elux
Legendary
 Offline
Activity: 1458
Merit: 1006
|
 |
November 22, 2012, 01:00:33 PM |
|
There is something wrong about your allegations. You said the wallet.dat file was stolen from your computer by a Trojan horse. That means the thieves would have to extract the private keys from your wallet.dat file and then redeem the electronic coins.
Err... Do you happen to think that BTCurious is lying as well? I am reporting a hack as well, by the same email. Most exchange accounts were protected by google authenticator, these seem okay. I've lost 100 Bitcoins on one account that didn't offer GA, and one got compromised but didn't suffer losses.
Still investigating method of attack.
Edit: My harddrive has not been erased.
What about Cdecker: (More than 8000 BTC stolen.) Still reconstructing everything that happened, but it seems that broadband-178-140-220-181.nationalcablenetworks.ru [178.140.220.181] was able to log into my machine: Sep 28 20:45:36 nb-10391 sshd[19170]: reverse mapping checking getaddrinfo for broadband-178-140-220-181.nationalcablenetworks.ru [178.140.220.181] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 28 20:45:37 nb-10391 sshd[19170]: Accepted publickey for cdecker from 178.140.220.181 port 28384 ssh2
Sep 28 20:45:37 nb-10391 sshd[19173]: subsystem request for sftp by user cdecker Same happened a few minutes later on my machine at home (my bash history must have told him were to find it), and from there he must have been able to find my wallet backup (which is really old, but was kept unencrypted, so any key that was in there is compromised). I'll write everything down and file a report, we'll see how open to technology the swiss police are  I'm scared. |
|
|
|
|
|
|
|
|
|
|
|
|
|
"The nature of Bitcoin is such that once version 0.1 was released, the
core design was set in stone for the rest of its lifetime." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
augustocroppo
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
November 26, 2012, 05:20:29 AM |
|
well...no further comment, as already stated earlier, i had a backup copy of my wallet "offline" (and i still have). And regarding the timing....(for whatever reason this is so interesting) It took me 30 min to reinstall windows, 5 min to download the bitcoin client, 2 min to reinsert the wallet from my backup copy and about 6 hours or so for the blockchain to be downloaded again and tadaaa, i could see the address where my bitcoins went to. The time of the stealing can easily be seen in the blockchain, it was thursday to friday early in the morning, but i still dont understand why this is such a problem to understand, to say "i invented the whole shit because i want to get some attention" is just laughable. Is not a problem to understand. You just did not explained how exactly happened in the first post. Therefore I made relevant questions. I do not think you invented this event to obtain attention. I am sorry if I sounded suspicious. I am very skeptical regarding the theft of Bitcoins. |
|
|
|
|
FlipPro
Legendary
Offline
Activity: 1764
Merit: 1015
|
|
November 26, 2012, 05:23:35 AM |
|
Sad story... MTGOX /w Yubikey would have been safer to use in this case.
|
|
|
|
|
|
mralbi (OP)
|
|
January 22, 2013, 10:17:29 PM |
|
dear all, i have received NEW important information in this issue the hacker also owns the key 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT and his "real" email address is sam.rankin@me.comhe used IP address 97.106.160.84 on 2012-10-05 at 20:51:51 he used to mine on deepbit, but they do not hand out any info about their users and do not answer to my mails. Maybe one of your guys are smart enough to get any useful information about this case the 600 BTC reward are still available |
|
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4613
|
|
January 23, 2013, 12:00:20 AM |
|
dear all,
i have received NEW important information in this issue . . .
I can see here that the thief who controls 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS also controls 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12 http://blockchain.info/tx/7e1455f12fdbb7119fe350edb1410f2e1cdff723c15b7e2d9acb8568124e1bb5And I can see here that the thief who controls 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12 received bitcoins from someone who controls 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT http://blockchain.info/tx/83d2fd573e5ce47fca38bc3895356b8ed4a6b98a4c2b49c030dd0444a2ac506fBut I'm not sure how you determined that the person who controls 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT is also the person who controls 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS It certainly is possible that Mr. Rankin is the thief and sent bitcoins to himself, but isn't it also possible that the thief is someone else and received bitcoins form Mr. Rankin (or stole bitcoins from Mr. Rankin)?  |
|
|
|
|
|
Herodes
|
|
January 23, 2013, 05:00:55 AM |
|
You may want to set up a wiki so people can colaborate in finding information in this case. With many eyes looking, there may be a higher chance of finding the thief.
Best wishes.
|
|
|
|
|
|
Red Emerald
|
|
January 23, 2013, 05:23:08 AM |
|
dear all,
i have received NEW important information in this issue
...
the 600 BTC reward are still available
How did you get this information? You can't just drop an email address and not say why you believe this is the guy. |
|
|
|
|
Nolo
|
|
January 23, 2013, 05:37:11 AM
Last edit: January 23, 2013, 06:59:19 AM by Nolo |
|
Extrapolating from the information OP has made public: Samuel Patrick Rankin (about age 41) previously lived in the Scottsdale Arizona area. He works in the field of semiconductors. He has patented a "current to voltage converter" (whatever that means). This same Samuel P. Rankin also attended the University of Nebraska at Lincoln where he studied Physics. The IP address that has been posted, appears to originate out of Tampa, FL. This guy works (or worked) for Linear Technology Corporation and Medtronic, Inc. Those are two companies whom the patents he invented are assigned to. This guy's father is Samuel H Rankin (age 70) and lives in Chadron, NE. Scott Vernon was his co-inventer on one of the patents. Here is his linkedin page with a picture. http://www.linkedin.com/pub/scott-vernon/54/901/b?trk=pub-pbmapHere is Rankin's LinkedIn page but no picture: http://www.linkedin.com/profile/view?id=5046482&authType=name&authToken=gERZ&gobackIt says he still works at Linear Technology. He is a Senior Design Engineer. Corporate Headquarters: 720 Sycamore Dr. Milpitas, CA 95035-7417 Phone: 408-432-1900 He also studied Physics at Arizona State University. Brendan Rankin has extensive experience with FPGAs and ASICs. (Something that might have led him into the bitcoin scene.) His father is dead, and Brendan and Samuel are brothers. Here is his father's obituary: RANKIN, Dr. Samuel H. age 70 of Huber Heights, passed away September 30, 2012. He was born September 25, 1942 in Dayton to the late Samuel H. and Jane E. Rankin. In addition to his parents, Sam was preceded in death by an infant brother, Tom; and grandsons: Remington and Camden Rankin. Sam is survived by his wife of 44 years, Sharon (Altendorf) Rankin, whom he married at Holy Angels Church in Dayton in 1968; children: Brendan (Pilar) Rankin, Sam (Vicky) Rankin, David (Tracy) Rankin and Mary (Aaron) Tucker; grandchildren: Robert, Laura, Allen, Grace, Claire, Lyndsie and Ashton; sisters: Peggy (Tom) Weckesser, Mary Ellen (Robert) Davis, Rita (Kurt) Rinehart and Sally (Don) Carter; many nieces, nephews and dear friends. Sam attended St. Agnes elementary school, Brunnerdale High School Seminary, St. Josephs College in Indiana, University of Wyoming, where he received his Master's Degree in History. He taught high school for one year in Delano, California and one year at Walnut Hills High School in Cincinnati. He completed his PhD in History at Kent State University. At Valley City State College in North Dakota, he served as a Professor of History and then Vice President for Academic Affairs. He served as Vice President for Academic Affairs at Eastern Montana University in Billings, MT. Sam was very proud to lead Chadron State College in Chadron, Nebraska as President for 12 years. During his tenure he was praised and respected for his many accomplishments. He was fortunate to return to his passion of teaching for 9 years before his retirement. Post retirement, he said often that he failed at retirement. He continued to teach online courses in History for Chadron State College and served as consultant for the Higher Learning Commission. He was on the Board of Directors for National American University. Sam was a loving husband, father, grandfather and brother. He was generous beyond his means and was known for his quick wit and dry sense of humor. Mass of Christian Burial will be held at 11:00 am on Thursday, October 4, 2012 at St. Peter Catholic Church, 6161 Chambersburg Road, Huber Heights, where the family will receive friends for one hour prior to the service, from 10:00 am to 11:00 am. Father Robert Hadden Celebrant. Contributions may be made in Sam's memory to the Pancreatic Cancer Action Network, 1500 Rosecrans Avenue, Suite 200, Manhattan Beach, California 90266 or pancan.org. To send a special message to the family, please visit www.NewcomerDayton.comThe obituary points out that Sam now lives in Phoenix with his wife Vicky. Here is his wife's facebook page: https://www.facebook.com/vicky.k.rankinShe graduated from Hanover College in 1993. She donates to the school. Here is their address and property tax information: http://mcassessor.maricopa.gov/Assessor/ParcelApplication/Detail.aspx?ID=214-50-116Looks like their home currently appraises for about $120,000. They purchased it in 1998 for $146,000. Bad investment it looks like. Although that is just the property tax assessment, so the real market value might be much higher. In fact it looks like Zillow puts a value of about $177k on it, and realtor.com puts a value of about $207k on it. http://www.realtor.com/realestateandhomes-detail/1826-E-Sheena-Dr_Phoenix_AZ_85022_M14205-84656?source=webHere's the deed to his house: http://156.42.40.50/UnOfficialDocs/pdf/19980647620.pdfI want to put out the disclaimer: All of this information is freely available on the internet. I have no knowledge of any wrongdoing by this individual, and I am certainly not accusing this individual of any wrongdoing. mralbi asked for information on someone associated with the email address sam.rankin@me.com. All I have done is provide information on whom I believe is associated with this email address. |
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
|
Nolo
|
|
January 23, 2013, 06:48:01 AM |
|
With respect to my post above, I believe I have met the requirements of OP's first post: If you have a hint that discovers the identity of this person so i can get the bitcions back, i offer a reward of 600 BTC or bitcoin equivalent. I relied on the information provided in OP's subsequent post as a starting off point: the hacker also owns the key 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT and his "real" email address is sam.rankin@me.comhe used IP address 97.106.160.84 on 2012-10-05 at 20:51:51 he used to mine on deepbit, but they do not hand out any info about their users and do not answer to my mails. Maybe one of your guys are smart enough to get any useful information about this case the 600 BTC reward are still available Everything else was just tracking one lead after another. My analysis being correct, of course depends on OP's statement of his real email address being correct. Here is my bitcoin address: 19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC I'm very happy to have been able to have helped you  |
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
|
mralbi (OP)
|
|
January 23, 2013, 07:26:15 AM |
|
ok thank you so far, I will check the traces. The connection between the keys came from bitmarket.eu data which should be sufficiently acceptable as proof before court. But how accurate is this information? I mean is it SURE that the personal information posted above is PROVABLY connected to the email address? Or was ist just a name search? (I mean I could also easily create an email adress sam.ranking@gmail.com or whatever) |
|
|
|
|
Nolo
|
|
January 23, 2013, 03:41:38 PM |
|
ok thank you so far, I will check the traces. The connection between the keys came from bitmarket.eu data which should be sufficiently acceptable as proof before court. But how accurate is this information? I mean is it SURE that the personal information posted above is PROVABLY connected to the email address? Or was ist just a name search? (I mean I could also easily create an email adress sam.ranking@gmail.com or whatever) Samuel Rankin used that email address you provided to register with Pandora and Vimeo when he was living in Scottsdale AZ. I guess my question is, where did you get that email address from? |
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law.
19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4613
|
|
January 23, 2013, 03:48:10 PM
Last edit: January 24, 2013, 10:18:14 PM by DannyHamilton |
|
You may want to set up a wiki so people can colaborate . . .
+1 I've got a list of over 901 addresses (I suspect that many of them are change addresses that were only used once and don't even show up in the user's wallet user interface if they are using Bitcoin-Qt) that almost certainly belong to the same person as 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT. It's going to be a mess to read as a forum post, but if there were a wiki, I'd add the list there. In the mean time, if anyone wants the list get me your email address and I'll send it to you. If more of these addresses can be tied to the same person it would seem to increase the certainty of identity. |
|
|
|
|
|
Grouver (BtcBalance)
|
|
January 23, 2013, 04:16:54 PM |
|
If bitcoins becomes even more used the Bitcoin developers should serious take a look into a the keyloggers problem.
Yes now the wallet is encrypted with a password... but that doesn't mean shit if your infected with a keylogger.
A virtual keyboard sucks IMHO.
|
|
|
|
|
Herodes
|
|
January 23, 2013, 07:15:40 PM |
|
If bitcoins becomes even more used the Bitcoin developers should serious take a look into a the keyloggers problem.
Yes now the wallet is encrypted with a password... but that doesn't mean shit if your infected with a keylogger.
A virtual keyboard sucks IMHO.
Isn't two-factor something that's already been implemented, or already worked on ? Ie. you want to send coins, and then you have to use two devices to do it ? |
|
|
|
|
elux
Legendary
Offline
Activity: 1458
Merit: 1006
|
|
January 23, 2013, 07:32:35 PM |
|
If bitcoins becomes even more used the Bitcoin developers should serious take a look into a the keyloggers problem.
Yes now the wallet is encrypted with a password... but that doesn't mean shit if your infected with a keylogger.
A virtual keyboard sucks IMHO.
Isn't two-factor something that's already been implemented, or already worked on ? Ie. you want to send coins, and then you have to use two devices to do it ? Feature request: Can we have 2-factor authentication for Bitcoin-Qt plz. |
|
|
|
|
|
mralbi (OP)
|
|
January 23, 2013, 11:31:59 PM |
|
the email address (and the IP) i got also from the bitmarket.eu database of users. Of course first idea i had was write an email to this address and ask directly, but of course he did not get an answer.
Ok thanks a lot, i will check this guy asap
|
|
|
|
21after2
Member
Offline
Activity: 112
Merit: 16
|
|
January 23, 2013, 11:36:13 PM |
|
the email address (and the IP) i got also from the bitmarket.eu database of users. Of course first idea i had was write an email to this address and ask directly, but of course he did not get an answer.
Ok thanks a lot, i will check this guy asap
Good luck! |
|
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
January 24, 2013, 02:51:39 AM |
|
Isn't two-factor something that's already been implemented, or already worked on ? Ie. you want to send coins, and then you have to use two devices to do it ?
It is very high on the priority list, yes. Miners already support it, but there are still a couple of steps to go before you can create a wallet split between Bitcoin-Qt running on your desktop computer and an app running on your iPhone. |
How often do you get the chance to work on a potentially world-changing project?
|
|
|
|
foo
|
|
January 24, 2013, 04:14:21 AM |
|
The connection between the keys came from bitmarket.eu data which should be sufficiently acceptable as proof before court.
Interesting... So the thief funneled some of the money stolen from mralbi through bitmarket.eu, but didn't count on mralbi buying BitMarket and getting access to the database.  |
I know this because Tyler knows this.
|
|
|
|
