~$10,000 in cryptos stolen off my desktop from an encrypted folder, how, why?

[Monnt]

Did you use truecrypt or veracrypt? Those applications are flawed.

Have you used the password anywhere else? Did you use on-screen keyboard when opening the .rar file? If you didn't any old keylogger could log your password. Simple as that.

[Jasad]

Did you use truecrypt or veracrypt? Those applications are flawed.

Have you used the password anywhere else? Did you use on-screen keyboard when opening the .rar file? If you didn't any old keylogger could log your password. Simple as that.

OP has newbie rank,and just post once,have one activity,its almost impossible to get any other information from him,this case can be lesson for us that human error is the most common way for hacker to hack our bitcoin,and this is make me more aware.

[27QVUTZj8rgZP1]

  I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.

I don't know what was your password, but with only 12 characters there are very high chances it was weak enough to be brute forced.

I suggest you read some guides on how to choose a strong password: http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

And downloading from torrents is not the problem (assuming your system does not have exploitable holes), the problem is what programs you run after downloading them. Depending what you download, there is a very high chance it is bundled with malicious stuff.

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.

Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol

If you encrypt your file appropriately (strong password, algorithm) before uploading then it is not only pretty safe, it is also recommended. I recommend GnuPG, or AES Crypt.

Because keeping your backup in only 1 place is actually a bad idea, what would happen if a natural disaster wipes your house, or you get robbed?! Your data will be simply lost, that is when online backups are very useful and should always be considered, especially when the data is crucial.

[DOGE12321]

That is very unfortunate i must say. Have you like used the same password for anything else that you may think is dodgy. That may be the problem. Have a system check if you have an aniti-virus for your computer. It would filter out any viruses. Have you visited any untrustworthy websites or conversed with untrustworthy people on the internet. This may be the cause. However, like you stated I doubt that you will be seeing your money again.

[zPanda]

Probably some FUD Bitcoin Logger.

[Mumbeeptind1963]

Oh how they do that hmm i feel sorry for the $10000
How they do that to you? I think know you should  get a new highlysecured password.
Or you need to careful they can do that again

[InternationalBankAlliance]

Fun update: The wheels of justice turn slowly, but grind exceedingly fine...

With a ton of help from the community I have been tracking almost $10,000 is stolen crypto funds, and we have a good lead! It seems an "Ethical Hacker" (https://bazaarbay.org/b26788279ce73de5b53de7a32c4b74114c932e81/listing/5fd045457e0ff9596d43203c5ff831d1cc5421b0) named Paul Golding (https://bitcointalk.org/index.php?action=profile;u=838056) has my funds! I have filed a local and British police report and have written to the dozen or so e-mail address he has all over the internet, (no response yet).

[Bitcoinpro]

AVG would have stopped it

[socks435]

I am sorry to hear that.. and i think most of the virus and hacking is in torrent so beware if you are using torrent because all strong viruses are there. .i am also victim of ransomeware virus which is i get in torrent.. but i found a solution to threat it.. using kaspersky total security and decryption of kaspersky i removed all of virus trojan and ransome and worms... i am happy that my laptop now is clean..

[dime2spend]

I too would recommend to use GNU/Linux not only for BTC but for everything else as well. While GNU/Linux might be even unsafer especially when used by a newbie its smaller userbase makes it currently a less attractive target for malware. When you use Windows you use a Blackbox and have to trust MS and all those providing Applications for Windows blindly. My main PC is a Box with Debian Linux and I never had a problem in years (I started using Linux back in 1995). I also have to use Windows for work everyday but I can't say I never had an issue with it.

[Dabs]

Did you use truecrypt or veracrypt? Those applications are flawed.

How are they flawed?

To date, no one has cracked any TrueCrypt volume even if the devs just disappeared. Version 7.1a still works. DiskCryptor works. VeraCrypt probably works as it's based on TC and actively developed.

[The Arcitect]

AVG would have stopped it

From a hacker keylogging his computer and stealing files from his computer where he probably had a text file with the private keys on 
I don't think so.

[jacobmayes94]

If this is true, paper wallets are not such when kept on a PC. Did you ever open the RAR file at any point as password could have been lifted then? Truecrypt/ciphershed is a much safer option for something like  this. Or better yet, a HW wallet like Ledger or Trezor which does transaction signing inside the device. These also work for litecoin.

http://www.lockdown.co.uk/?pg=combi

will tell you how long it would have  taken to crack such a password like he had.

But also id never store ALL my coins in a single wallet. Plus, were these paper wallets generated properly? As in generated offline?

There have been cases of addresses from vanity websites or other websites being stolen.

Sorry for your loss!

I recently got infected and the use of 2FA on sites like exchanges, a multisig vault like coinbase, and HW wallets stopped me loosing pretty much all my savings.

I had Kaspersky and they still got past, the first time I ever witnessed anything get past Kaspersky.

[mookid]

Did you use truecrypt or veracrypt? Those applications are flawed.

How are they flawed?

To date, no one has cracked any TrueCrypt volume even if the devs just disappeared. Version 7.1a still works. DiskCryptor works. VeraCrypt probably works as it's based on TC and actively developed.

The developer issued a statement in which he explained that Using TrueCrypt is not secure as it may contain unfixed security issues.
Althought, it is true that many people still use TrueCrypt, anyway, OP made the mistake of believing that a 'cold wallet' sitting in a computer was safe, a wallet is COLD when it's on paper or in a physical object, outside of a computer.

[dwma]

  I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.

I don't know what was your password, but with only 12 characters there are very high chances it was weak enough to be brute forced.

I suggest you read some guides on how to choose a strong password: http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

And downloading from torrents is not the problem (assuming your system does not have exploitable holes), the problem is what programs you run after downloading them. Depending what you download, there is a very high chance it is bundled with malicious stuff.

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.

Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol

If you encrypt your file appropriately (strong password, algorithm) before uploading then it is not only pretty safe, it is also recommended. I recommend GnuPG, or AES Crypt.

Because keeping your backup in only 1 place is actually a bad idea, what would happen if a natural disaster wipes your house, or you get robbed?! Your data will be simply lost, that is when online backups are very useful and should always be considered, especially when the data is crucial.

This is not true.  Torrents are likely as secure and no more than a website.  (They depend on the originator link)  However, if you went to The Pirate Bay, searched for bitcoin, you might very well find a backdoor client being seeded. Maybe this is what you mean and I'm sure you understand this, but I just saw this and thought it needed clarification.

[Herbert2020]

   I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.

I don't know what was your password, but with only 12 characters there are very high chances it was weak enough to be brute forced.

I suggest you read some guides on how to choose a strong password: http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

And downloading from torrents is not the problem (assuming your system does not have exploitable holes), the problem is what programs you run after downloading them. Depending what you download, there is a very high chance it is bundled with malicious stuff.

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.

Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol

If you encrypt your file appropriately (strong password, algorithm) before uploading then it is not only pretty safe, it is also recommended. I recommend GnuPG, or AES Crypt.

Because keeping your backup in only 1 place is actually a bad idea, what would happen if a natural disaster wipes your house, or you get robbed?! Your data will be simply lost, that is when online backups are very useful and should always be considered, especially when the data is crucial.

This is not true.  Torrents are likely as secure and no more than a website.  (They depend on the originator link)  However, if you went to The Pirate Bay, searched for bitcoin, you might very well find a backdoor client being seeded. Maybe this is what you mean and I'm sure you understand this, but I just saw this and thought it needed clarification.

exactly this. websites like PB are like a community (forum or whatever they are called) which means if a torrent on their site contains anything malicious they will be removed fast enough because of the reports. so you will never see any bad code being seeded for long.

also i don't see OP is replying to any of the comments even after a full month so i assume he doesn't even know what a cold wallet is because he is using the encrypted rar on an online computer with keylogger!

[PaulieGolding]

So I have spent half my day now trying to catch up all these posts I've resorted to just copy pasting a response. i have my deepest sympathy for this guy and I'm trying to help out the best i can. my response is as follows:

So this was an interesting morning checking my mails to find all of this. I'd read just about as much as I could find on the matter and would like everyone to take a second to read this.

I'm not the guy, this is a case of a little misunderstood information leading everyone in the wrong direction.

The user has been infected with a Remote Admin Tool, a legal bit of software that has been used for malicious purposes so the attacker has been able to access the crypto funds.

The person who analysed the malware has seen a call to one of my domains, this is correct I was hosting some files for the developer of the remote admin tool (see more below). This has been incorrectly described as the "attack server" Today I have removed those files in order to slow down the attacker, though all he needs to to is upload a copy somewhere else. The files themselves are pertain to password recovery and are again totally legal.

The person who analysed the malware has seen a call to bnaf12[dot]no-ip[dot]biz This is the control server of the attacker. He is using a dynamic DNS service so he can change the location of his control server quickly. The last update to that domain points to an IP in Palestine.
OP mentions is places he has seen me "bragging" about the hack. This is not true and again misunderstood information. I have a keen interest in network security and a part of my job is ensuring servers a secure. Following the rule of keep your enemies closer I crafted a few identities that hang around the blackhat world in order to keep my finger on the pulse. The "bragging" in question is all smoke used to gain trust in these communities, I'll also mention that none of my identities concern themselves with financial fraud and there is no "bragging" anywhere close that subject matter. Simply a few posts claiming my user has "got a load of installs"

Some of you may wonder why I was hosting the files in the first place, this is simple. The developer was looking for a place to host them and asked if I would do it. I saw this as a great way to get an insight in how popular the tool was and collect some usage data. No information from an infected machine would be sent to me this all goes to the control server configured by the admin using the tool (or the attacker when used for malicious purposes)

The OP has contacted me via email and as of now I am awaiting his reply. I've offered to help him in any way I can to get his funds recovered.

[Klestin]

There are many valid opinions on exactly what constitutes "Cold Storage."  None of them include "Computer that is connected to the Internet, and from which I download and run files from .torrent sites."

Real computer security is nontrivial and requires diligence.  It is best to recognize when that level of effort (to understand and to implement) is beyond what you're willing to expend.  Half measures are no more valid than no measures, and what you've described is not even close to a half measure.  

This is not a rebuke. Your computer usage is in no way the exception, but the general rule. Instead, I have a suggestion.  www.bitcointrezor.com.

[AGD]

OP, I think I found your hacker: Hacking Team hacker steals €10K in Bitcoin, sends it to Kurdish anticapitalists in Rojava

I was just about to link to his Twitter: https://twitter.com/GammaGroupPR

[MaxTax]

That is not a good thing to hear because that is quiet allot of money. I think that someone new about your money and probably hacked you or something.
It is pretty weird for them to vanish out of no where.