I've just been robbed :-(

[caffeinewriter]

If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

I think after a disaster like this the only secure method is to reinstall all affected computers, make some images of the harddisk so you can still analyze what happend.

+1, don't try to fix a os if you think it might have a root kit.
Root kit cleaners are like anti virus software, they only clean what they know and recognize ....

Very true, which is why I don't necessarily condone Rootkit removers. I'd much rather lose everything on a hard disk than have my BTC get stolen (again in his case).

[1713982435]

1713982435

[JoelKatz]

How do you keep fiat safe? That is not fool proof either. But I do agree Bitcoin still needs some time to mature. Thanks.

In many countries, banks are insured by government agencies. That's pretty close to fool proof. You can also hide fiat and/or lock it securely. Of course, that's not 100% reliable, but its risks are very easy to understand and not that difficult to reduce. People have many years of experience protecting fiat and have gotten very good at it. It's rare for a person to be a victim of a large theft of fiat.

What's so difficult to understand about a paper wallet?

Primarily how you securely withdraw from it. It's not bad for long-term storage.

[Jutarul]

What's so difficult to understand about a paper wallet?

Primarily how you securely withdraw from it. It's not bad for long-term storage.

I agree. Every time you want to withdraw you need access to an "uncompromised" system.

[markm]

Bitcoins on paper do not need to be monolithic, surely?

Couldn't you print a whole bunch of addresses with different amounts in them, either already chopped up into separate pieces of paper, or go in with scissors to cut out just enough for your current withdrawl needs when you need to withdraw?

Basically print hundreds or thousands of encrypted one-bitcoin bills, for example, and bring only as many out of your vault as you actually want to spend?

-MarkM-

[JoelKatz]

Bitcoins on paper do not need to be monolithic, surely?

Couldn't you print a whole bunch of addresses with different amounts in them, either already chopped up into separate pieces of paper, or go in with scissors to cut out just enough for your current withdrawl needs when you need to withdraw?

Basically print hundreds or thousands of encrypted one-bitcoin bills, for example, and bring only as many out of your vault as you actually want to spend?

That's extremely inconvenient. But you could probably draw a bit of a compromise and use a scheme where any time you need to get money from one of your paper wallets, you empty it and put the change (if it's a large amount) into a new paper wallet. If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

[apetersson]

there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.

[franky1]

theres no point in tracing the block chain.. u can try though im not stopping you.

i have just found when trying to use known deposit addresses from pirates BS&T and the addresses people that (early on before he went rogue) received the funds on..

he used the 1DKY address in the middle.. which is where from what has been recently confirmed as the silkroad address..

so most theifs and scum would simply deposit money into silkroad. and then withdraw it.. and due to the large volume in the mix what u get out is not the same 'taint' as what u put in.

alot of us thought this was pirates actual wallet.. but due to it know known as silk roads its harder to point down where those funds ended up due to the mixer.. and how much pirate actually hoarded.

i dont think silk road would want to reveal who owned the deposit/withdrawl address 1 hop either side of the 1DkyBEK address. so the OP of this thread will have a hard time too tracking the payments.

hopefully the IP address is not a tor node/proxy ..

sorry to be the bearer of bad news.

id definetly suggest to everyone to hand write their privkeys on paper. and cleanse their system if they are large holders.

[TheBible]

Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?

Figure out how it happened, gather details, file a police and FBI cybercrimes report.

Make sure the method of theft is not still open.

FBI, huh?  Gonna pay taxes on those bitcoins now to pay for that?

[BkkCoins]

there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.

Mind boggling but as long as you're organised doable.

I'd think that a binary sequence of deposit values to addresses would work. Then you would just spend what combination of keys gave you the value you wanted. I suppose you would have to do a balance re-org after to keep it usable. 

[Justin00]

how does the paper wallet work when you get money back on change address ?
or does the privkey of the 1 key include the other 100 keys ?

[BkkCoins]

how does the paper wallet work when you get money back on change address ?
or does the privkey of the 1 key include the other 100 keys ?

That would depend on how and where you create the transaction. If you imported your key into a client then that client would build the transaction and likely return change to one of it's addresses. Some clients do allow change address selection. blockchain.info allows you to do that and you could send it back to the same address or another offline address. In the satoshi (std) client it would be returned to a new address in your wallet.

[kibblesnbits]

That sucks, bro.

If it's any consolation (probably not), I heard a story on this forum once about a guy that formatted a drive with tens of thousands of coins on it. He said the worst part was his wife knowing about it.

You can easily recover files from a formatted drive.  

[sunnankar]

What's so difficult to understand about a paper wallet?

Primarily how you securely withdraw from it. It's not bad for long-term storage.

So where are the potential flaws in this method of both creating wallets and generating transactions offline.

(1) Transfer the address and transaction generator code via USB to the offline computer.
(2) Create the private keys and store them in a .pdf, .txt, etc. file.
(3) Create a TrueCrypt volume and if desired a hidden volume.
(4) Place the files containing the private keys into the TrueCrypt volume. I like to place the public keys in the main folder, along with some dummy private keys, and the other private keys in the hidden folder.
(5) Transfer the TrueCrypt volume via USB to an online computer.
(6) Store the TrueCrypt volume in many places such as Dropbox, Amazon Cloud, Google Drive, Gmail, multiple USB sticks, email to friends, etc.
(7) With Blockchain.info you can click Import/Export and input a public key to ‘watch’. This will let you keep an eye on your wallets without revealing the private keys in anyway beyond the TrueCrypt volume.

[casascius]

If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.

[JoelKatz]

If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.

Sure, there's a piece of a solution for everything. But it's unreasonable to expect someone to put all those pieces together. A program that produces cut-apart paper wallets with barcoded public and private parts would be a great part of a solution.

[SuperHakka]

I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either

attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced

The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?

[mobile4ever]

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.

Its in the works, but is being prepared for another use.

[Cdecker]

I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either

attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced

The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?

Still trying to figure that one out myself, will have more in a couple of days I guess.

[johnyj]

Some one might already have your wallet since long time ago, but they just wait until it is big enough to harvest 

[BkkCoins]

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.

For python there is a module that is used by Electrum. One click turns on web cam, with live view window, and it waits til it sees a barcode. When it does, it closes and returns with the scanned code.

For C lib,
http://zbar.sourceforge.net/

and also,
python-zbar

Works great in Electrum send tab.