Bitcoin Forum
November 01, 2024, 05:10:11 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: I'v been scammed...  (Read 1747 times)
batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 08:48:54 AM
 #1

Hi every one,

I've just been scammed and they stole me an important (for me) sum of BTC on my localbitcoin account.
I think I have the IP who enter to my email and to my localbitcoin account: 84.53.203.38

The fund are gone on the following address: 1EVj1tv55KVpgHK3BwGxeNuyuqL4uqm3xY

I now I'm a fool for leaving an important sum of BTC in a hot wallet but I very disappointed.
I dont konw how they hacked me. Was not phishing and they got my email account passaword and my localbitcoin password to...

Anyone can help me to to do anything?

Thanks everyone
altcoinhosting
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1006


View Profile
August 18, 2015, 08:54:59 AM
 #2

Hi every one,

I've just been scammed and they stole me an important (for me) sum of BTC on my localbitcoin account.
I think I have the IP who enter to my email and to my localbitcoin account: 84.53.203.38

The fund are gone on the following address: 1EVj1tv55KVpgHK3BwGxeNuyuqL4uqm3xY

I now I'm a fool for leaving an important sum of BTC in a hot wallet but I very disappointed.
I dont konw how they hacked me. Was not phishing and they got my email account passaword and my localbitcoin password to...

Anyone can help me to to do anything?

Thanks everyone

you should move this thread to the scam accusation subforum, you'll get a lot more helpfull response over there

RustyNomad
Sr. Member
****
Offline Offline

Activity: 336
Merit: 251



View Profile WWW
August 18, 2015, 09:02:17 AM
 #3

My best guess would be that your pc must be compromised.

Have you done a thorough check of your computer to check for any malware or similar software?

Also, is this the transaction where your coins were moved: https://blockchain.info/tx/50647dde1b962821164bcf38b1d9a7e9d4fa364afbb741e487283c37fc22ec34
bf4btc
Hero Member
*****
Offline Offline

Activity: 568
Merit: 500


Smoke weed everyday!


View Profile
August 18, 2015, 09:06:13 AM
 #4

Hi every one,

I've just been scammed and they stole me an important (for me) sum of BTC on my localbitcoin account.
I think I have the IP who enter to my email and to my localbitcoin account: 84.53.203.38

The fund are gone on the following address: 1EVj1tv55KVpgHK3BwGxeNuyuqL4uqm3xY

I now I'm a fool for leaving an important sum of BTC in a hot wallet but I very disappointed.
I dont konw how they hacked me. Was not phishing and they got my email account passaword and my localbitcoin password to...

Anyone can help me to to do anything?

Thanks everyone

you should move this thread to the scam accusation subforum, you'll get a lot more helpfull response over there

This should not be moved to scam accusation as their is 0 proof to begin with and no idea who the funds went to, it is theft and I'm not sure where it could go to be honest, here, off topic of bitcoin discussion is good. Sorry to say OP that is a rap for your coin you will never see them again unless the thief feels bad and returns them.  That won't happen I have to assume you don't have antivirus so that would be your first step getting the malware from your computer and then research how to keep your machines safe in future, a good start will be changing from windows to linux or of course don't click any old link or download things without scanning first.

████████████████████████
███████████████████████████
█████████████████████████████
██████████████████████████████
███████████████████████████████
████▄▄▄█████████████████████████
█████████████████████████████████
███████████████████████████████████
██████████████████████████████████
████████████▄▄▄▄▄▄▄████████████████
█████████████████████████████████
████████▀▀▀██████████████████████
████████████████████████████████
████████████████████████████
████▀▀▀▀████████

batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 09:13:04 AM
 #5

My best guess would be that your pc must be compromised.

Have you done a thorough check of your computer to check for any malware or similar software?

Also, is this the transaction where your coins were moved: https://blockchain.info/tx/50647dde1b962821164bcf38b1d9a7e9d4fa364afbb741e487283c37fc22ec34


Yes I have scan my PC looking for malware and I didn't find anything...
Yes it is this transaction.

batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 09:18:45 AM
 #6

Hi every one,

I've just been scammed and they stole me an important (for me) sum of BTC on my localbitcoin account.
I think I have the IP who enter to my email and to my localbitcoin account: 84.53.203.38

The fund are gone on the following address: 1EVj1tv55KVpgHK3BwGxeNuyuqL4uqm3xY

I now I'm a fool for leaving an important sum of BTC in a hot wallet but I very disappointed.
I dont konw how they hacked me. Was not phishing and they got my email account passaword and my localbitcoin password to...

Anyone can help me to to do anything?

Thanks everyone

you should move this thread to the scam accusation subforum, you'll get a lot more helpfull response over there

This should not be moved to scam accusation as their is 0 proof to begin with and no idea who the funds went to, it is theft and I'm not sure where it could go to be honest, here, off topic of bitcoin discussion is good. Sorry to say OP that is a rap for your coin you will never see them again unless the thief feels bad and returns them.  That won't happen I have to assume you don't have antivirus so that would be your first step getting the malware from your computer and then research how to keep your machines safe in future, a good start will be changing from windows to linux or of course don't click any old link or download things without scanning first.

Thank for your answer.
Yes unfortunately I konw that I won't see my coin again but I'd like to know at least how it's happend and eventually trying to do a statment to the police of my area.

I'm not a profesional of programation but I consider myself as pretty suspisious.


BTC_ISTANBUL
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
August 18, 2015, 09:20:27 AM
 #7

Your coins are gone forever.
batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 09:24:03 AM
 #8

Your coins are gone forever.

I know...  Sad I'ts sad but i'm trying to look at the good side of this. Now I'll try to get more secure and I hope it'll not happen again.
Some recomandation to me??

If you look at the IP information, it's from russia and it's appear a guy named: Nikolay A. Alekseev
Can we do something?
altcoinhosting
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1006


View Profile
August 18, 2015, 09:38:20 AM
 #9

Your coins are gone forever.

I know...  Sad I'ts sad but i'm trying to look at the good side of this. Now I'll try to get more secure and I hope it'll not happen again.
Some recomandation to me??

If you look at the IP information, it's from russia and it's appear a guy named: Nikolay A. Alekseev
Can we do something?

Some good advice was already given: switch to linux, setup your firewall properly, scan all binary's that didn't come from an official repo... Use a password manager to have unique pwds for every service you use, do regular updates,....

About the IP, how did you find this one? It can be the IP from a relaying node if i'm not mistaking (i'm quite new, so you might want to get a senior members opinion about this)... Even if it's really his ip, it might be an ip used by all his isp's clients??? Did he use a real name when he divulged his info AND his ip???
If you're not talking about 20+ bitcoins lost, i would't spend my time in chasing this guy, because it'll be quite hard to start a case against him in russia... You'll need somebody who speaks russian and knows about the russian legal system (a russian lawyer), costing you a lot of money...

A long time ago (around the year 2000-2002), a brazillian kid hacked one of our servers... We lost a lot of clients and cash... We found out all his info, but calculated it would cost us more to bring a 16 yo kid to "justice" in brazil than the loss we already had after his hacking... We had to leave it at that.. It stings, i know, but you have to look at the big picture when deciding to bring legal action to somebody...

batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 10:10:20 AM
 #10

You're right,
Thanks for your answer.
I really like to purchase some kind of accion agains this hacker at least to prevent other lost to other member of bitcoin comunity but I konw it's seams very complicated...

bazar165g
Sr. Member
****
Offline Offline

Activity: 500
Merit: 250



View Profile
August 18, 2015, 10:43:58 AM
 #11

i can help you, pm me


            █ █ █ █ █
         ██           ██
       ██     █ █ █ █   ██
     ██    ██        ██
   ██   ██               
  ██   ██     ████████                  ██████████
            ███          ██   █████████     ██      ██████  ██   ███████  ██    ███   ███████
 ██   ██    ███              ██      ███    ██      ██          ███       ██   ███  ██
 ██   ██    ███  ██████  ██  ██      ███    ██      ██      ██  ███       ██  ███   ██
            ███      ██  ██  ██      ███    ██      ██      ██  ███       ██████     ███████
 ██   ██    ███      ██  ██  ██      ███    ██      ██      ██  ███       ██  ██           ██
             ██      ██  ██  ██      ███    ██      ██      ██  ███       ██   ███         ██
 ██   ██      ███████    ██   █████████     ██      ██      ██   ███████  ██    ███  ███████
  ██   ██                           ███
   ██    ██          ██            ███
     ██    ██ █ █ █ █   ██
       ██             ██
          █ █ █ █ █ █
























Telegram     Facebook     Twitter     Medium
-
WEBSITEE |█| WHITEPAPER












moneybat
Full Member
***
Offline Offline

Activity: 239
Merit: 101



View Profile
August 18, 2015, 12:57:35 PM
 #12

If i had to guess its most likely you using the same username and password on different sites, probably best to mix it up with important accounts
batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 03:08:30 PM
 #13

I get this email just before the hack:

:    no-reply@ (localbitcoins.com no-reply@localbitcoins.com) Vous avez déplacé ce message vers son emplacement actuel.
Envoyé :   lun. 17/08/15 01:27
À :   guyotbaptiste@msn.com
LocalBitcoins Support has opened support ticket #65104 for you.
 
To directly review and respond to this ticket, visit here:
 
https://localbitcoins.com/support/reply/65104/

Message:
 
---
 
We were unable to authenticate your account to grant access to your support ticket due to an invalid or expired confirmation code. A new code 6-letter confirmation code has just been sent. Please enter this code via the link at the top of this email. You have (2) attempts remaining.

Please review and reply to this ticket as soon as possible to help us further investigate this matter.
 
NOTE: You will not be prompted for your login credentials. You may be asked to verify a 6-letter confirmation code that will be sent to this email address to ensure that you are the original owner of this account.
 
---
 
You will get an email notification when LocalBitcoins support replies to your ticket. LocalBitcoins support works on European office hours. We will reply to you as soon as possible. LocalBitcoins support can answer to any messages in English or Spanish.
 
 
Disputed payments: https://localbitcoins.com/faq#start_dispute
 
Best regards,
Thomas
LocalBitcoins Support

Just one minute after, they delete it from mi email.
I have send it to localbitcoins support who said to me that:

This message was not sent from LocalBitcoins. It is a type of scam also known as a phishing attempt.

You can identify the phishing attempt by two factors:
- we do not send via via comcast.net
- we never link you to other domains then www.localbitcoins.com

But I really dont understand. This message comes from no-reply@localbitcoins.com and it link me to localbitcoin. And How could I see if it was send via comcast.net... I dont even know what is it...

Thanks all
everaja
Hero Member
*****
Offline Offline

Activity: 490
Merit: 500


~ScapeGoat~


View Profile
August 18, 2015, 03:11:40 PM
 #14

I am sure it was a malware that stole Passwords and email account details related with LBC accounts.
Now you cant do anything , once the BTC is gone it is gone, only one thing you can do is to be carefull next time while downloading or opening any unknown software.

koshgel
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
August 18, 2015, 06:21:38 PM
 #15


Just one minute after, they delete it from mi email.
I have send it to localbitcoins support who said to me that:

This message was not sent from LocalBitcoins. It is a type of scam also known as a phishing attempt.

You can identify the phishing attempt by two factors:
- we do not send via via comcast.net
- we never link you to other domains then www.localbitcoins.com

But I really dont understand. This message comes from no-reply@localbitcoins.com and it link me to localbitcoin. And How could I see if it was send via comcast.net... I dont even know what is it...

Thanks all

The email was spoofed. There are ways to authenticate where the e-mail was sent from but I don't think many people use these techniques. I see many spoofed emails from Facebook, Blockchain, Google, etc etc. They use reputable names to get people to click their links.

The best way to avoid phishing is to NOT click links in emails unless you are expecting the email. For example you most likely did not submit a support ticket to LBC so why would they be sending you a reply for support ticket.

Sorry for your loss and hopefully it wasn't too much BTC
batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 18, 2015, 09:56:51 PM
 #16


Just one minute after, they delete it from mi email.
I have send it to localbitcoins support who said to me that:

This message was not sent from LocalBitcoins. It is a type of scam also known as a phishing attempt.

You can identify the phishing attempt by two factors:
- we do not send via via comcast.net
- we never link you to other domains then www.localbitcoins.com

But I really dont understand. This message comes from no-reply@localbitcoins.com and it link me to localbitcoin. And How could I see if it was send via comcast.net... I dont even know what is it...

Thanks all

The email was spoofed. There are ways to authenticate where the e-mail was sent from but I don't think many people use these techniques. I see many spoofed emails from Facebook, Blockchain, Google, etc etc. They use reputable names to get people to click their links.

The best way to avoid phishing is to NOT click links in emails unless you are expecting the email. For example you most likely did not submit a support ticket to LBC so why would they be sending you a reply for support ticket.

Sorry for your loss and hopefully it wasn't too much BTC

It was that. It was a fake email and I didn't see it...
Opening the source code of the mail I can see that it was send with a Oxhost server

To defend myself I've drinked a few beer when I get this email!

Was 3,5 BTC, to me a lot of money...
It's not going to happen again!

Thanks all for your answers
Electric Money
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
August 19, 2015, 03:15:16 AM
 #17

The IP you provided is a Tor exit node.  

admin@rcexit.com is the contact for it.  He's running Windows 7 as the server, which is strange.  Not very sophisticated setup.

Hostname: WIN-RVL0TDGKLCC

kopipe
Full Member
***
Offline Offline

Activity: 245
Merit: 124



View Profile
August 19, 2015, 05:20:42 AM
 #18

The IP you provided is a Tor exit node.  

admin@rcexit.com is the contact for it.  He's running Windows 7 as the server, which is strange.  Not very sophisticated setup.

Hostname: WIN-RVL0TDGKLCC



Tor exit node operators can't identify their users. That's the whole point. Don't waste his time, he'll probably just ignore your email anyway given how many clueless people (like you're recommending the OP to be) probably email him.

コピペ copypaste
Electric Money
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
August 19, 2015, 07:02:20 AM
 #19

The IP you provided is a Tor exit node.  

admin@rcexit.com is the contact for it.  He's running Windows 7 as the server, which is strange.  Not very sophisticated setup.

Hostname: WIN-RVL0TDGKLCC



Tor exit node operators can't identify their users. That's the whole point. Don't waste his time, he'll probably just ignore your email anyway given how many clueless people (like you're recommending the OP to be) probably email him.

Nice job jumping to conclusions, brain.  At what point did I tell OP to email the guy?  I'll bet you're a politician.  Am I right? 
batou121 (OP)
Jr. Member
*
Offline Offline

Activity: 32
Merit: 4


View Profile
August 19, 2015, 12:02:00 PM
 #20

I think the coin were here:
1Fnbq2ntFy5cvmfKLFESfVzP1vqmz61G9f

If someone can make a relacion with this btc address and an other hack...
Who knows!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!