|
jdany (OP)
|
 |
July 09, 2015, 05:31:37 PM |
|
I've been away for about a month. Most of my equipment was idle during that time.
I had my bitcoin-qt wallet open. I just changed batteries out in my mouse on that machine and I noticed a transaction on the 7th that drained my wallet.
I have no idea how it happened. I'm lost.
I had btc spread over 4 different addresses.
They were all drained, so, I know it was from this computer or from a backup of this wallet.
But, I can't figure out how.
I have a passcode on the wallet.
So, someone would have gotten access to my computer remotely, or in person.
And, gotten my passcode somehow to transfer this out.
Both are pretty unlikely.
I'm so confused.
0.10.0
---> 1C9z6tzLVMySeBoTgfW1Nbcpzf7iNwBrDe
|
|
|
|
|
|
|
|
|
|
|
|
The forum was founded in 2009 by Satoshi and Sirius. It replaced a
SourceForge forum.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
notlist3d
Legendary
 Offline
Activity: 1456
Merit: 1000
|
|
July 09, 2015, 05:51:40 PM |
|
I've been away for about a month. Most of my equipment was idle during that time.
I had my bitcoin-qt wallet open. I just changed batteries out in my mouse on that machine and I noticed a transaction on the 7th that drained my wallet.
I have no idea how it happened. I'm lost.
I had btc spread over 4 different addresses.
They were all drained, so, I know it was from this computer or from a backup of this wallet.
But, I can't figure out how.
I have a passcode on the wallet.
So, someone would have gotten access to my computer remotely, or in person.
And, gotten my passcode somehow to transfer this out.
Both are pretty unlikely.
I'm so confused.
0.10.0
---> 1C9z6tzLVMySeBoTgfW1Nbcpzf7iNwBrDe
The address mentioned has been cleaned out - https://blockchain.info/address/1C9z6tzLVMySeBoTgfW1Nbcpzf7iNwBrDe . It has 81 conformations so it's to late to try to stop it. Sadly it is gone. I would run some anti-virus and malaware scans. There is a good chance something is on your computer. If your going to use a wallet on a computer you use for everyday things you really need 2 factor authentication. Assuming your passcode was the same and did not chance. A virus/malware could get the passcode and then proceed to steal BTC. Sadly "bad guys" target crypto wallets. |
|
|
|
|
|
|
|
Twipple
|
|
July 09, 2015, 10:18:00 PM |
|
Likely has to be some sort of virus that got on your system. This is definitely one of the serious problems bitcoin faces indirectly. Would suggest getting a mac as that is likely more secure than windows. Did you have a non-password protected back on some other system ?
|
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
July 09, 2015, 10:44:17 PM |
|
Likely has to be some sort of virus that got on your system. This is definitely one of the serious problems bitcoin faces indirectly. Would suggest getting a mac as that is likely more secure than windows. Did you have a non-password protected back on some other system ?
It's not a mac/windows thing. It's running a hot wallet on a computer that you use everyday. Its horrible security for a wallet. This is why there is cold storage and hardware wallets. I feel bad for OP. But him and others instead of sending to another OS send to cold storage. |
|
|
|
|
|
Twipple
|
|
July 09, 2015, 10:59:17 PM |
|
Likely has to be some sort of virus that got on your system. This is definitely one of the serious problems bitcoin faces indirectly. Would suggest getting a mac as that is likely more secure than windows. Did you have a non-password protected back on some other system ?
It's not a mac/windows thing. It's running a hot wallet on a computer that you use everyday. Its horrible security for a wallet. This is why there is cold storage and hardware wallets. I feel bad for OP. But him and others instead of sending to another OS send to cold storage. It isn't , but using the mac for bitcoin wallets is better than windows as it offers better security to these viruses , therefore a hot wallet installed on a mac is less likely to be hacked because of any virus. |
|
|
|
|
gogxmagog
Legendary
Offline
Activity: 1456
Merit: 1010
Ad maiora!
|
|
July 09, 2015, 11:59:37 PM |
|
Likely has to be some sort of virus that got on your system. This is definitely one of the serious problems bitcoin faces indirectly. Would suggest getting a mac as that is likely more secure than windows. Did you have a non-password protected back on some other system ?
It's not a mac/windows thing. It's running a hot wallet on a computer that you use everyday. Its horrible security for a wallet. This is why there is cold storage and hardware wallets. I feel bad for OP. But him and others instead of sending to another OS send to cold storage. It isn't , but using the mac for bitcoin wallets is better than windows as it offers better security to these viruses , therefore a hot wallet installed on a mac is less likely to be hacked because of any virus. I think thats not a good attitude to take, since the landscape is always changing. true, macs used to be pretty safe from virus, but that was back when they made up only 5% of the market share for home computers. There are a lot more mac users now and the hackers have been developing new improved mac-fiendish malwares for a while now. I've heard macs are good for one thing though, Ive heard that it is easier to put harder to detect malware on them since there is a serious derth of anti-virus development going on over there in The land of Jobs. and to OP; sorry about your loss, happened to me last year because I got over confident and lazy. felt like getting kicked in the stomach. believe it or not I have managed to climb back up and almost have replaced what I lost (it was just under what you lost and that's a lot!) anyways, first thing i did was invest 60$ in a hardware wallet. I sleep securely now knowing my hoard is safe. be brave friend. dont take any theft personally. |
|
|
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
July 10, 2015, 12:57:33 AM |
|
No offense to you or anyone else. But I suggest people not buying hardware wallet or devices to make hardware wallets second hand. Chances are it's a little over protective, but it defeats the purpose of cold storage if someone before you had access to the device before you. |
|
|
|
|
Herbert2020
Legendary
Offline
Activity: 1946
Merit: 1137
|
|
July 10, 2015, 03:13:14 AM |
|
sorry to hear that, it really sucks to lose bitcoin this way.
did you have a decent antivirus and anti malware on your computer?
you may even have a keylogger on your computer so it could steal your password that you put in.
|
Weak hands have been complaining about missing out ever since bitcoin was $1 and never buy the dip.
Whales are those who keep buying the dip.
|
|
|
ausbit
Legendary
Offline
Activity: 1330
Merit: 1019
|
|
July 10, 2015, 03:28:03 AM |
|
No offense to you or anyone else. But I suggest people not buying hardware wallet or devices to make hardware wallets second hand. Chances are it's a little over protective, but it defeats the purpose of cold storage if someone before you had access to the device before you. No offence taken, i thought about this when contemplating on selling it. I wouldn't personally have any clue on how to manipulate the devise so as to steal private keys but i am sure some people will know how. If anyone buying it was concerned about malware they could always check it personally at https://mycelium.com/assets/entropy/me.htmlFrom the site regarding security: If you do not trust your Mycelium Entropy device and believe it may be backdoored, then this feature, sometimes also referred to as Diceware, is for you. It lets you add your own entropy (salt) to the mix so that: • even though the salt is entered on your computer into settings.txt in a generally insecure way, its leakage does not compromise your key; • if the device’s RNG is rigged in an undetectable way, your key is still secure because of the salt; • the algorithm’s implementation is easily verified. The current implementation is fairly simple and is called Type-1 salt. A more advanced algorithm has been proposed but has not been implemented yet. • Salt is a string of up to 32 bytes, which is entered in hexadecimal after the salt1 keyword in settings.txt. It must contain a whole number of bytes, that is, an even number of hexadecimal digits, up to 64. • Entropy is a 32-byte random number generated by Mycelium Entropy. • Key = SHA-256 ( Salt || Entropy ), where || denotes concatenation. o In the HD case, the first 128 bits of Key are used to construct the BIP-39 mnemonic. • Entropy is printed alongside the private/public key pair for your verification. |
|
|
|
|
notlist3d
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
July 10, 2015, 05:01:54 AM |
|
No offense to you or anyone else. But I suggest people not buying hardware wallet or devices to make hardware wallets second hand. Chances are it's a little over protective, but it defeats the purpose of cold storage if someone before you had access to the device before you. No offence taken, i thought about this when contemplating on selling it. I wouldn't personally have any clue on how to manipulate the devise so as to steal private keys but i am sure some people will know how. If anyone buying it was concerned about malware they could always check it personally at https://mycelium.com/assets/entropy/me.htmlFrom the site regarding security: If you do not trust your Mycelium Entropy device and believe it may be backdoored, then this feature, sometimes also referred to as Diceware, is for you. It lets you add your own entropy (salt) to the mix so that: • even though the salt is entered on your computer into settings.txt in a generally insecure way, its leakage does not compromise your key; • if the device’s RNG is rigged in an undetectable way, your key is still secure because of the salt; • the algorithm’s implementation is easily verified. The current implementation is fairly simple and is called Type-1 salt. A more advanced algorithm has been proposed but has not been implemented yet. • Salt is a string of up to 32 bytes, which is entered in hexadecimal after the salt1 keyword in settings.txt. It must contain a whole number of bytes, that is, an even number of hexadecimal digits, up to 64. • Entropy is a 32-byte random number generated by Mycelium Entropy. • Key = SHA-256 ( Salt || Entropy ), where || denotes concatenation. o In the HD case, the first 128 bits of Key are used to construct the BIP-39 mnemonic. • Entropy is printed alongside the private/public key pair for your verification. Just speaking from cold storage it really does cause possible issues getting second hand. This is why hardware wallets such as Trezor have stickers showing if it was even opened. And I'm not saying your a bad guy. Just in general people should stay far away from secondhand hardware wallets or devices used to create them. Its just good general security. |
|
|
|
|
sgk
Legendary
Offline
Activity: 1470
Merit: 1002
!! HODL !!
|
|
July 10, 2015, 07:40:05 AM |
|
....
They were all drained, so, I know it was from this computer or from a backup of this wallet.
....
You mentioned wallet backups. How many backups did you make and where did you store them? You know where I'm heading: If you stored the wallet backups away from your computer (cloud storage, email drafts etc.), there is a possibility that someone got access to your wallet and used it to transfer funds. In that case they don't necessarily have to gain access to your computer. |
|
|
|
|
ausbit
Legendary
Offline
Activity: 1330
Merit: 1019
|
|
July 10, 2015, 11:33:32 AM |
|
No offense to you or anyone else. But I suggest people not buying hardware wallet or devices to make hardware wallets second hand. Chances are it's a little over protective, but it defeats the purpose of cold storage if someone before you had access to the device before you. No offence taken, i thought about this when contemplating on selling it. I wouldn't personally have any clue on how to manipulate the devise so as to steal private keys but i am sure some people will know how. If anyone buying it was concerned about malware they could always check it personally at https://mycelium.com/assets/entropy/me.htmlFrom the site regarding security: If you do not trust your Mycelium Entropy device and believe it may be backdoored, then this feature, sometimes also referred to as Diceware, is for you. It lets you add your own entropy (salt) to the mix so that: • even though the salt is entered on your computer into settings.txt in a generally insecure way, its leakage does not compromise your key; • if the device’s RNG is rigged in an undetectable way, your key is still secure because of the salt; • the algorithm’s implementation is easily verified. The current implementation is fairly simple and is called Type-1 salt. A more advanced algorithm has been proposed but has not been implemented yet. • Salt is a string of up to 32 bytes, which is entered in hexadecimal after the salt1 keyword in settings.txt. It must contain a whole number of bytes, that is, an even number of hexadecimal digits, up to 64. • Entropy is a 32-byte random number generated by Mycelium Entropy. • Key = SHA-256 ( Salt || Entropy ), where || denotes concatenation. o In the HD case, the first 128 bits of Key are used to construct the BIP-39 mnemonic. • Entropy is printed alongside the private/public key pair for your verification. Just speaking from cold storage it really does cause possible issues getting second hand. This is why hardware wallets such as Trezor have stickers showing if it was even opened. And I'm not saying your a bad guy. Just in general people should stay far away from secondhand hardware wallets or devices used to create them. Its just good general security. I understand that you pribably know much more about btc security than myself but can i ask why if even the entropy had been tapered with why would the option they give you to add your own diceware not work? The entropy device i purchased did have a tamper proof sticker on it when i got it but that has obvioulsy been removed by myself. I would not expect anyone just to take my word that it has not been tampered with, you do give good advise |
|
|
|
|
|
