|
Cdecker (OP)
|
 |
September 28, 2012, 08:10:39 PM |
|
Well, just to prove that even long time members are not secure from being stupid. My wallet has just been cleared out: At first I thought maybe it's just an old transaction that has only now been submitted, but I can't find any wallet of mine that owns those keys. I had my wallet encrypted, but this was apparently an old backup of my wallet that I must have stored somewhere. Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow? |
|
|
|
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
eb3full
VIP
Full Member
 Offline
Activity: 198
Merit: 101
|
 |
September 28, 2012, 08:11:26 PM |
|
You're pretty much screwed. :\
|
"With four parameters I can fit an elephant, and with five I can make him wiggle his trunk." John von Neumann
buy me beer: 1HG9cBBYME4HUVhfAqQvW9Vqwh3PLioHcU
|
|
|
|
Cdecker (OP)
|
|
September 28, 2012, 08:12:50 PM |
|
You're pretty much screwed. :\
Yep, that much I knew already. |
|
|
|
augustocroppo
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
September 28, 2012, 08:17:42 PM |
|
Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?
Before any further steps to investigate the transactions, you have to prove that you owned the stolen funds. |
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
September 28, 2012, 08:18:02 PM |
|
I feel bad for you  |
|
|
|
|
|
Severian
|
|
September 28, 2012, 08:19:15 PM |
|
That sucks, bro.
If it's any consolation (probably not), I heard a story on this forum once about a guy that formatted a drive with tens of thousands of coins on it. He said the worst part was his wife knowing about it.
|
|
|
|
|
|
Cdecker (OP)
|
|
September 28, 2012, 08:19:15 PM |
|
Before any further steps to investigate the transactions, you have to prove that you owned the stolen funds.
Well that shouldn't be too hard, I can sign a message with the private key belonging to one of the addresses. But I don't see that doing any good. |
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
September 28, 2012, 08:41:20 PM |
|
Is this incident somehow related to this?: Well I was wondering how long it would take for people to notice. It's me  And no I am not putting lots of hashing power to the network, notice that it just says "relayed by" and not "mined by". I'm performing some measurements, paper is due in a few weeks. |
|
|
|
|
BC12345
Newbie
Offline
Activity: 57
Merit: 0
|
|
September 28, 2012, 08:42:30 PM
Last edit: September 28, 2012, 08:53:53 PM by BC12345 |
|
It might just be a coincidence and will not improve your situation, but there was a discussion today https://bitcointalk.org/index.php?topic=113654.40and then someone found this http://82.130.102.160/Probably because of the name "BitThief", people started speculating over the purpose of this program so I posted a link to your members page at the ethz to point out that this program is not related to bitcoins. A few minutes later I replaced the link with the following http://bitthief.ethz.ch/This happened about an hour before the transaction of your funds. As I said before, this might be a coincidence but I am really sorry if I have drawn attention to you and your funds. |
|
|
|
|
flatfly
Legendary
Offline
Activity: 1078
Merit: 1011
760930
|
|
September 28, 2012, 08:43:00 PM |
|
Is your computer infected? Did you notice anything unusual? Did you run a full AV scan?
|
|
|
|
|
jgarzik
Legendary
Offline
Activity: 1596
Merit: 1091
|
|
September 28, 2012, 08:44:30 PM |
|
Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?
Figure out how it happened, gather details, file a police and FBI cybercrimes report. Make sure the method of theft is not still open. |
Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
|
|
|
|
apetersson
|
|
September 28, 2012, 08:49:49 PM |
|
was there any connection with the university IP and the wallet?
|
|
|
|
|
|
caffeinewriter
|
|
September 28, 2012, 08:56:47 PM
Last edit: September 28, 2012, 09:15:07 PM by caffeinewriter |
|
It might just be a coincidence and will not improve your situation, but there was a discussion today https://bitcointalk.org/index.php?topic=113654.40and then someone found this http://82.130.102.160/Probably because of the name "BitThief", people started speculating over the purpose of this program so I posted a link to your members page at the ethz to point out that this programm is not related to bitcoins. A few minutes later I replaced the link with the following http://bitthief.ethz.ch/This happened about an hour before the transaction of your funds. As I said before, this might be a coincidence but I am really sorry if I have drawn attention to you and your funds. Downloaded, ran in a sandbox, no processes spawned except for BitThief itself, which is a purely leeching torrent client. Stupid and pointless, but not a wallet stealer. Running in ANUBIS to see if I missed something locally. And here's something to cheer you up.  UPDATE: Yeah, BitThief does jack shit with bitcoins. The only similarity it shares is that it's P2P |
|
|
|
Atlas
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
September 28, 2012, 09:01:27 PM |
|
Cry, OP. Just let it all out.
You're not getting a dime back. The FBI won't care.
|
|
|
|
|
markm
Legendary
Offline
Activity: 2940
Merit: 1090
|
|
September 28, 2012, 09:06:57 PM |
|
An old backup you stored somewhere?
What does that actually mean?
You gave the staff of some remote file storage site a free unencrypted copy of your wallet yet are surprised they took the coins?
Or what?
-MarkM-
|
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1518
Bitcoin Legal Tender Countries: 2 of 206
|
|
September 28, 2012, 09:14:56 PM |
|
if you have a copy of your unencrypted wallet.dat somewhere and you encrypt it LATER all your private keys are UNSECURED which you had in the wallet until the encryption task happened.
|
|
|
|
|
420
|
|
September 28, 2012, 09:20:45 PM |
|
if you have a copy of your unencrypted wallet.dat somewhere and you encrypt it LATER all your private keys are UNSECURED which you had in the wallet until the encryption task happened.
Would be great to hear him confirm this was the case that he had all that before encryption |
Donations: 1JVhKjUKSjBd7fPXQJsBs5P3Yphk38AqPr - TIPS
the hacks, the hacks, secure your bits!
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
September 28, 2012, 09:21:06 PM |
|
So, you stored your wallet in plaintext at somewhere other people may be able to access, and surprised someone robbed you?
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1518
Bitcoin Legal Tender Countries: 2 of 206
|
|
September 28, 2012, 09:25:36 PM |
|
if you have a copy of your unencrypted wallet.dat somewhere and you encrypt it LATER all your private keys are UNSECURED which you had in the wallet until the encryption task happened.
Would be great to hear him confirm this was the case that he had all that before encryption it doesn't matter how many coins you have, ALL your coins are unsecured which you receive with this private key(s) also the coins you might receive in the future! |
|
|
|
|
Cdecker (OP)
|
|
September 28, 2012, 09:26:40 PM |
|
Nevermind the other Thread, as I already explained it's part of my research, I myself am 82.130.102.160, and yes we developed BitThief, so that's not it.
I think showing up on blockchain.info actually put a huge target on my back. I see a few connection to my notebook from Russian domains and the big surprise: they are able to log in...
They must have somehow gotten my password or
[...few minutes later ...]
sorry had to kill the network connection, whoever it was they were still logged in on my machine...
|
|
|
|
|
