Bitcoin Forum
September 22, 2019, 01:11:12 PM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
Author Topic: JUST HAD 0.92329 BTC STOLEN - HOW???  (Read 8010 times)
bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 11:55:50 AM
 #41

I was running linux. Ubuntu 14
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
1569157872
Hero Member
*
Offline Offline

Posts: 1569157872

View Profile Personal Message (Offline)

Ignore
1569157872
Reply with quote  #2

1569157872
Report to moderator
jacktheking
Legendary
*
Offline Offline

Activity: 1428
Merit: 1001


Personal Text Space Not For Sale


View Profile
May 02, 2015, 12:01:51 PM
 #42

I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

Hey! Thank you for visiting/stalking my profile! I appreciate it. ^.^.
tokeweed
Legendary
*
Offline Offline

Activity: 2254
Merit: 1047


Life, Love and Laughter...


View Profile
May 02, 2015, 12:03:38 PM
 #43

I think we should all take precautions.  Thanks for the heads up OP.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
Searing
Legendary
*
Offline Offline

Activity: 2212
Merit: 1188


Clueless!


View Profile
May 02, 2015, 12:04:29 PM
 #44

 Me I have 1 copy of a paper wallet for my BTC and 1 copy of a paper wallet of my LTC in the local bank vault. Thats it only copies. I use coinbase to move dust about.
 and rarely use a wallet on my laptop again just dust if at all.

 If I had a wife I could misplace her..thus why above.......they know me at the bank so hell i could even lose the key Smiley

 If my accounts get stolen then something much worse is going on with the blockchain imho Smiley

 I suppose with my luck the 'meteorite' will take out my bank and the vault.....but have all my important docs in the bank anyway so wtf
 will be a clean sweep when i then start sleeping under bridges and riding the rails.... Smiley

Try out www.synchro.net An 'Old School' BBS (Bulletin Board System) works on Win /10/8/7 and Linux!
Three-minute install. The last upgrade was Jan 1st, 2019. I think you will be impressed with this project!
bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:08:57 PM
 #45

I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

Done and done. still can't find evidence of an infection. I use pretty good security and scan my computer twice a week at least. And my IP is never public. Damn. Anyone in the BTC lendng business? I really need that BTC!
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 12:09:09 PM
 #46

I was running linux. Ubuntu 14

Was this your VM OS or your regular OS that your VM is installed on or both?
What OS was your truecrypt installed on and was it on an isolated computer that wasn't Windows?
Was the VM software pirated?

bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:11:32 PM
 #47

Windows 7 and VMware from ecypted container running Ubuntu
bandana
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
May 02, 2015, 12:18:20 PM
 #48

can you send us a screenshot of your transaction log
bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:18:55 PM
 #49

I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?
bennybong
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:19:56 PM
 #50

can you send us a screenshot of your transaction log

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks
Light
Hero Member
*****
Offline Offline

Activity: 728
Merit: 502



View Profile
May 02, 2015, 12:25:06 PM
 #51

I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?

Potentially, but considering that there hasn't been a sudden onslaught of people saying they've lost BTC from their Electrum wallet it leads me to believe your case is more isolated. I take it your running Electrum on Ubuntu on the VM, which would tend to nullify the effects of most wallet stealing malware. Have a look for any RATs - might be that.
Amph
Legendary
*
Offline Offline

Activity: 2226
Merit: 1003



View Profile
May 02, 2015, 12:32:53 PM
 #52

No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 12:34:13 PM
Last edit: May 02, 2015, 12:49:54 PM by inBitweTrust
 #53

Windows 7 and VMware from ecypted contain running Ubuntu

Aha... that is likely the problem. Sorry for your losses but here is some advice and likely scenarios of how you were hacked.

Scenario 1-
1) Your windows system is rooted or has a keylogging trojan. Here is another tool to scan your OS-
http://usa.kaspersky.com/downloads/TDSSKiller
But be aware that no AV program catches all infections.

2) The hacker was able to compromise your encrypted VMware container by injecting a virus in an unencrypted GRUB bootloader or by simply logging your password that you type into your compromised host OS (windows) .

VM offers a degree of security but mainly protect against keyloggers and infections from within the container leaking over into the Host OS or logging keystrokes from the host OS and not the other way around.

Scenario 2-

1) You installed an infected pirated version of VMware
or
2) You have a vulnerable outdated version of VMware - VMware released security patches for an ESX server hypervisor

Scenario 3-

1) There is a small possibility that ubuntu was directly compromised if you installed some malicious software on it.

redsn0w
Legendary
*
Offline Offline

Activity: 1736
Merit: 1040


#Free market


View Profile
May 02, 2015, 12:35:04 PM
 #54

Have you attached an 'infected'  usb key on that computer? Maybe it is this the problem, who knows.



No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably

I do not think, OP can you repeat again the version of the electrum wallet (I can't find it in this thread) thanks.
hedgy73
Legendary
*
Offline Offline

Activity: 1386
Merit: 1062



View Profile
May 02, 2015, 12:40:52 PM
 #55

Sorry for your loss OP I hope the thieves die a slow and painful death, thieving lowlife scum.....

Sarthak
Hero Member
*****
Offline Offline

Activity: 518
Merit: 501

Error 404: there seems to be nothing here.


View Profile
May 02, 2015, 12:41:50 PM
 #56

Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual!
The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet!
Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction? Smiley

inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
May 02, 2015, 12:43:01 PM
Last edit: May 02, 2015, 12:56:05 PM by inBitweTrust
 #57

I am really sorry for your loss.

Some mistakes you made with security to learn from.

1) You have no physical security or 2fa or hardware wallet securing your bitcoins. VMware doesn't protect you if your host is compromised.
2) You backed up your HD seed digitally in a encrypted container in likely the same computer that was compromised. When creating a wallet, this needs to be done on a completely clean uninfected system and you should back up this seed on either an offline linux computer or secured paper backup. Everytime you access that encrypted container or use the password for encrypting new items you are feeding the hacker the keys to access all that data on a compromised host.
3) You mentioned you download and install a lot of software which further increases your risks

I would investigate your Windows OS a bit further but ultimately you should wipe it clean and perform a reinstall and treat all your backed up data , all your external cards and drives, and all your pirated software as suspect.

There are trade offs with security but you are better using cold storage or hardware wallets in the future.

 Here is some more info-
https://bitcointalk.org/index.php?topic=858604.0

You should never secure most your bitcoins in a cellphone or primary computer especially if it is a windows host. The good news is that you just spent 220 dollars to find out your computer is compromised and to learn a valuable lesson in security. Not a bad price to pay for such knowledge.

tyz
Legendary
*
Offline Offline

Activity: 1988
Merit: 1124



View Profile
May 02, 2015, 12:49:58 PM
 #58

Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.
jdebunt
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile WWW
May 02, 2015, 01:08:51 PM
 #59

Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley
redsn0w
Legendary
*
Offline Offline

Activity: 1736
Merit: 1040


#Free market


View Profile
May 02, 2015, 01:12:05 PM
 #60

Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.

Hmm... it is really not probable.



Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley

Nah, I do not think the fault is by exchange. Here the problem is the computer (at 99%).
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!