Blazr
|
|
May 02, 2015, 04:40:37 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Yes I was thinking that it could be a problem with low entropy. Electrum uses /dev/urandom to generate seeds (with some filtering IIRC). /dev/urandom doesn't work so good in a VM, and if you are doing encryption in the VM too then you are gonig to deplete the entropy further. I wonder if it could be that OP's wallet was generated using poor entropy, and a hacker out there trying to crack weak seeds managed to crack the seed, much like the johoe bc.info hack. It's less likely though as the /dev/urandom in Ubuntu is pretty good, and probably safe enough, but I wonder if VMWare could change that or maybe even specifically the OP's VMWare configuration, as the LRNG uses lots of hardware inputs to make entropy. In any case I think the most likely scenario is that OP's machine is infected or the hacker found a backup or got the wallet some way like that.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1530
No I dont escrow anymore.
|
|
May 02, 2015, 04:43:33 PM |
|
Two things. #1 OP move this into the Electrum section please. This will make sure people with more knowledge about Electrum will read the thread. The option to move a thread is at the lower left of the page. -> https://bitcointalk.org/index.php?board=98.0#2 Isnt Electrum 2 still in beta?
|
Im not really here, its just your imagination.
|
|
|
bronan
|
|
May 02, 2015, 04:44:07 PM |
|
you mean a quote like : like like like like like like like like like like like like like
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 02, 2015, 04:44:36 PM |
|
I'm quoting myself : aLL bTc in my handz SWX ( https://blockchain.info/it/address/14GhadwWV4uaoxWZcNrnU3zWkTrtHbCF2T). Electrum seed is different than the passphrase of a brainwallet, or am I wrong?
It is different, however it can be cracked in the same way, for example if you made up your own seed, one that is easy to remember, people often do things like this and if you do that it likely won't be very random and is vulnerable like a brainwallet. It is also possible that the hacker found the wallet file and noticed it was empty, so he set up his PC to sweep it once funds were transferred to it. But it is so complicated to 'find' or crack 12 words (the electrum seed). Wait, are you quoting your forum message or are you quoting "your" tag? Sorry for your loss OP. But I have a feeling this is done by a troll that might give it back eventually. With " I'm quoting " I meant , quote my previous post because I thought the 'hacker' or who is managing the funds would be add surely the blockchain.info tag. But it is so complicated to 'find' or crack 12 words (the electrum seed).
If your twelve words are all the same word it isn't. Sometimes people "pick" their own seeds that are weaker. In that case it is very easy, but usually it is the wallet (itself) that generete the 12 words as seed and you can't decide (or better can't modify) those words.
|
|
|
|
bronan
|
|
May 02, 2015, 04:44:48 PM |
|
nope looks like an official release
Well its possible that one would get the same one but its very unlikey given the possible combinations. But i remember on safe seller putting a large sum for those who could open it with a bunch of numbers they asumed it would never happen. The funny thing is a nice woman just did the lucky guess and got it out
|
|
|
|
unamis76
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
May 02, 2015, 04:45:04 PM |
|
Sorry for your loss. This is pretty odd... I highly doubt of an error in Electrum (if it was, the hackers would have many stolen Bitcoin right now), this was more a targeted attack, or so it seems.
More info about OP's setup would be needed... VM software, recently installed programs, weird wallet behavior in the last few days, possibility of infected USB's...
|
|
|
|
randayh
|
|
May 02, 2015, 04:48:40 PM |
|
Your running Windows? enough said...
|
|
|
|
bennybong (OP)
|
|
May 02, 2015, 04:49:09 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Pretty strong. i use truerypt
|
|
|
|
rokkyroad
Legendary
Offline
Activity: 1090
Merit: 1000
|
|
May 02, 2015, 04:51:17 PM |
|
Always a good idea to use chkrootkit in linux installs. Install it, open a terminal, enter sudo chkrootkit
It should show you anything suspicious.
|
" If you have to spam and shout to justify your existence then you are a shit coin." TaunSew
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
May 02, 2015, 05:06:53 PM |
|
Sorry to hear about it OP.
There's really no substitute for cold storage I guess.
Still, I have some coins in my online PC with electrum and they are still there.
Like someone said, strange they were moved within a minute of getting received...seems to be a clue.
|
|
|
|
Sarthak
|
|
May 02, 2015, 05:12:23 PM |
|
Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual! The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet! Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction? I'm really confused about this theft! How the hell did the hacker steal the coin? Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 05:18:02 PM |
|
I'm really confused about this theft! How the hell did the hacker steal the coin? Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!
Or he was compromised in one of many other ways we have been discussing. Just because someone doesn't think they were compromised in certain ways doesn't make it so. Its not like his coins were stored securely either. They were on a windows box, using an SPV client, and likely had pirated software. This doesn't constitute secure by any means.
|
|
|
|
bronan
|
|
May 02, 2015, 05:18:17 PM |
|
Or through the fake emails with so called offers and other crap which have an jar attached to steal anyones coins I had hundreds of them and all get deleted before even reaching any of the people who open emails There are so many ways people can infiltrate computers these days, even some alt-coins are released containing wallet stealers. The list is darn long with the ways criminals have invented to steal. I caught several mining trojans as well which where using the cpu/gpu of my friends computers
Sorry for your loss
|
|
|
|
Sarthak
|
|
May 02, 2015, 05:20:46 PM |
|
I'm really confused about this theft! How the hell did the hacker steal the coin? Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!
Or he was compromised in one of many other ways we have been discussing. Just because someone doesn't think they were compromised in certain ways doesn't make it so. Its not like his coins were stored securely either. They were on a windows box, using an SPV client, and likely had pirated software. This doesn't constitute secure by any means. I am not a technical guy but as I read the thread whatever you guys ask OP gives a positive answer! Makes me think he stored it in a 100% secure way! But I am learning.. Nothing is perfect!
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
May 02, 2015, 05:24:34 PM |
|
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so. The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 02, 2015, 05:27:19 PM |
|
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so. The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default. He (the op) said : can you send us a screenshot of your transaction log
Which one? From electrum? Or to electrum - because that came from an exchange.Thanks This is the transaction id: https://blockchain.info/it/tx/5cc872a7dc9bebb03290e9d537d57eba51056e764483a4f4ef4f6bc2bac66e0fSo I do not know if the OP is trolling or if he has really lost those bitcoins.
|
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2982
Merit: 2371
|
|
May 02, 2015, 05:29:27 PM |
|
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so. The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default. He (the op) said : can you send us a screenshot of your transaction log
Which one? From electrum? Or to electrum - because that came from an exchange.Thanks This is the transaction id: https://blockchain.info/it/tx/5cc872a7dc9bebb03290e9d537d57eba51056e764483a4f4ef4f6bc2bac66e0fSo I do not know if the OP is trolling or if he has really lost those bitcoins. Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
|
|
|
|
Blazr
|
|
May 02, 2015, 05:34:00 PM |
|
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address. I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1043
#Free market
|
|
May 02, 2015, 05:35:07 PM |
|
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ... Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV: Sorry for your loss.
The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you; he was probably running a script waiting for some coins to land on compromised or weak private keys.
One thing you can do is publish your seed; it does not make sense to keep it private anymore.
..and that the funds were immediately sweeped into the hackers address.
After 1 minute, it is not 'immediately' but he was 'very fast'.
|
|
|
|
Blazr
|
|
May 02, 2015, 05:37:52 PM |
|
After 1 minute, it is not 'immediately' but he was 'very fast'.
Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.
|
|
|
|
|