I just got hacked - any help is welcome! (25,000 BTC stolen)

[IamFuzzles]

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

Dropping a wallet into an encrypted disk does not protect at all. The wallet must be created in there and never be stored outside.

I thought so, just wondering if there was some solution I hadn't thought of.

[1714198011]

1714198011

[1714198011]

1714198011

[1714198011]

1714198011

[1714198011]

1714198011

[1714198011]

1714198011

[bcearl]

What would be the best solution for the lack of encryption problem? The only thing I can think of would be to created an encrypted volume (via truecrypt) and drop  the wallet file in there. But then it'd have to be replaced any time you were mining. I'm not talking about a back up here, I mean the original obviously.

Dropping a wallet into an encrypted disk does not protect at all. The wallet must be created in there and never be stored outside.

I thought so, just wondering if there was some solution I hadn't thought of.

It is not a solution to the OP's problem at all. Encryption only protects data while you are not using it.

[AntiVigilante]

Looks like the thief is selling them on MtGox as we speak. LOL

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

[AntiVigilante]

Looks like the thief is selling them on MtGox as we speak. LOL

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

[allinvain]

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.

[Capitan]

Please describe the security of all the PC's in your home network. Do you a router with any firewall configured on it? Is your router secure? You said the funds were taken when the wallet was on a non Windows machine. What OS was running on that machine, and can you describe the security measures in place on both machines (firewall, anti virus, you only do day-to-day use with a non admin account, etc).

Is your network on wifi and is it secure? Have you done anything that would have publicized your IP address since you started acquiring bitcoins?

I'm asking all these because I think it sucks this happened, but all the people here might be able to help you investigate this incident. And another important motivation is that others could learn from your mistakes if any, and take steps to protect themselves. I think the fact that the wallet is unencrypted is the most ridiculous thing ever. How does a cryptocurrency not encrypt the very wallet where the value is stored? I think i read in another post someone explaining that it was low priority compared to other items in the work queue. That's ridiculous. It should be a top priority. Is the code for the client open source? If so it's probably time for a community effort to make that system more secure.

[Belkaar]

If those coins indeed wound up on mtgox the thief can be identified as soon as he tries to get the money out of mtgox, no?

[bcearl]

Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.

[bitcoinBull]

I'd be equally suspicious of an inside job (someone in meatspace with physical access to your computer).

If it was a trojan or malware theft, they probably would have already deleted it remotely.

Call your ISP and try to get logs of all of your activity.  Maybe you can trace it to a proxy or C&C server.

If you don't see any suspicious activity in the ISP logs, then start interrogating your friends or friends of friends.  But don't lose them over this.  Some are trustworthy but trust nobody.  Maybe it was a stranger down who found out through the grapevine of your BTC activity, and walked in your dorm room while you were on the pot.

I sympathize with you.


Don't get stuck in the past.  I know its no comparison, but I'm sure any trader is kicking themselves for not selling at $30 and buying back at $10, (triple their holdings).  Many more traders are probably kicking themselves for selling at $10 and buying back at $20 (lost half their holdings).

Move on.  If you were rich once you can get rich again.

Move on.  It is hard to get rich trading.  Start an exchange.  MtGox once again having technical problems.  With the volume of BTC moving, wouldn't take much share of the trading volume to start making $2k per day.  After 10 days of that you'd have it back.

Move on.  If you let this stop you, it will.  Shit happens.  Some people were overnight millionaires because they started mining in 2010.  I knew of bitcoin then.  Why fall into a deep depression for not being an even earlier adopter?  In retrospect, its the same thing as losing coins.

Don't live in retrospect.  Will be very hard to move on.  BTC is still a wonderful opportunity.

[Littleshop]

If you stored your wallet.dat in three online sites unencrypted, any one of those places could have possibly taken the bitcoins by loading that wallet.dat on their client then spending the coins.

Spreading the file out in multiple places isn not necessarily the best idea unless the file is securely encrypted by YOU and not the place that is storing it.

[Garrett Burgwardt]

The best way to protect against this is to have an encrypted wallet file that you use as a savings account, and rarely access. Leave a smaller amount of coins in your regular wallet and the incentive to attack your computer is lessened.

[bitcoinBull]

The problem is that I can't shut the machine as this is my work machine.

It might be somebody you work with.

[Littleshop]

The best way to protect against this is to have an encrypted wallet file that you use as a savings account, and rarely access. Leave a smaller amount of coins in your regular wallet and the incentive to attack your computer is lessened.

And the damage is reduced too if it happens.  Good idea.

[bcearl]

You really should try to track the thief. That's your only chance! And the chance isn't that small, bitcoin is not exactly anonymous.

[Alex Beckenham]

start making $2k per day.  After 10 days of that you'd have it back.

$20k != $500k

[Littleshop]

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.

I would put in a trouble ticket in at mount gox right away.  I am not saying they will do anything but it is worth a shot. 

[Belkaar]

Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.

In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.

[AntiVigilante]

If those coins indeed wound up on mtgox the thief can be identified as soon as he tries to get the money out of mtgox, no?

Yes.

[allinvain]

Please describe the security of all the PC's in your home network. Do you a router with any firewall configured on it? Is your router secure? You said the funds were taken when the wallet was on a non Windows machine. What OS was running on that machine, and can you describe the security measures in place on both machines (firewall, anti virus, you only do day-to-day use with a non admin account, etc).

Is your network on wifi and is it secure? Have you done anything that would have publicized your IP address since you started acquiring bitcoins?

I'm asking all these because I think it sucks this happened, but all the people here might be able to help you investigate this incident. And another important motivation is that others could learn from your mistakes if any, and take steps to protect themselves. I think the fact that the wallet is unencrypted is the most ridiculous thing ever. How does a cryptocurrency not encrypt the very wallet where the value is stored? I think i read in another post someone explaining that it was low priority compared to other items in the work queue. That's ridiculous. It should be a top priority. Is the code for the client open source? If so it's probably time for a community effort to make that system more secure.

I have a router, the router is secure.

The funds were taken from a WINDOWS machine. God I'm starting to hate windows so much now! I doubt this would've happened had it been a linux machine!

I agree the fact that the wallet is unencrypted is totally ridiculous.

[mewantsbitcoins]

The more I read this thread the more absurd it gets

Work computer?
25k on computer used for browsing web?
UNENCRYPTED wallet on multiple websites?
Forensics can't do shit?

You must be either a troll or incredibly stupid. If it's the latter, and you obviously have no clue about online security, I suggest you still turn that computer off and hire someone reputable to take a look at it.