Bitcoin Forum
August 22, 2019, 05:57:40 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 »  All
  Print  
Author Topic: JUST HAD 0.92329 BTC STOLEN - HOW???  (Read 8010 times)
Sarthak
Hero Member
*****
Offline Offline

Activity: 532
Merit: 501

Error 404: there seems to be nothing here.


View Profile
May 02, 2015, 05:43:12 PM
 #161

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ...

Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV:


Sorry for your loss.

The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.

One thing you can do is publish your seed; it does not make sense to keep it private anymore.


..and that the funds were immediately sweeped into the hackers address.

After 1 minute, it is not 'immediately' but he was 'very fast'.

Either it was the OP himself or it was someone monitoring OP very closely! Though he denies that people he know don't use bitcoins I think someone very close to him was behind this If his computer was as safe as he stated it here!

1566453460
Hero Member
*
Offline Offline

Posts: 1566453460

View Profile Personal Message (Offline)

Ignore
1566453460
Reply with quote  #2

1566453460
Report to moderator
1566453460
Hero Member
*
Offline Offline

Posts: 1566453460

View Profile Personal Message (Offline)

Ignore
1566453460
Reply with quote  #2

1566453460
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566453460
Hero Member
*
Offline Offline

Posts: 1566453460

View Profile Personal Message (Offline)

Ignore
1566453460
Reply with quote  #2

1566453460
Report to moderator
Amph
Legendary
*
Offline Offline

Activity: 2226
Merit: 1003



View Profile
May 02, 2015, 05:48:05 PM
 #162

Your running Windows? enough said...

ignorant statement, linux isn't so much better in term of virus and company, and it's not even about the SO here, it's the container apparently
Cinnob0n
Member
**
Offline Offline

Activity: 116
Merit: 10

-Credits (CRE) Miner/Enthusiast


View Profile
May 02, 2015, 06:29:10 PM
 #163

Ouch! Make sure to scan your PC.

▲▼▲▼▲▼▲▼  No.1 Bitcoin Binary Options and Double Dice  ▲▼▲▼▲▼▲▼
████████████████████████████████  sec◔nds trade  ████████████████████████████████
↑↓ Instant Bets ↑↓ Flexible 1~720 minutes Expiry time ↑↓ Highest Reward 190% ↑↓ 16 Assets [btc, forex, gold, 1% edge double dice] ↑↓
johnyj
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000


Beyond Imagination


View Profile
May 02, 2015, 06:46:13 PM
 #164

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!


johnyj
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000


Beyond Imagination


View Profile
May 02, 2015, 06:51:46 PM
 #165

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine

inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 07:06:56 PM
 #166

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine

It isn't and neither is the entropy generated from a live linux cd either... but it would still be a very rare and odd attack because enough entropy is typically realized.  

Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 1876
Merit: 1745



View Profile WWW
May 02, 2015, 07:11:17 PM
 #167

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!


Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy

Bitcoin
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 07:20:13 PM
Last edit: May 02, 2015, 09:09:13 PM by inBitweTrust
 #168

It is odd that the hacker is wasting his time taunting the victim as well with such a small amount. The hacker could be a sick loser I suppose that enjoys trolling.

In any which case I do not mind helping investigate and troubleshoot security for victims but it is a bad idea to reward those that practice bad security(SPV in Vmware on a windows box is poor security) when there are so many charities that are far more deserving.

redsn0w
Legendary
*
Offline Offline

Activity: 1708
Merit: 1039


#Free market


View Profile
May 02, 2015, 07:25:21 PM
 #169

After 1 minute, it is not 'immediately' but he was 'very fast'.

Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.

So most probably the OP is not 'kidding' and he really lost those 0.92329 bitcoins. However the bitcoin is still in the last address ( TAG: aLL bTc in my handz SWX) from about 5 hours.
MakingMoneyHoney
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
May 02, 2015, 07:39:29 PM
 #170

So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 07:48:35 PM
 #171

So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?

Very unlikely as the SSL certs would have to be compromised, but perhaps a hidden bug that is making electrum work completely differently than designed.

fryarminer
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
May 02, 2015, 07:57:18 PM
 #172


Hey OP, what does "SWX" mean? Does it mean anything to you?

Quote
3lectruM fail. More2come SWX
aLL bTc in my handz SWX
Beliathon
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


https://youtu.be/PZm8TTLR2NU


View Profile WWW
May 02, 2015, 08:08:34 PM
 #173

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

Remember Aaron Swartz, a 26 year old computer scientist who died defending the free flow of information.
unamis76
Legendary
*
Offline Offline

Activity: 1456
Merit: 1001


View Profile
May 02, 2015, 08:58:24 PM
 #174

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...
redsn0w
Legendary
*
Offline Offline

Activity: 1708
Merit: 1039


#Free market


View Profile
May 02, 2015, 09:02:45 PM
 #175

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Simple... simple | a cold storage is an address generated offline (or better on an offline pc) so the use of the wallet is 'relative'. You can generate the coin also with another client/wallet , the important thing is "that the device/machine *must* be offline (better It should never be connected to the Internet *never*).
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
May 02, 2015, 09:15:57 PM
 #176

Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Correct.  You just have to make sure you generate the
seed on a machine that has never been online and
never will be.


Beliathon
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


https://youtu.be/PZm8TTLR2NU


View Profile WWW
May 02, 2015, 09:27:46 PM
 #177

Correct.  You just have to make sure you generate the
seed on a machine that has never been online and never will be.
Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again.

This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine!


Remember Aaron Swartz, a 26 year old computer scientist who died defending the free flow of information.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1002


Core dev leaves me neg feedback #abuse #political


View Profile
May 02, 2015, 09:33:21 PM
 #178

Correct.  You just have to make sure you generate the
seed on a machine that has never been online and never will be.
Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again.

This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine!



There is an attack vector where your machine could get corrupted while online and then use pre-determined random numbers
or a set of seeds known to an attacker.  So at that point it doesn't matter if the machine is offline,
the attacker caused the victim to unwittingly use a known seed/private key which the attack is
monitoring.

Note that you could mitigate this attack by rolling dice or flipping coins which the
ultra-paranoid should be doing anyway.

johnyj
Legendary
*
Offline Offline

Activity: 1848
Merit: 1000


Beyond Imagination


View Profile
May 03, 2015, 12:20:59 AM
 #179

Another question: How long has the wallet been used? When is the last time you receive coins with this wallet?

The receiving address has never been used, it seems the key for that specific address was already compromised before the transaction happened. Since all the addresses in an Electrum wallet are generated by the same seed, it is very likely that the seed was compromised

bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 03, 2015, 06:35:40 AM
 #180

Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy

Incorrect check my previous post. I am very computer literate and often very careful with my BTC.

No idea what SWX is, like I said, no one I kno knows I have any bit coin or what they even are! NO one has access to my PC. I've spent all night formatting and re-installing everything but I still can't work out if I was compromised or not.... Running in a VM with no other program except Tor and all unnecessary services disabled.

I'm stumped. And in a real tricky situation because I needed that BTC more than you can imagine.

FML
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!