My wallet was hacked.

[dr0ne]

Hoping someone can help me figure out exactly what happened here.

From this post - http://www.reddit.com/r/Bitcoin/comments/1cnroc/my_wallet_just_got_hacked/

"Can someone explain what just happened to me?
I had a very strong password on my Bitcoin wallet - which means for every transaction the password would have to be entered. I clicked a link on 4chan which led me to some some chat site, some javascript was run and it didn't seem to do anything at first - boot up my bitcoin wallet and I see a transaction for 2.07 BTC to an address that I did not know.
Can someone explain what just happened? I thought bitcoin was safe so long as I had a strong password on my wallet. How was this exploit able to bypass the password prompt?
The site was "CoinChat.freetzi.com". FAIR WARNING - THIS SITE FUCKED ME UP AND STOLE MY BTC. DO NOT RUN SCRIPTS ON THIS WEBSITE.

My wallet address is 1Q6euP4nmfn5EpsCovo1xb5PsjDd86CQwX
and the transfer went to this wallet 1Es3QVvKN1qA2p6me7jLCVMZpQXVXWPNTC
AMOUNT: 2.07 BTC
https://blockchain.info/address/1Q6euP4nmfn5EpsCovo1xb5PsjDd86CQwX
Please, anyone got any idea wtf just happened to me?"


Like I said, I did *not* enter my password, the coins were simply gone after I loaded up bitcoin-qt.

This is a huge exploit and a huge turn-off for me - I lost all my money due to an exploit in bitcoin-qt and now I'm out the $500 bucks I paid for those 2.07 BTC.

Can anyone please explain what happened and why? I thought my bitcoins were safe with a strong password...

[statdude]

Why anyone will go to 4chan is beyond me!

[John (John K.)]

Your computer might be infected by a wallet stealer/trojan combination. Passwords are useless when your keys are logged.

[jimmydorry]

Now is as good a time as any to move to the local wallet and run it from a secure VM with limited connectivity.

[jamaer]

Now is as good a time as any to move to the local wallet and run it from a secure VM with limited connectivity.

It's much better to have an offline wallet:
https://bitcoinarmory.com/using-offline-wallets-in-armory/
IMO for most people it is enough to run the offline computer in a VirtualBox. Just make sure there is no Internet connection in your VirtualMachine and and interact with the main computer only through a USB-stick or so. Tinfoils of course use a dedicated hardware for their offline computer.

[dr0ne]

Can someone please post the exploit elsewhere? I'm out all my BTC because of it.

Again

I did not give/type my password, I ran the javascript and the next time I opened bitcoin-qt there was a transaction to a wallet I did not know for almost all of my bitcoin (i think the exploit only goes to the closest .00, as I lost 2.07.)


The site is CoinChat[.]freetzi[.]com.

Please, can someone explain wtf this exploit is doing? I can't believe I lost my BTC - I had them in a wallet on my PC, encrypted, with a strong password.

I thought my BTC were safe? How did this exploit send the coins without having my password?

[lbr]

No 'hacks'/'exploits' there.
Nothing dangerous, except site is shit and by visiting it you can get permanent brain damage.

[lbr]

..or OP is trying to draw visitors on that site..

[dr0ne]

LBR, I am not. I followed that link from a 4chan post last night, as I said.

[lbr]

LBR, I am not. I followed that link from a 4chan post last night, as I said.

[ + ]dr0ne_[ S ] -1 points0 points1 point 10 hours ago  (3 children)
[ – ]dr0ne_[ S ] -1 points0 points1 point 10 hours ago

sigh

If anyone wants to help me recoup my losses, I've got a new wallet at ADDRESS_REMOVED. I know it's a longshot but any help would be appreciated. Getting hacked sucks. permalinksave
[ + ]luke-jr 4 points5 points6 points 9 hours ago* (1 child)
[ – ]luke-jr 4 points5 points6 points 9 hours ago*

Readers should note that it is possible (but not certain) dr0ne_ is making this whole story up to get sympathy donations.

In #bitcoin-dev not long ago, he said he was too scared to even open his wallet, and now he suddenly has a new one he just assumes is safe? Also note that this "new" wallet has been receiving coins since two weeks ago...
permalinksaveparent
[ + ]dr0ne_[ S ] 0 points1 point2 points 2 hours ago  (0 children)
[–]dr0ne_[ S ] 0 points1 point2 points 2 hours ago

The new wallet is on a separate device, Luke.

While I understand your view on this matter, you're wrong. I'm not a scammer and legitimately needed help on this matter.

You've kinda been an ass to me the whole time - not cool.

[dr0ne]

Well, he had been being kind of an ass to me. Accusing me of being a scammer.

I'm the victim of a scammer/exploit - not a scammer.

By that comment I was hoping maybe the community would/could help me recoup my losses - 2 of the BTC were my fathers, and I'm hating the thought of saying "hey dad, your BTC is gone because I got hacked/exploited."

That's all.

Are you Luke?

How do I know you're not the scammer behind that website?

Also, my BTC were taken from my wallet.

I'm not forcing anyone to give me BTC, I'm just asking and hoping (i know it's a loooooooooongshot) that maybe the community might help me recoup some of my losses.

Scammers and con-artists are the scum of the earth man, you/Luke calling me one of those really pushed my buttons - hence the ass comment.

[lbr]

...I was hoping maybe the community would/could help me recoup my losses - 2 of the BTC were my fathers, and I'm hating the thought of saying "hey dad, your BTC is gone because I got hacked/exploited."

wow, and the plot thickens, now we have new character, 'the dad' ; ))

[dr0ne]

Yeah. I know.

Found some more information about similar exploits.

http://www.reddit.com/r/Bitcoin/comments/1cai1m/warning_someone_keeps_posting_a_link_to_an/

http://www.reddit.com/r/Bitcoin/comments/1bvl4n/beware_when_clicking_any_link_from_chatboxesirc/

http://www.reddit.com/r/Bitcoin/comments/1c9meh/btcecom_safety_checklist_for_noobs/

[dr0ne]

LBR, please leave me alone if you're just going to grief.

I'm not a scammer and am looking for help.

[lbr]

LBR, please leave me alone if you're just going to grief.

I'm not a scammer and am looking for help.

What kind of help?

[dr0ne]

Help understanding what exactly happened to my BTC

[kendle]

Go through your browsing history if you really want to know. 

No one here can tell you what happened due to lack of information, and it shouldn't be posted how it was done in the first place.

[lbr]

Help understanding what exactly happened to my BTC

Go through your browsing history if you really want to know. 

No one here can tell you what happened due to lack of information, and it shouldn't be posted how it was done in the first place.

^^This^^

Also, on the reddit you've already been told that JavaScript on the webpage can't 'hack' you(99%). And guys there provided you with some possible scenarios.

Since for some reason you still need help in understanding what happened, I put it in simple words - you've(with your own hands) executed program which transferred your BTC to another address, assuming ofc it did actually happen.

[Arthy]

Sucks man.

[caramelos]

Help understanding what exactly happened to my BTC

Go through your browsing history if you really want to know. 

No one here can tell you what happened due to lack of information, and it shouldn't be posted how it was done in the first place.

^^This^^

Also, on the reddit you've already been told that JavaScript on the webpage can't 'hack' you(99%). And guys there provided you with some possible scenarios.

Since for some reason you still need help in understanding what happened, I put it in simple words - you've(with your own hands) executed program which transferred your BTC to another address, assuming ofc it did actually happen.

+1