Bitcoin Forum
November 02, 2024, 02:13:41 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
Author Topic: JUST HAD 0.92329 BTC STOLEN - HOW???  (Read 8366 times)
bennybong (OP)
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 11:55:50 AM
 #41

I was running linux. Ubuntu 14
jacktheking
Legendary
*
Offline Offline

Activity: 1484
Merit: 1001


Personal Text Space Not For Sale


View Profile
May 02, 2015, 12:01:51 PM
 #42

I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

So sad! This profile does not appear as the #1 result (on anonymous) Google searches anymore.

Time to be active on the crypto forums again? Proud to be one of the few Legendary members of the Sparkie Red Dot!

Gonna put this on my resume if I ever join a cryptocurrency/blockchain industry!
tokeweed
Legendary
*
Offline Offline

Activity: 4130
Merit: 1461


Life, Love and Laughter...


View Profile
May 02, 2015, 12:03:38 PM
 #43

I think we should all take precautions.  Thanks for the heads up OP.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
Searing
Copper Member
Legendary
*
Offline Offline

Activity: 2898
Merit: 1465


Clueless!


View Profile
May 02, 2015, 12:04:29 PM
 #44

 Me I have 1 copy of a paper wallet for my BTC and 1 copy of a paper wallet of my LTC in the local bank vault. Thats it only copies. I use coinbase to move dust about.
 and rarely use a wallet on my laptop again just dust if at all.

 If I had a wife I could misplace her..thus why above.......they know me at the bank so hell i could even lose the key Smiley

 If my accounts get stolen then something much worse is going on with the blockchain imho Smiley

 I suppose with my luck the 'meteorite' will take out my bank and the vault.....but have all my important docs in the bank anyway so wtf
 will be a clean sweep when i then start sleeping under bridges and riding the rails.... Smiley

Old Style Legacy Plug & Play BBS System. Get it from www.synchro.net. Updated 1/1/2021. It also works with Windows 10 and likely 11 and allows 16 bit DOS game doors on the same Win 10 Machine in Multi-Node! Five Minute Install! Look it over it uninstalls just as fast, if you simply want to look it over. Freeware! Full BBS System! It is a frigging hoot!:)
bennybong (OP)
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:08:57 PM
 #45

I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

Done and done. still can't find evidence of an infection. I use pretty good security and scan my computer twice a week at least. And my IP is never public. Damn. Anyone in the BTC lendng business? I really need that BTC!
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 501



View Profile
May 02, 2015, 12:09:09 PM
 #46

I was running linux. Ubuntu 14

Was this your VM OS or your regular OS that your VM is installed on or both?
What OS was your truecrypt installed on and was it on an isolated computer that wasn't Windows?
Was the VM software pirated?

bennybong (OP)
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:11:32 PM
 #47

Windows 7 and VMware from ecypted container running Ubuntu
bandana
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
May 02, 2015, 12:18:20 PM
 #48

can you send us a screenshot of your transaction log
bennybong (OP)
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:18:55 PM
 #49

I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?
bennybong (OP)
Hero Member
*****
Offline Offline

Activity: 682
Merit: 500



View Profile
May 02, 2015, 12:19:56 PM
 #50

can you send us a screenshot of your transaction log

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks
Light
Hero Member
*****
Offline Offline

Activity: 742
Merit: 502


Circa 2010


View Profile
May 02, 2015, 12:25:06 PM
 #51

I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?

Potentially, but considering that there hasn't been a sudden onslaught of people saying they've lost BTC from their Electrum wallet it leads me to believe your case is more isolated. I take it your running Electrum on Ubuntu on the VM, which would tend to nullify the effects of most wallet stealing malware. Have a look for any RATs - might be that.
Amph
Legendary
*
Offline Offline

Activity: 3248
Merit: 1070



View Profile
May 02, 2015, 12:32:53 PM
 #52

No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 501



View Profile
May 02, 2015, 12:34:13 PM
Last edit: May 02, 2015, 12:49:54 PM by inBitweTrust
 #53

Windows 7 and VMware from ecypted contain running Ubuntu

Aha... that is likely the problem. Sorry for your losses but here is some advice and likely scenarios of how you were hacked.

Scenario 1-
1) Your windows system is rooted or has a keylogging trojan. Here is another tool to scan your OS-
http://usa.kaspersky.com/downloads/TDSSKiller
But be aware that no AV program catches all infections.

2) The hacker was able to compromise your encrypted VMware container by injecting a virus in an unencrypted GRUB bootloader or by simply logging your password that you type into your compromised host OS (windows) .

VM offers a degree of security but mainly protect against keyloggers and infections from within the container leaking over into the Host OS or logging keystrokes from the host OS and not the other way around.

Scenario 2-

1) You installed an infected pirated version of VMware
or
2) You have a vulnerable outdated version of VMware - VMware released security patches for an ESX server hypervisor

Scenario 3-

1) There is a small possibility that ubuntu was directly compromised if you installed some malicious software on it.

redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
May 02, 2015, 12:35:04 PM
 #54

Have you attached an 'infected'  usb key on that computer? Maybe it is this the problem, who knows.



No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably

I do not think, OP can you repeat again the version of the electrum wallet (I can't find it in this thread) thanks.
hedgy73
Legendary
*
Offline Offline

Activity: 1414
Merit: 1077



View Profile
May 02, 2015, 12:40:52 PM
 #55

Sorry for your loss OP I hope the thieves die a slow and painful death, thieving lowlife scum.....
Sarthak
Hero Member
*****
Offline Offline

Activity: 518
Merit: 501

Error 404: there seems to be nothing here.


View Profile
May 02, 2015, 12:41:50 PM
 #56

Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual!
The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet!
Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction? Smiley

inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 501



View Profile
May 02, 2015, 12:43:01 PM
Last edit: May 02, 2015, 12:56:05 PM by inBitweTrust
 #57

I am really sorry for your loss.

Some mistakes you made with security to learn from.

1) You have no physical security or 2fa or hardware wallet securing your bitcoins. VMware doesn't protect you if your host is compromised.
2) You backed up your HD seed digitally in a encrypted container in likely the same computer that was compromised. When creating a wallet, this needs to be done on a completely clean uninfected system and you should back up this seed on either an offline linux computer or secured paper backup. Everytime you access that encrypted container or use the password for encrypting new items you are feeding the hacker the keys to access all that data on a compromised host.
3) You mentioned you download and install a lot of software which further increases your risks

I would investigate your Windows OS a bit further but ultimately you should wipe it clean and perform a reinstall and treat all your backed up data , all your external cards and drives, and all your pirated software as suspect.

There are trade offs with security but you are better using cold storage or hardware wallets in the future.

 Here is some more info-
https://bitcointalk.org/index.php?topic=858604.0

You should never secure most your bitcoins in a cellphone or primary computer especially if it is a windows host. The good news is that you just spent 220 dollars to find out your computer is compromised and to learn a valuable lesson in security. Not a bad price to pay for such knowledge.

tyz
Legendary
*
Offline Offline

Activity: 3360
Merit: 1533



View Profile
May 02, 2015, 12:49:58 PM
 #58

Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.
jdebunt
Legendary
*
Offline Offline

Activity: 1596
Merit: 1010


View Profile WWW
May 02, 2015, 01:08:51 PM
 #59

Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1043


#Free market


View Profile
May 02, 2015, 01:12:05 PM
 #60

Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.

Hmm... it is really not probable.



Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley

Nah, I do not think the fault is by exchange. Here the problem is the computer (at 99%).
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!