|
Sarthak
|
 |
May 02, 2015, 05:43:12 PM |
|
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ... Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV: Sorry for your loss.
The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.
One thing you can do is publish your seed; it does not make sense to keep it private anymore.
..and that the funds were immediately sweeped into the hackers address.
After 1 minute, it is not 'immediately' but he was 'very fast'. Either it was the OP himself or it was someone monitoring OP very closely! Though he denies that people he know don't use bitcoins I think someone very close to him was behind this If his computer was as safe as he stated it here! |
|
|
|
|
|
|
|
|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
Amph
Legendary
 Offline
Activity: 3206
Merit: 1069
|
|
May 02, 2015, 05:48:05 PM |
|
Your running Windows? enough said...
ignorant statement, linux isn't so much better in term of virus and company, and it's not even about the SO here, it's the container apparently |
|
|
|
|
Cinnob0n
Member
Offline
Activity: 116
Merit: 10
-Credits (CRE) Miner/Enthusiast
|
|
May 02, 2015, 06:29:10 PM |
|
Ouch! Make sure to scan your PC.
|
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
May 02, 2015, 06:46:13 PM |
|
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address. I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth. That's not a brand new wallet: I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!
|
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
May 02, 2015, 06:51:46 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine |
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 07:06:56 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine It isn't and neither is the entropy generated from a live linux cd either... but it would still be a very rare and odd attack because enough entropy is typically realized. |
|
|
|
Quickseller
Copper Member
Legendary
Offline
Activity: 2870
Merit: 2298
|
|
May 02, 2015, 07:11:17 PM |
|
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address. I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth. That's not a brand new wallet: I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!
Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy |
|
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 07:20:13 PM
Last edit: May 02, 2015, 09:09:13 PM by inBitweTrust |
|
It is odd that the hacker is wasting his time taunting the victim as well with such a small amount. The hacker could be a sick loser I suppose that enjoys trolling.
In any which case I do not mind helping investigate and troubleshoot security for victims but it is a bad idea to reward those that practice bad security(SPV in Vmware on a windows box is poor security) when there are so many charities that are far more deserving.
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
May 02, 2015, 07:25:21 PM |
|
After 1 minute, it is not 'immediately' but he was 'very fast'.
Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal. So most probably the OP is not 'kidding' and he really lost those 0.92329 bitcoins. However the bitcoin is still in the last address ( TAG: aLL bTc in my handz SWX) from about 5 hours. |
|
|
|
|
|
MakingMoneyHoney
|
|
May 02, 2015, 07:39:29 PM |
|
So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?
|
|
|
|
|
|
inBitweTrust
|
|
May 02, 2015, 07:48:35 PM |
|
So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?
Very unlikely as the SSL certs would have to be compromised, but perhaps a hidden bug that is making electrum work completely differently than designed. |
|
|
|
|
fryarminer
|
|
May 02, 2015, 07:57:18 PM |
|
Hey OP, what does "SWX" mean? Does it mean anything to you? 3lectruM fail. More2come SWX
aLL bTc in my handz SWX
|
|
|
|
|
|
Beliathon
|
|
May 02, 2015, 08:08:34 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Pretty strong. i use truerypt Damn that really sucks. I don't know what to tell you, other than the obvious: There's really no substitute for cold storage I personally never played with Electrum because I only trust cold storage. |
|
|
|
unamis76
Legendary
Offline
Activity: 1512
Merit: 1005
|
|
May 02, 2015, 08:58:24 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Pretty strong. i use truerypt Damn that really sucks. I don't know what to tell you, other than the obvious: There's really no substitute for cold storage I personally never played with Electrum because I only trust cold storage. And Electrum + Cold Storage is also a possibility... |
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
May 02, 2015, 09:02:45 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Pretty strong. i use truerypt Damn that really sucks. I don't know what to tell you, other than the obvious: There's really no substitute for cold storage I personally never played with Electrum because I only trust cold storage. And Electrum + Cold Storage is also a possibility... Simple... simple | a cold storage is an address generated offline (or better on an offline pc) so the use of the wallet is 'relative'. You can generate the coin also with another client/wallet , the important thing is "that the device/machine * must* be offline (better It should never be connected to the Internet *never*). |
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
May 02, 2015, 09:15:57 PM |
|
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption? Pretty strong. i use truerypt Damn that really sucks. I don't know what to tell you, other than the obvious: There's really no substitute for cold storage I personally never played with Electrum because I only trust cold storage. And Electrum + Cold Storage is also a possibility... Correct. You just have to make sure you generate the seed on a machine that has never been online and never will be. |
|
|
|
|
Beliathon
|
|
May 02, 2015, 09:27:46 PM |
|
Correct. You just have to make sure you generate the
seed on a machine that has never been online and never will be. Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again. This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine! |
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
May 02, 2015, 09:33:21 PM |
|
Correct. You just have to make sure you generate the
seed on a machine that has never been online and never will be. Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again. This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine! There is an attack vector where your machine could get corrupted while online and then use pre-determined random numbers or a set of seeds known to an attacker. So at that point it doesn't matter if the machine is offline, the attacker caused the victim to unwittingly use a known seed/private key which the attack is monitoring. Note that you could mitigate this attack by rolling dice or flipping coins which the ultra-paranoid should be doing anyway. |
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
May 03, 2015, 12:20:59 AM |
|
Another question: How long has the wallet been used? When is the last time you receive coins with this wallet?
The receiving address has never been used, it seems the key for that specific address was already compromised before the transaction happened. Since all the addresses in an Electrum wallet are generated by the same seed, it is very likely that the seed was compromised
|
|
|
|
|
bennybong (OP)
|
|
May 03, 2015, 06:35:40 AM |
|
Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy
Incorrect check my previous post. I am very computer literate and often very careful with my BTC. No idea what SWX is, like I said, no one I kno knows I have any bit coin or what they even are! NO one has access to my PC. I've spent all night formatting and re-installing everything but I still can't work out if I was compromised or not.... Running in a VM with no other program except Tor and all unnecessary services disabled. I'm stumped. And in a real tricky situation because I needed that BTC more than you can imagine. FML |
|
|
|
|
|
