Bitcoin Forum

Hello, The other day I checked my BitcoinQT software, because I wanted to check my balance, only to find that an unauthorized transaction had taken place for basically all the bitcoin I own... I had my wallet encrypted and everything. I have come to realize that someone somehow stole my BTC, I decided to come to this site to see if anyone could shed some light as to how my wallet was hacked. My BTC address is: 1LW3QuLxkyp92HGvMFio4eYY6puxmnGSDa and the thieves address is: 133tgZXxeJGnoWc467jStKTvj8PB1Hs9kS  and the transaction ID is: f1223be531a8120c87c6d3696efd28c58f6e69964ae451957fd9c35391935135.

They stole all of my BTC that I had been slowly mining and saving up. It's a small amount, 2.84 BTC, but it meant a lot to me to have at least some bitcoin. Now I have none.... It is disheartening the amount of malicious attacks that happen within the Bitcoin network, people are cold.

Anyway, is anyone able to give me advice as to how this was stolen from me?  ??? If I buy more bitcoin I don't want it to be stolen again, so I need to close the backdoor I left open for the thieve. It's scary to think that he got a hold of my encryption key, because It was intricate and would be difficult to just brute force, which leads me to believe that my keystrokes were being logged.

Once again, any help would be appreciated. Thanks ahead of time.

A key logger is a good place to start as far as guessing what happened. Create things offline with a clean machine in the future.  There are some good guides for doing so.

That is the most probable cause of your loss. My advice would be to scan your comp with your AV (or even do a full reinstall) to try and find the hole that left you open. Out of reference for future, my advice would be to use an old laptop/Pi to generate your addresses in and store them there as a means of cold storage such that you are completely air gapped (not connected to the internet). You can still run a watching version of the client (use Armory/Electrum) to create txs and sign them offline and then bring the signed tx online to broadcast. That way you can ensure that no one will have access to your wallet/private keys. And it's safe to assume that your entire wallet is compromised so I would NOT use any of your old addresses.

If I had to guess, I'd be guessing that something that you installed on your computer has a trojan wallet stealer built in.

Have you ever run any altcoin wallets on the same computer as your bitcoin wallet?

Have you ever downloaded any "free" software (torrent, cracked, pirated, etc) onto the same computer as your bitcoin wallet?

Did you generate your bitcoin address with your Bitcoin-Qt wallet, or did you import an address that you generated from something like brainwallet?

It isn't necessary for anyone to crack your intricate and difficult to brute force encryption key.  If they could get some software running on your computer without you realizing what that software does, the software could just wait for you to create a transaction, or generate an address, or anything else that requires you to decrypt your wallet, and then it could grab the decrypted private key right out of the wallet.

Also, if you have stored a decrypted copy of the original wallet before you encrypted it anywhere, then it is possible that the hacker got a copy of that.

Ok, thanks a lot for the quick responses.

So, from what I gather I should store my Bitcoin wallet on a computer that is mostly offline? I downloaded the bitaddress HTML and put it on my external hard drive, then disconnected from the internet, generated a new public and private key, wrote them down (double checking for human error), and then transferred some bitcoin I bought today to that new address. Is this safe enough? Or are there other precautions I should take?

Do I need to use a completely different computer to generate my offline wallet? I scanned my computer with Avast! b4 I generated my offline wallet and it seems to be clean now (it did find some virus', one in boot time scan and one in a regular scan). Oh, sad times...  :'(

Vanitygen would work fine as well. Yes, keeping the private key on a computer NEVER connected to the internet is the safest (use Armory/Electrum as your client - both work fine). For the time being that should be fine, but make sure that you've encrypted your wallet. Looking at a permanent cold storage solution - Armory/Electrum on a Pi/old comp would be the safest (haven't heard of someone being hacked using that).

It would be best to do it on a different computer unless you are a 100% sure that there are no holes.

Regularly move your coins to an offline wallet.  A Raspberry Pi + Raspian + Electrum works great.  Backing up the wallet seed is easy and you can have a watch only version on your PC (to keep an eye on the balance and for broadcasting transactions that are signed offline).

Or consider using a wallet on a mobile phone or tablet (Mycelium on Android is excellent).  Mycelium also has a spend-from-cold-storage feature, meaning you can import a private key to spend bitcoins, the change is returned to the same cold storage address and the private key is immediately deleted from memory.

Were you just sending 0.00014017 to 1QB6 and the 133tg is your change address?

Most cases are that of an infected computer. U should have cold storage and send mined coins to it

The 1LW3 is my address and the 133tg took my coins. I didn't authorize this transaction at all. Which is kinda creepy. I guess I just never though someone would actually infiltrate my computer... Sucks to lose all my BTC after mining for so long and only accumulating 2.84 and then having them taken. I guess he / she was teaching me an expensive lesson... but hey, humans suck.

Thank you all for your help, I will keep plugging away. I still believe in crypto, regardless of the heartless.

Can a keylogger alone steal private keys if I have never exported the keys at all? If not, I think OP's computer could be infected with both a wallet stealer trojan and a keylogger.

I'm confused about this reply, it gives me hope that I am just unknowledgeable about BTC and BTC wallets. Could '133tgZXxeJGnoWc467jStKTvj8PB1Hs9kS' be my change address? Was this bitcoin stolen from me? That is why I came to this forum to find out if I had my BTC stolen from my BTC address of 1LW3QuLxkyp92HGvMFio4eYY6puxmnGSDa and xfer'ed to:133tgZXxeJGnoWc467jStKTvj8PB1Hs9kS. I will admit I do not fully understand how the wallet works, and when you call it a "Change address" it gives me hope that my BTC is still retrievable. Is it? Or has it been stolen?

Thank you for your help :)

BTW, i have installed Electrum...


Also, I have never exported my private keys.

Hi again... welp from what it looks like to me, the thieve has already moved my bitcoins to another address the transaction is:3752dfa7a8fb15eb9febf5b108b09c5b8b90d068beb8973aa616ac940366964f

That was my hope, but reading your latest post that the coins were moved somewhere else, then they were definitely stolen.