Bitcoin Forum
November 01, 2024, 07:13:21 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: HELP, BITCOINS STOLEN - REWARD 600 Bitcoins or equivalent in Euro  (Read 10383 times)
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 18, 2012, 10:18:06 AM
 #21

it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.

Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency

Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196
Merit: 100


Another block in the wall


View Profile
November 18, 2012, 12:23:35 PM
 #22

it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.

Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency


Have you ever thought,  maybe the Bitcoins were crying out for freedom, yearning to flow among exotic wallets, being one with the community.

I guess they got tired of being hoarded. The attacker will be seen as a liberator.

Stockholm Syndrome will take effect soon. At this point, it's hopeless dude.


In Cryptography we trust.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 18, 2012, 12:31:39 PM
 #23

Op still haven't told how he got infected.

Now I'm all paranoid.

Damn inconvenience of additional security.
Most likely it was a trojan binded to some executable file that OP run. Also it can be a 0-day exploit on system or some misconfiguration of computer such as reused passwords or something.
I suppose it was a windows operating system?


Likely Windows, because to infect Windows you need to double click file. To infect Linux you need to use SU. It is a sanity check and dumbness filter.

Message to the thief if he is reading this: I will launder the coins for a small fee. Additional guarantees available. Price and other terms negotiable. Also I can give instructions for do-it-yourself laundering.

OP is not going to pay me for my great knowledge!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
BTCurious
Hero Member
*****
Offline Offline

Activity: 714
Merit: 504


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 18, 2012, 12:34:45 PM
 #24

For me it's also on Windows 7, and it is indeed probably some trojan*, but it's one that can read password fields, not just keylogging. One of my accounts he got into has a password that I don't physically type.

*I don't remember clicking any, but who knows.

MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 18, 2012, 12:36:18 PM
 #25

Most trojans are like remote desktop or Radmin that can give full control over computer. This is nothing special.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
sippsnapp
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
November 18, 2012, 01:29:30 PM
Last edit: November 18, 2012, 02:20:07 PM by sippsnapp
 #26

The attacker used IP address 178.176.96.4 for one of the exchanges he logged into.

He withdrew coins to this address: 15TDgQpCaNjxyBpi7Jp6EmZW1bHAEaxTxY
Unused, and the coins have not yet been moved.

Interesting, most popular way to spread a virus is warez & exploit kits.

http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=49933867
http://www.utrace.de/whois/178.176.96.4
http://www.utrace.de/ip-adresse/178.177.115.29

I would contact this ISP
However, russian hosting are not very responsive unless the is a court ruling, maybe offer them the bounty xD.

EDIT:
There are professional private detectives located in russia of course, maybe thats an option, no idea how much they charge and how high the success probability is.

Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
miner-man
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
November 18, 2012, 02:32:46 PM
 #27

Op still haven't told how he got infected.

Now I'm all paranoid.

Damn inconvenience of additional security.

Nothing to worry about too much, download Comodo firewall its a good program for monitoring and blocking any malicious connections. Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download.
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
November 18, 2012, 02:37:16 PM
 #28

Op still haven't told how he got infected.

Now I'm all paranoid.

Damn inconvenience of additional security.

If you're worried just send bitcoins to a paper wallet, and you'll be fine.
Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196
Merit: 100


Another block in the wall


View Profile
November 18, 2012, 03:18:29 PM
 #29

Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download.

Isn't it possible to port scan then buffer overflow whatever listening service?

In Cryptography we trust.
miner-man
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
November 18, 2012, 03:20:29 PM
 #30

Most trojans are like remote desktop or Radmin that can give full control over computer. This is nothing special.

Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager.

Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server.


I think OP you being infected and having your wallet stolen would of been in the time frame of 24 hours max. So thinking back to when your had you wallet stolen anything within a day of downloading some form of exe would help.

Not only would you wallet of been stolen but you would of probably fell victim to the attacker actually mining on your computer. This is something else that saddens me because people who do this do very little to hide the login and password to the Pool they are mining for Sad.
 

I would try a simple dictionary attack on the mail.ru for the email however I do not posses and Russian based pass lists. Either way ill keep trying and see what I can find.

Why does this happen to other people and not me, I WANT to be infected by such malware Sad.
Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196
Merit: 100


Another block in the wall


View Profile
November 18, 2012, 03:21:46 PM
 #31


If you're worried just send bitcoins to a paper wallet, and you'll be fine.

Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security.

In Cryptography we trust.
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
November 18, 2012, 04:54:12 PM
 #32


If you're worried just send bitcoins to a paper wallet, and you'll be fine.

Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security.

I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 18, 2012, 05:35:04 PM
 #33

Quote
Nothing to worry about too much, download Comodo firewall its a good program for monitoring and blocking any malicious connections.
3-rd party software firewalls are shit. Windows7 built-in firewall is great if configured properly, but firewall is like last line of defense if malicious code already is executed on computer. Advanced malware can disable all software firewalls. And they are useless if lamer does not know how to use them properly.
Quote
Most malware is spread the traditional way such as via torrents, Youtube, drive by's etc. So staying protected just means staying wise and being cautious of sites you visit and files you download.
Most malware is spread by social engineering retards into downloading and running the malware on computer. So You are correct.
Quote
Isn't it possible to port scan then buffer overflow whatever listening service?
Not anymore. You need to have service with working exploit accessible from outside. Router/NAT between your computer and internet prevent this. The address space layout randomization and data execution prevention makes these types of attacks very hard.
Quote
Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager.
The FTP wallet stealer was more proof of concept code than real malware but I know it was used successfully on many times Smiley For grabbing the password you need RAT.
Quote
Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server.
The best rats now use Tor and Tor hidden services for C&C. But the RAT or the haxor might not be so advanced and it really might contain some leads.
Quote
Why does this happen to other people and not me, I WANT to be infected by such malware
You are too smart to infect your own computer Smiley
Quote
Cold-storage? Agreed. That's why I'm annoyed with the inconvenience of that security.
Second computer for cold wallet without network connection and Armory on both of them is workable solution. Offline computer might be any computer capable of running WindowsXP such as Pentium3 or 4. They are really cheap. You don't need to keep 2000 coins online.
Quote
I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer.
They will not be completely safe and will create additional problems. Armory and offline wallets are the way to go.

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
thebaron
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
November 18, 2012, 05:42:22 PM
 #34

Nothing will ever protect against the competency of the operator.
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
November 18, 2012, 05:57:48 PM
 #35

Quote
I hope multisig transactions will soon be implemented in a way that they are easy to use, that will make things a lot safer.
They will not be completely safe and will create additional problems. Armory and offline wallets are the way to go.
Obviously nothing will ever be as safe as cold storage. Unfortunately, armory is far from being user friendly (it requires shitload of memory, for starters).
Multisig txs seem to be like a decent solution when needing good security and easy access to bitcoins. Obviously cold storage will still be the way to go for any large amount of coins.
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
November 18, 2012, 06:48:24 PM
 #36

Because I cannot post to the thread in Bitcoin/Legal I'm posting this here.

Yes i could prove this, i have a backup copy of the wallet.dat and everything is connected to me (my identity) via mtgox

In case you're not aware of it, you can prove ownership of any address by signing a message with the corresponding private key. You can use brainwallet.org to do this.
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1724



View Profile
November 18, 2012, 06:56:05 PM
 #37

600 BTC (~$7000 at current rates) is a lot of money, I hope the thief made (or will make) some mistake along the way, I wish I could help but my knowledge of how the bitcoin/blockchain works is poor.

Signature space available for rent.
sippsnapp
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


View Profile
November 18, 2012, 07:22:56 PM
 #38

600 BTC (~$7000 at current rates) is a lot of money, I hope the thief made (or will make) some mistake along the way, I wish I could help but my knowledge of how the bitcoin/blockchain works is poor.
yep, for this bucks you can eventually get things moving even in russia^^.

Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
November 18, 2012, 07:29:19 PM
 #39

Nothing will ever protect against the competency of the operator.
There are a lot of people who demand that bitcoin is not user friendy and should be plug-and-playable.
When I see thefts like this, I'd rather demand the opposite. Maybe that'll force people to understand which precautions are necessary to avoid digital theft.

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
BTCurious
Hero Member
*****
Offline Offline

Activity: 714
Merit: 504


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 18, 2012, 09:08:14 PM
 #40

Not to burst the little mutual agreements you guys seem to be having, but I don't regard myself as a retard who was social engineered to click yes to every dialog box. I use a separate password for every site, have encrypted backups of my wallet and gpg identity, use 2-factor authentication whenever possible, and don't just execute random stuff.

Apparently, that isn't enough. Granted, some of those habits prevented much larger losses: I only lost 101 Bitcoins because the attacker couldn't access my accounts with 2-factor authentication, and I had no Bitcoins in my wallet. However, my wallet encryption means nothing if my computer is compromised, and technically I should consider my gpg identity compromised as well, which sucks major ass.

The thing is, it doesn't take a retard to have an unsecure computer. It only takes one slip-up, or sometimes not even that (0-days).


So what would be the best way to make something secure, but still usable? (ie, not cold storage, I need to trade my coins on exchanges) My current plan is to buy a lightweight netbook, carry it with me all the time, put ubuntu and full-disk encryption on it, and only do bitcoin stuff from there.

Oh, and I'll try to find out what infected me, but it might take a while.


Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!