I just got hacked - any help is welcome! (25,000 BTC stolen)

[cschmitz]

Holding Bitcoins on a previously infected computer, allright, its a facepalm thing.

[1714222725]

1714222725

[1714222725]

1714222725

[1714222725]

1714222725

[steelhouse]

1. The best place to store BTC wallet.dat is on an unencrypted usb stick, sd, or cf device. 
2. If they are at mtgox, I would call the fbi and mtgox the part that deals with mail fraud.   At mtgox, they most likely will transfer it to someplace where they can get cash.  Those places can be tracked easily.
3. Don't install any software.

[ribuck]

Two further thoughts, both admittedly long-shots.

1. Try installing the latest version of Bitcoin and starting it with the -rescan option, just in case the BTC aren't really gone.

2. Read the fine print on your household insurance policy to see whether it covers cash-like things.

[aiwk171]

As a quick note: I suspect, that more people are prone to have their wallet stolen, or that a LOT of people might already have a trojan that copied their wallet some time ago.

So I decided to be nice and write up a (hopefully) helpful HowTo to protect yourself: HOWTO: create a 100% secure wallet.

If LulzSec can infect a gazillion of PCs to do their DDoS, then anybody can implement a simple file-upload function into any virus.

I'll update the guide with new information as it comes up.

[Nescio]

Just implement Unix file semantics on accounts and addresses: RECEIVE, SEND, OPERATE / VIEW (for accounts)

Can you specify how this would work?

Without a provably secure implementation this could fall into the same category as running the client in a VM, having a mouse driven password entry, running a virus scanner on the infection target etc.

Provably secure means mathematical proof, i.e. not just a mechanism that may (temporarily) make it harder for an attacker to accomplish a task, such as relying on the unfamiliarity of the attacker with the implementation.

Even the 2 factor token example I gave is not provably secure, there could be a vulnerability in the implementation of the token crypto, the bank's system could be hacked/social engineered, an attacker with physical access could guess the PIN before the token locks down, the user could store the token PIN written down next to the token and the user could be tricked/coerced to reveal his PIN.

[Waschtel]

One obvious question:

Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them.
As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.

[Nescio]

I wonder if you had adequate antivirus on your windows machine? It'd be very hard for a trojan to take control of your computer if you had adequate security software, that can detect trojan behavior. Plus Win7 has some default security built in like UAC. I think it'd take a seriously good hacker (like top 0.001% in the world), to hack a windows machine, over the internet, with firewalled router + good security software + UAC turned on.

The average desktop OS has a massive amount of unfixed vulnerabilities at any given moment. Apart from exceptional cases (academic proof projects, NASA hand audited code) there are several defects per 1000 lines of code in pretty much everything. Since your average OS consists of a few million lines of code, there is bound to be a massive amount of errors in everything. Most of these will not lead to a compromise, just instability, unexpected behaviour or cosmetic issues, and the ones which do might only lead to a remote compromise under very specific circumstances.

Regardless, there seem to be plenty of those, with the prototypical attack vector being anything that deals with external data. Currently that's primarily PDF, Flash and browsers doing a multitude of data parsing (html, xml, js, DOM, css, cookies, images, video, URL history, bookmarks, associated built in dbs etc.), third party plugins, with sometimes privileged access (e.g. direct GPU code execution for 3D/video acceleration).

Basic OS security is powerless against these. You need to fundamentally separate any such activity from your wallet. Just think of how Stuxnet managed to get to Iranian centrifuges. I doubt they were hanging off the net directly, but obviously they were not *fully* separated.

[Nescio]

I did contact the police, but do you honestly think they can do anything? The way the police operates means they cannot do anything in the even to of a cyber crime.

Try the FBI. I think there is a few thousand dollar limit above which they are obliged to take the case and they have a cybercrime unit. I think half a million qualifies If the attacker is abroad it might get more difficult, or it might turn it into a federal crime, expediting things. Maybe you should talk to a lawyer as well, just in case (e.g. what if Bitcoin is outlawed at some point, what if you give permission for your machine to be audited and they come across a copyrighted download or something).

[AntiVigilante]

Just implement Unix file semantics on accounts and addresses: RECEIVE, SEND, OPERATE / VIEW (for accounts)

Can you specify how this would work?

Without a provably secure implementation this could fall into the same category as running the client in a VM, having a mouse driven password entry, running a virus scanner on the infection target etc.

Provably secure means mathematical proof, i.e. not just a mechanism that may (temporarily) make it harder for an attacker to accomplish a task, such as relying on the unfamiliarity of the attacker with the implementation.

Even the 2 factor token example I gave is not provably secure, there could be a vulnerability in the implementation of the token crypto, the bank's system could be hacked/social engineered, an attacker with physical access could guess the PIN before the token locks down, the user could store the token PIN written down next to the token and the user could be tricked/coerced to reveal his PIN.

Trying to send coins from a receive only address is going to fail.
Trying to send fake coins to a send only address is going to fail.
Trying to split or combine amounts in non-multiples of a given amount in a operate disabled address is going to fail.

And these rules would literally mean lost coins for thieves.

[sonba]

ok, so what I learned from this thread is that I shouldn't use IRC any more as it might lead to being attacked. I understand that connecting to IRC via webchat is safe? Is this correct? (Sorry, I'm a bit worried now, too *g*)

[Nescio]

Unfortunately, a new kind of money will not solve the problems of a for profit monetary system. When your incentive is to acquire money, the methodology becomes irrelevant in the context of a distorted value system in which you need to acquire the money to be rewarded and receive the necessities of life. That won't change until we choose to have relevant values and conduct ourselves accordingly.

This should probably go in the philosophy section but there is an issue with causality in your argument: you seem to be rejecting the acquisition of wealth by itself, excluding a possible incentive for which the acquisition of wealth is an inconsequential means to an end, thereby presuming that any application of such means is the result (or cause) of a distorted value system.

[Rob P.]

Guess we now know where the coins went:

" @aaronbarr: @Lulzsec pilfered nearly a half million $ in bitcoins while running their tele-DDOS-athon today. http://tinyurl.com/3mfngql "

http://blockexplorer.com/address/1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Additional information:
" @Anonakomis: @LulzSec Look at your bitcoin balance. Hope you enjoy my a little percentage of my findings... ;-) (http://t.co/9IT1Ote) "

Picture of Tweet from Anon:
http://samsclass.info/125/Sum11/bitcoin-lulz.png

[Nescio]

Trying to send coins from a receive only address is going to fail.
Trying to send fake coins to a send only address is going to fail.

There is no such thing as a fake coin, the network rejects any such attempts, including double spending.

For the receive only address, you need a an appropriate client that supports this. Assuming that you can for example specify the type of an address during creation and hash that into the address to make it immutable, how do you get coins out of a receive only address later?

It seems there must be a mechanism to allow this or change the type later, otherwise the receive only type would be the same as deleting coins. And if there is, then so can an attacker and the whole exercise seems fairly pointless.

[TheRandomGuy]

Guess we now know where the coins went:

" @aaronbarr: @Lulzsec pilfered nearly a half million $ in bitcoins while running their tele-DDOS-athon today. http://tinyurl.com/3mfngql "

http://blockexplorer.com/address/1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

So it's lulzsec that did this? 

[Nescio]

If LulzSec was really involved and not just claiming a false victory then there is a chance you can apply to their hacker ethics, since it seems they are somewhat libertarian in motivation, attacking multinationals and governments. If they don't care about screwing over an innocent individual, someone who has arguably been supporting something that is similarly aligned they are a moral failure and will lose a lot of goodwill with the rest of the community. Make a good, well publicized plea they cannot avoid answering. Maybe they don't even know the full story. Maybe you can work out a compromise like having part of the balance donated to a charity (Wikileaks seems like a good one ).

[Nescio]

ok, so what I learned from this thread is that I shouldn't use IRC any more as it might lead to being attacked. I understand that connecting to IRC via webchat is safe? Is this correct? (Sorry, I'm a bit worried now, too *g*)

As soon as you connect to the net you increase the risk of being compromised. It's always possible there is a vulnerability in your IRC client, in the browser or one of its plugins you use for webchat, etc. You could be sent a document with a vulnerability, etc. A couple of years ago the average infection rate of an unpatched Windows machine simply connected directly to the net was less than a minute on average (i.e. if you installed a vanilla XP, you could get portscanned and compromised before you could even download and install service packs). This has improved somewhat but there is no shortage of attack vectors in auxiliary software.

Your wallet should ideally be on a dedicated machine with the minimum amount of software necessary installed which isn't connecting to the net at all except for bitcoin transfers, is behind a dedicated firewall with no other hosts connected to the segment. That still doesn't exclude compromise through a vulnerability in the client or Bitcoin network for example (the client will actually connect to IRC itself for bootstrapping and your IP address is announced to other participants).

[allinvain]

One obvious question:

Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them.
As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.

no alternative bitcoin clients but mining software for sure ...I ran phoenix, guiminer, poclbm, cpu miner, ufasoft sse miner..I also gave namecoin a try on the same machine...

Yes this could be cause whoever stole this sure knows BTC. It seems he's a pro at laundering btc.

[allinvain]

I did contact the police, but do you honestly think they can do anything? The way the police operates means they cannot do anything in the even to of a cyber crime.

Try the FBI. I think there is a few thousand dollar limit above which they are obliged to take the case and they have a cybercrime unit. I think half a million qualifies If the attacker is abroad it might get more difficult, or it might turn it into a federal crime, expediting things. Maybe you should talk to a lawyer as well, just in case (e.g. what if Bitcoin is outlawed at some point, what if you give permission for your machine to be audited and they come across a copyrighted download or something).

I'm thinking of contacting the RCMP. I'm not in the States to FBI can't help me.

I really wish there was a site where one can declare stolen coins.

I dunno...as you can imagine I'm quite in despair about the whole situation and the fact that there is so little I can do.

[ShadowOfHarbringer]

First, I personally would never run "Bitcoin safe" with 25k Bitcoins on a Windows computer.
Too big a security risk.

Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security.
A virtual machine with Linux on truecrypt-encrypted hard drive with Bitcoin installed should be enough - it will make life much harder for any keyloggers & hackers to infiltrate it.

With computers it is quite easy to do virtually infinately complex system of safes to store your Bitcoins.
You can create a virtual "room of mirrors" using VM in Truecrypt in VM in VM in Truecrypt in VM in Truecrypt and such.

Such an installation could look like this:
Truecrypt(VirtualBox(VirtualBox(Truecrypt(VirtualBox(Truecrypt(Your Bitcoins))))))

You can store some Bitcoins on every layer of this onion, but you should only store large sums on the last layer.

[dserrano5]

Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security.

A SELinux/AppArmor/GRSecurity profile would help. I specialized in GRSec in the past but unfortunately it hasn't hit mainstream so nobody uses it. AppArmor is used in Ubuntu and it's configuration doesn't seem too hard (it resembles GRSec's).