Bitcoin Forum
September 26, 2017, 07:36:48 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: ~$10,000 in cryptos stolen off my desktop from an encrypted folder, how, why?  (Read 3485 times)
kbenzle
Newbie
*
Offline Offline

Activity: 4


View Profile
April 26, 2016, 02:31:31 PM
 #1


   I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.

   The other day I noticed a program running in the Task Manager called, "Wool Department", there was no google results for it, so I closed it but it kept coming back up (on Windows). Next I got an e-mail from Microsoft about verification, then a few other sites I have not used for a long time. My email was hacked years ago, so I changed my password and did not connect the two events at all.


  • My Ether address:    0xea13bae3f4d94b43d2224bb8a1abb0f4e7e0e24d
    My Litecoin address: LhfSd3ZzJMrWawrFimQcTnCx8rYQ3XYiVG
    My PPC address:      PPM4tkGmx9f4LMchhCqQAn6j843KDU3ELk

   I assume I will never see any of it again, but would like to offer 1/2 of any recovered funds as a reward to anyone that can help to find the criminal(s) responsible/return the funds.
1506411408
Hero Member
*
Offline Offline

Posts: 1506411408

View Profile Personal Message (Offline)

Ignore
1506411408
Reply with quote  #2

1506411408
Report to moderator
1506411408
Hero Member
*
Offline Offline

Posts: 1506411408

View Profile Personal Message (Offline)

Ignore
1506411408
Reply with quote  #2

1506411408
Report to moderator
1506411408
Hero Member
*
Offline Offline

Posts: 1506411408

View Profile Personal Message (Offline)

Ignore
1506411408
Reply with quote  #2

1506411408
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1506411408
Hero Member
*
Offline Offline

Posts: 1506411408

View Profile Personal Message (Offline)

Ignore
1506411408
Reply with quote  #2

1506411408
Report to moderator
1506411408
Hero Member
*
Offline Offline

Posts: 1506411408

View Profile Personal Message (Offline)

Ignore
1506411408
Reply with quote  #2

1506411408
Report to moderator
pudg
Newbie
*
Offline Offline

Activity: 7


View Profile
April 26, 2016, 02:43:00 PM
 #2

Unfortunately, these transactions are not reversible. On top of that, looking at your ether wallet, I can see the funds were transferred constantly and finally were mixed with other coins so you loose the path of where the cryptos went. Mixing is usually done by people that want to hind their tracks and cover where the money went. Im sorry for your lose. Me personally, I used offline wallets, printed on paper. Wallet and key is provided on the paper, so there is no way anyone could touch it, unless they have access to your house. So ie, you get robbed, it can be used as well. Alot harder then going through the internet. Never store your keys on the computer.
Daniel91
Legendary
*
Offline Offline

Activity: 1232



View Profile
April 26, 2016, 02:43:37 PM
 #3

I'm very sorry for your lost.
You probably got some kind of virus or Trojan on your computer.
What Anti virus Program you have?
Even with the best PC protection you can never be safe enough from hackers.
It's better separate computer for fun and computer for business.
I hope you will be able to find this hacker but chances are not big, unfortunately.  

Arrakeen
Hero Member
*****
Offline Offline

Activity: 518


Offer escrow, receive negative trust


View Profile
April 26, 2016, 02:50:18 PM
 #4

Do you have any more information on the process that kept restarting?  I'd like to figure out what you may have been infected with.  'Wool Department' isn't much to go by...
BTCBinary
Hero Member
*****
Offline Offline

Activity: 504


View Profile
April 26, 2016, 02:57:44 PM
 #5

It already happened to me! My guess is that you had some very weak passwords to begin with.
The hacker must have tracked your transactions through he blockchain and then somehow sniffed your connections and got into your desktop. If you had some really strong you would still have your cryptos...
Anyways... this is why I think that every desktop wallet should have a 2FA feature enabled...
prix
Hero Member
*****
Offline Offline

Activity: 574



View Profile
April 26, 2016, 02:59:48 PM
 #6

kbenzle
How strong is your password? Is it a dictionary word?
Have you used it somewhere else?
Sorry for your loss.


           ▄▄███████▄▄
        ▄███▀▀
▄▄▄▄    ▀▄
     ▄▄█████████████▄▄  ▀▄
  ▄▀▀██▀           ▀▀██▄▄▀▄
▄▀  ██                 ▀██
  ██       ▀▀█▀▀         █
█▀        █ █ █        ▄█▀▄
▀▄         █ █ █       ▄█  █
 ██         █▄▄▄█      ▄█  ▄▀
  ██▄                ▄█▀  ▄▀
  ▀▄▀██▄▄          ▄█▀  ▄▀
   ▀▄ ▀▀███▄▄▄▄▄▄█████▀▀
     ▀▀▄▄▄▄▄▄▀▀▀▀▀▀▀
.UTRUST.▀████████▄
  ▀███████▄
    ▀██████▄
      ▀██████
       ▀█████
        ▀████▄
         █████
          ▀███
           ███
           ▀██
            ██
             █
             █
●  Download WHITEPAPER  ●
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ▼ ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
facebook      twitter      slack
▀████████▄
  ▀███████▄
    ▀██████▄
      ▀██████
       ▀█████
        ▀████▄
         █████
          ▀███
           ███
           ▀██
            ██
             █
             █
dothebeats
Legendary
*
Offline Offline

Activity: 1218


TAIWAN NUMBA WAN


View Profile WWW
April 26, 2016, 03:05:02 PM
 #7

Uhhm, why would you call it a cold storage when it is connected to the internet? Sorry for your loss, but it's your fault downloading from torrent sites. You do know that several harmful software can infect your computer via javascript, right? If you are keeping a large amount of cryptos. better put it in an offline device and use a strong password--probably more than 12 characters--for maximum security.

You can't do anything about it by now, but if you've been more careful on keeping your cryptocoins, you could have prevented this from happening. Sorry for that, mate.

BellaBitBit
Hero Member
*****
Offline Offline

Activity: 546


View Profile
April 26, 2016, 03:09:47 PM
 #8

You are the second person in the last couple weeks that has had btc/crypto hacked out of a desktop wallet.  How can this happen to an encrypted wallet?

I love Bitcoin
AgentofCoin
Legendary
*
Offline Offline

Activity: 1064



View Profile
April 26, 2016, 03:29:01 PM
 #9

You are the second person in the last couple weeks that has had btc/crypto hacked out of a desktop wallet.  How can this happen to an encrypted wallet?
At no time did the OP state that his encrypted desktop wallet was hacked.


...
(2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
...

The most likely scenario is you downloaded some malware that has the ability to connect
into your computer, like a remote desktop connection, and has been watching you and
possibly logging all your key strokes to get your 12 character password.

Torrents have been known to contain btc wallet malware or hidden mining programs.
I wouldn't be surprised if this was just a basic remote connection.

I support a decentralized & unregulatable ledger first, with safe scaling over time.
Request a signed message if you are associating with anyone claiming to be me.
InternationalBankAlliance
Jr. Member
*
Offline Offline

Activity: 46


View Profile
April 26, 2016, 03:34:33 PM
 #10

Number of times our customers lost all their money due to hack: Zero.

Shitty overpriced bath salts & CP: 2BTC
For everything else, there's MasterCard Smiley
onlinedragon
Hero Member
*****
Offline Offline

Activity: 714


View Profile
April 26, 2016, 03:39:03 PM
 #11

kbenzle
How strong is your password? Is it a dictionary word?
Have you used it somewhere else?
Sorry for your loss.


I don't think that matters really much when they used key loggers.



When you download a lot with torrents big chances there is also nasty malware/Trojans included. Best to play safe with laptops or desktop computers where wallets are installed with big amounts. Not all people can afford 2 laptops but in this case was that the best option if you can't without downloading torrents.

ShrykeZ
Hero Member
*****
Offline Offline

Activity: 616


View Profile
April 26, 2016, 03:46:11 PM
 #12

Should of probably stored something of that value offline, cold storage or just printed off the keys is a much better option and then just keep an eye on the watch addresses.

Sorry for that kind of loss though must sting. Sad
Amph
Legendary
*
Offline Offline

Activity: 1638



View Profile
April 26, 2016, 03:50:20 PM
 #13

that's not really a cold wallet, if you keep it in your desktop which is supposedly, connected to the internet, also you downloaded plnety of stuff, what do you expect?

it's like giving the key of your safebox to the first known thief on the street....
mobnepal
Hero Member
*****
Offline Offline

Activity: 784


View Profile
April 26, 2016, 03:59:32 PM
 #14

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.

BTCforJoe
Hero Member
*****
Offline Offline

Activity: 560


Graphic Design is kinda my thing... HMU 4 PRICES!


View Profile WWW
April 26, 2016, 04:05:31 PM
 #15

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.

Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol

DannyHamilton
Legendary
*
Offline Offline

Activity: 1918



View Profile
April 26, 2016, 04:13:41 PM
 #16

I'm very sorry for your loss.

Unfortunately, it is extremely unlikely that you will ever recover your lost funds.

I know it doesn't do any good to tell you this now, but for others that come across this discussion I'd like to point out that a "cold" wallet is one that is generated on a computer that is not, never has been, and never will be online.  As a reasonable substitute, many would also consider a wallet to be "cold" if the computer that generates it is:
  • taken offline
  • operating system and disks are completely wiped
  • wallet is then generated
  • wallet is stored on some medium removed from the computer (disk, paper, usb drive, etc)
  • operating system and disks are completely wiped
  • computer is placed back online

thejaytiesto
Legendary
*
Offline Offline

Activity: 1050



View Profile
April 26, 2016, 04:18:55 PM
 #17

I was about to say what this guy said. Cold storage is only cold storage if the computer or whatever device you are using is not connected to the computer, so what happened to you, even if really unlucky, is a realistic posibility, since you had the wallet on the computer that you use all the time and connected to the internet.
If you dont wanna get a trezor and you don't like paper wallets I recommend that you put your wallet file on a usb and only put it on the computer when you want to use your Bitcoins.

Lucius
Hero Member
*****
Offline Offline

Activity: 812



View Profile WWW
April 26, 2016, 04:19:10 PM
 #18

I'm sorry for your loss,it is likely a key logger who stole your password and who knows what else you've picked up downloding torrents.It is always good to read comments from people who download files,although even this is not 100% safe.Unfortunately you learned a lesson the hard way, let this be a warning to others.

   ███                       
   █████                     
  ███████                     
 ██████████        █         
  █████████      ████         
  ████████      ██           
     ██████    ██             
       ██████████             
            ██████   ███████ 
         █████  ██████████████
       ███ ███  ████████████ 
       ██ █          ██████     
      █                       
     █                       
.
                          ██ 
                       █████ 
                      ███████
           █        ██████████
          ████      █████████
             ██      ████████
              ██    ██████   
              ██████████     
   ███████   ██████           
 ██████████████  █████       
   ████████████  ███ ██       
    ██████          █ ██     
                        █     
                         █   
.




███           
██████         
████████     
██████████     
████████████ 
██████████████
██████████████
████████████   
██████████     
████████       
██████         
███           
.
.

██████████
██████████
██████████
██████████
.

          ████
        ██████
      ████████
    ██████████
  ████████████
██████████████
██████████████
  ████████████
    ██████████
      ████████
        ██████
           ███
MingLee
Sr. Member
****
Offline Offline

Activity: 462


View Profile
April 26, 2016, 04:29:52 PM
 #19

I'm sorry that you lost $10,000 that's something no-one should have to go through.

Depending on what was on your computer, it could have been anything from a keylogger to a virus that might have found the encryption keys, assuming they were stored somewhere that could be accessed.

Then again I'm just throwing out idea, chances are it wasn't what actually occurred.
Evildrum
Member
**
Offline Offline

Activity: 84

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
April 26, 2016, 04:41:02 PM
 #20

This seems to be the new world for us with all this hacker b.s going on its really unnerving.
Really sorry to hear you got hacked but I think we need to get a thread going that explains step by step how to protect us from this happening in the future.

██████████    YoBit.net - Cryptocurrency Exchange - Over 350 coins
█████████    <<  ● $$$ - $$$ - $$$ - $$$ - $$$ - $$$ - $$$   >>
██████████    <<  ● Play DICE! Win 1-5 btc just for 5 mins!  >>
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!