Bitcoin Forum
November 19, 2024, 01:44:48 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: HELP, BITCOINS STOLEN - REWARD 600 Bitcoins or equivalent in Euro  (Read 10388 times)
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 17, 2012, 08:26:56 AM
 #1

Dear all,

stupid as i am i allowed some hacker to somehow install a trojan horse on my pc where i stored some of my bitcoins. (around 2600), With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)

The hacker sent the bitcoins to the address: 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

http://blockchain.info/address/1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS


Of course i will have the police investigate, but they do not even know what bitcoin is.....
Maybe some of you are expert enough to track the bitcoins so the hacker can loose anonymity by selling them on some platform or similar.


At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address avolokova@bk.ru and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

If you have a hint that discovers the identity of this person so i can get the bitcions back, i offer a reward of 600 BTC or bitcoin equivalent.

Thanks



live627
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
November 17, 2012, 09:09:55 AM
 #2

Good luck
Kuusou
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
November 17, 2012, 09:20:54 AM
 #3

Are you just trying to figure out who the person is? That alone could be a daunting task. If you are actually trying to get your coins back you might be living in a dream world.

I haven't found anything with the most basic avenues, those were all things you could have tried yourself though and probably did. I think if you really want answers you are going to have to find people who do this for money. Make sure you get out of the Newbies section and put up some pay for information posts in the correct forums. You might find some hits that way.
Bitsky
Hero Member
*****
Offline Offline

Activity: 576
Merit: 514


View Profile
November 17, 2012, 10:37:46 AM
 #4

It's a bit strange that someone who successfully stole your wallet would use an already existing address to send the money to, instead of using a brand new one.

From the information on the blockchain, I would create a list of addresses which have sent to that one address in question, or recevied from it.

Then offer a bounty for anybody who owns one of these addresses; they should be able to tell you who they sent their coins to, or from who they received them.

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
November 17, 2012, 11:24:20 AM
 #5

It's a bit strange that someone who successfully stole your wallet would use an already existing address to send the money to, instead of using a brand new one.

From the information on the blockchain, I would create a list of addresses which have sent to that one address in question, or recevied from it.

Then offer a bounty for anybody who owns one of these addresses; they should be able to tell you who they sent their coins to, or from who they received them.


Those previous transactions are most probably from other victims of the trojan.
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
November 17, 2012, 11:26:46 AM
 #6

Dear all,

stupid as i am i allowed some hacker to somehow install a trojan horse on my pc where i stored some of my bitcoins. (around 2600), With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)

The hacker sent the bitcoins to the address: 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

http://blockchain.info/address/1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS


Of course i will have the police investigate, but they do not even know what bitcoin is.....
Maybe some of you are expert enough to track the bitcoins so the hacker can loose anonymity by selling them on some platform or similar.


At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address avolokova@bk.ru and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

If you have a hint that discovers the identity of this person so i can get the bitcions back, i offer a reward of 600 BTC or bitcoin equivalent.

Thanks




When exactly did you get the trojan? While installing what application or visiting what site? What is the trojan name? This would be very useful information to investigate upon.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 17, 2012, 12:12:37 PM
 #7

Quote
With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)
I always told that wallet encryption is not good at protecting the coins, here is proof now!

Quote
i allowed some hacker to somehow install a trojan horse on my pc
You did not allow him to install, You installed the trojan yourself!

How You supposed to pay these 600 coins? From returned coins? Because I cannot imagine how to return the coins in this case. I have few ideas how to try to unmask the thief but it is private talk.

The police should not need to know what the bitcoins are. All they need to know that computer have trojan installed and they need to do their job and try to find who compromised the system. It may or may not be possible depending how the hacker realized the operational security.

2600 coins are 30 kilodollars!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
Bitsky
Hero Member
*****
Offline Offline

Activity: 576
Merit: 514


View Profile
November 17, 2012, 01:15:08 PM
 #8

Those previous transactions are most probably from other victims of the trojan.
With the exception of OP's coins and a 15btc tx all others are multiples of 50btc though.
I also looks like each of those 50btc transactions goes through 1CLVnMWEwzuGVcQ6L2WBoUJQFj3B9XeVmx or 1HeyN2fuKPurGPQsSSpt3S2Ruy7zc5rye9 if you just go back long enough.
Maybe it's a mixing pool?

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
miner-man
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
November 17, 2012, 02:39:34 PM
 #9

Probably a long shot however do you still have the binary of the trojan used to steal your wallet file. Majority of the wallet stealers originate from the same source which uploads the wallet.dat to an FTP server. With a little RE using some debug tools you may be able to find a little more info about the person by finding the ftp host name user and password.

If that does not help running the binary within a virtual machine and checking to see the outbound connection would possibly allow you to see the ip of the command and control server used for his trojan horse in which case you could use do a whois on it. However there could be a possibility that they may have used false credentials for their c&c.

Again a longshot, will post if anything more springs to mind.
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 17, 2012, 04:12:51 PM
 #10

thanks for the tipps so far,


well, to be honest, i do not know how long the trojan was active before that. I only realized of course when the bitcoins were gone. Unfortunately he also erased my whole harddrive, so i could not even figure out which trojan it was.

Luckily i did not store all my coins there, i still have most of it at other places, also offline, but still this is a very bad thing...


Also, i do not think i would have a chance to get these coins back, but at least it would be good to get the identity of this guy. Mazbe he makes some mistake and there is a chance to catch him with the info from the blockchain.

I was hoping here is some expert that could connect hash information with IP data or personal data somehow.




gineta
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
November 17, 2012, 04:39:17 PM
 #11

thanks for the tipps so far,


well, to be honest, i do not know how long the trojan was active before that. I only realized of course when the bitcoins were gone. Unfortunately he also erased my whole harddrive, so i could not even figure out which trojan it was.

Luckily i did not store all my coins there, i still have most of it at other places, also offline, but still this is a very bad thing...


Also, i do not think i would have a chance to get these coins back, but at least it would be good to get the identity of this guy. Mazbe he makes some mistake and there is a chance to catch him with the info from the blockchain.

I was hoping here is some expert that could connect hash information with IP data or personal data somehow.
I think you lose your bitcoins for ever



casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 17, 2012, 04:42:06 PM
 #12

Sorry to hear of your loss.

This never happens when you store your bitcoins on paper wallets.  Print yourself some paper wallets today from BitAddress.org

EASIEST WAY to redeem a paper wallet is at BlockChain.info - create a digital wallet, and use "Import Private Key" function.  You don't have to be a regular BlockChain.info user - just create a throwaway wallet if you wish.

PROTIP: Divide your stash into 10 equal parts, and put each part on its own paper wallet.  This way you never have to put more than 10% of your stash online at any given time unless you are spending more than that.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
jim667
Newbie
*
Offline Offline

Activity: 37
Merit: 0


View Profile
November 17, 2012, 05:16:03 PM
 #13

Dude, turn off your computer, go to police and tech-savvy private investigators.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 17, 2012, 05:20:33 PM
 #14

Using Armory front-end on two separate computers, one without network connection is the safest approach in my opinion.

Erased harddrive? The thief got his lulz in addition of 2600 BTC proft!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
BTCurious
Hero Member
*****
Offline Offline

Activity: 714
Merit: 504


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 17, 2012, 05:36:12 PM
 #15

I am reporting a hack as well, by the same email. Most exchange accounts were protected by google authenticator, these seem okay. I've lost 100 Bitcoins on one account that didn't offer GA, and one got compromised but didn't suffer losses.

Still investigating method of attack.

Edit: My harddrive has not been erased.

DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
November 17, 2012, 06:33:54 PM
 #16

I was hoping here is some expert that could connect hash information with IP data or personal data somehow.
Unfortunately for you in this instance (and fortunately for bitcoin as a currency system) there isn't any connection between hash information and the IP or personal identity of the person who creates a transaction.

If the thief isn't careful there might be some possibility that he will create a transaction that will move some of those coins he now owns (or give a receiving address associated with the stolen coins) to someone who can identify him , and with a huge amount of luck that person could end up being an honest person who is aware of the theft from this discussion.  This is highly unlikely, but from a blockchain standpoint there really aren't any better options.

Looking at the blockchain today, I can confirm at this point in time the thief seems to own the following addresses:
1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS
1PJHvJWKLH9qwaRKeyVS2rC5gfZMr344LB, 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12, 1EPwBwuxyfyQF9kwkwDLoqYw2vcxFCDSYa, 1MGpi8ChSTbDRTA7h3gHh89UGirvsXMCZ1, 1CoTHatdK7hEsZJvymuCNf7eQoApMCuJxo, 126ZVBxjad3BtATBXeeq3uZPcKn24zr4gf, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 15QUs9EGw283oisjzSF8XP28Kg4FVugveE, 14PnHT4YonpSzccX9GBpmkh4ohs8dDYDaN, 1BmSgffyC6WAJBBSJbXXodcvcw4cQsthW5

In addition the thief has received from or sent to the following addresses (many of which the thief may also own, but I am not able to confirm this yet).  If anyone happens to own any of these addresses (or know who does), then there is a good chance that they know who the thief is (or they also were stolen from):
1129ApiFKympPgHnzNnW8VNaDAYwgTEtMG, 126RfCopCdAS4qoZjTQPaufnvkDCmtsiwp, 12J8nM48ZNZMBaxFRBcyMbHhNkiPKCzQaY, 12Lt8DgTSwbDfQ5EKDkdoiX5czsJfSQcrK, 12r5PLeSPCcTFE78o1SbgaqUXoiY9LfWMV, 1322uvUdCME77yt8tQfkUAGpRtmRXf4EQp, 139TaFcXGJVuTDbR3TfpiGfiegt4jAFpiY, 13ja4sRDMG1uyAwxeAtV52dU4mtk8cHW73, 13XgASZP7N6pTMeyS5Sq8JeuCAkNzefnT7, 142qkA5L4sy1suDJRWfm6njmg3NPneqXmk, 14FSCmXntye2Hm9FGXnbBXiGiziKD41Zzb, 14KThQGAxVcqFLWF5QvESWPWoRqQ5L6i5z, 14oByZkGE9TxPMTeYZYzeNakJuSk7xWXa2, 1513U6VjSwhr3ZAAN3MnDnFHmcXY1HPWdF, 15bGw4QDZNqPPqFqV2kq3oAZB5r5dvUaER, 15GyGHvCUoG1KTPtycoVcqATGu4Ex4DVXo, 15kBvBLejU14VroJgdr863i1FqT6QkWB7U, 15UjaZJxjWdgB8jC6KivuuhbhbxoLuWwDm, 15yk8fiyuAXDTqGL8ekPCsNN7vX6dV6ALf, 163ZekxCzX7RKU49DUc4mda5knqNc3NF3z, 168NqBEoGjWbUwxhKXeCiALiGU8suxW1Ue, 16DnRquyKbsrGAPbp1Z8GxNctLia9t12Ee, 16mMWkKrERWVzAGWbnCxMFoAF9ghTB67MM, 17CLN16PvCdgTYzWKyuc3FjSu1nhGFtFEf, 17KJ3M8vBMNp7vBwwsGp33QN81jNXPa5u, 17m9n5uFTwK1Nfg9Py9STfGg3BNDvVwGyk, 17Vk6E3mNzfyTmZKpRWquKZGR51T7HEXiu, 18drKV9xUJNgKwWPQdpKYUspkKiHsob8xK, 18r9qqqMMtrx1i1xaH624uSFoRkQGqPK7x, 18vWaDD9djRFuZF672PfSzgN19Duvcivsj, 198hk8Qk8v7y2tRaxpE1iJU9fVkX6Tb7ph, 199Y5zwijtZbB6hE77MQxgG7vmDuD4Jv7Y, 19SQ9iFCGyKWeoxDktrVNczWkH6cQ3kmpV, 1A7SukLsFZDNezR2BX4LhJo73HJdBkH6Ua, 1AbY3D7VFRemePM2NgUTquQmAjXLKPg7XH, 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT, 1Ah5hZVevKbDcFLJiwxUTJs2BaySe9S1sV, 1ApkrEjJ5ByihAQZrJxqeau5P19HF8wPSw, 1BDWwDLNAUwAiaqJHvNmMKUNo1U4gbiRHA, 1Bn7XjuwZqScjgT7eytm8mpU8PEpCxXdMN, 1Byx2Wt8phzcuHf5XDZwoFqQq5nErxqrt, 1Cig4FxUY59xVJYeUaF8YtEyfbxDsfVkYm, 1CLVnMWEwzuGVcQ6L2WBoUJQFj3B9XeVmx, 1CMpywEPKTBBsWxccWkTk5tzizteyRG1WZ, 1Dm9XuD28BGYDxi5Rxt38S66ehRSZ2ajtV, 1EcFFZ7eykZQjw6LnDKiXg8NfjSUvqHKZE, 1EedaVtSyVrmkbbAx7iJQpUfFr5beeNHbY, 1Ff3XukPtmVtk9JFr8JVyRZ7rWKoKEY5TV, 1EgQM7unQm59oPm4F87ZRD6JwX4a9WGdTz, 1FbaMihMDCANJ6Xgxc7BgNroKXF1yrEho9, 1FbASjLhfbmF5eKJKzK3Cb55rCN1REuXSY, 1FRb654gcqj38rx9UadziGjLEs1fMSeFjD, 1FuzUfqkWrNaac3j6c8CiWmjCjRMiWjjFZ, 1FyVmocPa9wWwY5WjKtzHwrU8r1NkFE8h9, 1FzVCGK5n9tmj6hPFFffWnC8mjnWZL7bCn, 1FZVJD95CaDAheHCP6R9PiA2Jb4ojVhBSx, 1GjrbSXP1mYCoZbUnGjp5JGvPH4cNK8epK, 1H9QXBc3a4qkRgsLdD1BVoaVKm9UP5PWfa, 1HJ2U8ckG24UADWF1M6DEfnuUmMgcsURot, 1HV2sYHjAZEueYe5fF14CBEwQJ9Fawnaqo, 1Jo3M8W6F9ACiLRaAiZs3LMSZfnniCStPz, 1JoTxrqZAhWXTDFPoChKFk7hqDfmkC6tUG, 1JuTf9JFpV4wDYLSCKQZHF4hBX6edxr4R6, 1KGxAeHHALMnJPzGbSb6A6BxRLyrmhmgkQ, 1KNpeXAxx4qLctNv2XKVVCPoMPt2BmbH6o, 1KPy4EJFV8ZRgMDoZQ9usZKRrdq1eKGgeK, 1KXNoekZ8VjZrkrchr6UUVPbBfyGsXcQcr, 1LEJa3uDvwpZJTH7ygbV6Fjskfc3AZ7ns9, 1Lgq3bdysYJYBAJrvjKCXWgiP3kC7tgusE, 1LNqumVxZLpMmk2YAZv94dcoZgyG5FnN3J, 1LUAZUR3zFBaf3kxmpmD18gXCU68tQnTnK, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 1MUDnDKYbkMqZjDapcb69dct83xxwXkNp1, 1MZWEMTQAb1PPnNi2rFYLMakxHuGAkVK73, 1N2BPjxdD46AxYiWSLSvx1THG9xhzHNC2c, 1NePkjQCHgJ4u94qgS2WjQMqivTYrk2ZGA, 1NomJEEBXuUU2ioaqNdkYYY7PKqdwd3sUx, 1NTAA7itEJ9R8zgqCobi4JqJ4eC4ZtAr7c, 1P8edr8cDnnRxtU745V9w9am9DQbf287Cw, 1P9ZJaeAG6vY6XH29P1orTRk1JKm7TEaqf, 1Pkio2icGqKkghPHYREinMFFcuDN14s8A8, 1Pu6uF7A2DfuAsaxM637j3H1wtFKAGB2BV, 1q543G6muPvXJ6bXETJL3S7tuAthMtDkM, 1QAgtMUhna8dgM4HuhAuvtwSxXFMLMjgxq, 1y2PkvvtkkkV4uVZuePVuXmMUYHBWr4Zn

That being said, if a forensic team gains access to your hard drive their is probably a better chance of them finding useful information to track down the thief than the chance that the thief will engage in a transaction using one of these addresses with an honest person who happens to see this discussion.  (Both possibilities are so unlikely that you probably need to consider the coins gone).  I hope you get lucky though.
BTCurious
Hero Member
*****
Offline Offline

Activity: 714
Merit: 504


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 17, 2012, 06:49:09 PM
 #17

The attacker used IP address 178.176.96.4 for one of the exchanges he logged into.

He withdrew coins to this address: 15TDgQpCaNjxyBpi7Jp6EmZW1bHAEaxTxY
Unused, and the coins have not yet been moved.

miner-man
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
November 18, 2012, 02:39:45 AM
 #18

[Deleted Information I provided]

Op I'm going to compile a list on everything I can find out this thief. Just give me time to filter all the relevant information.
Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196
Merit: 100


Another block in the wall


View Profile
November 18, 2012, 03:32:20 AM
 #19

Op still haven't told how he got infected.

Now I'm all paranoid.

Damn inconvenience of additional security.

In Cryptography we trust.
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
November 18, 2012, 09:28:16 AM
 #20

I suppose it was a windows operating system?


The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!