Help! 47 mined bitcoins were transferred away?

[MissingMyCoins]

I've been mining for a while now, but I opened my wallet and 47.1 bitcoins were transferred away from my encrypted wallet.    Was it hacked somehow?

https://blockchain.info/tx/bf6379b69acbe6e1ea95970dedf858c7908a00ada609a570fd45e558220bcd2c 

[Lethn]

Ouch! if you didn't enter a password and put in an address then it shouldn't have done anything, you may well have been hacked though I'd wait for more knowledgeable guys to come along and look before going in a fetal position and crying like I would. I highly recommend if you ever get that many Bitcoins again you find a way to store them offline immediately, that way it won't happen again, I'm trying to mess around with the client Armory myself because that allows you to do such a thing.

[Stephen Gornick]

I've been mining for a while now, but I opened my wallet and 47.1 bitcoins were transferred away from my encrypted wallet.    Was it hacked somehow?

https://blockchain.info/tx/bf6379b69acbe6e1ea95970dedf858c7908a00ada609a570fd45e558220bcd2c  

If you are using Bitcoin-Qt or another client with a local wallet then the only transactions you should see spending from addresses in your wallet are transactions that you've initiated.  

If you are using a hosted (shared) EWallet, then the blockchain is the wrong place to be looking to see transactions from the address you use for depositing funds.

So the first question is, what client are you using?

[mrlithium]

Do you live near chicago? Thats where it propagated from. Need more info.!

[Stephen Gornick]

Do you live near chicago? Thats where it propagated from.

As far as blockchain.info knows, but that's not necessarily accurate.

[fenratha]

wierd. i hope u get them back.

[MissingMyCoins]

If you are using Bitcoin-Qt or another client with a local wallet then the only transactions you should see spending from addresses in your wallet are transactions that you've initiated.  
...

So the first question is, what client are you using?

Yes, the native client is the only thing I've ever used. 

[Stephen Gornick]

If you are using Bitcoin-Qt or another client with a local wallet then the only transactions you should see spending from addresses in your wallet are transactions that you've initiated.  
...

So the first question is, what client are you using?

Yes, the native client is the only thing I've ever used.  

Then there's a problem if there's a spend transaction that wasn't yours.   The first thing to do is assume that system is compromised.   If you have other funds in the wallet you might want to send them to a bitcoin address that is secure (e.g., a blockchain.info/wallet address created from a computer that can be deemed secure.)

An encrypted wallet still doesn't protect you from a replay attack, so if your computer is compromised with a keylogger the attacker would need just a copy of your wallet.dat and the wallet's pass phrase obtained from the keylogging activities.  Or if the compromised system has remote desktop or VNC a compromised system can be accessed remotely to send the funds.

That transaction occurred in January, not sure if that helps in diagnosing what/when/how.

[veteranBtc]

You just lost 1400$, that's sad
Storing bitcoins in offline mode is a good thing (more securely)

[casascius]

I have never heard of a single bitcoin being stolen from a paper wallet.  Ever.

Paper wallets are the safest place to store your coins that you aren't immediately about to use.  If you spread your stash among ten paper wallets, then unless you plan to spend more than 1/10 of it at once, you'll never run the risk that your whole wallet will get stolen by a mistake or a compromise.

The easiest way to get coins off a paper wallet is to make a throwaway wallet at Blockchain.info, import it, and then send the coins elsewhere.  No confirmation delay, be done in two minutes.  On many computers, Blockchain can scan the QR code through your webcam.

[MissingMyCoins]

I recently fresh installed the machine with the wallet (12/8). It is a htpc, gaming, and bitcoin miner on the side.  The wallet was taken down to about .1 btc, and i've kept it around there since I noticed it.  My password is a long random string stored in an encrypted file which I copy+pasted each time.  Although a good keylogger would have picked that up as well.

My outbound transactions this year were on 5/8 (to bitconica :sad:), 9/24, 11/13, & 12/5.  So unless it was compromised much earlier than pull on 1/13, I don't know know how else it could have happend.  I guess I'll be reloading from scratch this weekend either way.  

The receiving address received a number of smallish transactions on 1/13 hours before mine and then stopped.  Other victims?

https://blockchain.info/address/1PvbGt9kkZikdNkFZDkLGtMgbD8gWMNeor

But the advice on paper wallets will be taken into account going forward.

[Stephen Gornick]

My password is a long random string stored in an encrypted file which I copy+pasted each time.  Although a good keylogger would have picked that up as well.

Encrypting a wallet doesn't protect any addresses that had already received funds prior to the encryption.  So if you had backups of a wallet that had funds prior to encrypting the wallet keys then anyone with access to the backups could still spend the funds even after you had added the pass phrase encryption.

Is that possibly what occurred?

[hippich]

MissingMyCoins, we were hacked by the same guy. He stole over 3k coins years ago from me. Looks like he got some from you and now he moved all funds to withdraw 'em: http://blockchain.info/tx/21ac34ced0f55701b38a3f8e02b9d2b8451db2f0071cd5c761a857d1ac0a78df

Here is my "case" - https://bitcointalk.org/index.php?topic=68066.msg848855#msg848855

Any idea how to tie these to real person? So far I found only single connection - guy *zvs* from this forum running nogleg.com. Some transactions were broadcasted from this nogleg.com and also address near Dallas where he supposedly lives..