Bitcoin Forum
December 08, 2016, 02:41:12 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 343487 times)
allinvain
Legendary
*
Offline Offline

Activity: 2002



View Profile
June 15, 2011, 02:32:16 PM
 #301

First, I personally would never run "Bitcoin safe" with 25k Bitcoins on a Windows computer.
Too big a security risk.

Second, even on Linux, to keep large amount of coins on your computer, it should be extra protected with some complex security.
A virtual machine with Linux on truecrypt-encrypted hard drive with Bitcoin installed should be enough - it will make life much harder for any keyloggers & hackers to infiltrate it.

With computers it is quite easy to do virtually infinately complex system of safes to store your Bitcoins.
You can create a virtual "room of mirrors" using VM in Truecrypt in VM in VM in Truecrypt in VM in Truecrypt and such.

Such an installation could look like this:
Truecrypt(VirtualBox(VirtualBox(Truecrypt(VirtualBox(Truecrypt(Your Bitcoins))))))

You can store some Bitcoins on every layer of this onion, but you should only store large sums on the last layer.



From now on I'm going to store them on a dedicated bitcoin wallet machine with linux on it. All ports except the bitcoin port will be blocked. It will be connected to the internet only for brief moments when receiving a transaction or when i want to move them to yet a different wallet..and it will always be connected via ethernet, never via wireless (don't trust wi-fi encryption).

This thing with VMs is I read it's possible for the thief to mount the vmware drive and read the contents off the drive. So what you're saying though is to encrypt the entire linux HD with trucrypt? right? not just create a truecrypt image on the VM's HD.

If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Serge
Legendary
*
Offline Offline

Activity: 1050


View Profile
June 15, 2011, 02:46:05 PM
 #302

ok, so what I learned from this thread is that I shouldn't use IRC any more as it might lead to being attacked. I understand that connecting to IRC via webchat is safe? Is this correct? (Sorry, I'm a bit worried now, too *g*)

After I posted my comment about IRC early in this thread I realized that even webchat interface won't help you much as it takes your host mask/IP and relays it to the rest of IRC network, so even with web chat others in IRC will know your "physical" connection and can probe to penetrate router/firewall security - I've been out of IRC for a long time and can't really say it router/firewall is sufficient in protecting from such probes. 

Then, even if you don't go on IRC, a believe there are some channels where all client/miner nodes are, so as we mine and use clients our IPs/hostmasks are visible from the IRC.  and as been mentioned before intruder can get full list of all IPs and and go through each one looking for least secure ones.
Mageant
Legendary
*
Offline Offline

Activity: 1079



View Profile WWW
June 15, 2011, 02:53:22 PM
 #303

One obvious question:

Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them.
As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.

no alternative bitcoin clients but mining software for sure Sad...I ran phoenix, guiminer, poclbm, cpu miner, ufasoft sse miner..I also gave namecoin a try on the same machine...

Yes this could be cause whoever stole this sure knows BTC. It seems he's a pro at laundering btc.


The next question is, which client were you using to connect to Slush's pool when your account there got hacked?
That one could be the culprit.

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
June 15, 2011, 03:01:00 PM
 #304

So what you're saying though is to encrypt the entire linux HD with trucrypt? right? not just create a truecrypt image on the VM's HD.

I am saying about a following scheme:

1. Create encrypted TrueCrypt hard drive.
2. Put a VirtualBox disk with VirtualBox Linux machine on it.
3. Install TrueCrypt within the Virtual Machine
4. Create encrypted TrueCrypt hard drive within the VM.
================== (LAYER 2) ==================
5. Create a VirtualBox disk with VirtualBox Linux machine on the VM.
6. Install TrueCrypt within the Virtual Machine in Virtual Machine
7. Create encrypted TrueCrypt hard drive within the VM in VM.
================== (LAYER 3) ==================
(...)
================== (LAYER 4) ==================
(...)

And so on...

casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 15, 2011, 03:05:46 PM
 #305

A lingering question I have is, why were only 25,000 coins taken?  It sounds like you had more coins than that.  And what have you done to secure the remainder of your coins?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
allinvain
Legendary
*
Offline Offline

Activity: 2002



View Profile
June 15, 2011, 03:12:45 PM
 #306

One obvious question:

Have you installed any alternative bitcoin clients or mining software? I have been seeing many programs pop up lately in the bitcoin eco-system, and nobody is vetting them.
As this is an attack against a bitcoin wallet, it is most likely that the virus/malware is mimicking legit bitcoin software - a generic, automated virus would not be looking for bitcoins.

no alternative bitcoin clients but mining software for sure Sad...I ran phoenix, guiminer, poclbm, cpu miner, ufasoft sse miner..I also gave namecoin a try on the same machine...

Yes this could be cause whoever stole this sure knows BTC. It seems he's a pro at laundering btc.


The next question is, which client were you using to connect to Slush's pool when your account there got hacked?
That one could be the culprit.

I was using phoenix 1.48 and I still am..(oh oh, should I dump it?) and before that I was using all the previous versions of phoenix, but all my miners are and were running phoenix pretty much for a long time. I also had guiminer running idle in the background for some time too - I would use it to ensure that my gpu's are being detected. I also had plans to maybe switch to it when it supported phoenix with the phatk kernel.

Btw, I've been using the phatk kernel for some time now.

gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
June 15, 2011, 03:21:23 PM
 #307

So what you're saying though is to encrypt the entire linux HD with trucrypt? right? not just create a truecrypt image on the VM's HD.

I am saying about a following scheme:

1. Create encrypted TrueCrypt hard drive.
2. Put a VirtualBox disk with VirtualBox Linux machine on it.
3. Install TrueCrypt within the Virtual Machine
4. Create encrypted TrueCrypt hard drive within the VM.
================== (LAYER 2) ==================
5. Create a VirtualBox disk with VirtualBox Linux machine on the VM.
6. Install TrueCrypt within the Virtual Machine in Virtual Machine
7. Create encrypted TrueCrypt hard drive within the VM in VM.
================== (LAYER 3) ==================
(...)
================== (LAYER 4) ==================
(...)

And so on...

This is the dumbest bullshit ever.

Everybody please ignore this "advice." Also, VMs cannot protect data.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
allinvain
Legendary
*
Offline Offline

Activity: 2002



View Profile
June 15, 2011, 03:26:43 PM
 #308

A lingering question I have is, why were only 25,000 coins taken?  It sounds like you had more coins than that.  And what have you done to secure the remainder of your coins?

Yep I had a bit more than that..not much more..the thief took 25,000.61 BTC.

My only theory is that he had an earlier copy of my wallet? But still that does not make sense as I used the same payout address for all the funds I mined as for the very first address the client generated...soo technically he should've been able to get those funds as well. Maybe this was his way of showing me the middle finger..sort of like "here you go you stupid fuck..I left you something so you can buy yourself something.."

I don't know, I am merely speculating and speculation does me no good.

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
June 15, 2011, 03:33:07 PM
 #309

This is the dumbest bullshit ever.

Of course it is, because you said so.
How can we ever doubt you, you are such a SMART-ASS !

Everybody please ignore this "advice."

Yes, and become easy prey to hackers of all sorts.

SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
June 15, 2011, 04:17:21 PM
 #310

A lingering question I have is, why were only 25,000 coins taken?  It sounds like you had more coins than that.  And what have you done to secure the remainder of your coins?

Yep I had a bit more than that..not much more..the thief took 25,000.61 BTC.

My only theory is that he had an earlier copy of my wallet? But still that does not make sense as I used the same payout address for all the funds I mined as for the very first address the client generated...soo technically he should've been able to get those funds as well. Maybe this was his way of showing me the middle finger..sort of like "here you go you stupid fuck..I left you something so you can buy yourself something.."

I don't know, I am merely speculating and speculation does me no good.
It's possible that he didn't have the entire blockchain downloaded when he thought he did, so it didn't show the entire balance.
jerfelix
Sr. Member
****
Offline Offline

Activity: 266


View Profile
June 15, 2011, 05:03:45 PM
 #311

On the positive side, if you can sufficiently document the loss you have one hell of a tax deduction.
Not quite, unless he declared the Bitcoin gain, in which case, it's a wash.
jerfelix
Sr. Member
****
Offline Offline

Activity: 266


View Profile
June 15, 2011, 05:06:59 PM
 #312

I had an idea for this concept a couple of months ago when I was thinking about running my own Bitcoin ATM drive through bank.

Run a computer with some kind of secure linux distro. Tiny core would be a good base to work from since its one of the most lightweight distros.(Only 10 MB or so!)

Run the standard stable bitcoin server with every port blocked except the ports need by the bitcoin server.

Tiny core runs completely in memory so if some one were to try and compromise the machine and it lost power then everything would be permanently erased. No trace. In order for your wallet to be recoverable, enable a script that periodically encrypts your wallet and sends it a remote databank, like google docs, drop box, ect. Do not use hard drives.

Install SSH but use key based authentication with a password needed to unlock your private key. This would allow you access to your machine from any terminal on your local network. Disable password logins and make sure the ssh port is blocked from outside access. 

Connect the headless server to your Ethernet, never use a wifi network!

Also connect the pc to a back up power supply and surge protector.

Hope this helps!

PS: I'm thinking about making a linux distro based off of this called SecuCoin. Using microcore+bitcoind+openssh = ~10 MB for the whole OS!

This OS would not have a gui and would need a gui implementation for access from a external terminal.

Why even connect to the net at all?  You can create a "vault" wallet file on a disconnected PC, store the wallet file in a real safe, and send bitcoins from your minimal wallet to your "vault" Bitcoin Address anytime you want.

Years from now, when you need to access your savings, retrieve the wallet file from the safe.  Once the whole blockchain is loaded, your coins will be waiting for you.
Waschtel
Newbie
*
Offline Offline

Activity: 18


View Profile
June 15, 2011, 06:23:51 PM
 #313

I just started a poll asking any victims about the miners they have installed on their systems.

I have listed all the miners you had installed on your system, allinvain.

The post can be found here:

http://forum.bitcoin.org/index.php?topic=17432.0

Maybe there will be a pattern.
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 15, 2011, 06:25:18 PM
 #314

This is the dumbest bullshit ever.

Of course it is, because you said so.
How can we ever doubt you, you are such a SMART-ASS !

Everybody please ignore this "advice."

Yes, and become easy prey to hackers of all sorts.

He's got a point. You are advocating layering a lot of complexity on top of eachother, but none of that helps against a compromised machine. It will still happily grab all of your TrueCrypt passwords, your mouse movements, all the fractal windows you have open etc.

A VM is only useful for protecting the host from guests, not the other way around. Also, that may not be the case anymore either, as there have been exploits for detecting and getting out of a VM (exactly because people expect VMs to be safe).

The only way you can be secure is by using a separate, clean, minimal installation on different hardware from the daily use, net connected machine.
ribuck
Donator
Legendary
*
Offline Offline

Activity: 826


View Profile
June 15, 2011, 07:09:56 PM
 #315

A newbie who can't post in this forum has identified that the address your coins went to is a donation receiving address of LulzSec:

http://forum.bitcoin.org/index.php?topic=17386.msg223015
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
June 15, 2011, 07:20:40 PM
 #316

A newbie who can't post in this forum has identified that the address your coins went to is a donation receiving address of LulzSec:

http://forum.bitcoin.org/index.php?topic=17386.msg223015
It wasn't LulzSec. That press release was a fake copy.

Real press release:
http://pastebin.com/i5M0LB58
Fake:
http://pastebin.com/88nGp508

allinvain
Legendary
*
Offline Offline

Activity: 2002



View Profile
June 15, 2011, 07:38:03 PM
 #317

I had an idea for this concept a couple of months ago when I was thinking about running my own Bitcoin ATM drive through bank.

Run a computer with some kind of secure linux distro. Tiny core would be a good base to work from since its one of the most lightweight distros.(Only 10 MB or so!)

Run the standard stable bitcoin server with every port blocked except the ports need by the bitcoin server.

Tiny core runs completely in memory so if some one were to try and compromise the machine and it lost power then everything would be permanently erased. No trace. In order for your wallet to be recoverable, enable a script that periodically encrypts your wallet and sends it a remote databank, like google docs, drop box, ect. Do not use hard drives.

Install SSH but use key based authentication with a password needed to unlock your private key. This would allow you access to your machine from any terminal on your local network. Disable password logins and make sure the ssh port is blocked from outside access. 

Connect the headless server to your Ethernet, never use a wifi network!

Also connect the pc to a back up power supply and surge protector.

Hope this helps!

PS: I'm thinking about making a linux distro based off of this called SecuCoin. Using microcore+bitcoind+openssh = ~10 MB for the whole OS!

This OS would not have a gui and would need a gui implementation for access from a external terminal.

Why even connect to the net at all?  You can create a "vault" wallet file on a disconnected PC, store the wallet file in a real safe, and send bitcoins from your minimal wallet to your "vault" Bitcoin Address anytime you want.

Years from now, when you need to access your savings, retrieve the wallet file from the safe.  Once the whole blockchain is loaded, your coins will be waiting for you.

I'd like to use that system for secure banking also, but hmm...guess that may not be a good idea. It would be nice if there was a portable version of the client that stores the wallet.dat file within it's own directory. This way say you can run the client from an encrypted USB drives like IronKey.

MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
June 15, 2011, 07:51:53 PM
 #318



I'd like to use that system for secure banking also, but hmm...guess that may not be a good idea. It would be nice if there was a portable version of the client that stores the wallet.dat file within it's own directory. This way say you can run the client from an encrypted USB drives like IronKey.


The standard client can do that.  That is the only way I run a client on a Windows machine, ever.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
June 15, 2011, 08:22:22 PM
 #319

none of that helps against a compromised machine.

Actually, it does.
You may fool an attacker into thinking that he hacked all the layers, while he only hacked top 2 of them.
Security by obscurity + surprise element.

It will still happily grab all of your TrueCrypt passwords, your mouse movements, all the fractal windows you have open etc.

Who needs mouse movements when you can connect to a (virtual) machine using  encrypted VNC connection ?
The possibilities are endless. VM is just the beginning of the things you can do.

there have been exploits for detecting and getting out of a VM (exactly because people expect VMs to be safe).

Not all of the exploits work on all kinds of VM's.
Also, a possible attacker may not be prepared for task of this level of complexity.

The only way you can be secure is by using a separate, clean, minimal installation on different hardware from the daily use, net connected machine.

This is certainly the best way, but having a hall of mirrors is also useful when you are only using single machine.
As I said, "the possibilities are endless. VM is just the beginning of things you can do".

Generally my thinking is that you can create multiple levels of complexity and every one of the makes it more difficult for the attacker to hack you.

synergy543
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 10:37:41 PM
 #320

@Allinvain - Bitcoins are apparently very traceble.  Check this out....

This article has some very interesting information.
http://www.forexyard.com/en/news/Bitcoin-exchanges-offer-anti-money-laundering-aid-2011-06-15T220113Z

"Karpeles [MagicalTux] said Bitcoin transactions were in fact traceable. He said that while the system had been built to be anonymous, it was "really easy to track Bitcoins across the network."

"Donald Norman, the co-founder of a London-based consultancy that serves Bitcoin exchanges, said that a data file existed which reflected the complete history of Bitcoin transactions, so that "the ownership of every single coin is completely known and traceable."
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!