Bitcoin Forum

--------------------UPDATE----------------------

I just head that the thief logged in from IP address:
94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

--------------------------------------------------

Please help!
I woke up this morning,  logged into my deepbit account at 7:35AM PST on 5-14-2011 to see how things were going,  and someone had transfered all my bitcoins to address:
15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT  and set it continue to send to that address as soon as my account received even 0.01 additional bitcoins.

My password was a combination of letters and numbers,  and I assumed it was reasonably secure.  (perhaps not)
The only people who knew my password,  were myself,  and a couple of other employees at MemoryDealers, and all of them say they did not change anything.

The following information comes up in that address in the block explorer:


Address 15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT

Short link: http://blockexplorer.com/a/2tZky3pBUi (http://blockexplorer.com/a/2tZky3pBUi)
First seen?: Block 123886 (2011-05-14 12:43:27)
Received transactions: 3
Received BTC: 136.59
Sent transactions: 0
Sent BTC: 0
Hash160?: 31d94e8645d5e7f93ad8deeefe69a0a911bd9589
Public key?:
Unknown (not seen yet)
Ledger?

Note: While the last "balance" is the accurate number of bitcoins available to this address, it is likely not the balance available to this person. Every time a transaction is sent, some bitcoins are usually sent back to yourself at a new address (not included in the Bitcoin UI), which makes the balance of a single address misleading. See the wiki for more info on transactions.

Transaction?   Block?   Amount?   Type?   From/To?   Balance?
766fbbe67c...   Block 123886 (2011-05-14 12:43:27)   135.22   Received: Address   
1BA6dEx8crnnRJUhvRVC9mcS2avedYhNxp
1Hfc2GazJs9Us4ra4GVzxqPHkoUiCV3hd1
13E7hWrF71Exyq9rPCaXXaUCnkeG7MbBiD
135.22
a63ccc1fa7...   Block 123893 (2011-05-14 13:19:59)   0.56   Received: Address   
1F6eBtUW6LKmyfiLuR8hLQqf3j2ZesRWdc
135.78
fdef32a895...   Block 123910 (2011-05-14 14:35:03)   0.81   Received: Address   
1CSDXowgDPh3thjVX1p1gZrqA6fV3AKaT
136.59

Does anyone know how I can try to track down who stole my bitcoins and where they went?!!!!!

Any help/insight would be greatly appreciated!


Roger Ver
Memory Dealers.com, Inc.
3350 Scott Blvd.
Building #32
Santa Clara, CA 95054
USA
 
Phone:+1 408 486 5650
Fax: +1 408 486 5653
Email: roger@memorydealers.com
Aim: rogerkver
MSN: roger@memorydealers.com

For all yor networking needs visit:
http://www.memorydealers.com

Beware of other people using your accounts.

Well, that's a giant red flag. An employee realizing it would be very hard to track might have prompted the theft.

I agree,  but they are both trusted long term employees 5+ years who I trust.


I am guessing that deepbit maybe susceptible to a brute force password hacking attack.
You seem to be able to try as many incorrect passwords on the site in a row as you want.
I hope they put a delay after 3 failed log in attempts.

Does anyone have the contact info for the admin at deepbit?
I am hoping they have some kind of log for whoever logged into my account.

I think this is a lost cause. I don't know what you were thinking leaving 130 coins on deepbit.

I was trying not to keep all my eggs in one basket.

Even if they are all completely honest and trustworthy, the chance that someone isn't 100% vigilant in protecting the info rises exponentially with every person.

For all you know they wrote the password down, so they couldn't forget it and the cleaning lady found the note below the keyboard.

I recommend using Eligius. They take no fees and you provide an address for payments when you start it and nobody can change the address without accessing your computer.

I have since changed the password,  and I am currently the only person on the planet who knows it.

Does deepbit have any sort of a log of what IP addresses log into each account?
I think that might be my only chance of having any info at all as to who took my bitcoins.
If the IP address is one in the same town as my business,  I will know the theft was related to one of the employees who knew the password.

If the IP address is in some far off country,  then I know it was just some random hacker.

Any other thoughts on how I can find additional information?

All I have to say is look for somebody who had physical access to the computer where you logged onto deepbit(and no, when you close the web browser it does not log you out of deepbit) or someone who had the access to the computer from which the mining was done.
Although it's trivial to get username/password for anyone on the network, I doubt anyone at random would be trying that stuff. It's someone from your circle

Any security cameras where the computers are?

Ask Deepbit about IP of people who logged on your account.

Lack of brute forcing protection might be it.

If anyone is setting up Bitcoin related services where hacking is a risk, I'd strongly recommend using Google or Facebook authentication instead of rolling your own. These companies have solved problems like brute forcing attacks a long time ago and are now also dealing with cases where your password is stolen. For example Google offers two-factor authentication, for free!

This is exactly what I would like to do.
Does anyone have their contact info?   I don't see any on their website.

Thanks!

do u use the same password for any other website? that website could use it against u.

I was also concerned with that when  I first set up deepbit,  so I chose a password that was unique to only that website.

Sorry to hear of this misfortune.

For everyone's benefit, here is the safest, 100% hacker proof way to store Bitcoins, and a great basket to put them in.

1. Set up a computer that has no access to the Internet whatsoever.

2. Install and run Bitcoin on it (from removable media, e.g. USB flash memory stick).  Copy the first auto-generated address you see into a blank Notepad text file, and save it on your USB stick.  There is no need to wait for the block chain to download (which shouldn't be happening anyway if you're offline)

3. Back up the wallet.dat file it creates onto your USB stick.  Better yet, do it onto two USB sticks.  It's located at %APPDATA%\Bitcoin\wallet.dat.  Keep both copies safe and secure.

4. Send all your Bitcoins to that address you generated and saved in step 2.  Use Block Explorer to keep track of your balance.

5. Format the hard drive of the computer, or at least delete your wallet.dat from it, or never connect it to the internet.

Main point: The software doesn't have to talk to the network for you to receive bitcoins.  By providing no means for your private keys to be reached from the Internet, they cannot be remotely stolen by anyone.

When ready to spend:

1. Go into a brand new installation of the Bitcoin software, and exit it completely (so it's not on your taskbar, etc.)

2. Go into the %APPDATA%\Bitcoin folder and delete all files with the extension .DAT.

3. Copy your prized wallet.dat into the folder

4. Restart Bitcoin and let it rebuild everything.  Coins will appear when the block chain is downloaded (possibly hours).

5. Spend like normal.

+1 agreed

Any decent site keeps a record of IP addresses accessing each account.


And do not store bitcoins at a pool server, store them in your own, secure wallet!

It would be funny if one of the trusted employees log into deepbit from their home  ;D Although I still think it's much simpler than this

Also, if you are using 'MemoryDealers' as your user name or your email address that you display publicly then I suggest you use a non-well-known email address.

So does anyone know how I can contact the deepbit Admin?

If you have a dynamic IP don't forget to log the IP of you own machine before it changes.

This makes most sense. Before brute-forcing passwords someone must know login email address and site. it would seem too coincidental for a random attack that some hacker could match site/login/pass without any inside info to just steal single account.

Maybe try to send PM to [Tycho], he seems to be the owner of this service:
http://bitcointalk.org/index.php?topic=3889.0

PM Sent!

I suggest posting something in his thread here (http://bitcointalk.org/index.php?topic=3889.1460).  He's usually pretty quick to respond to important questions.  Also, sorry this happened to you, but thanks for the heads up.  My deepbit password is now over 20 characters long with caps and symbols.

if you are using any kind of remote access like teamviewer ,vnc, etc, it is likely that someone could remotely login to your pc!

That just shortened the time to crack now didn't it?

We were not using anything like this.

How so?

Because now you don;t have to waste time searching all the combinations between 1 and 20 characters.

I hope that people can build extensions of block explorers to watch where these funds get sent and when they get sent to a known entity we can slowly backtrack and narrow down who the scoundrel was who did this.  Bitcoin isn't anonymous as people think---Its got Lojack built in.  Using some good old fashioned Link Analysis (http://en.wikipedia.org/wiki/Link_Analysis), thefts on a grand scale can be monitored.   I'd like to see something built into the Bitcoin user interface that would check a database of reported stolen bitcoins and send an alert when some were received from an address in the database.  We can all be Big Brother collectively.

I think that would make merchants hesitant to accept Bitcoins.  If I were a merchant and had to worry that people's payments had their own paparazzi behind them, that might just make it not worth my while.

The best thing we can do as a community is perhaps buy some memory from him if we need it (or fiber transceivers as he seems to be selling), and be super vigilant down the road, as this stuff is only bound to increase.  More people should be practicing using offline wallets, as keeping significant sums on third party websites or even on networked computers is just begging for eventual problems.

Well, sure.  But you've still got to search through at least all the 20 character combinations and the password is longer than that so it's still a pretty big task.  But, yes, you're right, it'll take less time.  Less time to make a realistic difference?  Probably not.

A question: Did you use the same password for deepbit login as for submitting the shares from mining client?

Because if did, then anyone who can spy on your HTTP headers (local network users) then can see your password, too.

On deepbit, you can set another password for worker (even the first), but by default, the passwords are the same. Not safe IMHO.

Yes it will. With some clever social engineering, dumpster diving and few good gpus in skilled hands your password would probably be broken in couple of months if not sooner

Well, I guess I've just made myself a target and I'm as good as screwed.

We are not talking about you, but about security practices and how dumb some people are revealing their personal data on public forums without even realizing it

But you are talking about me since I'm the dummy who revealed the personal data that my deepbit password is over 20 characters long.  Now, in a matter of months, if not sooner, any sufficiently crafty scriptkiddie could have access to my deepbit account.

You must be a genius

I think you are right about this being my weakest link.

The deepbit screen hides the actual login password, but displays all the passwords for each worker in the client.
Until today,  we used the same password for both.
Multiple people (about ten) in the warehouse could of looked at the screen and noticed the username and password.
I think my only chance is by finding the IP address of the person who logged into my deepbit account.

I must.

80 bits is considered safe. 20 characters of letters+numbers make it 20*6=120 bits, an overkill (even if the attacker knows how many bits there are exactly).

That's what I thought, but, hey, apparently I'm a dummy for revealing this personal data on a public forum.

this is why I like poclbm-gui it also hides the worker password, but thanks for the heads up I wasn't aware of this HTTP header transparency myself

Or someone using a proxy or tor...  :-\

I still think the most likely is that a browser window was left unattended while logged in.

The strange part is that it was done at about 5:30AM PST (where my office is)
There are lots of cameras at the office that I can check soon, but no one but myself has access at that time of day.

So I suspect it was done somewhere other than at the location of the mining computers.

The Anonymous of Bitcoin. I love it.

Are your mining computers on a wireless network?

Edit: depending of what kind of logging deepbit uses, they maybe able to provide user agents, which in turn may help to narrow your search down

No,  they are hardwired.

I don't know, but could this error i receive be related to this somehow?
There is nothing to steal in my account as my daily BTC is ~0.8-1.1, but i started to wonder because i can't access to Deepbit :/


http://bitcointalk.org/index.php?topic=3889.msg120901#msg120901 (http://bitcointalk.org/index.php?topic=3889.msg120901#msg120901)


And sorry if this is totally OT to this thread.

Every worker is frequently sending their password in clear over the internet, anyone with access to sniff the network between you and the other end at any point can easily get it. Also, deepbit doesn't use https for the management screens either, so a similar (if somewhat reduced) risk exist there.

This is why services which have no accounts are good.

I just heard that:
The money was taken by someone logged in from:

94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

It shows up as being in Holland.

Any other ideas on how I could track this down any further?

You shouldn't take this personally; in fact, you should be gracious. I was reminded to be more aware of accidentally revealing personal info online.

Is this info from deepbit?

Holland? probably a proxy then , I'd really want to take a close look at the employees  myself as that looks like the most obvious rout, and usually the most obvious is the most likely.

It belongs to http://www.leaseweb.com/en

It's probably a proxy, tor node or a compromised box. I'd be looking for a tech savvy employee

Try writing to the admin

The IP address information was provided by the Admin from deepbit.

This whole situation brings , to my mind at least, a fair question : What can we do about this sort of thing when BC's entire basis is one of semi-anonymity? Block explorer ( http://blockexplorer.com/ ) provides some tools for tracking transaction.. perhaps a RiSKAPI of some sort for merchants? Flagging accounts with odd behaviors (though how would you define odd?)  I don't know myself I'm simply tossing the idea out for discussion. As it stands though even a RiSKAPI would be limited as one wallet.dat / user can contain many many keys.

error@underground ~ $ host 94.75.217.249
Host 249.217.75.94.in-addr.arpa. not found: 3(NXDOMAIN)
error@underground ~ $ whois 94.75.217.249
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '94.75.217.0 - 94.75.217.255'

inetnum:        94.75.217.0 - 94.75.217.255
netname:        LEASEWEB
descr:          LeaseWeb
descr:          P.O. Box 93054
descr:          1090BB AMSTERDAM
descr:          Netherlands
descr:          www.leaseweb.com
remarks:        Please send email to "abuse@leaseweb.com" for complaints
remarks:        regarding portscans, DoS attacks and spam.
remarks:        assignment LEASEWEB 20080723
country:        NL
admin-c:        LSW1-RIPE
tech-c:         LSW1-RIPE
status:         ASSIGNED PA
mnt-by:         LEASEWEB-MNT
source:         RIPE # Filtered

person:         RIP Mean
address:        P.O. Box 93054
address:        1090BB AMSTERDAM
address:        Netherlands
phone:          +31 20 3162880
fax-no:         +31 20 3162890
abuse-mailbox:  abuse@leaseweb.com
nic-hdl:        LSW1-RIPE
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

% Information related to '94.75.192.0/18AS16265'

route:          94.75.192.0/18
descr:          LEASEWEB
origin:         AS16265
remarks:        LeaseWeb
mnt-by:         OCOM-MNT
source:         RIPE # Filtered

Bitcoin addresses of all users were removed by me in order to implement new system for enhanced security.
Additional details will be available shortly.

I found that someone changed bitcoin addresses of some users. I'm not sure how the attacker got passwords, but now you'll have to use e-mail confirmation for changing your wallet address.
I'm very sorry that I haven't implemented this feature earlier, so your stolen bitcoins will be reimbursed.
(Please note: I can't garantee that I can do such reimbursment in the future).

Your money is safe and i'll give instructions on setting your address again. Please wait.

A total of ~150 BTC were stolen: 136 from this user and ~14 BTC from others.

Wow!
That is very generous of you!
Can I ask about how many users had their bitcoin addresses changed?
So this sounds like it means that none of my employees violated my trust.  (I'm still implementing stronger security measures.)
Would you agree?

I have been worried all day about who could be a thief at my company.
I was worried even more about it than the missing bitcoins.

Thank you again, and I will gladly continue mining with deepbit because of your help!  (I'll keep a much lower balance though)

+1 Tycho. Most people wouldn't be so nice. Sounds like some of the people attacking mt. gox have been looking for other attack vectors.

Either the email verification is taking a long time - or it's not working.

It's not deployed yet, i'm testing it atm. Wait a bit more please.

To be clear, the personal info I revealed is that my password is more than 20 characters long.  I just don't see how telling the world that my password is more than 20 characters long compromises me that much.  You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long.  Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.

I'm not sure yet how the attacker got the passwords, but some of his data was not correct.
May be he sniffed the mining traffic and tried to log in with same credentials, may be he used some other kind of exploit.

I'll look into it after finishing with confirmation system.

He's learning. Unfortunately, still wrong conclusions

Even though my account appears to be fine, I appreciate you being completely transparent with us Tycho, and taking full responsibility for it.  Much respect.

E-mail confirmation should be working now.
PM me if your e-mail was non-existent or you can't receive the message.

Password cracking have been used successfully a while back at mtgox until mtgox changed their login process.  Has this been ruled out?

If this is accurate, then major props for the reimbursement.

No one is claiming that your 20 character password is easy to crack, for the time being. It has, however, been pointed out that since you revealed that it is 20 characters, it would be easier to crack than if you had said nothing about its length, since the cracker will not have to spend time checking passwords <20 characters. If this seems trivial, remember that passwords nowadays are the key to valuable information about us and that Moore's Observation (Law) means that the cost of technology needed to crack passwords is getting cheaper quickly. The time will come when there will be a low degree of difficulty to crack a 20 character pw--it might come sooner than you think.

You "trust" your employees? Hah.

Yeah, forming real human relationships and then relying on them is for suckers.  Next thing you know he'll be claiming to have "friends" or some other kind of nonsense too.  ;)

Major kudos to [Tycho] for his response to this incident.  Real trustworthiness is proven in a person's response to unplanned-for circumstances.

real class, way to go Tycho!

Oh, come on, I wrote it out to make a point.  But, there, I fixed it for you.  What wrong conclusion am I coming to?  Help me not be such a dummy.  I'm sincerely asking for you to help understand what wrong conclusion I'm making.  I don't even mind if you continue to mock me.  Just help me out too.


Just to be clear, I did not reveal that my password is 20 characters.  I revealed that my password is more than 20 characters.

Edit: mewantsbitcoins, is it that the possibilities answer is wrong?  I took that value from a website that claims to calculate password possibilities, but my own calculation says it should be 3.40562E+41.  Basically, I entered the values backwards.  Is that it?

I recommend Tycho accelerate the installation of an SSL certificate. They can be had for a low as $50 (perhaps cheaper if you shop around) at RapidSSL. Of course, if his server was hacked, this would not have helped. In fact, if his server were hacked, the email confirmation won't help either because they could access the database directly.  Let's hope that was not the case.

Kudos to Tycho for reacting in an honorable manner with regard to his customer's loss.  

It's not clear that it was hacked. It could have been a some packet sniffing quite easily if people use the web account password the same as there miner(s) password (do not do this) since that is getting sent in plain-text by the miner all the time they getwork (i.e. lots). Someone was talking about wrapping up the miners-to-pools comms inside https, ssl or similar, where did that project get to? (It could be useful for other reasons down the line if miners get targeted.)

Did you contact Leaseweb?

I'm not talking about your math. The statement above is absurd to anyone working in IT security. What you don't seem to understand is that you revealed a piece of personal information. If I'm an adversary and put enough such pieces together I'll have your password.
This case is an exception and I'm glad op will get his money back, but this case is a very good example of extremely poor security practices.
Lets say bitcoin exploded in value - it's on major TV channels, shops are popping up everywhere accepting it and it adds several zeros to what the value is today. Do you still think op's employees would be so trustworthy then?
It's the same with you. If bitcoin suddenly increased in value, it may be worth spending years trying to figure out your password and by searching this forum and finding out it's >20 long, someone would have a good starting point. Then they can probably safely assume that it is not a random sequence because you would not be able to remember it. They would then go and read your other posts, to see how you think, what word do you use and so on.
And the same goes to vuce's comment "80 bit is considered safe". Safe for what? Kids trying to acces your folder at home? a script kiddie? a skilled programmer? a government agency?

Ok, look, I get it.  Any information can make it easier to get your password, even if by 'easier' it's still really, really hard.  Point taken.  The best practice is just not to reveal any relevant personal information at all.  Got it.

http://www.startssl.com/

Before you ask, no it's not the same thing as CACert - StartSSL actually has root certificates in most major OSes and browsers (and for what mining pools need, that's plenty).

Or you have a well protected 19 character password!   ;D

big kudos to you for providing such a service

@MemoryDealers

Forgot to ask, are you (or were you at the time) using any pool monitoring software/apps/webapps on Android/iPhone or other devices/computers to watch your deepbit account?

I was / still do check from my iphone safari browser as well.

https would be nice, with mining software as well web interface over account forms, including log-on's
I'd say its a must for any serious org. dealing with personal data of their users over the web

also it is a good practice to use secure connections while accessing mail and ftp servers too.

Yes, I asked the victims about this too, but looks like it's not the case. Also all of them used same password for workers and main account. At least one said that he was using same password on his e-mail account and this e-mail account was hacked.

*facepalm*

And people wonder why I am implementing Digest auth for miners....

Your BTC balance is refunded :)

HB Gary didn't teach the world anything.

Wow.  Can't believe he refunded the BTC!  That's great service.

I was thinking about going solo mining but after this bit of service I'm going to stick with deepbit.

+1 Tycho

FYI - Deepbit has SSL now (HTTPS).

dude,

the guy who uses that IP (94.75.217.249) address is on irc right now.

irc.linode.com
#linode
his nickname is takamichi

hes not using that IP right now, but he has in the past.... (check google)
iMMUNE
181msjFgfXo1LwFk8S9BLRYETNqD72yHCL

Interesting!
What can we do?
Maybe someone could try to pose like they are going to do a deal with him to get his real contact information?
Are we sure this is the same guy,  or just someone else using the same proxy service?

It does not appear to me to be a proxy, it comes from an ISP called LeaseWeb B.V. that is in the U.S. Netherlands, and Germany
they do colocated and dedicated server leasing

it is probably a co-located linux box and probably hacked

its funny beacuse this guy has a chinese irc nick and using IP from the netherlands

Chinese hackers are some of the most active anywhere, and some of the most industrious...

they probably used the same hacked linux box for an irc bouncer that they used to connect to deepbit
to steal your BTC

in any case its very likely the person is not traceable,
but it couldent hurt to contact LeaseWeb B.V.
and let them know that someone used an IP that they own to steal your money
they may do an investigation and they may not, but its the best move you can make right now.

heres the contact info for their U.S. office
+1 703 5522754

LeaseWeb Inc.
9480 Innovation Drive
Suite 1, Manassas
Virginia 20110

glad I could help...
iMMUNE

181msjFgfXo1LwFk8S9BLRYETNqD72yHCL

I would just add to encrypt it with a good but easily memorized passphrase, print out the ascii text and store it on your bookshelf.  Take a photo of those pages, and upload to your flickr account. etc.  I would recommend against storing a valuable unencrypted wallet.dat anywhere.

It seems that linux box is being used to send those scam emails also.  ::)

http://www.scamwarners.com/forum/viewtopic.php?f=7&t=10645&start=0

Also, the IP belongs to a VPN service operated by these guys here https://xerobank.com/

You better talk to them, as they will be the ones to have the VPN logs, not leaseweb.

This is the URL for that IP http://vpngate.unlimited-nl.xerobank.com/

Apologies for bumping a thread, replying to a post penned just prior to I joining the Bitcoin community, circa June 2011.

I was doing some reading on Xerobank et al. and stumbled upon this: https://www.wilderssecurity.com/threads/metropipe-xerobank-cryptohippie.224184/#post-1341793 (NOTE THE DATE)

BTW, the above is directly connected to Sonny Vleisides of BFL, namely his Laissez Faire City, later going into receivership with Johann Gevers as its auditor, where to date nary a cent/satoshi has been doled out to those who invested in the scheme decades ago.

Aside: Do your own homework if you desire to learn the connection between Gevers, Peter Voss, Alcor, and Hal Finney. During your research, if you stumble upon the term "honeypot" pay it no mind. It's probably just a red herring.  ::) ::) ::)

I would suggest keep the wallet.dat file on another computer or also do not keep the passphrase on the same computer containing the wallet. Since many people have bitcoin stored on desktop wallet and without proper  protection, hacker can hack the computer and thus can get access to your wallets. Many experienced hacker can exploit the security weakness on the normal desktop systems. A special care should be taken by bitcoin users.

More importantly keep data on files that are not at all connected to the internet :)

I don't know how many characters your password was, mine is each of the three never generated twice 63 character passwords from https://www.grc.com/passwords.htm combined together. At the time Steve Gibson wrote this and offered it to everyone he said it would take one super computer 255 times infinity to crack any one of these three generated passwords. Not sure this is the case now.

Yes I think the first point of call should be deepbit because you hold your account with them and therefore should have a little bit of information as to how the transaction happened and the source of the Bitcoin address amongst others. I'm sorry about it though and wish you luck as you search for the lost coins.

Yeah probably....
You realized you're replying to a thread created in 2011?

People ... look at the date before posting!!!!!!!!!!!


Well , you should be apologizing  :) jk
Look at the amount of spam the thread is getting right now, done by people who haven't bothered to read more than two lines, not to mention the date.

Im really sorry for your loss, but to be honest I think you dont have any chance to retrieve your bitcoins.
Of course you can track them all the time, or hire someone to help you with finding the person that have done it.

And they keep on a postin' re the OP oppose to the latest. _vvv

shit o read quickly and I thought it was DEBIT account (in opposition to Credit Account )

I didn't look at well and made a post. I think it is the best that outdated topics will be locked so people still can read but not react anymore. I see that on more forums and it avoid unnecessary post.

Translated: A many posters on forums can not read calendars, thus for their protection lock vintage threads, 'vintage' determined by ... FUCK ME! there needs to be a governing body capable of reading calendars in determining what's considered vintage. I formally nominate Pflit as said body's president. Somebody pass him the word, for the odds are that he'll never read this far in this thread.

Such memories.... If I recall correctly I think the amount of the theft was about $2000 total at the time...

I am the cause of the loss, even I can not think you can leave 130 coins in the deebit.
This must be a good security so no one can steal BTC in Deebit account.

If I did the math correctly, the total lost was 135 X ~$1 = ... FUCK ME! My calculator broke. Anybody got the answer?

135 is something very when compared to the current price of bitcoin. Several prediction pit forth by cryptographic personalities suggest that in future 100 btc is more than enough for a successful living. So he has lost a part of his life.

Man this is very bad :/ So much money… 

Do you remember maybe you ever log on your account to public computer? Maybe stolen out there.
But i could not say anithing else, its very big amount. Sorry to hear that

How is that you had the intelligence to hunt down, then bump an old thread but didn't notice the date it was created, thus 135 BTC back in the day wasn't worth as much as it is today?

woaah that  is a huge amount of bitcoin the heck
I feel sorry for you it is true that split your coins in different wallet so that it is safe unless somebody try to steal it
the transaction that is made by bitcoin or any virtual currency is not irreversible but some are.. maybe sit to wallet sites he used to freeze his/her acc

Okay, it looks like I'm the fuckin idiot. Reads to me like users who participate in sig campaigns are merely commenting based on the thread's title, not giving a fuck about the content, thus now making bank on Roger's lost. Madness!

Look who it was that created the thread (signature on original post).

I think he did quite well for himself in the end...

https://en.wikipedia.org/wiki/Roger_Ver

Roger paid for the first Bitcoin billboard ad:

Yes be ware always and be carefull for me its hard to help you because i'm not a expert here in bitcoin forum but dont lose hope if your bitcoin stole and you font resolve that you need to move on and try to start again . :)

OMFG, this user opted to reply to the second post of this thread so that he, too, can make bank off his sig-campaign of choose.

LMAO iam litarly doing that right now iam sorry for memorydealers lost iam sure he forgot about it already or maybe he got it back but it's really funny how

how they brought this topic back from the dead and managed to talk about it like it was today and your comments about that was really funny too sir thanks for the amusement sir !! :D

Getting people to know your bitcoin password is a very dangerous thing to do. Not everyone will choose to keep secrets. I hope you will not put such a mistake next time.

135 BTC! Sorry for your loss :O I would contact exchanges and hope they havn't put the coins through a tumbler, 135 BTC is no small sum :/

Seriously, for that quantity of coins, your better splitting them into different accounts/hardware wallets. If you have a large quantity of coins elsewhere, invest in a ledger wallet (the only hardware wallet with a secure enclave). Never trust an online provider, and NEVER entrust your password to that quantity of coins to anyone.

135 BTC though... I don't want to lecture, but also want to give you sound advice, it is why i shout myself hoarse on here regarding hardware wallets.

OMG 135 BTC blah blah blah..

Curious gleb, did you find some sort of forensic connection to this old heist in one of your latest cases or what?

Even when somebody stole it they won't say it because you can't control it. It can be nearly everyone just use a vpn and steal your coins with it. So you need to learn what you did before.

Have you downloaded a file ? or pressed link ? They can be very dangerous too, but I am really sorry for your loss bro.

I've read this story in 2017. Hope, that you have made up for this loss.
Just curious, if you're still dealing with blockchain?