Bitcoin Forum
December 07, 2016, 08:44:31 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 343418 times)
IamFuzzles
Newbie
*
Offline Offline

Activity: 28


View Profile
June 13, 2011, 09:32:47 PM
 #41

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

Dropping a wallet into an encrypted disk does not protect at all. The wallet must be created in there and never be stored outside.

I thought so, just wondering if there was some solution I hadn't thought of.
1481100271
Hero Member
*
Offline Offline

Posts: 1481100271

View Profile Personal Message (Offline)

Ignore
1481100271
Reply with quote  #2

1481100271
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481100271
Hero Member
*
Offline Offline

Posts: 1481100271

View Profile Personal Message (Offline)

Ignore
1481100271
Reply with quote  #2

1481100271
Report to moderator
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 13, 2011, 09:34:57 PM
 #42

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

Dropping a wallet into an encrypted disk does not protect at all. The wallet must be created in there and never be stored outside.

I thought so, just wondering if there was some solution I hadn't thought of.

It is not a solution to the OP's problem at all. Encryption only protects data while you are not using it.

Misspelling protects against dictionary attacks NOT
AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
June 13, 2011, 09:35:53 PM
 #43

Looks like the thief is selling them on MtGox as we speak. LOL

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
June 13, 2011, 09:37:03 PM
 #44

Looks like the thief is selling them on MtGox as we speak. LOL

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2011, 09:38:53 PM
 #45

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  Sad

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.


Capitan
Member
**
Offline Offline

Activity: 112


View Profile
June 13, 2011, 09:42:13 PM
 #46

Please describe the security of all the PC's in your home network. Do you a router with any firewall configured on it? Is your router secure? You said the funds were taken when the wallet was on a non Windows machine. What OS was running on that machine, and can you describe the security measures in place on both machines (firewall, anti virus, you only do day-to-day use with a non admin account, etc).

Is your network on wifi and is it secure? Have you done anything that would have publicized your IP address since you started acquiring bitcoins?

I'm asking all these because I think it sucks this happened, but all the people here might be able to help you investigate this incident. And another important motivation is that others could learn from your mistakes if any, and take steps to protect themselves. I think the fact that the wallet is unencrypted is the most ridiculous thing ever. How does a cryptocurrency not encrypt the very wallet where the value is stored? I think i read in another post someone explaining that it was low priority compared to other items in the work queue. That's ridiculous. It should be a top priority. Is the code for the client open source? If so it's probably time for a community effort to make that system more secure.
Belkaar
Full Member
***
Offline Offline

Activity: 174


View Profile WWW
June 13, 2011, 09:44:15 PM
 #47

If those coins indeed wound up on mtgox the thief can be identified as soon as he tries to get the money out of mtgox, no?

bitcoinCodes.com: Get XBox live, PSN and WoW game time codes fast and anonymously
Android RPC client: Bitcoiner
Bitmessage: BM-GtcxVju35PGuD6es9vrF1SXtCVxScbjB
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 13, 2011, 09:45:23 PM
 #48

Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.

Misspelling protects against dictionary attacks NOT
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
June 13, 2011, 09:46:13 PM
 #49

I'd be equally suspicious of an inside job (someone in meatspace with physical access to your computer).

If it was a trojan or malware theft, they probably would have already deleted it remotely.

Call your ISP and try to get logs of all of your activity.  Maybe you can trace it to a proxy or C&C server.

If you don't see any suspicious activity in the ISP logs, then start interrogating your friends or friends of friends.  But don't lose them over this.  Some are trustworthy but trust nobody.  Maybe it was a stranger down who found out through the grapevine of your BTC activity, and walked in your dorm room while you were on the pot.

I sympathize with you.


Don't get stuck in the past.  I know its no comparison, but I'm sure any trader is kicking themselves for not selling at $30 and buying back at $10, (triple their holdings).  Many more traders are probably kicking themselves for selling at $10 and buying back at $20 (lost half their holdings).

Move on.  If you were rich once you can get rich again.

Move on.  It is hard to get rich trading.  Start an exchange.  MtGox once again having technical problems.  With the volume of BTC moving, wouldn't take much share of the trading volume to start making $2k per day.  After 10 days of that you'd have it back.

Move on.  If you let this stop you, it will.  Shit happens.  Some people were overnight millionaires because they started mining in 2010.  I knew of bitcoin then.  Why fall into a deep depression for not being an even earlier adopter?  In retrospect, its the same thing as losing coins.

Don't live in retrospect.  Will be very hard to move on.  BTC is still a wonderful opportunity.


College of Bucking Bulls Knowledge
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 13, 2011, 09:47:00 PM
 #50

If you stored your wallet.dat in three online sites unencrypted, any one of those places could have possibly taken the bitcoins by loading that wallet.dat on their client then spending the coins.

Spreading the file out in multiple places isn not necessarily the best idea unless the file is securely encrypted by YOU and not the place that is storing it.

Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 13, 2011, 09:47:34 PM
 #51

The best way to protect against this is to have an encrypted wallet file that you use as a savings account, and rarely access. Leave a smaller amount of coins in your regular wallet and the incentive to attack your computer is lessened.
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
June 13, 2011, 09:48:18 PM
 #52


The problem is that I can't shut the machine as this is my work machine.


It might be somebody you work with.

College of Bucking Bulls Knowledge
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 13, 2011, 09:49:12 PM
 #53

The best way to protect against this is to have an encrypted wallet file that you use as a savings account, and rarely access. Leave a smaller amount of coins in your regular wallet and the incentive to attack your computer is lessened.
And the damage is reduced too if it happens.  Good idea.

bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 13, 2011, 09:49:46 PM
 #54

You really should try to track the thief. That's your only chance! And the chance isn't that small, bitcoin is not exactly anonymous.

Misspelling protects against dictionary attacks NOT
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
June 13, 2011, 09:49:46 PM
 #55

start making $2k per day.  After 10 days of that you'd have it back.

$20k != $500k

Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 13, 2011, 09:50:31 PM
 #56

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  Sad

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.



I would put in a trouble ticket in at mount gox right away.  I am not saying they will do anything but it is worth a shot. 

Belkaar
Full Member
***
Offline Offline

Activity: 174


View Profile WWW
June 13, 2011, 09:50:40 PM
 #57

Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.

In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.

bitcoinCodes.com: Get XBox live, PSN and WoW game time codes fast and anonymously
Android RPC client: Bitcoiner
Bitmessage: BM-GtcxVju35PGuD6es9vrF1SXtCVxScbjB
AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
June 13, 2011, 09:51:16 PM
 #58

If those coins indeed wound up on mtgox the thief can be identified as soon as he tries to get the money out of mtgox, no?

Yes.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 13, 2011, 09:51:41 PM
 #59

Please describe the security of all the PC's in your home network. Do you a router with any firewall configured on it? Is your router secure? You said the funds were taken when the wallet was on a non Windows machine. What OS was running on that machine, and can you describe the security measures in place on both machines (firewall, anti virus, you only do day-to-day use with a non admin account, etc).

Is your network on wifi and is it secure? Have you done anything that would have publicized your IP address since you started acquiring bitcoins?

I'm asking all these because I think it sucks this happened, but all the people here might be able to help you investigate this incident. And another important motivation is that others could learn from your mistakes if any, and take steps to protect themselves. I think the fact that the wallet is unencrypted is the most ridiculous thing ever. How does a cryptocurrency not encrypt the very wallet where the value is stored? I think i read in another post someone explaining that it was low priority compared to other items in the work queue. That's ridiculous. It should be a top priority. Is the code for the client open source? If so it's probably time for a community effort to make that system more secure.

I have a router, the router is secure.

The funds were taken from a WINDOWS machine. God I'm starting to hate windows so much now! I doubt this would've happened had it been a linux machine!

I agree the fact that the wallet is unencrypted is totally ridiculous.

mewantsbitcoins
Full Member
***
Offline Offline

Activity: 126


View Profile
June 13, 2011, 09:54:16 PM
 #60

The more I read this thread the more absurd it gets

Work computer?
25k on computer used for browsing web?
UNENCRYPTED wallet on multiple websites?
Forensics can't do shit?

You must be either a troll or incredibly stupid. If it's the latter, and you obviously have no clue about online security, I suggest you still turn that computer off and hire someone reputable to take a look at it.
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!