PAY FOR INFORMATION - 600 BTC REWARD FOR IDENTITY OF HACKER

[mufa23]

What version of Team Viewer? Where did you download it?

[mralbi]

just the standard version from teamviewer.com
i dont recall which exact version, but it was running 24/7 with permament IP

[mralbi]

this is the result of signing the message

"This is a test message"

on the public key 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g


Result:
G7SvfRszZfLipOXVvy8pGEgiRKcugumXb7Oo+8uvAX0RCqqAuhOuOcPk5JQHA7l4ulmsijgwmMAYEGHrrKPXPmg=


This should hopefully prove ownership of my (now empty) wallet.dat :-(



i had to run the teamviewer to access my data / computer network from outside, since i have several IT projects running (not only bitcoin mining) besides my full time job. Obviously this was a mistake. I now will pay a professional network security specialist to redo my whole IT setup. This costs a lot but will be cheaper than losing more bitcoins in the future


Still, for any hints to catch the guy, no matter how small the chances are, I will pay 600 BTC reward.

[prezbo]

this is the result of signing the message

"This is a test message"

on the public key 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g


Result:
G7SvfRszZfLipOXVvy8pGEgiRKcugumXb7Oo+8uvAX0RCqqAuhOuOcPk5JQHA7l4ulmsijgwmMAYEGHrrKPXPmg=

You always want to at least include your nickname in such a message. You could find something like this online and claim it was you that signed it. Or better yet, have someone else in this thread tell you what to sign.

[Jaw3bmasters]

....I now will pay a professional network security specialist to redo my whole IT setup....

Get some common sense while you're at it.

Machines hack machines. Hackers hack you.

[OpenYourEyes]

Do you have a copy of the trojan you installed?
If so it may be possible to 'decompile' it to find the IP/Email of where the key log results were being sent.

[mralbi]

well, the hard drive was erased, so i could not identify the program. But i am sure you fill find more information when you can log into the guys email:
 
avolokova@bk.ru

[augustocroppo]

There is something wrong about your allegations. You said the wallet.dat file was stolen from your computer by a Trojan horse. That means the thieves would have to extract the private keys from your wallet.dat file and then redeem the electronic coins.

The redemption occurred on 16 November 2012, 03:28:22:

http://blockchain.info/tx/8d6602b0e8e4479d79e5dab0c35bdb4f7545513cb426411348ec1502413a8f80

Received Time 2012-11-16 03:28:22

You alleged that Bitcoins in your Mt.Gox were also stolen on the same date:

At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address avolokova@bk.ru and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

At that time, you would not have had access to your computer files because the hard drive was completely erased:

well, the hard drive was erased, so i could not identify the program. But i am sure you fill find more information when you can log into the guys email:

When required to prove you are controlling the address listed in the alleged transaction, you provided a screenshot showing your address list. Moreover, you also indicated that you became aware that the Trojan horse was inserted in your computer by the software Teamviewer:

is this prove enough?
http://imageshack.us/photo/my-images/29/adressbook.jpg/

It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan

This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?

[prezbo]

When required to prove you are controlling the address listed in the alleged transaction, you provided a screenshot showing your address list.

To be fair, he did also provide a signature for address 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g, from which ~2600 coins were transfered.

This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?

EDIT:

The IP 178.177.115.229 from the Mt.Gox log did not relayed any transaction:

http://blockchain.info/ip-address/178.177.115.229

He could have his wallet.dat backed up somewhere, and import it on a different computer. That would explain 1. and 3., at least.

[Jaw3bmasters]

This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?

Poor guy. Lost his coins now this....

[mralbi]

Oh come on!


I have a home network of several (14) more or less high-end computers, which i need for various tasks, not only for bitcoin. The wallet was stored at three places, on my bitcoin mining server plus on my laptop (which was the access point for the hacker) and i also have a backup copy of my wallet.dat on a USB stick totally offline from all IT infrastructure i have. Via TeamViewer all PCs were connected, so the hacker managed to delete the wallet.dat on my mining server AND on my laptop.

Even though my hard drive was erased, i still had a copy of the wallet.dat on my offline storage and i could make a screenshot after reloading this wallet in my newly setup computer. Even though 2600 were stolen from my local wallet, this was luckily "only" the minor part, since I stored the rest at other "offline" places or for example simply on my MtGox account.


Still, losing 2600 BTC + the 200 from MtGox is also for me quite a lot of money, but why the hell should this be inconsistent. I know these coins will be lost forever, nevertheless i was hoping that some more skilled person than me might be able to help me for what i am offering a reward of 600 BTC.

[mufa23]

What if you are an attention whore, and you stole your own Bitcoins?

For a guy that just lost 30 grand, you don't seem to care.

just the standard version from teamviewer.com
i dont recall which exact version, but it was running 24/7 with permament IP

If I lost that much, I'd be doing my best to figure out what was in charge of my 30k. Also wondering how someone knew I had Bitcoins, and that I was running Team Viewer. How did they know where to look? You story doesn't sound very convincing

[reyals]

I'm still a bit unclear... so it wasn' really a trojan but he was able to just walk in the front door using your remote admin software?
what makes you think this?

i had to run the teamviewer to access my data / computer network from outside, since i have several IT projects running (not only bitcoin mining) besides my full time job. Obviously this was a mistake. I now will pay a professional network security specialist to redo my whole IT setup. This costs a lot but will be cheaper than losing more bitcoins in the future

How much you paying?

[augustocroppo]

I have a home network of several (14) more or less high-end computers, which i need for various tasks, not only for bitcoin. The wallet was stored at three places, on my bitcoin mining server plus on my laptop (which was the access point for the hacker) and i also have a backup copy of my wallet.dat on a USB stick totally offline from all IT infrastructure i have. Via TeamViewer all PCs were connected, so the hacker managed to delete the wallet.dat on my mining server AND on my laptop.

The wallet.dat file was used at the same time by the server's Bitcoin client and the laptop's Bitcoin client?

Even though my hard drive was erased, i still had a copy of the wallet.dat on my offline storage and i could make a screenshot after reloading this wallet in my newly setup computer. Even though 2600 were stolen from my local wallet, this was luckily "only" the minor part, since I stored the rest at other "offline" places or for example simply on my MtGox account.

You did not explain how you managed to discover the deposit address used by the thieves. When you discovered the erased hard drive? Please, provide an accurate date and time. From that point, how did you managed to recover the wallet.dat file?

[legitnick]

Running windows and bitcoin is not a good idea..

[mralbi]

well...no further comment, as already stated earlier, i had a backup copy of my wallet "offline" (and i still have). And regarding the timing....(for whatever reason this is so interesting) It took me 30 min to reinstall windows, 5 min to download the bitcoin client, 2 min to reinsert the wallet from my backup copy and about 6 hours or so for the blockchain to be downloaded again and tadaaa, i could see the address where my bitcoins went to. The time of the stealing can easily be seen in the blockchain, it was thursday to friday early in the morning, but i still dont understand why this is such a problem to understand, to say "i invented the whole shit because i want to get some attention" is just laughable.

I could get some useful tips here and thanks to all constructive comments

Actually i invested quite a lot of time and resources into this bitcoin project, not because i think it is a "get rich quick" scheme. (At the moment it is more a getting poor quick scheme), but because it is one of the greatest inventions ever and i still believe in the concept. And yes, it was my fault to run windows machines and yes, now i know that wallet encryption does not help against keyloggers.

I will simply resetup my IT stuff together with some expert, (I agreed to give him 300 euro for his services) and life has to go on...  Still, for any tipps that could identify the guy, the reward is still valid

[nomnomnom]

i had to run the teamviewer to access my data / computer network from outside

It could also be that the computer you used to access your teamviewer connection got compromised
and the thief got in that way, I would take a close look at the computer you used for remote access.

Maybe its time that we setup some honeypots for bitcoin malware...

[CharlieContent]

mralbi, don't worry about AugustoCroppo. He's the resident oddball.

He is very, very jealous of those who have (or in your case, had) more Bitcoins than he does.

I once mentioned how many coins I control. Months later, AugustoCroppo went through my post history, found the post and demanded that I prove I genuinely have control of the coins.

The guy is a psycho and best ignored. Sorry about your coins.

[jl2035]

Running windows and bitcoin is not a good idea..

Running windows is not a good idea at all..

[Jaw3bmasters]

Running windows is not a good idea at all..

Blasphemy!