Bitcoin Forum
November 10, 2024, 05:23:48 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 381802 times)
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 08:47:05 PM
Last edit: August 05, 2011, 12:57:52 AM by allinvain
Merited by LoyceV (5), ABCbits (3), Raja_MBZ (1)
 #1

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:


1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)


I feel like killing myself now (edit: a little too dramatic, I'm since calmed down a bit) . If only the wallet file was encrypted on the HD. I do feel like this is my fault for not moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something had direct access to my computer somehow.

The theft occurred right after someone broke into my slush's pool account. In a moment of sheer stupidity I did not think that maybe my whole system was compromised. I merely thought that someone brute forced my slush's pool password. I then proceeded to change the password on the pool from a secure computer.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went. Edit: It's working now and I'm keeping an eye on it.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

If anyone have any ideas what I can do, tips, tools, ways of tracking the stolen funds or anything of use please do share with me here on this thread PM me.

Edit: Screenshots available here:

http://forum.bitcoin.org/index.php?topic=16457.msg215996#msg215996

Edit: I'd like to thank those that came up with constructive comments and suggestions.

Let this be an example to take the security of your wallet.dat files very seriously. I never thought bitcoin would attract criminals so quickly but yet here it is.

Update: You can keep track of my stolen coins via these 3 links:

http://folk.uio.no/vegardno/allinvain-transactions.txt

http://folk.uio.no/vegardno/allinvain-addresses.txt

http://folk.uio.no/vegardno/allinvain-transactions-addresses.txt

Update: The latest bitcoin tracking info can be found here - http://allinvain.4shared.com

I've also shared the C program that I used to track them. Hope you find it useful somehow.


Vasili Sviridov
Member
**
Offline Offline

Activity: 102
Merit: 10


View Profile WWW
June 13, 2011, 08:54:31 PM
 #2

Wow, > 25 grand in this address... Intense

1JHYtsmsGq2McwGHmWayVjVtHds8rp1R5
AntiVigilante
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 13, 2011, 08:56:45 PM
 #3

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:


1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)


I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!

Lend me a fraction of it and I will return the whole thing over some time so long as I pay no interest or fees on it.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
IamFuzzles
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 13, 2011, 08:57:48 PM
 #4

Any idea how it happened and how others can prevent it from happening to them?

I'm pretty safe with my PC, but if this somehow happened because you were opened up to a pool or something, I'd like to know and take preventative measures.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 721
Merit: 503


View Profile
June 13, 2011, 08:59:19 PM
 #5

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:


1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)


I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!



Can you define "none windows computer" - What specific OS?
Was it your own machine or one owned physically by another party?
Where was it?
How did you transfer the money/wallet to it?
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 09:01:11 PM
 #6

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:


1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)


I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!

Lend me a fraction of it and I will return the whole thing over some time so long as I pay no interest or fees on it.

Yeah I wish I could lend it a fraction of it to you. But it's too fucking late I think.

Fuck I feel like such a retard. Early adopter my ass. God!

I'm thinking is there any way I can invalidate his coins?

Also does blockexplorer.com work for you guys, cause it does not for me. I tried on two different computers. Someone pretty smart is fucking around with me.

w0mbat
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
June 13, 2011, 09:02:29 PM
 #7

how much did u loose? any idea who might had access to your pc? did you run a maleware scan?

*** http://btcxc.info/  <->  Your source for everything around trading & mining Bitcoins! ***
yeponlyone
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
June 13, 2011, 09:04:42 PM
 #8

I do feel like this is my fault somehow for now moving that money to a separate non windows computer.

Can you define "none windows computer" - What specific OS?

'now' very likely was a typo, 'not' fits that sentence better.
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
June 13, 2011, 09:04:57 PM
 #9

I think the only thing we could do is trying to find out, who it was.

But even that is pretty hard.

Misspelling protects against dictionary attacks NOT
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 09:05:04 PM
 #10

Any idea how it happened and how others can prevent it from happening to them?

I'm pretty safe with my PC, but if this somehow happened because you were opened up to a pool or something, I'd like to know and take preventative measures.

First thing that I noticed is that my slush's pool account got hacked into and someone changed the payout address to this:

15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f

I then changed the password and proceeded to run some antivirus and anti malware scans. Some stuff was found, but they were all cleaned up and they were all in my windows user profile temp dir which I deleted all the temp files. God I can't even type properly. Sorry folks I'm a bit emotional now.

I then left another virus scanner running and went to sleep. When I woke up I check my bitcoin wallet. I leave the client running to help the network, and I notice -25,000 (and a transaction fee) gone.

Fuck, I really should've moved the coins to a vmware linux session I have running. But the question is was it already too late? Could someone had my access to my wallet.dat for a long time and now just decided to "cash out"


655321
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
June 13, 2011, 09:05:29 PM
 #11

Your best chance at solving this mystery is to focus on your hacked machine, how it was accessed, any malware that is on it. Mostly it sounds like you didn't secure your machine properly, in which case your chance of fixing this disaster will sadly be very small.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 721
Merit: 503


View Profile
June 13, 2011, 09:05:34 PM
 #12

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 09:07:12 PM
 #13

Hi everyone. I am totally devastated today. I just woke up to see a very large chunk of my bitcoin balance gone to the following address:


1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

Transaction date: 6/13/2011 12:52 (EST)


I feel like killing myself now. This get me so f'ing pissed off. If only the wallet file was encrypted on the HD. I do feel like this is my fault somehow for now moving that money to a separate non windows computer. I backed up my wallet.dat file religiously and encrypted it but that does not do me much good when someone or some trojan or something has direct access to my computer somehow.

The transaction sent belongs rightfully to this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG

Block explorer is down so I cannot even see where the funds went.

I tried restoring an earler backup of my wallet but naturally that does not work because the transaction has already been validated.

Needles to say I feel like I have lost faith in bitcoin.

Anyone have any ideas what I can do besides just jump off a bridge?!



Can you define "none windows computer" - What specific OS?
Was it your own machine or one owned physically by another party?
Where was it?
How did you transfer the money/wallet to it?

I moved it to a Ubuntu linux vmware install. On the same machine. What I moved is what I had left in my bitcoin wallet. It seems the thief was so fucking nice to leave me a few coins - as a nice insult. I did this via simple transaction.

lonestranger
Member
**
Offline Offline

Activity: 115
Merit: 11


I like long walks on the beach, shaving my head...


View Profile
June 13, 2011, 09:09:37 PM
 #14

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, .

Oh, it's flawed alright.
w0mbat
Member
**
Offline Offline

Activity: 112
Merit: 10



View Profile WWW
June 13, 2011, 09:10:18 PM
 #15

go to the police! 25k BTC are about $500.000, thats crazy! they can investigate and find out who it was.

*** http://btcxc.info/  <->  Your source for everything around trading & mining Bitcoins! ***
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 09:10:49 PM
 #16

Your best chance at solving this mystery is to focus on your hacked machine, how it was accessed, any malware that is on it. Mostly it sounds like you didn't secure your machine properly, in which case your chance of fixing this disaster will sadly be very small.

I believe it must have been a virus of some sorts. Yes you are right. I don't think I can do anything at this point. Format and reinstall windows is the best I can do, and from there on not ever use windows for any security sensitive sites/systems.

Dude65535
Full Member
***
Offline Offline

Activity: 126
Merit: 101


View Profile
June 13, 2011, 09:11:18 PM
 #17

Is it possible the hacker got a hold of an old backup of your wallet? That would explain the remaining coins if the backup the hacker got was old enough.

1DCj8ZwGZXQqQhgv6eUEnWgsxo8BTMj3mT
655321
Newbie
*
Offline Offline

Activity: 46
Merit: 0


View Profile
June 13, 2011, 09:11:57 PM
 #18

go to the police! 25k BTC are about $500.000, thats crazy! they can investigate and find out who it was.
They can certainly investigate. But they probably won't try very hard. And I hate to say it, but I seriously doubt that the police of all people can "find out who it was."
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
June 13, 2011, 09:12:45 PM
 #19

Maybe one should state a new rule:

Don't hang around on IRC with a machine storing a lot of BTC.

Misspelling protects against dictionary attacks NOT
allinvain (OP)
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 13, 2011, 09:13:26 PM
 #20

If there was a means to invalidate the thieves coins or to reclaim them then the same could be done to a legitimate user.
Bitcoin is a secure system only so long as you keep your wallet secured - and sadly it seems you were not able to adequately do so.

This isn't a reason to abandon bitcoin completely or to dismiss it as flawed, but of course it's understandable that you wouldn't want to reinvest after having lost so much.

Keep an eye on that address in block explorer and you might find transactions that end up at some publicly-identifiable address, that might give you some chance of identifying the thief.

You're right this can only be blamed on me. I am the flaw with bitcoin, but let's be honest the wallet should be encrypted. The developers should've put a very very high priority on this the moment bitcoin went over $1. They knew that this was bound to happen and someone is going to get hurt and if they taken preventative measures early this could've never happened. Now that's one side of the coin, the other side is that I'm an idiot for keeping a wallet.dat file with so much  money on my day to day machine - especially one running windows.

I'd at least like to know who took them or find out how.

Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!