I just got hacked - any help is welcome! (25,000 BTC stolen)

[Dansker]

Is there a way we can mark the stolen funds as such, then people can run a check when recieving funds to see if they were stolen at some point?

[AntiVigilante]

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.

Or just find who uses address
15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f?

If there was a transaction fee I bet it's in MtGox or Tradehill by now. In which case we can find the bastard and have it returned. Assuming this isn't a ruse.

And the system isn't flawed. Transactions can't be directly reversed. But policy wise yes they can.

[allinvain]

Is it possible the hacker got a hold of an old backup of your wallet? That would explain the remaining coins if the backup the hacker got was old enough.

That is possible. So if the hacker gets the actual wallet.dat file and just plops it in his .bitcoin folder any transactions would show up in my windows client even though I still have the exact keys? I mean how does the bitcoin network know which keys are legit.

[655321]

Your best chance at solving this mystery is to focus on your hacked machine, how it was accessed, any malware that is on it. Mostly it sounds like you didn't secure your machine properly, in which case your chance of fixing this disaster will sadly be very small.

I believe it must have been a virus of some sorts. Yes you are right. I don't think I can do anything at this point. Format and reinstall windows is the best I can do, and from there on not ever use windows for any security sensitive sites/systems.

Just out of curiosity, I got a couple questions:

1) Do you have friends in real life who knew about your BTC activities and hoard of coins?
2) Did you ever let anyone touch or use your computer since you started involvement in BTC?

It could have very well been a virus and your BTC got stolen by some random pimply faced 13 y/o hacker in Russia or something, but often times thefts like this are perpetrated by people close to the victim, who had priveleged information and trust of the victim (kind of like an inside job).

[allinvain]

Maybe one should state a new rule:

Don't hang around on IRC with a machine storing a lot of BTC.

I never did. I did backup my wallet.dat file to dropbox, wuala, and spideroak.

Once I read an article about employees of dropbox having access to users's files I deleted the wallet.dat file from there. I dunno, I doubt it was caused becaused someone had access to where i backed it up. It most likely means he/she (hacker) had access to my windows box and the UNENCRYPTED wallet.dat file.

The first thing I did when I saw this was restore the backup from these online storage sites, but still the transaction was still there so I could not invalidate one damn thing.

[w0mbat]

who knew that you had this much? make a list. yes, even friends.

if someone wants to steal something, he needs to know first that it exists.

[Serge]

Maybe one should state a new rule:

Don't hang around on IRC with a machine storing a lot of BTC.

I was going to say same thing. It was probably very targeted attack originating most likely from IRC. I for one was very hesitant to join IRC bitcoin channels until I found browser client to login in there. I remember from early days literally living on IRC back in mid 90ties that some people could do some nasty things through IRC to people's computers, not sure how nowadays routers resistant to such intrusions or not but I still won't join IRC with regular IRC client because of that with my workstation.

[AtomicTrader]

Sound like an inside job to me. I have a friend with several thousand in his wallet (mined from earlier in the year) and he just leaves his laptop on without encryption and carries it around with him around town.  I could have easily transferred the BTCs to my wallet while he was in the washroom. Some people just don't realize how much their computers are worth with a wallet file full of BTCs.

[allinvain]

Is there a way we can mark the stolen funds as such, then people can run a check when recieving funds to see if they were stolen at some point?

I have screenshots that show that I am the rightfully owner of these funds, but unfortunately due to the way the bitcoin system is structured there is no way to mark the coins as stolen.

Can someone get me in touch with MagicalTux? What e-mail does he respond to the quickest? I'd like to alert him to keep an eye out for someone trying to sell 25K on his exchange. I can bet you anything whoever got it will try to sell it ASAP.

[bcearl]

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.

You're right this can only be blamed on me. I am the flaw with bitcoin, but let's be honest the wallet should be encrypted. The developers should've put a very very high priority on this the moment bitcoin went over $1. They knew that this was bound to happen and someone is going to get hurt and if they taken preventative measures early this could've never happened. Now that's one side of the coin, the other side is that I'm an idiot for keeping a wallet.dat file with so much  money on my day to day machine - especially one running windows.

I'd at least like to know who took them or find out how.

Encryption only works as long as you are not accessing it.

Encryption doesn't protect against malware in your scenario. So doesn't VMs btw.

[IamFuzzles]

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

[bcearl]

Is it possible the hacker got a hold of an old backup of your wallet? That would explain the remaining coins if the backup the hacker got was old enough.

That is possible. So if the hacker gets the actual wallet.dat file and just plops it in his .bitcoin folder any transactions would show up in my windows client even though I still have the exact keys? I mean how does the bitcoin network know which keys are legit.

Both are legit then. Who spends first, wins.

[stakhanov]

It most likely means he/she (hacker) had access to my windows box and the UNENCRYPTED wallet.dat file.

I understand you must be pretty pissed, but encrypting the wallet only solves part of the problem: you must still decrypt it to RAM to use it, and an attacker that has access to your computer can still get it at that moment. Of course that still makes it harder for him to do so.

I think we are (sadly) going to see more and more threads like this as time goes by and bitcoin value goes up. The real solution in my mind is to use a special install of an OS, perhaps on a USB key, that you only use to do payments. Even better, we could imagine dedicated bitcoin devices based on ARM or similar, that would run a minimalistic linux and the bitcoin client; with a heavily encrypted wallet.

[allinvain]

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.

Or just find who uses address
15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f?

If there was a transaction fee I bet it's in MtGox or Tradehill by now. In which case we can find the bastard and have it returned. Assuming this isn't a ruse.

And the system isn't flawed. Transactions can't be directly reversed. But policy wise yes they can.

I swear on my life that this is not a ruse. I have nothing to gain from this. I am one of the very early adopter of bitcoin. I was planning on using those funds to open up a bitcoin business.

The sad fact is that just the other day I planned it in my mind to move the funds to a different wallet because of the possibility of someone stealing my coins.

Transactions can be reversed. I have had someone reverse funds before. Ask the admin who runs the youtipit website. I VERY much doubt whoever stole it will return the funds back.

[AtomicTrader]

Looks like the thief is selling them on MtGox as we speak. LOL

[bcearl]

Maybe one should state a new rule:

Don't hang around on IRC with a machine storing a lot of BTC.

I never did. I did backup my wallet.dat file to dropbox, wuala, and spideroak.

Once I read an article about employees of dropbox having access to users's files I deleted the wallet.dat file from there. I dunno, I doubt it was caused becaused someone had access to where i backed it up. It most likely means he/she (hacker) had access to my windows box and the UNENCRYPTED wallet.dat file.

The first thing I did when I saw this was restore the backup from these online storage sites, but still the transaction was still there so I could not invalidate one damn thing.

Are you serious? I can't imagine a dropbox employee not searching the servers for wallets.

[mewantsbitcoins]

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  

[allinvain]

Your best chance at solving this mystery is to focus on your hacked machine, how it was accessed, any malware that is on it. Mostly it sounds like you didn't secure your machine properly, in which case your chance of fixing this disaster will sadly be very small.

I believe it must have been a virus of some sorts. Yes you are right. I don't think I can do anything at this point. Format and reinstall windows is the best I can do, and from there on not ever use windows for any security sensitive sites/systems.

Just out of curiosity, I got a couple questions:

1) Do you have friends in real life who knew about your BTC activities and hoard of coins?
2) Did you ever let anyone touch or use your computer since you started involvement in BTC?

It could have very well been a virus and your BTC got stolen by some random pimply faced 13 y/o hacker in Russia or something, but often times thefts like this are perpetrated by people close to the victim, who had priveleged information and trust of the victim (kind of like an inside job).

Some people do know about my btc activities, but none of them have physicall access to my computer or otherwise. This happened right when I was sleeping with the doors locked. There is no way someone physically stole them. I am almost 100% sure this was done via some security hole in windows, trojan, or something like that. So yeah most likely some pimply faced teenage hacker now has them.

Ain't it wonderful? Free money for doing nothing. Who says crime doesn't pay.

[bcearl]

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

Dropping a wallet into an encrypted disk does not protect at all. The wallet must be created in there and never be stored outside.

[tomcollins]

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.

You're right this can only be blamed on me. I am the flaw with bitcoin, but let's be honest the wallet should be encrypted. The developers should've put a very very high priority on this the moment bitcoin went over $1. They knew that this was bound to happen and someone is going to get hurt and if they taken preventative measures early this could've never happened. Now that's one side of the coin, the other side is that I'm an idiot for keeping a wallet.dat file with so much  money on my day to day machine - especially one running windows.

I'd at least like to know who took them or find out how.

This story is going to happen over and over.  I guarantee that.