 Show Posts
|
|
Pages: [1]
|
|
KuCoin accounts are frozen - but the won't ive any info whether there is something there or not, until I get the official law enforcement report. Dubai police is taking no actions.
Does anyone has personal contact in KuCoin who might help to get this information?
Or maybe there is some possibility to get the report from any countries' law enformecents?
|
|
|
|
If it is not too private, can you explain what was that file or where did you downloaded it from?
Because that seems to be the most crucial part of your story.
This was VST plugin for music software. I made a mistake and simply googled it as I thought this one was very specific for hackers to use - there are too little people in the wrold who might need it. I just googled the name and "download" in the end. And used few forst links. I might even give you the links. In Electrum, the wallet file contains the seed (for electrum generated seed) and master keys but not the individual private keys.
Those private data are in plain text only if the wallet or the secrets aren't encrypted with a password, otherwise it'll be encrypted.
The "wallet.dat" file in the example is a Bitcoin Core wallet file (non-descriptor).
Does this mean that the hacker did needed my password as well? Which I kept only in my head. Or the seed phrase itself is enough? I kept both seed phrasse and the wallet file on my laptop. |
|
|
|
|
Thanks for the information guys. Still trying to make some steps.
|
|
|
|
@mbLI, most of the victims come to terms with the fact that they were hacked and that their coins disappeared without a trace, but I think that you should still try to find out something and if you're lucky, maybe you can return some or all of the funds that were stolen from you.
When I mention luck, I mostly mean that your hacker made a mistake somewhere in the steps and maybe even used his real data on that CEX. That would be really stupid, but not all hackers are intelligent enough to know how to hide their tracks. What is "good" in the whole matter is that you are obviously not the only victim, and if investigations are opened in several countries, the chances increase that the hacker will still be discovered.
As for the reason you were hacked, now you know that the seed (backup) should never be stored on devices that have access to the internet.
Yeah, that's my only hope there. But it will help only if the police will work on this. And at the moment they do not. As for the seed - yeah, now I know. I thought, that the wrong words sequnce will help. Also, couldn't realise that this can be done within few minutes - to scan the whole PC for the text files, which contains something looking like SEED phrase - I still can't understand - how techincally it can happen. I have 1 Tb of files here. |
|
|
|
OP what kind of information are you looking for, if you want i can help with some analysis of the transactions but TBH i doubt that there is something useful there.
To be honest - I don't know. Any kind of information that might help me to get my bitcoins back. At the moment I'm working on getting this official report from the police and provide it to KuCoin. I don't see anything else. But a crypto specialist might be able to find something elese in these transactions. |
|
|
|
Can you tell me please how you got all the chains from this starting point to the final one?
Click on the address and a new window will pop up at right side of the page.  https://lite.crystalblockchain.com/
You should check the transactions you want to be displayed in the visual one by one. Take note that you will need to play around with the " Date " and/or " Debit/Credit, BTC" to find all transactions you are looking for.  Thanks. It only shows 5, that's why I didn't see all. The date range helps to filter. |
|
|
|
The password fpr the wallet was only in my memory.
If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself. I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum. Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC? Absolutely! It's indeed possible to trace blockchain transactions and follow the trail of money. While I'm no blockchain expert, I gave it a shot and attempted to trace the blockchain records of your transaction. If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:  The address bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz is associated with the hot wallet of the KuCoin exchange, as documented on their website: https://www.kucoin.com/blog/transparency-and-trust-a-detailed-list-of-kucoin-s-walletsIf I were in your shoes, I'd take this information, get a lawyer who knows about crypto and online scams. Then, I'd proceed to file a criminal complaint with the local authorities for online crimes. If you act quickly, you can request KuCoin to freeze both the suspected account and the funds linked to the criminal activity. Can you please help me to get the same chain of transactions that you show here? When I open this theft transaction ID and open the next transactions, I get to the KuCoin hot wallet - the same as you did, right.  But I can't get all tre previous incoming transcations which lead eventually back to the hacker's first wallet:  If I open incoming transactions for the final KuCoin hot wallet - they show 72 incoming.  Can you tell me please how you got all the chains from this starting point to the final one?  |
|
|
|
-snip-
But is the last blochain transaction is made in KuCoin this means he withdrwn in fiat? In this case it might be possible to trace him - depends on the jurisdiction he is in?
That's only possible if the hacker isn't good at his trade. Most notorious ones use any leaked credentials to pass KYC on centralized exchanges. For withdrawal, they don't usually go for fiat, but rather withdraw anonymous altcoins like Monero which they can then transact without being traced. Your chance is to flag it to KuCoin as soon as possible before the hacker withdraw your funds. ( they only do that if you have substantial evidence and backing from authorities though) If they withdraw in altcoins like you say - there is completely on chance to trace it further, right? Most likely he did it. And most likely KuCoin account is empty - KuCoin didn't tell me this directly, but I understood this from our conversation. I'm trying to get the form from Dubai police. The first offcier from the cybercrime departent I met refused to open the case since it is on the Internet and out of UAE jurisdiction. Which is kinda nonsense. I'm tryong to push this another way. |
|
|
|
If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below:
As displayed in the image, the hacker split the stolen funds between five addresses and then sent them separately to four different deposit addresses. I used to use Kucoin. I used their service until they made KYC compulsory. If nothing has changed, they don't generate new deposit addresses and users have to reuse the same deposit address. Maybe, the hacker had mutliple accounts on Kucoin and if that's the case, the hacker must have used four different documents. Good point - KuCoin doesn't let you make new deposit addresses. So the hacker must've used a bunch of accounts to "launder" the stolen coins. They probably faked the KYC info for those accounts too and I really doubt they'd be stupid enough to send hacked coins to a KYC exchange tied to their real name and info! But is the last blochain transaction is made in KuCoin this means he withdrwn in fiat? In this case it might be possible to trace him - depends on the jurisdiction he is in? |
|
|
|
They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real.
You did the right thing by contacting kucoin's support and informing them about this incident. Now that the culprit's account has been frozen, all you have to do is to file a police report. Dubai and the UAE is one of the most crypto friendly governments in the world. I'm sure it won't be hard to find a qualified lawyer who can help you with your case. Will try to get the police report asap. But it seems that the account on KuCoin is already empty. Do you think I will need a lawyer for this case? It is not possible just to report to the police to get things going? Yes, I'm sure, I'm using the right wallet.
You're not very specific how you checked that your Electrum download was actually genuine and untampered. Let's assume the best and you did properly check the download file's signature by best practices and your wallet originated from https://www.electrum.org. I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.
As o_e_l_e_o already pointed out a few errors that the OP did himself, I want to highlight another one which I didn't read in this thread so far. You put your hodl wallet as a hot wallet on an online computer and even worse a laptop with which you do your daily stuff and internet and download shit. This is insane in my opinion with a software wallet that holds a decent amount of coins. I would've used a decent hardware wallet already for far less than the amount of stolen coins here. I downloaded it from Electrum web-site directly and it did work good for one year. I agree, that was not very smart from my side, but I based on the information that was in my head at that moment, I thought it is impossbile to get this from my laptop. Now I know. |
|
|
|
Man, if this will work out I will share the part of the returned funds with you! Many thanks.
I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be.
What service did you use to get the full visualisation?
You probably don't need legal representation; I just thought it might be helpful in following proper procedures and getting things done. But you can likely go directly to the police, specifically the internet crime unit. I used Crystal Lite Explorer to create the visualization, but you can achieve the same with any blockchain explorer. Just follow a few transactions further, and they all lead to the same address from the KuCoin exchange. I hope this information proves useful to you. Ok, spoke to KuCoin support. The address which you pointed out is general KuCoin wallet. The one before it - is personal KuCoin wallet and it is verified - meaning it went through KYC. They won't give any further info without official document from the police. The account is frozen already, meaning someone reported before me. They said that the case success will depend on the police investigation. Which means, most likely, that crypto is not there anymore. And I can't imagine how local Dubai Police will be able to get someone from Ukraine/Russia/Nigeria, even if KYC documents are real. I will keep you posted. |
|
|
|
The password fpr the wallet was only in my memory.
If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself. I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum. Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC? Absolutely! It's indeed possible to trace blockchain transactions and follow the trail of money. While I'm no blockchain expert, I gave it a shot and attempted to trace the blockchain records of your transaction. If I'm not mistaken, it appears that all the coins eventually end up at the address: bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz. You can see the visualization below: The address bc1q8yja3gw33ngd8aunmfr4hj820adc9nlsv0syvz is associated with the hot wallet of the KuCoin exchange, as documented on their website: https://www.kucoin.com/blog/transparency-and-trust-a-detailed-list-of-kucoin-s-walletsIf I were in your shoes, I'd take this information, get a lawyer who knows about crypto and online scams. Then, I'd proceed to file a criminal complaint with the local authorities for online crimes. If you act quickly, you can request KuCoin to freeze both the suspected account and the funds linked to the criminal activity. Man, if this will work out I will share the part of the returned funds with you! Many thanks. I'm planning go straight to the police. Do you think getting a laywer before this is required? It will take me time to find one and I'm not sure how expensive this will be. What service did you use to get the full visualisation? |
|
|
|
The password fpr the wallet was only in my memory.
If your password for the Electrum wallet was strong enough, it's highly unlikely that the Electrum wallet was hacked, even if you installed malware on your system. There is a possibility that you updated Electrum with a malicious version, but you would have had to initiate the upgrade process yourself. I didn't update my Electrum at all, since I first deposited all the bitocins there a year ago. It was standing still, I didn't even open it for more tahn half a year. So, no, no updated on Electrum. Guys, do you think it is possible to trace someone from all these blockhains transactions left? Or there are plenty of options for him to use these bitcoins wuthout processing them through any KYC? |
|
|
|
Please post the TXid to know understand you are talking about.
574e046337f18b9debe4eb26cb3d303b42586d047211e04cde5a22114742f792 I explored the address bc1qg0ghptl62pgyjadv9hu9a9uhg4rxpgw62ajhqk, where the funds sent to and apart from that there were few other incoming TXs as well on the same day so its probably affected more than one wallet user. But you are the one who lost huge funds and I don't think it happened due to the Electrum, in the last two days your system infected by a malware, possible something called Bunny Loader and I read that it has capability to execute remote commands as well so that's how your funds were moved from your device so if that is true then you should probably came online in that device on that time period. Will it help somehow? Do you think it worth going to the Police in Dubai?
I think I have the installation files of the software that caused the leakage of the information. Do you think it may help the police to find our where the data was sent to? Or it is not possible to track this from the software files?
If the hacker moved funds to an exchange or anywhere KYCed then it's possible to trace the identity of the individual, but I don't think who is smart enough to execute this will be dumb like that to leave the traces, so I don't think there is any hope. Fair enough... Seems like the police won't be able to help. |
|
|
|
Are you sure you are looking at the right wallet? Do you see the hashes of old transactions you received from the crypto exchange on the history tab?
If yes then most likely your laptop has been compromised and the attacker got access to your wallet's seed (he doesn't need the password to steal your coins as o-e-l-e-o mentioned above). It's unlikely that you are using a fake Electrum version since you've been using it for more than a year and your coins were stolen just recently.
Yes, I'm sure, I'm using the right wallet. I think I know the answer where it came from. I downloaded one software that night, and it wasn't working properly, so I deleted it straight away. I think the software contained malware. But the job was already done. Seems like it scanned my PC and got everything it needed in few minutes. The transacation was done exactly that night within few hours.
Please post the TXid to know understand you are talking about.
574e046337f18b9debe4eb26cb3d303b42586d047211e04cde5a22114742f792 Will it help somehow? Do you think it worth going to the Police in Dubai? I think I have the installation files of the software that caused the leakage of the information. Do you think it may help the police to find our where the data was sent to? Or it is not possible to track this from the software files? |
|
|
|
|
Yes, Electrum wallet used on my laptop only.
I used the wallet just once - a year ago - just received a couple of transactions from my own account on trusted crypto exchange.
And this is it - never used this wallet somewehre else. It was created specifically for the security reasons. For HODL.
The password fpr the wallet was only in my memory.
Seed phrase was written (in txt file sowhere in pc without clear indication where), but even in a wrong sequence.
It is clearly a hole in ELectrum itself.
|
|
|
|
|
Hi. Kept my password only in my head on noone had access to seed-phrases. It leaked purely internally because if the wallet itself. Guys, pleas,e advise what to do. 50k$ are gone
|
|
|
|
|
