looks like i've been hacked - please help me understand what's happening

[beesa888]

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

[LiteCoinGuy]

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.

[beesa888]

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

[jonnybravo0311]

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

Possibilities:
* wallet not encrypted
* key logger on your system
* wallet encrypted with very easy to crack password
* wallet-stealing malware on your system
* wallet stored in publicly accessible location
* RPC ports open to your Bitcoin client
* no RPC password or very weak one
* allow any IP to connect via RPC

Sorry for your loss.

[fast2fix]

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.

[cr1776]

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.

And even if it does and says it has removed them, don't trust that they are all gone if you are going to store bitcoins on that computer.  It is better to re-install the OS to ensure that you are safe.

[jonald_fyookball]

what kind of wallet?

[notlist3d]

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

Sadly this can not be reversed.   Hopefully you can follow it, but chances are they will use a mixer or some other way to hide it.

I suggest others reading this will use cold storage, and be safe with it.

[beesa888]

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

[notlist3d]

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

Yes that is the main client it sounds like.  Sadly a lot of the virus/malware target the wallet file. 

I'm sorry to hear it was such a costly lesson.  In future keep cold storage, and encrypt it.    In a perfect world we would not need to but sadly there are a lot of "bad guys" out there.

[emrebey]

damn, so many people taking that kind of the losses lately. sorry for your loss, nothing to do.

[HiTmanSql]

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.

would like to know what is a hot wallet?

[HiTmanSql]

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

[Amph]

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

[yeponlyone]

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.

would like to know what is a hot wallet?

Wallets on your ordinary desktop which contains small amount of Bitcoins for daily use. Cold wallet stores most of the Bitcoin to keep it safe and Bitcoins is send to hot wallet when needed. Both of them are kept separately and cold wallet would have much more security than the hot wallet.

[beesa888]

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.

[HiTmanSql]

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?



that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address

[yeponlyone]

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.

Anti viruses are not always correct and shouldnt be your only defense against viruses. Antivirus merely checks the signature of the files on your computer with their servers to make sure you dont have any files that matches those known viruses that has already been detected. There are lots of virus that has not yet been detected. Your best protection would to be not downloading suspicious files or going to suspicious websites.

[yeponlyone]

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address

I think you are confused with webservers and Bitcoin. Bitcoin doesn't use SQL databases and they can't be reversed. You can however, try to pinpoint to the person owning the address by googling the address.

[Jeremycoin]

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?

[notlist3d]

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?

If you click the blockchain it shows everything as far as your question.  And no it appears all was sent somewhere, they did not leave anything.  Which is not to surprising on a compromised wallet.

[beesa888]

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

[notlist3d]

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

Sadly most likely it's behind a proxy so hard to tell who actually did it or where.

I would watch it to see if they ever happen to make a mistake that can identify who it is.  Most likely they will sit on the btc not moving it or go through a bitmixer.

[defcon23]

the last transaction to this adress :  1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL   

big fat wallet.. 

[notlist3d]

the last transaction to this adress :  1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL   

big fat wallet.. 

OP might actually be lucky.  It appears it was sent to like 3 or so different BTC address's.  It makes me wonder if he/she thinks it's hiding it by going through the 3 addresses but since linked together we can see it.  No mixer or anything I thought would be used was.

The final address is HUGE: 3,862.54723801 BTC   .   This makes me think it is linked to maybe a hardware company or exchange not a lot have this kinda of balance.

If you can figure out what that final address belongs to there is a slim chance of getting it back.

[defcon23]

a liitle more infos: http://www.walletexplorer.com/wallet/02218b04537fe585?from_address=1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL
 

[notlist3d]

Farthest I could track it was someone else getting scammed on bitcointalk on a purchase: https://bitcointalk.org/index.php?topic=739917.15

Looks like a big time scammer that is just holding it there.  Which makes sense if he/she does not withdrawal or spend money from it makes it hard to track.

[defcon23]

imput the adress in this tool   and see the cluster !
https://bitiodine.net/

[zen2]

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

i am sorry for your loss.
have you installed any cryptocurrency-software or altcoin-wallet or something in the past time (before the theft-TX happened) ??

this wallet look like a scammer coldstorage-wallet: https://blockchain.info/de/address/1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL

[erikalui]

Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then    1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalk.org/index.php?topic=739917.0 (and this address is known for scamming many members). Any way of finding out who owns this address?

[yeponlyone]

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

if you are checking the first broadcast node, it is totally inaccurate. You can broadcast transaction to any other node from anywhere on earth. if the other user were to use Bitcoin Core, the node owner could check connection logs and determine it. But probably a proxy is used.

[notlist3d]

Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then    1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalk.org/index.php?topic=739917.0 (and this address is known for scamming many members). Any way of finding out who owns this address?

If he/she keeps it in storage and does not spend/cash out.  It is unlikely of finding out who.  It appears who ever it is has done a huge amount of scams.   But he/she does not use the BTC which makes it hard to tell much of anything.