I just got hacked - any help is welcome! (25,000 BTC stolen)

[Herodes]

The story seems to lack credibility, but never let truth ruin a good story.

What I found most interesting is how anyone in their right mind will store 25K BTC on a work computer.
Another alarming fact is that the original poster thinks that an investigation will cost more than the money he lost. That was his reply given earlier when he was asked if he would have some expert IT investigator look at it.


There are two sayings I would like to quite in this case.

1. A fool and his money is easily parted.
2. If it's in the news, it must be true, even if it originated from a forum post...

If the oddities in this case are actually real and the original poster actually lost these money, I am sorry I cannot feel sorry for him. In general I never like it when people are getting robbed or exploited, but some people just had it coming.

Analogies are the blond in super tight sexy outfit that walks alone in a dangerous neighborhood at 03:30 at night and get raped, or the porche owner going for shopping and leaving the car with both the doors open. It is still wrong for other people to exploit this, by all means, but it will happen, no doubt about it.

If the original topic poster is for real, sorry to say, but you are incredibly stupid. I have lost shitloads of money myself earlier on, not on bitcoin though, so I know the sinking suicidal feeling, but as they say, the strong survive..

[allinvain]

The story seems to lack credibility, but never let truth ruin a good story.

What I found most interesting is how anyone in their right mind will store 25K BTC on a work computer.

NOT work computer. HOME computer.

[allinvain]

Possible way (and most likely) way the coins were stolen:

http://www.symantec.com/security_response/writeup.jsp?docid=2011-061615-3651-99&tabid=2

[trueimage]

Are you not concerned about bitrot?  You have only 1 single copy of your wallet on a single thumbdrive?  That is really dangerous for long-term storage.  If I had any sizeable amount of BTC (as I presume you do) I would not feel very warm and fuzzy abou this.

what do you recommend? I'm trying to be as safe as possible, just wondering.

[rezin777]

The story seems to lack credibility, but never let truth ruin a good story.

What I found most interesting is how anyone in their right mind will store 25K BTC on a work computer.

NOT work computer. HOME computer.

The problem is that I can't shut the machine as this is my work machine.

Maybe both then?

[allinvain]

The story seems to lack credibility, but never let truth ruin a good story.

What I found most interesting is how anyone in their right mind will store 25K BTC on a work computer.

NOT work computer. HOME computer.

The problem is that I can't shut the machine as this is my work machine.

Maybe both then?

Ok, let me clear things up. The machine is my home machine but at the time I made that post I was running some trading applications and I had some live trades going. I needed to keep an eye on them. So I guess you can refer to it as "work at home" machine..or something like that.

[rezin777]

Ok, let me clear things up. The machine is my home machine but at the time I made that post I was running some trading applications and I had some live trades going. I needed to keep an eye on them. So I guess you can refer to it as "work at home" machine..or something like that.

I assumed as it was something like that. I was just pointing out where the confusion came from. Apparently the article, which I haven't read, suggested it was a work computer.

[MysteryMiner]

I'm reading this and I'm somewhat surprised how large portion of bitcoin users is computer illiterate and talk about encryption, reversing, etc, to help in this situation.

The Windows can be secured, it's only misconfigured out-of-the-box.

Almost all hacks today happen because of user running the trojan executable file. Windows is only making this easier, no dependencies needed for TrojanDownloader.deb The author of this tread is no different. The infections in Temp folder are the actual remote access trojan files. Try to remeber what files you downloaded and from where. This might lead to initial source of trojanization.

Planing opening online Bitcoin business but unable to keep your own system secure? Probably this will be happening anyway, but this time it's only our own money, not your customers.

And you must stop using the infected computer and disconect it from network. As you are making this thread, the hacker might be watching your actions in real time and masturbating. He defineatly got epic lulz from your desperate and ineffective actions.

[allinvain]

I'm reading this and I'm somewhat surprised how large portion of bitcoin users is computer illiterate and talk about encryption, reversing, etc, to help in this situation.

The Windows can be secured, it's only misconfigured out-of-the-box.

Almost all hacks today happen because of user running the trojan executable file. Windows is only making this easier, no dependencies needed for TrojanDownloader.deb The author of this tread is no different. The infections in Temp folder are the actual remote access trojan files. Try to remeber what files you downloaded and from where. This might lead to initial source of trojanization.

Planing opening online Bitcoin business but unable to keep your own system secure? Probably this will be happening anyway, but this time it's only our own money, not your customers.

And you must stop using the infected computer and disconect it from network. As you are making this thread, the hacker might be watching your actions in real time and masturbating. He defineatly got epic lulz from your desperate and ineffective actions.

Those infections appear only when I run an online antivirus scanner in IE. I think Symantec Antivirus is misreporting the scanner's virus  database as an actual infeciton in the system..in a sense it is..but it just doesn't know the difference.

[MysteryMiner]

No antivirus is going to protect you from being hacked. The malware writers use packaging and encryption to make payload undetected.

I feel somehow sorry for you if this is true story. Learn about real security, but I have no idea where. The books and online sources are misleading. I got my experience on computer security as computer repairman/gamer/nonstandart server hoster/disruptive scriptkiddie/botnet owner. More than 10 years of such activity btw.

[jalidi]

This is a terrible thing that happened to you.

If I had the know-how, I would trace the thief's location and supply you with his physical address.

[tictok]

Absolutely gutting.

I've not read through the hole 20 pages of posts but its terrible what's happened.
There's always 'what if's' and you should've done this or that, but unfortunately not of that changes anything.
I feel so sorry for you - wish there was someway to help, or something useful to say..

This has though made me immediately re-think my own wallet security even though I have a few thousand times less BTC than the OPs stolen amount.

I also now think that forums like these are potential hunting grounds for hackers or thieves on the prowl for any 'bitcoiners' personal details or clues to where peoples wallets may be.... I know it's obvious, but please be careful what you post on these forums. Collectively there's is sooo much cash in our combined digital wallets, we must look like a gift to some nefarious feckers out there.

[MysteryMiner]

My wallet.dat is located in default place on my computer running Windows 7. But you will never get it! I don't make mistakes like other users and I don't run malware on my computer.

The next big thread will be when someone securing wallet.dat will get lose all of his coins, when some piece of Rube Goldberg machine of security breaks.

[joepie91]

My wallet.dat is located in default place on my computer running Windows 7. But you will never get it! I don't make mistakes like other users and I don't run malware on my computer.

The next big thread will be when someone securing wallet.dat will get lose all of his coins, when some piece of Rube Goldberg machine of security breaks.

Until you get hit by an 0day in the browser you use.

[TraderTimm]

Any chance we can let this horse die by archiving the thread? I'd say the whole event has been beaten to its sub-molecular components by now.

[allinvain]

My wallet.dat is located in default place on my computer running Windows 7. But you will never get it! I don't make mistakes like other users and I don't run malware on my computer.

The next big thread will be when someone securing wallet.dat will get lose all of his coins, when some piece of Rube Goldberg machine of security breaks.

Dont' be so confident. I was just like you. I thought I'd never be stupid enough to run any malware and I regularly scanned my computer for malware. Anyways, what I'm trying to say is you better be safe than sorry and never  get overly confident about security matters. Do what most people say which is to get a machine that is a dedicated bitcoin wallet.

[Capitan]

No antivirus is going to protect you from being hacked. The malware writers use packaging and encryption to make payload undetected.

I feel somehow sorry for you if this is true story. Learn about real security, but I have no idea where. The books and online sources are misleading. I got my experience on computer security as computer repairman/gamer/nonstandart server hoster/disruptive scriptkiddie/botnet owner. More than 10 years of such activity btw.

Can you provide any advice as to where one might begin learning about this? The OP claims he took all the basic precautions: AV, behind a router firewall, windows patched up to date, etc.

What Version of Windows was OP running? The  link to infostealer.com that someone else posted only lists xp, NT, and 2000 as applicable OS'es. So Vista and WIn 7 are not vulnerable to that particular exploit?

[allinvain]

No antivirus is going to protect you from being hacked. The malware writers use packaging and encryption to make payload undetected.

I feel somehow sorry for you if this is true story. Learn about real security, but I have no idea where. The books and online sources are misleading. I got my experience on computer security as computer repairman/gamer/nonstandart server hoster/disruptive scriptkiddie/botnet owner. More than 10 years of such activity btw.

Can you provide any advice as to where one might begin learning about this? The OP claims he took all the basic precautions: AV, behind a router firewall, windows patched up to date, etc.

What Version of Windows was OP running? The  link to infostealer.com that someone else posted only lists xp, NT, and 2000 as applicable OS'es. So Vista and WIn 7 are not vulnerable to that particular exploit?

Windows 7 Ultimate

I'm pretty sure if the exploit works on 2000 it will most likely work on Vista or Win 7.

[joepie91]

No antivirus is going to protect you from being hacked. The malware writers use packaging and encryption to make payload undetected.

I feel somehow sorry for you if this is true story. Learn about real security, but I have no idea where. The books and online sources are misleading. I got my experience on computer security as computer repairman/gamer/nonstandart server hoster/disruptive scriptkiddie/botnet owner. More than 10 years of such activity btw.

Can you provide any advice as to where one might begin learning about this? The OP claims he took all the basic precautions: AV, behind a router firewall, windows patched up to date, etc.

What Version of Windows was OP running? The  link to infostealer.com that someone else posted only lists xp, NT, and 2000 as applicable OS'es. So Vista and WIn 7 are not vulnerable to that particular exploit?

I cannot see a reason as to why that stealer would not work on any version of windows. If it just grabs a file and emails it.... there is nothing OS-specific in there.

[MysteryMiner]

My wallet.dat is located in default place on my computer running Windows 7. But you will never get it! I don't make mistakes like other users and I don't run malware on my computer.

The next big thread will be when someone securing wallet.dat will get lose all of his coins, when some piece of Rube Goldberg machine of security breaks.

Until you get hit by an 0day in the browser you use.

The Rube Goldberg security will not help in such case. The exploit can download RAT and the attacker can have full acess to computer just like sitting in your chair with the keyboard. But modern browsers have a lot less vulnerabilities than Internet Explorer 5.0 had in the past. And most of them are spoofing or crash vulnerabilities, not sure remote execution ones.

My wallet.dat is located in default place on my computer running Windows 7. But you will never get it! I don't make mistakes like other users and I don't run malware on my computer.

The next big thread will be when someone securing wallet.dat will get lose all of his coins, when some piece of Rube Goldberg machine of security breaks.

Dont' be so confident. I was just like you. I thought I'd never be stupid enough to run any malware and I regularly scanned my computer for malware. Anyways, what I'm trying to say is you better be safe than sorry and never  get overly confident about security matters. Do what most people say which is to get a machine that is a dedicated bitcoin wallet.

I don't scan for malware, and never trust online scanners. They leak sensitive private information. From time to time I check my computer files manually. I know Windows good enough to do it in manual mode.

AV will not save from good trojan at all. False sense of security and performance reduction.
Hardware router will only help against emote exploits and scanning. Must have one for security. But it will not help against trojans at all.
Patching windows will not help against trojans, only against known exploits.

And Win2000 and Win7 are totally different. There is few to none remote exploits that work on both of them. Only way to attack both systems with single shot is trojan, like DarkComet.

Can you provide any advice as to where one might begin learning about this?

Start learning how your computer works, join some underground forums. I was lucky to be able to start use computer in time when windows 95 and 98 was main OS used and there was no legal action against people doing whatever they can do with computer. Probably I'm simply prone to do bad things whenewer I can with whatever I can for my own amusement.