~$10,000 in cryptos stolen off my desktop from an encrypted folder, how, why?

[bitbite111]

Wow man. This sucks. I would have thought that would be enough security too.

[LiteCoinGuy]

buy a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0

[whoreble]

^^
Too late. Nothing to put in it, coin gone

[Kprawn]

You made some of the most common mistakes someone could make... One : Never store anything with a encrypted password on your computer connected to the internet. If it is not connected to the internet,

nobody can access it. Two : Do not store all your coins in one place.... always break up your hoard into smaller pieces and store them in separate paper wallets. We will see a lot of these types of hacks in the

future, if people repeat the same mistakes over and over again. Use this experience as an example of what not to do... Again, sorry for your loss.

[lite]

Sorry for your loss. can you tell which os(microsoft xp?)  were you using. you have to be careful when downloading an exe file from torrent. i too download games and all but i never connect my windows os to internet.

[Wendigo]

I don't think your desktop can be considered a cold wallet when it's still connected to the Internet and you are downloading random stuff on it that can contain malicious content. Also never store your private keys on your work computer because even if they are passworded you may have gotten a keylogger and the hacker may have recorded your keystrokes for your password. If you had actually printed out paper wallets and transferred your coins there instead of encrypting them in a WinRar file I think this misfortune wouldn't have happened. At least buy a thumb-drive now and put your private keys on it and put it in a drawer - it would be 100% more secure than what you have been doing till now.

[btcxyzzz]

Go Linux bro. Be a man.

[glendall]

^^ agree.  Its not that is impossible for this to happen if you are using linux but it is about 10,000 less likely. So, ya, next to impossible.

If that's too much trouble I recommend using the wallet service at blockchain.com. It seems to me at least that security their is quite high and they've been around since the beginning.

[mirana12345]

Go Linux bro. Be a man.

Why ? Just because linux mallware is more rare doesnt mean it does not exist. The only reason they dont make as much linux mallware is because
not alot of people use it. People with high amount of funds in crypto are often a targeted pray, and i doubt it would help much having linux instead of any other platform.

[pogress]

Brute forcing 12 trully random characters from RAR encrypted file would be real challege. So either OP used dictionary words or the most common way: keylogger.

Hopefully OP can get the coins back, maybe try post the thread in service section instead.

[andrew24p]

Ouch sorry man this is my ultimate nightmare. I am super paranoid about keeping any amount larger than say 100 on a computer or exchange. Im actually even skeptical of hardware wallets and the possibility of them becoming compromised. I used the old fashion printed paper wallet.

[LiteCoinGuy]

^^
Too late. Nothing to put in it, coin gone

i guess he will start again and hold bitcoin    - maybe one bitcoin is worth 10k USD in 10 years. So he should at least own 1.

[calkob]

sorry to hear that man, what torrent files were you downloading?  was it programs of just simple movies files and stuff?

[WhatTheGox]

It's better separate computer for fun and computer for business.

This.

When you start to get in the many thousands for bitcoin holdings just buy a cheap laptop and keep it offline or something. I keep a little on exchanges but these days its better to have more than 1 computer with bitcoin dealings.

[mookid]

I read your post on Ethereum's subreddit. I believe you were specifically targeted. You should learn from this incident, if you want to securely store Bitcoins, use a hardware wallet.
Always use 2FA when you are using an online service, change all your email passwords, and format your computer.
With these simple steps you will get back to it, I know that sadly your money is lost, but I'm sure you can go through this.

[dwma]

Like someone else said.  GO with Linux.  Be a man.

Outside of that you should look into a graphical keyboard. Although I suppose it depends on where they hook into the keyboard. If they specifically read the hardware keyboard device then you'd be covered. If they hook into some keyboard abstraction then no you wouldn't.

[Dabs]

Just because you download a lot of torrents does not mean you could get infected with malware, especially if you know what you're doing.

The most likely culprits are keyloggers or remote access tools that inadvertently installed and executed in your desktop.

I've had someone hack my home server (which contained nothing, because it was for school purposes) but I attribute that to a brute-force attempt on the RDP protocol (running Win 2012 R2). It is otherwise secure from everything else.

[Hazir]

Just because you download a lot of torrents does not mean you could get infected with malware, especially if you know what you're doing.

The most likely culprits are keyloggers or remote access tools that inadvertently installed and executed in your desktop.

I've had someone hack my home server (which contained nothing, because it was for school purposes) but I attribute that to a brute-force attempt on the RDP protocol (running Win 2012 R2). It is otherwise secure from everything else.

From what I could see there are plenty of reputable groups releasing clean torrents with movies, series, music etc.
And there is almost zero chance for these torrent are compromised in any way with a malware.
But if Op is a fan of some more hardcore and underground torrents there is no telling what could happen.

I wonder if Op found any viruses/malware on his machine - I am very curious, please post an update.

[maokoto]

So sorry for your loss man, hope you can at least get something bad. It is good that you help others by posting in forum. This makes people who do not use safety be more aware.

[bittrojan]

   I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.

   The other day I noticed a program running in the Task Manager called, "Wool Department", there was no google results for it, so I closed it but it kept coming back up (on Windows). Next I got an e-mail from Microsoft about verification, then a few other sites I have not used for a long time. My email was hacked years ago, so I changed my password and did not connect the two events at all.

• My Ether address:    0xea13bae3f4d94b43d2224bb8a1abb0f4e7e0e24d
  My Litecoin address: LhfSd3ZzJMrWawrFimQcTnCx8rYQ3XYiVG
  My PPC address:      PPM4tkGmx9f4LMchhCqQAn6j843KDU3ELk

   I assume I will never see any of it again, but would like to offer 1/2 of any recovered funds as a reward to anyone that can help to find the criminal(s) responsible/return the funds.

sad story,and this happen again to people who dont warn to download file,i think if we have so much asset in our computer,we should not download any suspicious file,its the easiest way for hacker to sent you phising.