Bitcoin Forum
December 04, 2016, 12:34:03 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 343278 times)
Anonymous
Guest

June 14, 2011, 01:18:42 AM
 #141

Hopefully the crook is a wasteful type and is already spending it away on hookers and blow. That way the economy becomes a bit more decentralized.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480854843
Hero Member
*
Offline Offline

Posts: 1480854843

View Profile Personal Message (Offline)

Ignore
1480854843
Reply with quote  #2

1480854843
Report to moderator
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:24:49 AM
 #142


What would you consider sufficient proof that I indeed controlled this balance?

I have no doubt that you can provide proof that you controlled the balance. You cannot, however, provide proof that you do not still control the balance. This crime is unprovable. Bitcoin's strength is also its weakness.

Indeed, the double edged sword of crypto-currency.

Sucks that it's a case of my word against whoever..I wish I could show that I do not have control of that address. Eventually I will post a screenshot as proof at the very least that he money was moved. I am working on  few things to possibly found out who did it.

Look, this person just sent 22K to a different address. This person is trying to launder the BTC.

http://blockexplorer.com/address/12fe9xw9Pqcnm5AzUEMuneyRzZuxc7JDWQ

then 2500 here:

http://blockexplorer.com/address/165vfNnWshUzjoXFbrhBXyjERwvzqBAQDg

Then he sent it further down to these addresses:

14qcmPPdSoHacA2hTUViJXaHvaZT9riSV7
1FfUUkUpTKNyDhZ9CH7D3jkYCd5kZ9weSx


FuzzyCoins
Newbie
*
Offline Offline

Activity: 29


View Profile
June 14, 2011, 01:27:07 AM
 #143

Sorry for the loss. I should point out that you mentioned you found a couple of viruses that your virus scanner said were "cleaned". You also mentioned that you used your computer for other financial activities beyond BitCoin. This is a very risky situation.

From a security point of view if your computer is ever compromised by malware, there is no sure way to clean it, other than to wipe it completely by formatting the hard drive and re-installing the operating system from read only media. Using your virus software to "clean" the computer doesn't always work. Using the "recovery partition" on your hard drive doesn't always work. Once your machine has been rooted, there are all kinds of places that malware can hide itself that is beyond the reach of any virus scanner.

This by the way is true for both Windows and Linux / Unix environments. If your machine ever gets rooted, all is lost. You must reinstall from scratch if you need to be sure. If you have high value data on your computer, you "need to be sure".

1GMFwh7QYJ4p8UXVT3KmGKKp7txeUoSBmX - Just in case what I say is worth something or you feel generous
yeponlyone
Hero Member
*****
Offline Offline

Activity: 504


I ❤ www.LuckyB.it!


View Profile WWW
June 14, 2011, 01:27:21 AM
 #144

allinvain, sorry to hear about your loss. do you you mind sharing absolutely any bitcoin related software you have installed on your network? with note of what was most recent?
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:28:45 AM
 #145

Your computer is open to RDP??? Well then, attack vector found. But you were still personally targeted.

Well yeah, I log in from work to keep en eye on my forex trading platforms. Yes I guess I was specifically singled out unless there are others who haven't come out of the woodwork yet.

Bind
Sr. Member
****
Offline Offline

Activity: 252

DO NOT ACCEPT PAYPAL FOR BTC YOU WILL GET BURNED


View Profile
June 14, 2011, 01:30:47 AM
 #146

Nothing matters here except the OP did not secure his wallet.dat and/or computer.

Thats the thing everyone needs to take away from this thread. Nothing else.


Protect your ASSets.

Have multiple wallets.

Mine BTC with a temp everyday wallet.

When you get coins move it to your SAVINGS account wallet, which is encrypted on your hard drive. Truecrypt is excellent for this. Have a copy on your hard drive. Upload a copy to various online sites, burn a copy to cd. Its safe and secure. Even if someone obtains it they wont be able to decrypt it. Replace as needed to update it.

You can even have a CHECKING account wallet for spending if you want.


Sure you should go through the motions and get the police involved. Who knows, something might turn up.

I dont think ANY exchange owners is going to violate their clients trust by believing you and acting on your behalf just because you claim you were ripped off. You could be lying, then saying wait no, i am telling the truth!!!! Honest !!!!

For all we know you are a scammer trundling through the block explorer and found a nice juicy wallet to try to exploit here, hoping some idiotic exchange admin acts on.

If not, at least you have learned a valuable lesson about computer/wallet security.

"... He is no fool who parts with that which he cannot keep, when he is sure to be recompensed with that which he cannot lose ..."

"... history disseminated to the masses is written by those who win battles and wars and murder their heroes ..."


1Dr3ig3EoBnPWq8JZrRTi8Hfp53Kj
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:33:08 AM
 #147

Sorry for the loss. I should point out that you mentioned you found a couple of viruses that your virus scanner said were "cleaned". You also mentioned that you used your computer for other financial activities beyond BitCoin. This is a very risky situation.

From a security point of view if your computer is ever compromised by malware, there is no sure way to clean it, other than to wipe it completely by formatting the hard drive and re-installing the operating system from read only media. Using your virus software to "clean" the computer doesn't always work. Using the "recovery partition" on your hard drive doesn't always work. Once your machine has been rooted, there are all kinds of places that malware can hide itself that is beyond the reach of any virus scanner.

This by the way is true for both Windows and Linux / Unix environments. If your machine ever gets rooted, all is lost. You must reinstall from scratch if you need to be sure. If you have high value data on your computer, you "need to be sure".

Yes that is really my fault. I am pretty sure that my computer was rooted, and could have been for a long time and now finally whoever controlls the root kit heard about bitcoin and decided the time is right.

In the future I plan to get a separate box (laptop) with ubuntu linux on it and have that as my secure workstation. I am never trusting windows again or any god damn virus scanner.


allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:34:53 AM
 #148

allinvain, sorry to hear about your loss. do you you mind sharing absolutely any bitcoin related software you have installed on your network? with note of what was most recent?

Sure, I install something called "cpu miner" latest verision of guiminer ..I also tried to run namecoind as I was thinking of getting into mining namecoins...

Other than that at the moment I can't remember installing any other windows programs or doing any updates.


Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 14, 2011, 01:35:11 AM
 #149



Look, this person just sent 22K to a different address. This person is trying to launder the BTC.

http://blockexplorer.com/address/12fe9xw9Pqcnm5AzUEMuneyRzZuxc7JDWQ

then 2500 here:

http://blockexplorer.com/address/165vfNnWshUzjoXFbrhBXyjERwvzqBAQDg

Then he sent it further down to these addresses:

14qcmPPdSoHacA2hTUViJXaHvaZT9riSV7
1FfUUkUpTKNyDhZ9CH7D3jkYCd5kZ9weSx



Look at the second address.  FfUUkUp

wow, the irony.

Capitan
Member
**
Offline Offline

Activity: 112


View Profile
June 14, 2011, 01:36:46 AM
 #150

Maybe one should state a new rule:

Don't hang around on IRC with a machine storing a lot of BTC.

I never did. I did backup my wallet.dat file to dropbox, wuala, and spideroak.

Once I read an article about employees of dropbox having access to users's files I deleted the wallet.dat file from there. I dunno, I doubt it was caused becaused someone had access to where i backed it up. It most likely means he/she (hacker) had access to my windows box and the UNENCRYPTED wallet.dat file.

The first thing I did when I saw this was restore the backup from these online storage sites, but still the transaction was still there so I could not invalidate one damn thing.

If you ever stored wallet.dat on dropBox unencrypted, I think an employee could get access to old versions of your wallet due to the fact that DropBox essentially stores a copy of every version of every file, as it changes over time. So even if you delete it from your hard drive i think you can go into DropBox web interface and get old versions of it. Presumably DropBox employees have this same type of access. This is why people store sensitive files on DropBox only if they are stored in encrypted containers (like a TrueCrypt volume).

TrueCrypt is annoying with DropBox though, because DropBox doesn't sync the changes to the container until after it is dismounted.

Wow crap. Yeah that could be another possible attack vector. I never knew that they store previous versions. I though the file was gone forever. Sad oh what a noob I was..

Also anyone who uses the same passwords for DropBox as they do for anything Bitcoin related, or for that matter anything else at all, should change ASAP. See the XKCD comic about this very subject.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:37:38 AM
 #151

Nothing matters here except the OP did not secure his wallet.dat and/or computer.

Thats the thing everyone needs to take away from this thread. Nothing else.


Protect your ASSets.

Have multiple wallets.

Mine BTC with a temp everyday wallet.

When you get coins move it to your SAVINGS account wallet, which is encrypted on your hard drive. Truecrypt is excellent for this. Have a copy on your hard drive. Upload a copy to various online sites, burn a copy to cd. Its safe and secure. Even if someone obtains it they wont be able to decrypt it. Replace as needed to update it.

You can even have a CHECKING account wallet for spending if you want.


Sure you should go through the motions and get the police involved. Who knows, something might turn up.

I dont think ANY exchange owners is going to violate their clients trust by believing you and acting on your behalf just because you claim you were ripped off. You could be lying, then saying wait no, i am telling the truth!!!! Honest !!!!

For all we know you are a scammer trundling through the block explorer and found a nice juicy wallet to try to exploit here, hoping some idiotic exchange admin acts on.

If not, at least you have learned a valuable lesson about computer/wallet security.

Yep well I'm not denying that this is not my fault.

Come back to me when/if you get hacked and we'll see how easy it is for me to jump on my "I know best" horse and whip ya Wink

Hindsight is 20/20, no?


RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
June 14, 2011, 01:39:06 AM
 #152

allinvain, I'm truly sorry to hear about this. What a crappy thing to do to you.  Embarrassed
I hope something can be done to get at whoever did this. It sure does look like a targeted attack by someone who knew what you had. It may be of little consolation but as mentioned before, crooks tend to wind up living miserable lives. You should not keep beating yourself up over this, you were taking basic precautions. This could have happened to any of us (except Vladimir).

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
June 14, 2011, 01:40:15 AM
 #153

Early on in the thread two things jumped out at me:

1) Something in background put on your computer by someone knowledgeable already "steals" your wallet regularly, purportedly "on your behalf" to "hide it from attackers" etc. How better to avoid butter melting in one's mouth than to be the trusted security expert who is obviously the one person who would not have done such a thing, it being so against their ethics etc that they have devoted their life to learning all about such things in order to prevent them. Naturally you'll say this was not the attacker. That is the whole point.

2) You ran virus scanner / anti-virus. How the heck did you ever manage to located the tiny tiny percent of such things that are not themselves the attackers?

I have read the whole thread now so I have gotten the impression that possibly your anti-virus might have good provenance and pedigree.

But how many security experts trusted by gosh maybe even entire governments who give them high clearances and so on, who routinely work with billions or at least millions of dollars and would never think of stealing them (ahem: from people who *would* list them among the suspects if any went missing...) would turn up their nose at a totally free half million bucks thrown at them by some simpleton suffering from overtrustingness syndrome?

It amazes me that this suspicious creator of automated hidden background saves of your wallet was not mentioned by other posters. The character has such amazing power of being unnoticed / unsuspected it even infects all the readers of this thread?!?!?!

Maybe it is that the tone of replies led people to prefer to be vague and general (list ALL your friends ANYONE having physical access) than to risk getting nasty response to pointing directly at the most capable suspect you have mentioned?

(A suspect who in fact should be one of the first to point to himself as a prime suspect if actually as you imply is any kind of reputable security type.)

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Bind
Sr. Member
****
Offline Offline

Activity: 252

DO NOT ACCEPT PAYPAL FOR BTC YOU WILL GET BURNED


View Profile
June 14, 2011, 01:42:01 AM
 #154

Yep well I'm not denying that this is not my fault.

Come back to me when/if you get hacked and we'll see how easy it is for me to jump on my "I know best" horse and whip ya Wink

Hindsight is 20/20, no?

It is not a high horse.

Its an attempt to let every reader see the only true issue that matters in this thread in an effort to help them so it does not happen to them as well.

Security.

“An ounce of prevention is worth a pound of cure.”

I am sorry for your loss.

"... He is no fool who parts with that which he cannot keep, when he is sure to be recompensed with that which he cannot lose ..."

"... history disseminated to the masses is written by those who win battles and wars and murder their heroes ..."


1Dr3ig3EoBnPWq8JZrRTi8Hfp53Kj
kwukduck
Legendary
*
Offline Offline

Activity: 1564


View Profile
June 14, 2011, 01:42:33 AM
 #155

i traced the money thru the blockchain, the money is here, lets all keep an eye on it...

http://blockexplorer.com/address/1G65mXC4HctMNHN6MTpHsWi1A5zRungssL
http://blockexplorer.com/address/1Ftg4CAN9A5nS2MtwqNyrrbMykBeB1aVfw
http://blockexplorer.com/address/1FuwW7WATgQbcGidQdrzmnNEU6TKndvXB7
http://blockexplorer.com/address/14U42exffKGhtdjXfouCu29KejiYbDTgcY



(traced from http://blockexplorer.com/address/1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg )

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:42:59 AM
 #156

Latest amount being moved:

http://blockexplorer.com/address/1G65mXC4HctMNHN6MTpHsWi1A5zRungssL

Whoever is doing this knows how to launder BTC that's for sure...follow the blockchain folks..


koin
Legendary
*
Offline Offline

Activity: 874


View Profile
June 14, 2011, 01:44:23 AM
 #157

Yes I guess I was specifically singled out unless there are others who haven't come out of the woodwork yet.

if i were an unethical hacker looking for loot,

i would find (or buy) a zero day exploit that would allow me to gain entry to a windows pc

the list of 20,000 bitcoin nodes is here: https://smsz.net/btcStats/bitcoin.kml

i'ld start through that list until i found that i had access to a whale and send funds from that wallet to a safe address.

because attacking all the nodes would expose me, i'ld stop after finding the whale.  and to not cause the bitcoin price to crash and as a result my loot become worth much less, i would not sell everything all at once.

i would cash out enough to be content and then sit quietly.

i'ld also keep copies of any other wallets that i came across while looking for the whale, so that at some point in the future withdrawals by spending from those wallets could be performed, at will.

this is all totally a hypothetical, but describes what could be going on here very well.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:44:57 AM
 #158

Yep well I'm not denying that this is not my fault.

Come back to me when/if you get hacked and we'll see how easy it is for me to jump on my "I know best" horse and whip ya Wink

Hindsight is 20/20, no?

It is not a high horse.

Its an attempt to let every reader see the only true issue that matters in this thread in an effort to help them so it does not happen to them as well.

Security.

“An ounce of prevention is worth a pound of cure.”

I am sorry for your loss.

I know Bind, I know. Trust me this will be forever burned in my memory. And trust me I will even pay you some BTC JUST for that advice and for reiterating it (if by some miracle I can recover a portion of the funds at least..). Maybe then I'll know better.


Bind
Sr. Member
****
Offline Offline

Activity: 252

DO NOT ACCEPT PAYPAL FOR BTC YOU WILL GET BURNED


View Profile
June 14, 2011, 01:47:25 AM
 #159

You know the culprit is probably reading this thread and moving it around while watching these responses as he launders and distributes it. With each hop adding plausible deniability.

"... He is no fool who parts with that which he cannot keep, when he is sure to be recompensed with that which he cannot lose ..."

"... history disseminated to the masses is written by those who win battles and wars and murder their heroes ..."


1Dr3ig3EoBnPWq8JZrRTi8Hfp53Kj
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 14, 2011, 01:50:16 AM
 #160

Yes I guess I was specifically singled out unless there are others who haven't come out of the woodwork yet.

if i were an unethical hacker looking for loot,

i would find (or buy) a zero day exploit that would allow me to gain entry to a windows pc

the list of 20,000 bitcoin nodes is here: https://smsz.net/btcStats/bitcoin.kml

i'ld start through that list until i found that i had access to a whale and send funds from that wallet to a safe address.

because attacking all the nodes would expose me, i'ld stop after finding the whale.  and to not cause the bitcoin price to crash and as a result my loot become worth much less, i would not sell everything all at once.

i would cash out enough to be content and then sit quietly.

i'ld also keep copies of any other wallets that i came across while looking for the whale, so that at some point in the future withdrawal from those could be made at will.

this is all totally a hypothetical, but describes what could be going on here very well.

Yep whoever did this ain't stupid...no doubt he reads this forum too, soooo...may have not been a good idea after all for me to shout it out loud to the world.

He will do his best to find over the counter buyers for his BTC.

I very much doubt whoever he sells them to will bother to track the history of the coins through the blocks...

Pages: « 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!