack came from this IP: 51.21.9.22 Netherland, NL
Second one from here: 198.38.94.199   ALAMO, CALIFORNIA, UNITED STATES   2015-04-09 06:59:08 EST

Can somebody help me to trace this guy ?

if he deleted the wallet, you have probably a rootkit or rat, because some antivirus have protection against cancellation from malware(i know malwarebyte has chamaleont)

tracing him would be really hard because it seems he is using a proxy/vpn

How do you know the IP addresses? It is extremely difficult to find the actual source of malware because by the time it gets active, the traces of its installation are normally gone.
If you're just looking at IP addresses recorded by your firewall software, just ignore them, any computer on the internet is constantly bombarded with "attack" IP packets that are not any more than simple knocks at the door. The firewall has already prevented connections from these IP addresses, but it will not report the real source of a successful attack because it can't - otherwise it would have prevented the attack.

Malware on windows computers is mostly installed either by yourself (when you installed something downloaded from the internet) or by your browser when an attacker exploits a browser security hole.

Onkel Paul

I recommend buying an old decent quality laptop from ebay. Maybe an IBM Thinkpad with fingerprint recognition. Do a DOD wipe/rewrite of the hard drive or replace it. Install a linux distro. Only connect it to the internet for security updates, Bitcoin core updates, to update the blockchain and to perform Bitcoin transactions. Also, after you installed and updated Bitcoin, disconnect from internet, encrypt wallet in the Bitcoin Core and save a copy into a truecrypt v7 container. I would also encrypt the entire hard drive with truecrypt v7 as well. Use very strong and unique passphrases for each the wallet, portable truecrypt container, and disk encryption.

Here is an example of a very strong passphrase: "My Daughter was born on May 13, 2003 in Hamburg Hospital in Room 213 @ 7:03am."

Thanks, I always wanted to do this, use a cold computer also, but well, too busy with other things, so stupid.
How could the hacker transfer the money ? I had the wallet secured by a password as well ?
Any specialist out there who has a good idea please contact me !

You may want to consider your computer compromised.  :-\

Is it a windows PC? Then you may also want to consider installing Linux in a partition. That way you can boot up Linux when you need better security. (Not that it's fool proof).  It may be hard to determine where you picked up some mal-ware, but avoid downloading programs related to BTC unless they are open source. Anyway, sorry to hear about your loss.

This is quite easy if the attacker had a keylogger installed on your system. A little patience and sooner or later he would see you typing in your password.

OnkelPaul: How do you know the IP addresses?
Thanks for your message. The IP address was used to attack my exchange account at the same time. I know he might have used some vpn, nevertheless I try my best. I also filed a fraud report in the meantime.

Or could have simply found the private keys...

nothing you can do at this point, unless thinking cold storage or hardware wallet..
sorry for your loss.. :-X

MegaFall: Or could have simply found the private keys...

What does that mean exactly ?

if he infected your pc with a rat, he can take control of your pc, and see your private key after you access your wallet, so it doesn't even need to type the password, he just wait you to do so and steal your private key

Amph
ok, I understand, but how could he manage to delete my security software (bitdefender), obviously he hacked my computer and then deleted this programme....
There is a lot of criminal energy involved to achieve this...well like in any other robbery of course.
But longterm this could kill the Bitcoin. If in a case like this, you cannot mark your coins as stolen to block them for further usage at least, not even talking about tracing the coins to the new "owner".

Marking (Tainting) wouldnt help you. He looks like a pro so you can be very sure that he knows how to exchange his coins to fresh untainted coins. So at the time your coins are found and stopped, they only belong to another innocent person.

I wonder what would happen. Is money marked as belonging to a robbery is seized? I guess so. Maybe then those coins would be seized too and the innocent person would be the victim.

if he controlling your pc at kernel level, you are screwed, he can do basically everything with your machine, the only option now is to secure erase

next time i would suggest to keep a small amount in your client that is running on your main machine(like 0.01 btc), all your other funds in a different wallet(cold storage, no internet connection)

if your 0.01 vanishes one day, you know you are infected, and you can clean your machine with a minimal loss, it's the best strategy against those malicious guy

So, when I am running a new security programme with scanning and all kind of options to debug my computer, will it still not be safe for future attacks ?
Of course I will not store any Bitcoins anymore, just for normal operations.....does it mean that these standard security programmes are not protecting my computer against a pro attack at all ? (obviously Bitdefender did not do the job).
If this is the case I see no future for a digital currency.....

they can help, but they will not offer 100% protection, for 100% protection you must build a separate machine and don't surf internet or download anything

for now you should do a format c, to be sure your machine is clear

Which version of Bitdefender you were using? Still there is something fishy here. I don't think the intruder can remotely disable or remove Bitdefender from your system. Do you regularly update your anti-virus?

transaction ID of this please?

Yes probably a keylogger, try to run a virus scan because the keylogger/virus could still be located in the hard drive. Be more careful on what you download in the future. Good luck !