I got hacked , All my Bitcoin and Litecoin lost

[bitasset]

All my BTC and LTC lost because someone hacked my Macbook, It was a personal attack.
The hacker knows my phone number, name, email , job etc...


My coins sent to the those addresses:

17FHzpKeoYmqz3p568VxZa8Mvn5NCs9S3S
LPpQavpYVkzBvC2k9n4TBCTpN2KVwEJHez

https://blockchain.info/address/17FHzpKeoYmqz3p568VxZa8Mvn5NCs9S3S
http://ltc.blockr.io/address/info/LPpQavpYVkzBvC2k9n4TBCTpN2KVwEJHez

Hacker's file https://mega.nz/#!CRZHmBSQ!WsKeUFKAkieEHZhAsLs8j6kWvcG0AoSgK1a0pRyoLO0


1. 13 days ago I got email from aignat@interactivebrokers.com
 I checked the email address , that was NOT fake
https://i.gyazo.com/875f50c9f0898a8e29c410a06686fb3e.png
the original email https://i.gyazo.com/dc0556b4449bb81c368243b793d77772.png

2.the attacker offered me a consultant job
https://i.gyazo.com/2f0ad8c60ba2588126f84d4960ff7145.png
https://i.gyazo.com/6d4938b4236d11749bcfbbbfd5d6d644.png

3.I'm pretty interested, So I accepted that job,and downloaded a .doc file to apply the job.
https://i.gyazo.com/6bb54deb24785b552a61944d0667c274.png

4.Then a woman call me from a blocked number and he asked me to read the presentation file.
so I downloaded a .PPS file (IB_cooperation_offer_presentation.zip)
 It was some command line on my Mac when I open it.
I did not know it was virus.
https://i.gyazo.com/3d2f5226bc8554986434a21ae6f719e9.png

5. I told him I cannot open the file, so He asked me download some IBM Maas360 Secure Document Sharing Suite https://i.gyazo.com/bd3cf207c4c463fa4f4df9054367f207.png

6.So I downloaded and installed that app file , then got this email https://i.gyazo.com/90a1f77eb5230e70bc74381e2daed00e.png
All my coins was transfered to hackers addresses , and blockchain files removed



Our IT specialists have prepared a personal account for you and assigned sufficient privileges to one of our secure storages:
username: yanpeng password: 0DSdj1xczI932
To activate your IBM Maas360 Secure Document Sharing Suite account you need:
        1. Download MaaS360 client:
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_Win(x64).zip SHA-1: 6c57bcf4f858c0a2e6cbdf0686bab4398e0d46a9
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_OS_X.zip SHA-1: 4e5204b4dffc408d04dcbb811a78c08cf6d0f724
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_Linux(x64).tar.gz SHA-1: c3008e8b4bf6c277ea714a992cdea662c8e54380
     2. log in using the account for the MaaS360 client:
username: user35 password: dfhjDShd98ja
    3. After that you will see the tab named "Documents" where you can see the files that you are allowed to access.
Also there is a tab named "Tasks". You can familiarize with details of the start tasks '#3057 Tasks - Stage 1' there.
Please note, that after the first sign in to the Maas360 you'll need to set up a new password.
PS. You could download the latest version of the presentation and other documents in .PDF via the Maas Documents tab.



Please help me if you can. I live in Vancouver, BC, how to contact cyber police ? or some security experts can help me here ?
Is it possible to get my coins back ?

[1714623788]

1714623788

[1714623788]

1714623788

[1714623788]

1714623788

[1714623788]

1714623788

[OROBTC]

...

bitasset

I am sorry that I am unable to help.  My *guess* is that it will be impossible or nearly so to get your coins back.

There is no Cyber Police that I know of.  You might try contacting your local police however, especially if there is a chance that the thief might be someone that you know or a local...  The sooner you report the theft, the better, although most such thieves just send the BTC on and on and on...

There may be expert hackers HERE at bitcointalk who might help, but I know ZERO about that.

The big lesson to be learned, by all of us (myself most definitely included) is to be extremely cautious with your computer.  I lost some BTC to a clever little scam once.  Ahh, I was NOT cautious...

I likely speak for all of us here: Best of luck to you in getting them back.

[adamstgBit]

time is of the essence!
if you encrypted your wallet with a strong password there's a good chance that hacker has not yet burt forced your password
quiclky go find a backup of your wallet and import it in blockchain.info and move your coins out of there!

[7788bitcoin]

This is clearly a phishing scam! If these are true, I guess there is no way for you to get back your coins unless the hacker decided to give them back to you. This is the disadvantage of no-charge back feature of bitcoin, even though the transaction was not initiated by the owner.

[bitasset]

time is of the essence!
if you encrypted your wallet with a strong password there's a good chance that hacker has not yet burt forced your password
quiclky go find a backup of your wallet and import it in blockchain.info and move your coins out of there!

My wallet encrypted,  but all my coins transfered to hackers address already.

[adamstgBit]

time is of the essence!
if you encrypted your wallet with a strong password there's a good chance that hacker has not yet burt forced your password
quiclky go find a backup of your wallet and import it in blockchain.info and move your coins out of there!

My wallet encrypted,  but all my coins transfered to hackers address already.

oh i thought for a sec they only stole your wallet
how did they get your password you encrypted with?

[bitasset]

time is of the essence!
if you encrypted your wallet with a strong password there's a good chance that hacker has not yet burt forced your password
quiclky go find a backup of your wallet and import it in blockchain.info and move your coins out of there!

My wallet encrypted,  but all my coins transfered to hackers address already.

oh i thought for a sec they only stole your wallet

how did they get your password you encrypted with?

I opened .pps and IBM Mass app

 https://mega.nz/#!CRZHmBSQ!WsKeUFKAkieEHZhAsLs8j6kWvcG0AoSgK1a0pRyoLO0

[JasonXG]

Well firstly it's hard for me to feel bad for you since, you haven't even mentioned where or how you found this job and you claim they have your info yet fail to explain why ? Also you downloaded a file from a website without a domain, then you get a warning from your browser then you warned not to download the file but you still went ahead and did it anyway. I don't think anyone can help you since you not explaining anything at all.

[bitasset]

Well firstly it's hard for me to feel bad for you since, you haven't even mentioned where or how you found this job and you claim they have your info yet fail to explain why ? Also you downloaded a file from a website without a domain, then you get a warning from your browser then you warned not to download the file but you still went ahead and did it anyway. I don't think anyone can help you since you not explaining anything at all.

I did not know how they know my personal information.  and I did not get any warning when I download or open files.

[smracer]

How did they get your encrypted password?  Did you have the password written on a sticky pad?

Is this where you downloaded the files from?

https://whois.icann.org/en/lookup?name=waste4energy.com

I wonder if that domain owner knows anything?  The server might be hacked though.

5.149.250.232   United Kingdom    England   London
ISP   Organization   Latitude   Longitude
Fortunix Networks L.P.   Not Available    51.508529663086   -0.12574000656605

[iHaveDreams]

All my BTC and LTC lost because someone hacked my Macbook, It was a personal attack.
The hacker knows my phone number, name, email , job etc...


My coins sent to the those addresses:

17FHzpKeoYmqz3p568VxZa8Mvn5NCs9S3S
LPpQavpYVkzBvC2k9n4TBCTpN2KVwEJHez

https://blockchain.info/address/17FHzpKeoYmqz3p568VxZa8Mvn5NCs9S3S
http://ltc.blockr.io/address/info/LPpQavpYVkzBvC2k9n4TBCTpN2KVwEJHez

Hacker's file https://mega.nz/#!CRZHmBSQ!WsKeUFKAkieEHZhAsLs8j6kWvcG0AoSgK1a0pRyoLO0


1. 13 days ago I got email from aignat@interactivebrokers.com
 I checked the email address , that was NOT fake
https://i.gyazo.com/875f50c9f0898a8e29c410a06686fb3e.png
the original email https://i.gyazo.com/dc0556b4449bb81c368243b793d77772.png

2.the attacker offered me a consultant job
https://i.gyazo.com/2f0ad8c60ba2588126f84d4960ff7145.png
https://i.gyazo.com/6d4938b4236d11749bcfbbbfd5d6d644.png

3.I'm pretty interested, So I accepted that job,and downloaded a .doc file to apply the job.
https://i.gyazo.com/6bb54deb24785b552a61944d0667c274.png

4.Then a woman call me from a blocked number and he asked me to read the presentation file.
so I downloaded a .PPS file (IB_cooperation_offer_presentation.zip)
 It was some command line on my Mac when I open it.
I did not know it was virus.
https://i.gyazo.com/3d2f5226bc8554986434a21ae6f719e9.png

5. I told him I cannot open the file, so He asked me download some IBM Maas360 Secure Document Sharing Suite https://i.gyazo.com/bd3cf207c4c463fa4f4df9054367f207.png

6.So I downloaded and installed that app file , then got this email https://i.gyazo.com/90a1f77eb5230e70bc74381e2daed00e.png
All my coins was transfered to hackers addresses , and blockchain files removed



Our IT specialists have prepared a personal account for you and assigned sufficient privileges to one of our secure storages:
username: yanpeng password: 0DSdj1xczI932
To activate your IBM Maas360 Secure Document Sharing Suite account you need:
        1. Download MaaS360 client:
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_Win(x64).zip SHA-1: 6c57bcf4f858c0a2e6cbdf0686bab4398e0d46a9
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_OS_X.zip SHA-1: 4e5204b4dffc408d04dcbb811a78c08cf6d0f724
https://5.149.250.232/yanpeng/Software/Maas360_Secure_Sharing.v1.84_Linux(x64).tar.gz SHA-1: c3008e8b4bf6c277ea714a992cdea662c8e54380
     2. log in using the account for the MaaS360 client:
username: user35 password: dfhjDShd98ja
    3. After that you will see the tab named "Documents" where you can see the files that you are allowed to access.
Also there is a tab named "Tasks". You can familiarize with details of the start tasks '#3057 Tasks - Stage 1' there.
Please note, that after the first sign in to the Maas360 you'll need to set up a new password.
PS. You could download the latest version of the presentation and other documents in .PDF via the Maas Documents tab.



Please help me if you can. I live in Vancouver, BC, how to contact cyber police ? or some security experts can help me here ?
Is it possible to get my coins back ?

So SAD to hear this shit happens.
yeah you need keeping saving your money with high security.
Make different data (password) web site to website.
All the best mate  

[adamstgBit]

time is of the essence!
if you encrypted your wallet with a strong password there's a good chance that hacker has not yet burt forced your password
quiclky go find a backup of your wallet and import it in blockchain.info and move your coins out of there!

My wallet encrypted,  but all my coins transfered to hackers address already.

oh i thought for a sec they only stole your wallet

how did they get your password you encrypted with?

I opened .pps and IBM Mass app

 https://mega.nz/#!CRZHmBSQ!WsKeUFKAkieEHZhAsLs8j6kWvcG0AoSgK1a0pRyoLO0

opening an app doesn't give away the password, you had to type it in somewhere.

i guess you used the same password for your wallet as you do for everything else, this is a bad practice which makes you very vulnerable.

[adamstgBit]

sorry for your loss, once the coin move out of your control there's no getting them back. nothing can be done. its unclear how to proceed... i guess your next step would be to call the police and tell them you got robbed, maybe you'd get some kind of tax break or somthing? idk.

[TastyChillySauce00]

i thought this kind of email will be automatically getting considered as spam because you're using gmail which have good security for their users
if you suddenly get a job offers, or anything which you don't even get bother with it before, don't open it

[BitcoinNewsMagazine]

Sorry for your loss:( Sounds like malware stole the wallet.dat files and attackers either brute forced the password or caught it by a keylogger. What bitcoin and litecoin wallets were you using? 

[smracer]

These files are all still up.

http://5.149.250.232/yanpeng/index.php?dir=Software%2F

username: yanpeng password: 0DSdj1xczI932

[adamstgBit]

holy fucking shit 425 BTC and 39,612 LTC

[pooya87]

i thought this kind of email will be automatically getting considered as spam because you're using gmail which have good security for their users
if you suddenly get a job offers, or anything which you don't even get bother with it before, don't open it,making domain like interactivebrokers.com is very easy,and i think there's no way to recover it because the btc already transferred to scammer's address

sending an Email from a legit email address is not unheard of (it is possible) and it is called Email spoofing. i asked this question a while back on reddit, you can check the answer here: https://redd.it/3ca082

to OP, check the headers of the emails you have received from them, they contain some information that you might find useful in finding the hacker(s).

[BellaBitBit]

holy fucking shit 425 BTC and 39,612 LTC

oh man that is a lot of btc and ltc.  I am very sorry to hear this and I hope your investigation can find something.  Sometimes I wonder how many "job offers" that require you to apply with information about yourself are used by scammers/hackers to get into your computer.  Someone had to have known there was this amount of btc and ltc on your pc.  Have you ever indicated anywhere online how much you have?  I am always surprised when people respond to the "how many bitcoin do you have" posts, seems like an open door to the beginning of a hack through fishing.

[~Bitcoin~]

I might die if i lost 425 btc like you but i don't have that much. However now i will only store high amount of coin in a paper wallet printed one not stored in my laptop. And 2 factor authentication for my blockchain wallet. I wonder why you store all your coin in a blockchain wallet.

Sorry for your loss.