bennybong (OP)
|
|
May 02, 2015, 11:55:50 AM |
|
I was running linux. Ubuntu 14
|
|
|
|
jacktheking
Legendary
Offline
Activity: 1484
Merit: 1001
Personal Text Space Not For Sale
|
|
May 02, 2015, 12:01:51 PM |
|
I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.
|
So sad! This profile does not appear as the #1 result (on anonymous) Google searches anymore.
Time to be active on the crypto forums again? Proud to be one of the few Legendary members of the Sparkie Red Dot!
Gonna put this on my resume if I ever join a cryptocurrency/blockchain industry!
|
|
|
tokeweed
Legendary
Offline
Activity: 4130
Merit: 1461
Life, Love and Laughter...
|
|
May 02, 2015, 12:03:38 PM |
|
I think we should all take precautions. Thanks for the heads up OP.
|
|
|
|
R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████ ██████████▀▄▀▀▀████ ████████▀▄▀██░░░███ ██████▀▄███▄▀█▄▄▄██ ███▀▀▀▀▀▀█▀▀▀▀▀▀███ ██░░░░░░░░█░░░░░░██ ██▄░░░░░░░█░░░░░▄██ ███▄░░░░▄█▄▄▄▄▄████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████ ▀████████ ░░▀██████ ░░░░▀████ ░░░░░░███ ▄░░░░░███ ▀█▄▄▄████ ░░▀▀█████ ▀▀▀▀▀▀▀▀▀ | █████████ ░░░▀▀████ ██▄▄▀░███ █░░█▄░░██ ░████▀▀██ █░░█▀░░██ ██▀▀▄░███ ░░░▄▄████ ▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄ ▀█▀▄▀▀▄▀█▀ ▄▄░░▄█░██░█▄░░▄▄ ▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄ ▀▄█░███▄█▄▄█▄███░█▄▀ ▀▀█░░░▄▄▄▄░░░█▀▀ █░░██████░░█ █░░░░▀▀░░░░█ █▀▄▀▄▀▄▀▄▀▄█ ▄░█████▀▀█████░▄ ▄███████░██░███████▄ ▀▀██████▄▄██████▀▀ ▀▀████████▀▀ | . ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀ ███▀▄▀█████████████████▀▄▀ █████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀ ███████▀▄▀██████░█▄▄▄▄▄▄▄▄ █████████▀▄▄░███▄▄▄▄▄▄░▄▀ ████████████░███████▀▄▀ ████████████░██▀▄▄▄▄▀ ████████████░▀▄▀ ████████████▄▀ ███████████▀ | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀▄▄███████▄▄▀███▄ ▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄ ▄██▀▄███░░░▀████░███▄▀██▄ ███░████░░░░░▀██░████░███ ███░████░█▄░░░░▀░████░███ ███░████░███▄░░░░████░███ ▀██▄▀███░█████▄░░███▀▄██▀ ▀██▄▀█▄▄▄██████▄██▀▄██▀ ▀███▄▀▀███████▀▀▄███▀ ▀████▄▄▄▄▄▄▄████▀ ▀▀███████▀▀ | | OFFICIAL PARTNERSHIP SOUTHAMPTON FC FAZE CLAN SSC NAPOLI |
|
|
|
Searing
Copper Member
Legendary
Offline
Activity: 2898
Merit: 1465
Clueless!
|
|
May 02, 2015, 12:04:29 PM |
|
Me I have 1 copy of a paper wallet for my BTC and 1 copy of a paper wallet of my LTC in the local bank vault. Thats it only copies. I use coinbase to move dust about. and rarely use a wallet on my laptop again just dust if at all. If I had a wife I could misplace her..thus why above.......they know me at the bank so hell i could even lose the key If my accounts get stolen then something much worse is going on with the blockchain imho I suppose with my luck the 'meteorite' will take out my bank and the vault.....but have all my important docs in the bank anyway so wtf will be a clean sweep when i then start sleeping under bridges and riding the rails....
|
Old Style Legacy Plug & Play BBS System. Get it from www.synchro.net. Updated 1/1/2021. It also works with Windows 10 and likely 11 and allows 16 bit DOS game doors on the same Win 10 Machine in Multi-Node! Five Minute Install! Look it over it uninstalls just as fast, if you simply want to look it over. Freeware! Full BBS System! It is a frigging hoot!:)
|
|
|
bennybong (OP)
|
|
May 02, 2015, 12:08:57 PM |
|
I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.
Done and done. still can't find evidence of an infection. I use pretty good security and scan my computer twice a week at least. And my IP is never public. Damn. Anyone in the BTC lendng business? I really need that BTC!
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 12:09:09 PM |
|
I was running linux. Ubuntu 14
Was this your VM OS or your regular OS that your VM is installed on or both? What OS was your truecrypt installed on and was it on an isolated computer that wasn't Windows? Was the VM software pirated?
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 12:11:32 PM |
|
Windows 7 and VMware from ecypted container running Ubuntu
|
|
|
|
bandana
|
|
May 02, 2015, 12:18:20 PM |
|
can you send us a screenshot of your transaction log
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 12:18:55 PM |
|
I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 12:19:56 PM |
|
can you send us a screenshot of your transaction log
Which one? From electrum? Or to electrum - because that came from an exchange. Thanks
|
|
|
|
Light
|
|
May 02, 2015, 12:25:06 PM |
|
I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?
Potentially, but considering that there hasn't been a sudden onslaught of people saying they've lost BTC from their Electrum wallet it leads me to believe your case is more isolated. I take it your running Electrum on Ubuntu on the VM, which would tend to nullify the effects of most wallet stealing malware. Have a look for any RATs - might be that.
|
|
|
|
Amph
Legendary
Offline
Activity: 3248
Merit: 1070
|
|
May 02, 2015, 12:32:53 PM |
|
No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website
you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent otherwise there must be something wrong with electrum, a bug probably
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 12:34:13 PM Last edit: May 02, 2015, 12:49:54 PM by inBitweTrust |
|
Windows 7 and VMware from ecypted contain running Ubuntu
Aha... that is likely the problem. Sorry for your losses but here is some advice and likely scenarios of how you were hacked. Scenario 1- 1) Your windows system is rooted or has a keylogging trojan. Here is another tool to scan your OS- http://usa.kaspersky.com/downloads/TDSSKillerBut be aware that no AV program catches all infections. 2) The hacker was able to compromise your encrypted VMware container by injecting a virus in an unencrypted GRUB bootloader or by simply logging your password that you type into your compromised host OS (windows) . VM offers a degree of security but mainly protect against keyloggers and infections from within the container leaking over into the Host OS or logging keystrokes from the host OS and not the other way around. Scenario 2- 1) You installed an infected pirated version of VMware or 2) You have a vulnerable outdated version of VMware - VMware released security patches for an ESX server hypervisor Scenario 3- 1) There is a small possibility that ubuntu was directly compromised if you installed some malicious software on it.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 02, 2015, 12:35:04 PM |
|
Have you attached an 'infected' usb key on that computer? Maybe it is this the problem, who knows. No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website
you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent otherwise there must be something wrong with electrum, a bug probably I do not think, OP can you repeat again the version of the electrum wallet (I can't find it in this thread) thanks.
|
|
|
|
hedgy73
Legendary
Offline
Activity: 1414
Merit: 1077
|
|
May 02, 2015, 12:40:52 PM |
|
Sorry for your loss OP I hope the thieves die a slow and painful death, thieving lowlife scum.....
|
|
|
|
Sarthak
|
|
May 02, 2015, 12:41:50 PM |
|
Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual! The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet! Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction?
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 12:43:01 PM Last edit: May 02, 2015, 12:56:05 PM by inBitweTrust |
|
I am really sorry for your loss. Some mistakes you made with security to learn from. 1) You have no physical security or 2fa or hardware wallet securing your bitcoins. VMware doesn't protect you if your host is compromised. 2) You backed up your HD seed digitally in a encrypted container in likely the same computer that was compromised. When creating a wallet, this needs to be done on a completely clean uninfected system and you should back up this seed on either an offline linux computer or secured paper backup. Everytime you access that encrypted container or use the password for encrypting new items you are feeding the hacker the keys to access all that data on a compromised host. 3) You mentioned you download and install a lot of software which further increases your risks I would investigate your Windows OS a bit further but ultimately you should wipe it clean and perform a reinstall and treat all your backed up data , all your external cards and drives, and all your pirated software as suspect. There are trade offs with security but you are better using cold storage or hardware wallets in the future. Here is some more info- https://bitcointalk.org/index.php?topic=858604.0You should never secure most your bitcoins in a cellphone or primary computer especially if it is a windows host. The good news is that you just spent 220 dollars to find out your computer is compromised and to learn a valuable lesson in security. Not a bad price to pay for such knowledge.
|
|
|
|
tyz
Legendary
Offline
Activity: 3360
Merit: 1533
|
|
May 02, 2015, 12:49:58 PM |
|
Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.
|
|
|
|
jdebunt
Legendary
Offline
Activity: 1596
Merit: 1010
|
|
May 02, 2015, 01:08:51 PM |
|
Or to electrum - because that came from an exchange.
Which exchange, if I may ask? The culprit might be on that end as well...
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 02, 2015, 01:12:05 PM |
|
Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.
Hmm... it is really not probable. Or to electrum - because that came from an exchange.
Which exchange, if I may ask? The culprit might be on that end as well... Nah, I do not think the fault is by exchange. Here the problem is the computer (at 99%).
|
|
|
|
|