Stolen btct shares and bitcoins.

[cwerdna]

Hi,

Just a word of warning to everybody out there from somebody who is now forcibly out of the Bitcoin game.

I hold a BTCT account.  This account was compromised, I had locked the payout address to my own wallet.

My various shares were all cashed out to my address.

2013-09-15 11:35:54   1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
txid: b594a2115c788117566cdf2e3a1f7710b0f610b108e4a714660003f112611971   31.64389075 BTC

Subsequently my wallet was emptied (including some 15 or so other bitcoins I had)

c507e106114e5cb8c295fc9d7f9f1d051f87194f2236973711b0575e39796b4e 2013-09-15 10:52:30
1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
   1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj 50.73230925 BTC


My Wallet was covered with a 25 character long passphrase. I can only assume that my home computer has a key logger installed.

1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj now has over 50 bitcoins of mine.

Given my Bitcoin investment money was set aside for my young family, even though its not a huge amount of money I am completely gutted.

Cheers
cwerdna.

[silverfuture]

no 2FA?

[cwerdna]

No 2FA on my btc-tc account.
Account withdrawals were locked to my own wallet.
Own wallet is local BitcoinQT.

cwerdna

[gmaxwell]

It's interesting to me that they were careful enough to empty the website before emptying the wallet, is that really the case?

In any case, I'm sorry to hear of your loss.

[mem]

Work friend of andrews here.

Looks like it was a key logging trojan on osx, very very scary.
His local wallet was encrypted with a pass phrase but they had that to from the logger.

So withdrawal to locked address, then open up wallet with passphrase and send.

Bastards.

[cwerdna]

It's interesting to me that they were careful enough to empty the website before emptying the wallet, is that really the case?

In any case, I'm sorry to hear of your loss.

Yes they sold my shares at a marginal loss to myself (about 5%) - I initially thought that something had happened on btct and my shares were forcibly sold for some bizarre reason. Figured initially that at least the money was safe having gone to my wallet. Then decided to check my total balance on blockchain.info and that's when I realised I have been wiped out.

Obviously power bills, hardware investment etc coming to nothing has totally upset the missus - so yeah thanks to the scumbags for hurting real people in the name of greed. That hurt inflicted really eclipses the 50 or so bitcoins I am out. Small beer to some, a lot to small timers.

[Lethn]

That sucks, I think that 50 Bitcoins alone though is far too large an amount to have online, I think any investment scheme that doesn't have stupid amounts of security or offline storage is not worth putting money into, I think we need to start demanding that anyone who holds our money needs to have an offline storage. That will make things slower withdrawal process wise but at least then it can't be hacked, I was thinking in terms of what banks used to do where you would have the actual money stored in a safe place and it's just displayed on the screen how much you have any you trade with that until you want to withdraw it and so on.

[dddbtc]

I used the free version of Zemana AntiLogger for quite some time which encrypts only your keystrokes.

http://www.zemana.com/product/antilogger-free/overview/

I eventually bought a 2yr license for the full version which protects against screenshots and all sorts of other things.

[coastermonger]

Websites aside, is it theoretically possible for the bitcoin-qt client to support some kind of 2nd factor authentication?

If not, is it true that OP would still have his coins if his locked payout address was really located at an online wallet behind 2-factor or the address of a paper wallet?

I made a post related to this about necessary security features that
every online bitcoin website should use: https://bitcointalk.org/index.php?topic=294896.0

[gmaxwell]

Websites aside, is it theoretically possible for the bitcoin-qt client to support some kind of 2nd factor authentication?

Yes/No.  It does support two factor authentication: Thats what wallet encryption is, you're protected by knowledge of the password and possession of the wallet file.

But no, because control over your computer moots security provided only by your computer.

There are a number of hardware wallet devices coming out which outsource possession of private keys to USB dongles that require a button press to authorize a transaction... those will keep you safe even if your computer is compromised.

[cwerdna]

Websites aside, is it theoretically possible for the bitcoin-qt client to support some kind of 2nd factor authentication?

Yes/No.  It does support two factor authentication: Thats what wallet encryption is, you're protected by knowledge of the password and possession of the wallet file.

But no, because control over your computer moots security provided only by your computer.

There are a number of hardware wallet devices coming out which outsource possession of private keys to USB dongles that require a button press to authorize a transaction... those will keep you safe even if your computer is compromised.

Hardware keys are definitely the way to go for anybody in this game - I have invested a lot of money for somebody with a family to raise in bitcoin as I could see the potential for the future and it was worth the gamble. I still believe in the concept, just clearly the security needs to be addressed.

This experience for me, whilst devastating, has taught me some interesting lessons and that is a positive I can take away from the whole thing.

Oh and if the bastard who stole my money ever reads this - you are forgiven for stealing my money. You are not forgiven for the pain you caused myself and more importantly my wife.

[samson]

I used the free version of Zemana AntiLogger for quite some time which encrypts only your keystrokes.

http://www.zemana.com/product/antilogger-free/overview/

I eventually bought a 2yr license for the full version which protects against screenshots and all sorts of other things.

This is interesting although I do wonder if someone could write a keylogger to intercept the key presses before this softwre executes at a higher level.

There's some detailed information on how key presses are processed in windows here: http://www.securelist.com/en/analysis/204792178/Keyloggers_Implementing_keyloggers_in_Windows_Part_Two

If that software becomes popular in time new malware will be written to attempt to circumvent it.

The OP mentioned that this was on a computer running OSX.

Do you know for sure a keylogger was used ? Any ideas which one it is and how did it work ?

[fuggedit]

Fucking scumbag hacking thieve sons of bitches taking food out of a young fathers family and his baby's mouth. The thing that's worse about being stolen from online is you don't even get the gratification of truly believing someday you'll find them on the street and then beat the shit out of them mercilessly.

[gacr]

Hi,

Just a word of warning to everybody out there from somebody who is now forcibly out of the Bitcoin game.

I hold a BTCT account.  This account was compromised, I had locked the payout address to my own wallet.

My various shares were all cashed out to my address.

2013-09-15 11:35:54   1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
txid: b594a2115c788117566cdf2e3a1f7710b0f610b108e4a714660003f112611971   31.64389075 BTC

Subsequently my wallet was emptied (including some 15 or so other bitcoins I had)

c507e106114e5cb8c295fc9d7f9f1d051f87194f2236973711b0575e39796b4e 2013-09-15 10:52:30
1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
   1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj 50.73230925 BTC


My Wallet was covered with a 25 character long passphrase. I can only assume that my home computer has a key logger installed.

1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj now has over 50 bitcoins of mine.

Given my Bitcoin investment money was set aside for my young family, even though its not a huge amount of money I am completely gutted.

Cheers
cwerdna.

Stop using IE and OPERA .... use google chrome or firefox. Most exploits works on ie and ff. Also do not download flash "updates" you are asked to download from various sites.

But most of thieves use and exploit and traffic to build a botnet and only ie and opera can be exploited.

[mem]

Hi,

Just a word of warning to everybody out there from somebody who is now forcibly out of the Bitcoin game.

I hold a BTCT account.  This account was compromised, I had locked the payout address to my own wallet.

My various shares were all cashed out to my address.

2013-09-15 11:35:54   1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
txid: b594a2115c788117566cdf2e3a1f7710b0f610b108e4a714660003f112611971   31.64389075 BTC

Subsequently my wallet was emptied (including some 15 or so other bitcoins I had)

c507e106114e5cb8c295fc9d7f9f1d051f87194f2236973711b0575e39796b4e 2013-09-15 10:52:30
1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
   1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj 50.73230925 BTC


My Wallet was covered with a 25 character long passphrase. I can only assume that my home computer has a key logger installed.

1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj now has over 50 bitcoins of mine.

Given my Bitcoin investment money was set aside for my young family, even though its not a huge amount of money I am completely gutted.

Cheers
cwerdna.

Stop using IE and OPERA .... use google chrome or firefox. Most exploits works on ie and ff. Also do not download flash "updates" you are asked to download from various sites.

But most of thieves use and exploit and traffic to build a botnet and only ie and opera can be exploited.

START READING THE POST BEFORE COMMENTING.

He is an OSX user and only used / accessed the wallet on OSX. 
Yes thats right, he had a trojan on his OSX installation, it does happen.

[gacr]

Hi,

Just a word of warning to everybody out there from somebody who is now forcibly out of the Bitcoin game.

I hold a BTCT account.  This account was compromised, I had locked the payout address to my own wallet.

My various shares were all cashed out to my address.

2013-09-15 11:35:54   1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
txid: b594a2115c788117566cdf2e3a1f7710b0f610b108e4a714660003f112611971   31.64389075 BTC

Subsequently my wallet was emptied (including some 15 or so other bitcoins I had)

c507e106114e5cb8c295fc9d7f9f1d051f87194f2236973711b0575e39796b4e 2013-09-15 10:52:30
1DAz3Ktytjd8wR1Z7SMoJSU92rrLKbWSba
   1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj 50.73230925 BTC


My Wallet was covered with a 25 character long passphrase. I can only assume that my home computer has a key logger installed.

1EYz2DwJy2xj3o7cPtVsFPXX6C2moMrYXj now has over 50 bitcoins of mine.

Given my Bitcoin investment money was set aside for my young family, even though its not a huge amount of money I am completely gutted.

Cheers
cwerdna.

Stop using IE and OPERA .... use google chrome or firefox. Most exploits works on ie and ff. Also do not download flash "updates" you are asked to download from various sites.

But most of thieves use and exploit and traffic to build a botnet and only ie and opera can be exploited.

START READING THE POST BEFORE COMMENTING.

He is an OSX user and only used / accessed the wallet on OSX. 
Yes thats right, he had a trojan on his OSX installation, it does happen.

a trojan is installed on the pc in 2 ways :

1 - you download something and get infected ... and in this way it doesnt matter what OS you use
2 - you visit an website iframed with an exploit link and get infected ... works on windows and ie / opera only from what i know

but also on the market exists private exploits ... never had access to one so i dont know what os / browsers can be infected

if you get infected with malware , the guy who runs the botnet see everything you do on the pc ... get all your passwords , bank acc , cookies ... everything . even he can transfer money from your bank account without log in if he have an ats inject .