HELP, BITCOINS STOLEN - REWARD 600 Bitcoins or equivalent in Euro

[thebaron]

I was referring to the OP with my statement, who comes off as the type that would be vulnerable to this kind of thing.

Ever tried NOD32? Never had a problem in the 3 years I've been running it, and it catches a lot of potential bullshit.

[casascius]

So what would be the best way to make something secure, but still usable? (ie, not cold storage, I need to trade my coins on exchanges) My current plan is to buy a lightweight netbook, carry it with me all the time, put ubuntu and full-disk encryption on it, and only do bitcoin stuff from there.

A smartphone app that could scan paper wallets and initiate transactions would make paper wallets just as mobile as your netbook.  I don't know if that smartphone app is part of the present or part of the future, but I gather your netbook won't be powered on 24/7 so it's just as cold as paper when it's off.

The hardest part of using paper wallets is having to type the codes if you can't scan them.  Eliminate the typing, and they are very convenient.  They weigh far less than the netbook and can be given away IRL if you end up needing to give someone bitcoins.

[slush]

That's exactly why I'm working on bitcoin hardware wallet: https://bitcointalk.org/index.php?topic=122438.0 . Such theft with hacked machine and sniffed password would be impossible...

[BTCurious]

Thing is, I need the security for more than just my wallet. As a trader, most of my bitcoins are on various exchanges, so I need a secure computer in any case. Plus two-factor auth, which has proven its worth nicely for me in this case.

On the topic of virusscanners: Many of them report false positives on things like cracks. Having a few false positives makes your virusscanner completely useless, since you won't know if a report is a false positive or an actual risk. Someone whom I told about my problem suggested microsoft security essentials, which sounds really counter-intuitive, but apparently it comes out on top in comparisons. Of course, when I get my netbook, I won't need a windows virusscanner...


Anyway, in the meantime, I need to have some virusscanner scan my infected harddisk to find the source. Preferrably I'll scan from ubuntu, since I don't want to risk any autoruns or whatever. I am not too familiar with ubuntu. I'll google myself, but maybe someone has a suggestion?

[sippsnapp]

Thing is, I need the security for more than just my wallet. As a trader, most of my bitcoins are on various exchanges, so I need a secure computer in any case. Plus two-factor auth, which has proven its worth nicely for me in this case.

On the topic of virusscanners: Many of them report false positives on things like cracks. Having a few false positives makes your virusscanner completely useless, since you won't know if a report is a false positive or an actual risk. Someone whom I told about my problem suggested microsoft security essentials, which sounds really counter-intuitive, but apparently it comes out on top in comparisons. Of course, when I get my netbook, I won't need a windows virusscanner...


Anyway, in the meantime, I need to have some virusscanner scan my infected harddisk to find the source. Preferrably I'll scan from ubuntu, since I don't want to risk any autoruns or whatever. I am not too familiar with ubuntu. I'll google myself, but maybe someone has a suggestion?

Virusscanners are useless, sorry to be that harsh but i can crypt any virus undetectable for at least a week. Its not hard to modify a crypter source or buy a crypter for a few bucks.

Getting to know how viruses are spread is a great step in prevention as you know what to look for.

A firewall is only useful before an attack occurs, a trojan/bot dont cares if you run a firewall as long there is internet access, you always have something open, even if its port 80.
One way to extend the firewall is a VPN, this indeed can make a hardtime for trojan/bot.
Most viruses get detected after one week but it very much depends if it submitted and how much vics it has.
And yeah, things like cracks are perfect for spreading, because them noobs turn off the scanners.

Bottom line, a virus can only be detected if its in a anti virus database or fits in heuristic.
Scan every file where you i doubt on virustotal or jotty, both submit the sample to a ton of av vendors, they probably dont detect it from the start but at least after 1 week the same file is detected.

The below text is just copied from a skiddy forum, they sell these crypters for example....

Features:

    Unique Features:
       

• Limited Copies.
• Custom Process Name *Hot
• Registry Persistence *Hot
• Process Persistent (Anti BotKill) *Hot
• Multiple stubs for long FUD Time *Hot
• Advanced 4 Worm Functions *Hot
• Unique Personal stubs available on Demand*Hot

    Advanced Features:
       

• Working on : XP/VISTA/7 [32/64 BIT]
• 2 Private Encrypted Fud RunPE
• 5 Custom Injection
• 9 Different Polymorphic Encryption
• File Binder
• One Time execution Binder
• Custom encryption Pool
• 32+ Antis
• 2 Start-Up Methods
• Custom Start-up Name
• Custom Install Path
• System Hide File
• 4 Disablers
• NT Header
• File Persistence
• Melt File
• Bypass Firewall
• Bypass UAC
• Assembly Changer
• File Cloner
• Icon Changer
• 5 Different Output (.pif, .scr, .com, .exe, .bat)
• Extension Spoofer
• Build in AV Scanne
• Auto-Update
• Updated almost twice a week
• Dynamic HWID
• Private Version Starting From 21€ (Special Discount of 30%)
• 28€ for 40 days 21€ for 40 Days under 30% discount
• 50€ for 120 Days 35€ for 120 Days under 30% discount
• 65€ for 180 Days 45€ for 180 Days under 30% discount

On a PC with important/confidential data just dont surf nasty porn, dont load warez and dont visit useless flash gaming sites, dont download docx or PDF (there are exploits) from warez (for example ebooks).
+1 If you use linux
+1 If you use a virtualbox

Dont get me wrong, its not like the whole net is infected but there are standard ways how viruses are spread and you should know them.

[BitCoinExchanger]

Its a big Loss.
But....i think u ll not recover them bro.

[scribe]

So what would be the best way to make something secure, but still usable? (ie, not cold storage, I need to trade my coins on exchanges) My current plan is to buy a lightweight netbook, carry it with me all the time, put ubuntu and full-disk encryption on it, and only do bitcoin stuff from there.

A smartphone app that could scan paper wallets and initiate transactions would make paper wallets just as mobile as your netbook.  I don't know if that smartphone app is part of the present or part of the future, but I gather your netbook won't be powered on 24/7 so it's just as cold as paper when it's off.

The hardest part of using paper wallets is having to type the codes if you can't scan them.  Eliminate the typing, and they are very convenient.  They weigh far less than the netbook and can be given away IRL if you end up needing to give someone bitcoins.

Is that assuming your scanning device is secure? I have a paper wallet set up, but know nothing of what happens to the private key I scan in, memory/app-wise...

[l0ud]

Wow, wish there were anyway I could help - ATm I am looking for a way to retrieve a password I set on one of my BTC wallets a few weeks back but my loss of 60 BTC can't even compare.

I hope your situation turns out for the best.

[casascius]

Is that assuming your scanning device is secure? I have a paper wallet set up, but know nothing of what happens to the private key I scan in, memory/app-wise...

As long as you know you can spend it faster than anybody else, you're safe.  Paper wallets are worthless once the balance has been moved to another address.

It's really easy to test: simply try a transaction with some small sacrificial amount.  If it works, then you're probably safe.  If it gets stolen, at least your losses are very limited.  If you divide your holdings across multiple paper wallets and you're careful, then your risk should be limited to the balance of one paper wallet.  If you ever need to send more than one paper wallet's worth of funds somewhere, then do them back-to-back, verifying safe arrival of funds between each one: import - send - verify - import - send - verify - etc. rather than importing them all and risking they all get stolen at once.

[niko]

On the topic of virusscanners: Many of them report false positives on things like cracks.

This explains a lot.

[hashkey]

That's exactly why I'm working on bitcoin hardware wallet: https://bitcointalk.org/index.php?topic=122438.0 . Such theft with hacked machine and sniffed password would be impossible...

Hello slush I just happen to read an article just a while ago about your USB Wallet Project on bitcoinmagazine.net and it looks promising btw

[duckfeet]

Dude, turn off your computer, go to police and tech-savvy private investigators.

Best advice I've read on here!

[malevolent]

600 BTC (~$7000 at current rates) is a lot of money, I hope the thief made (or will make) some mistake along the way, I wish I could help but my knowledge of how the bitcoin/blockchain works is poor.

yep, for this bucks you can eventually get things moving even in russia^^.

I think the OP could try contacting the ISP or whoever administers that range of IP addresses (600 BTC is ca. 10x avg wage in Russia)
https://bitcointalk.org/index.php?topic=125641.msg1342936#msg1342936

[casascius]

Even if you knew who it was and had conclusive evidence that they were guilty, what exactly would you be able to do about it if they're in another country?

Pirateat40 lives in somebody's back yard, we know who he is, and nobody has collected a satoshi from him.  So what could be expected to come if someone were able to dig up some identity of somebody in Russia without any proof of guilt (knowing that even with proof of guilt, collection is unlikely)?

Paper wallets!  This is how you protect your bitcoins.  Just for fun, send 0.01 BTC to a paper wallet right now and then import it back.  Seeing it work is a valuable learning experience.

[slush]

Paper wallets!  This is how you protect your bitcoins.  Just for fun, send 0.01 BTC to a paper wallet right now and then import it back.  Seeing it work is a valuable learning experience.

Paper wallet work until you need to load coins back to hacked machine.

[malevolent]

Even if you knew who it was and had conclusive evidence that they were guilty, what exactly would you be able to do about it if they're in another country?

Pirateat40 lives in somebody's back yard, we know who he is, and nobody has collected a satoshi from him.  So what could be expected to come if someone were able to dig up some identity of somebody in Russia without any proof of guilt (knowing that even with proof of guilt, collection is unlikely)?

Ahh, Pirate
US is different from Russia where a scammer such as Pirate would be properly (or maybe a bit too severely but better than not at all) punished if the identity was known.
600 BTC might be enough for OP fly and bribe his way through to find the scammer (maybe with the help of the police after they have had received a generous tip).

[casascius]

Paper wallets!  This is how you protect your bitcoins.  Just for fun, send 0.01 BTC to a paper wallet right now and then import it back.  Seeing it work is a valuable learning experience.

Paper wallet work until you need to load coins back to hacked machine.

At least you'll only lose 1/10 of your coins, assuming you split them across 10 paper wallets, and that's assuming the hacker can redeem them faster than you.  If you are being actively keylogged while you redeem a paper wallet, and you click OK or hit enter before he has a chance to initiate the theft transaction, he still won't be able to steal.  The normal password trojan that logs keystrokes and sends logs periodically to the hacker is good for stealing passwords and credit card numbers but won't be of any use if the entered key becomes worthless moments after entry - he either has to be watching you in real time, or use more sophisticated malware adapted to detecting you entered a key and then preventing you from completing your transaction once you enter the key.

[BTCurious]

I've tried scanning with 2 different virusscanners, and neither seems to find a likely culprit.
Both of course mark all bitcoin miners as a potential threat, but clearly marked as "mining" or something like that.

At this point I'm giving up the search. Sorry about not being able to provide the details, but maybe being paranoid will be good for your security.

Also, my new netbook is spiffy ^_^

[MKEGuy]

Twitter, Facebook, google, Anonymous - The hacker group.

Offer them the reward.

Its gonna take a good hacker to find that person.  Anon loves bitcoin - they will for almost for sure help you.  You MAY get lucky and they will do it for a reduced fee because they like it so much.

Good luck to you.

[josephliton]

Witches and magic.