Bitcoin Forum
November 17, 2024, 01:06:16 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: PAY FOR INFORMATION - 600 BTC REWARD FOR IDENTITY OF HACKER  (Read 8919 times)
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 17, 2012, 06:08:48 PM
 #1

Dear all,

stupid as i am i allowed some hacker to somehow install a trojan horse on my pc where i stored some of my bitcoins. (around 2600), With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)

The hacker sent the bitcoins to the address: 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

http://blockchain.info/address/1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS


Of course i will have the police investigate, but they do not even know what bitcoin is.....
Maybe some of you are expert enough to track the bitcoins so the hacker can loose anonymity by selling them on some platform or similar.


At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address avolokova@bk.ru and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

If you have a hint that discovers the identity of this person so i can get the bitcions back, i offer a reward of 600 BTC or bitcoin equivalent.

Thanks

Liberty Payout
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
November 17, 2012, 06:14:09 PM
 #2

You will never get the coins back. Bitcoins is irreversible. This was a one time bang operation most likely that took place all the way in russia, I highly doubt the IP you have is even useful. Sorry man.
ingrownpocket
Legendary
*
Offline Offline

Activity: 952
Merit: 1000


View Profile
November 17, 2012, 06:23:59 PM
 #3

Good luck   Undecided
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 17, 2012, 06:50:45 PM
 #4

Everyone who has a stash of bitcoins this big:

You can avoid this problem in ONE EASY STEP by sending your bitcoins to paper wallets.  If you have bitcoins in a "hotwallet" (any wallet that is online), you should move them to a cold paper wallet today.

1. Go to BitAddress.org
2. Print yourself a dozen paper wallets
3. Send your bitcoins to the PRINTED addresses (not the ones on your screen).  Best if you divide them into 10-12 equal parts so you never have to put them all back online at once unless you intend to spend them all at once.
4. Put the paper somewhere safe.

REDEMPTION is easy.  Just create a temporary wallet at BlockChain.info.  Import the paper wallets via their private keys.  You can spend your coins immediately without having to wait for confirmation.

Skeptical?  Try it out with 0.01 BTC.


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
cunicula
Legendary
*
Offline Offline

Activity: 1050
Merit: 1003


View Profile
November 17, 2012, 06:55:45 PM
 #5

Another one bites the dust. This is why we need protocol modifications enhancing user security such as those I describe here:

https://bitcointalk.org/index.php?topic=115608.msg1319612#msg1319612

How many $10,000s plus casualties will it take before people see reason?

Your paper wallets are all well and good, but highly inconvenient. Security does not need to be inconvenient.
sebicas
Member
**
Offline Offline

Activity: 69
Merit: 20


View Profile WWW
November 17, 2012, 06:56:46 PM
 #6

IP: 178.177.115.229

Here you have the contact information for the IP Address
https://apps.db.ripe.net/search/query.html?searchtext=178.177.115.229#resultsAnchor

But as they mention before, it may be a Tor Exit node or another victim.
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4851



View Profile
November 17, 2012, 07:07:45 PM
 #7


If the thief isn't careful there might be some possibility that he will create a transaction that will move some of those coins he now owns (or give a receiving address associated with the stolen coins) to someone who can identify him , and with a huge amount of luck that person could end up being an honest person who is aware of the theft from this discussion.  This is highly unlikely, but from a blockchain standpoint there really aren't any better options.

Looking at the blockchain today, I can confirm at this point in time the thief seems to own the following addresses:
1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS
1PJHvJWKLH9qwaRKeyVS2rC5gfZMr344LB, 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12, 1EPwBwuxyfyQF9kwkwDLoqYw2vcxFCDSYa, 1MGpi8ChSTbDRTA7h3gHh89UGirvsXMCZ1, 1CoTHatdK7hEsZJvymuCNf7eQoApMCuJxo, 126ZVBxjad3BtATBXeeq3uZPcKn24zr4gf, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 15QUs9EGw283oisjzSF8XP28Kg4FVugveE, 14PnHT4YonpSzccX9GBpmkh4ohs8dDYDaN, 1BmSgffyC6WAJBBSJbXXodcvcw4cQsthW5

In addition the thief has received from or sent to the following addresses (many of which the thief may also own, but I am not able to confirm this yet).  If anyone happens to own any of these addresses (or know who does), then there is a good chance that they know who the thief is (or they also were stolen from):
1129ApiFKympPgHnzNnW8VNaDAYwgTEtMG, 126RfCopCdAS4qoZjTQPaufnvkDCmtsiwp, 12J8nM48ZNZMBaxFRBcyMbHhNkiPKCzQaY, 12Lt8DgTSwbDfQ5EKDkdoiX5czsJfSQcrK, 12r5PLeSPCcTFE78o1SbgaqUXoiY9LfWMV, 1322uvUdCME77yt8tQfkUAGpRtmRXf4EQp, 139TaFcXGJVuTDbR3TfpiGfiegt4jAFpiY, 13ja4sRDMG1uyAwxeAtV52dU4mtk8cHW73, 13XgASZP7N6pTMeyS5Sq8JeuCAkNzefnT7, 142qkA5L4sy1suDJRWfm6njmg3NPneqXmk, 14FSCmXntye2Hm9FGXnbBXiGiziKD41Zzb, 14KThQGAxVcqFLWF5QvESWPWoRqQ5L6i5z, 14oByZkGE9TxPMTeYZYzeNakJuSk7xWXa2, 1513U6VjSwhr3ZAAN3MnDnFHmcXY1HPWdF, 15bGw4QDZNqPPqFqV2kq3oAZB5r5dvUaER, 15GyGHvCUoG1KTPtycoVcqATGu4Ex4DVXo, 15kBvBLejU14VroJgdr863i1FqT6QkWB7U, 15UjaZJxjWdgB8jC6KivuuhbhbxoLuWwDm, 15yk8fiyuAXDTqGL8ekPCsNN7vX6dV6ALf, 163ZekxCzX7RKU49DUc4mda5knqNc3NF3z, 168NqBEoGjWbUwxhKXeCiALiGU8suxW1Ue, 16DnRquyKbsrGAPbp1Z8GxNctLia9t12Ee, 16mMWkKrERWVzAGWbnCxMFoAF9ghTB67MM, 17CLN16PvCdgTYzWKyuc3FjSu1nhGFtFEf, 17KJ3M8vBMNp7vBwwsGp33QN81jNXPa5u, 17m9n5uFTwK1Nfg9Py9STfGg3BNDvVwGyk, 17Vk6E3mNzfyTmZKpRWquKZGR51T7HEXiu, 18drKV9xUJNgKwWPQdpKYUspkKiHsob8xK, 18r9qqqMMtrx1i1xaH624uSFoRkQGqPK7x, 18vWaDD9djRFuZF672PfSzgN19Duvcivsj, 198hk8Qk8v7y2tRaxpE1iJU9fVkX6Tb7ph, 199Y5zwijtZbB6hE77MQxgG7vmDuD4Jv7Y, 19SQ9iFCGyKWeoxDktrVNczWkH6cQ3kmpV, 1A7SukLsFZDNezR2BX4LhJo73HJdBkH6Ua, 1AbY3D7VFRemePM2NgUTquQmAjXLKPg7XH, 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT, 1Ah5hZVevKbDcFLJiwxUTJs2BaySe9S1sV, 1ApkrEjJ5ByihAQZrJxqeau5P19HF8wPSw, 1BDWwDLNAUwAiaqJHvNmMKUNo1U4gbiRHA, 1Bn7XjuwZqScjgT7eytm8mpU8PEpCxXdMN, 1Byx2Wt8phzcuHf5XDZwoFqQq5nErxqrt, 1Cig4FxUY59xVJYeUaF8YtEyfbxDsfVkYm, 1CLVnMWEwzuGVcQ6L2WBoUJQFj3B9XeVmx, 1CMpywEPKTBBsWxccWkTk5tzizteyRG1WZ, 1Dm9XuD28BGYDxi5Rxt38S66ehRSZ2ajtV, 1EcFFZ7eykZQjw6LnDKiXg8NfjSUvqHKZE, 1EedaVtSyVrmkbbAx7iJQpUfFr5beeNHbY, 1Ff3XukPtmVtk9JFr8JVyRZ7rWKoKEY5TV, 1EgQM7unQm59oPm4F87ZRD6JwX4a9WGdTz, 1FbaMihMDCANJ6Xgxc7BgNroKXF1yrEho9, 1FbASjLhfbmF5eKJKzK3Cb55rCN1REuXSY, 1FRb654gcqj38rx9UadziGjLEs1fMSeFjD, 1FuzUfqkWrNaac3j6c8CiWmjCjRMiWjjFZ, 1FyVmocPa9wWwY5WjKtzHwrU8r1NkFE8h9, 1FzVCGK5n9tmj6hPFFffWnC8mjnWZL7bCn, 1FZVJD95CaDAheHCP6R9PiA2Jb4ojVhBSx, 1GjrbSXP1mYCoZbUnGjp5JGvPH4cNK8epK, 1H9QXBc3a4qkRgsLdD1BVoaVKm9UP5PWfa, 1HJ2U8ckG24UADWF1M6DEfnuUmMgcsURot, 1HV2sYHjAZEueYe5fF14CBEwQJ9Fawnaqo, 1Jo3M8W6F9ACiLRaAiZs3LMSZfnniCStPz, 1JoTxrqZAhWXTDFPoChKFk7hqDfmkC6tUG, 1JuTf9JFpV4wDYLSCKQZHF4hBX6edxr4R6, 1KGxAeHHALMnJPzGbSb6A6BxRLyrmhmgkQ, 1KNpeXAxx4qLctNv2XKVVCPoMPt2BmbH6o, 1KPy4EJFV8ZRgMDoZQ9usZKRrdq1eKGgeK, 1KXNoekZ8VjZrkrchr6UUVPbBfyGsXcQcr, 1LEJa3uDvwpZJTH7ygbV6Fjskfc3AZ7ns9, 1Lgq3bdysYJYBAJrvjKCXWgiP3kC7tgusE, 1LNqumVxZLpMmk2YAZv94dcoZgyG5FnN3J, 1LUAZUR3zFBaf3kxmpmD18gXCU68tQnTnK, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 1MUDnDKYbkMqZjDapcb69dct83xxwXkNp1, 1MZWEMTQAb1PPnNi2rFYLMakxHuGAkVK73, 1N2BPjxdD46AxYiWSLSvx1THG9xhzHNC2c, 1NePkjQCHgJ4u94qgS2WjQMqivTYrk2ZGA, 1NomJEEBXuUU2ioaqNdkYYY7PKqdwd3sUx, 1NTAA7itEJ9R8zgqCobi4JqJ4eC4ZtAr7c, 1P8edr8cDnnRxtU745V9w9am9DQbf287Cw, 1P9ZJaeAG6vY6XH29P1orTRk1JKm7TEaqf, 1Pkio2icGqKkghPHYREinMFFcuDN14s8A8, 1Pu6uF7A2DfuAsaxM637j3H1wtFKAGB2BV, 1q543G6muPvXJ6bXETJL3S7tuAthMtDkM, 1QAgtMUhna8dgM4HuhAuvtwSxXFMLMjgxq, 1y2PkvvtkkkV4uVZuePVuXmMUYHBWr4Zn

That being said, if a forensic team gains access to your hard drive their is probably a better chance of them finding useful information to track down the thief than the chance that the thief will engage in a transaction using one of these addresses with an honest person who happens to see this discussion.  (Both possibilities are so unlikely that you probably need to consider the coins gone).  I hope you get lucky though.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 17, 2012, 07:14:41 PM
 #8

Remember what software you run before being hacked. Also I have read in some forum members signature "Don't deal with Anna Volkova she will scam you" or something similar. I just cannot find the forum members profile but he probably knows much more including some contact details.

Meanwhile take a read about solution for lost coins here https://encyclopediadramatica.se/An_hero because you will not see them again. Trollolol

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
November 18, 2012, 12:12:59 PM
 #9

Here is where a new feature might just come in handy.. On the taint analysis the address of bitcointalk user nyana is tagged.



http://blockchain.info/address/18V845FZ8UnQNCDiSH1fE1xu6T4HHbJCUu

You could try PMing that user and seeing if they know anything about the address in question. It's a long shot but you never know.

MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 18, 2012, 12:18:08 PM
 #10

Don't follow the blockchain as it becomes useless if the mixing service is used. The luser should need someone who takes a look at the infected computer and server from what infection happened. Think different!

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 504


View Profile
November 18, 2012, 06:17:59 PM
 #11

Dear all,

stupid as i am i allowed some hacker to somehow install a trojan horse on my pc where i stored some of my bitcoins. (around 2600), With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)

The hacker sent the bitcoins to the address: 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

http://blockchain.info/tx/8d6602b0e8e4479d79e5dab0c35bdb4f7545513cb426411348ec1502413a8f80

Could you prove that you control at least one of the original addresses?
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 18, 2012, 06:43:38 PM
 #12

Yes i could prove this, i have a backup copy of the wallet.dat and everything is connected to me (my identity) via mtgox

augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 504


View Profile
November 18, 2012, 10:53:43 PM
 #13

Yes i could prove this, i have a backup copy of the wallet.dat and everything is connected to me (my identity) via mtgox

Please, prove it.
mralbi (OP)
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250



View Profile WWW
November 19, 2012, 11:27:33 AM
 #14

is this prove enough?
http://imageshack.us/photo/my-images/29/adressbook.jpg/

Otherwise you can come and see if i really possess the wallet.dat ;-)

I know the chances are very little to see the money again...



It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan

prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
November 19, 2012, 01:26:49 PM
 #15

is this prove enough?
http://imageshack.us/photo/my-images/29/adressbook.jpg/

Otherwise you can come and see if i really possess the wallet.dat ;-)

I know the chances are very little to see the money again...



It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan

In case you're not aware of it, you can prove ownership of any address by signing a message with the corresponding private key. You can use brainwallet.org to do this. You can also use the bitcoind's signmessage command.
reyals
Member
**
Offline Offline

Activity: 73
Merit: 10


View Profile
November 19, 2012, 03:30:05 PM
 #16

It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan
Link?  I see quite a few apprently legitimate links (I say legitimate because one normally doesn't charge for trojans) where did the bad copy come from?
DadoSovr
Newbie
*
Offline Offline

Activity: 54
Merit: 0



View Profile WWW
November 19, 2012, 03:35:12 PM
 #17

I do not think you be able to find it, however, I wish you good luck!
augustocroppo
VIP
Hero Member
*
Offline Offline

Activity: 756
Merit: 504


View Profile
November 19, 2012, 04:12:18 PM
 #18


No.

That is a screenshot of your address list. You can add or remove the addresses at any time. I recommend you to follow prezbo's suggestion:

In case you're not aware of it, you can prove ownership of any address by signing a message with the corresponding private key. You can use brainwallet.org to do this. You can also use the bitcoind's signmessage command.
MysteryMiner
Legendary
*
Offline Offline

Activity: 1512
Merit: 1049


Death to enemies!


View Profile
November 19, 2012, 10:24:38 PM
 #19

Quote
It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan
Why did You have that teamviewer installed? Did someone know the password for the connection or was given access to it at any point in past?

bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
jl2035
Full Member
***
Offline Offline

Activity: 146
Merit: 100



View Profile
November 19, 2012, 11:04:14 PM
 #20

There is probably some exploit for Team Viewer so he didn't have to know the password. If you have that kind of money on your wallet you are definetly a hot target.

JOIN Bitbiz bitbiz.io
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!