Bitcoin Forum
March 28, 2024, 02:50:33 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
Author Topic: I just got hacked - any help is welcome! (25,000 BTC stolen)  (Read 381607 times)
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 06:43:42 AM
 #201

Sorry to hear about your loss.
In all likelihood it wasn't a virus or malware - it's a bit too early for that and if it was we'd see way more stolen wallets. From what you've written, I'd say it's a targeted attack.
Depending on amount stolen, you may want to hire IT forensics expert. If it was a script kiddie you have a good chance of catching him. If you consider to pursue this, I suggest you turn your computer off ASAP.

Unfortunately, we gonna be seeing this more often as value of Bitcoin increases  Sad

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.



Sorry for your loss.

On a lighter note, I thought you had gone crazy for a moment and had written "I am then going to focus on making plain old paper dolls and..." =P
1711637433
Hero Member
*
Offline Offline

Posts: 1711637433

View Profile Personal Message (Offline)

Ignore
1711637433
Reply with quote  #2

1711637433
Report to moderator
"You Asked For Change, We Gave You Coins" -- casascius
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 06:44:23 AM
 #202

start making $2k per day.  After 10 days of that you'd have it back.

$20k != $500k


Please don't remind me Sad. That  25K BTC could've done a lot of good for the BTC community when I eventually would spend it on BTC related projects - which I had in mind to do. For example I wanted to set up the BTC equivalent of ebay, which I believe is one of the things that the BTC community needs - a strong auction site.

*sigh*

This is what pisses me off the most.

The hacker is probably just going to spend it on hookers and blow.

You would have used it to benefit us all.

What a crying shame it is.
interfect
Full Member
***
Offline Offline

Activity: 141
Merit: 100


View Profile
June 14, 2011, 06:46:30 AM
 #203


3. perform a complete disk image of your working PC, ASAP (use PartImage from Live CD) so it can be later analyzed for possible installed trojans etc.

I recommend FTK Imager as well. Perform a physical acquisition, you can do it on a live system as well. That is an industry standard method. You can also grab an image of your memory on a live system with it.

It probably isn't anything fancy.

Pull the machine off the Internet so the thief can't get back in and cover their tracks, and then see what-all is running and what ports are open.

Besides finding out how they did it, though, you probably won't get very far. The police aren't usually very good at following up on "a thief stole my laptop and I have the serial number, their IP and a photo from the webcam." They're probably not going to be able to get your coins back.

On the other hand, we know Bitcoin has arrived because people are stealing it.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 06:55:07 AM
 #204

If the guy is selling right now on mtgox he will be selling all of them as fast as possible.

Phone up or do whatever you can to get hold of mtgox, pretty sure this person would have loaded all the coins onto mtgox so even tho he isnt selling all of them in one go you could freeze his mtgox account and sort out the matter with evidence etc to make sure who the legit owner is.

That would be your best option.

Really? If it were me. I would hold on to them.

A) because I know that people would be looking for movement of those coins immediately.

B) I would be hoping for the value to increase since I am a greedy, stealing bastard of a human being.

I was just thinking the other day since we have had a lot of motorcycle thefts from our apartment building (presumably somebody is driving in with a truck and some big dudes... lifting up expensive motorcycles and then driving off with them...).... anyways I was thinking... again... if it were me, I would leave the van in the garage for a few days so it wouldn't be obvious on the cameras at the garage doors of the building. Eventually people will stop caring and you can probably drive out riding the motorcycle in question without any problems.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 06:57:51 AM
 #205

Meatspace is more likely.

I have to agree with this possibility as very likely as well. If the BTC was transferred from your physical computer by someone at the keyboard, computer forensics might yield useful data. Unless you keep messing up the datestamps on files via virus scanning.

With forensics in this case, it might be shown what other things occurred on the machine at the time of the transfer. Like, if it occurred at night at a particular time and there were only a few people in the building at that time.

The other possibility is that you were targeted online specifically. Just think if you've received targeted email, PMs, IMs, etc. Social engineering this way can be one of the easiest methods. Just look at HBGary Federal as an example.

If the attacker stole the wallet.dat file... they could have placed the transaction when the victim was sitting at his computer using their bitcoin client. It could have literally disappeared before his or her eyes.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 06:59:55 AM
 #206

sry i have trouble actually beliving this, you just lost 500k$ and you have a problem with turning off your work pc? seriously?
personally i think this is a troll, but if not, then you did everything in your power to lose that money, short of posting your wallet.dat on forum for "safekeeping" and it most deffinetly was not a hack from far away, physical attack vectors are always 100X easier

if you dont know how to protect your assets they will find a new owner, that applies in both bitcoin and offline, someone having 500k$ under their bed and telling their friends about it will lose it very quickly too

One of the best replies here. No offense OP - but I do disagree with you losing your faith in bitcoins. Bitcoins served you well, you lost them on your own account.
gigabytecoin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 252


View Profile
June 14, 2011, 07:00:41 AM
 #207

What do I get if I get your money back?

You could take whatever you wanted and give him some of it I am sure he would be happy enough Tongue
unclescrooge
aka Raphy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
June 14, 2011, 08:14:06 AM
 #208

This thread should go sticky!

SECURE YOUR WALLET!!! And if you're not techsavyy enough to do this, take an ewallet account.

Fuck this is annoying.
interfect
Full Member
***
Offline Offline

Activity: 141
Merit: 100


View Profile
June 14, 2011, 08:23:36 AM
 #209

This thread should go sticky!

SECURE YOUR WALLET!!! And if you're not techsavyy enough to do this, take an ewallet account.

Fuck this is annoying.

The client should DO THIS ITSELF. Securing your wallet properly is work. Boring, repetitive work, involving moving and encrypting files. The sort of work computers are good at. Financial data (especially when it *actually is money*) should not be stored in plaintext, ever.

That won't stop your bitcoins from being stolen by spyware, but it will make everyone a lot happier.
AntiVigilante
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 14, 2011, 08:34:50 AM
 #210

Again I am so very sorry for your loss, but anyone with even the most rudimentary photoshop skills can manipulate and alter a image screenshot.

There is absolutely no way, other than legal and judicial means, for you to get your money back, and anyone who helps you through exchanges and such are themselves stealing from others because there is no certifiable concrete documented evidence of the theft.

The more people that report the same address (or different ones) ending up in the same account on MtGox, the less there is likelihood of a fake victim story.

Also in a fake victim story there would be a counter claim of an OTC trade (like if somebody bought a yacht in BTC - a grand development) and the potentially accused would have responded by now.

A fake victim story is difficult to accomplish in a convenient amount of time.
The forum has to believe you.
MagicalTux has to believe you.
You have to then deal with the bastard playing games.

Granted the last four days feel like a massive psyop was executed.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
Enky1974
Sr. Member
****
Offline Offline

Activity: 254
Merit: 250



View Profile
June 14, 2011, 08:36:55 AM
 #211

you should cooperate with mtgox, as this guy try to move the btc to sell them at mtgox you can try to intercept him, with an IP at least.

__________________________________
My Blog at http://btctrading.wordpress.com/ | « O Fortuna,velut Luna statu variabilis, semper crescis aut decrescis »
Timo Y
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
June 14, 2011, 08:38:51 AM
 #212

If anyone thinks this isn't a problem with the bitcoin system, they're deluding themselves.

This isn't a problem with the bitcoin protocol and original client. These just provide the bare-bones infrastructure on top of which the economy is built.  

It's not the job of the core bitcoin developers to be everyone's nanny.  They have enough work trying to create a secure protocol, and they should continue focusing on that, instead of user-side security.

Security disasters like this one will create a strong market for clients, backup tools, liveCD, etc aimed at the average non-technical user, and I am certain that there are people working hard at developing them right now.  Just give it some time.

The problem is that the bitcoin userbase and value is growing so fast that entrepreneurs and developers have trouble keeping up with demand.  It's growing too fast for its own good IMO.

GPG ID: FA868D77   bitcoin-otc:forever-d
Timo Y
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
June 14, 2011, 08:47:16 AM
 #213

@allinvain

I'm sorry for your loss. You came to the Wild West 2.0, found great riches almost overnight, and lost them again overnight.  But you still have an interesting story to tell, and you are no worse off than before.

I hope this doesn't make you lose faith in bitcoin completely. Come back in a year or so when the Wild West is tamed, and there will be other riches to be made. 

GPG ID: FA868D77   bitcoin-otc:forever-d
unclescrooge
aka Raphy
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
June 14, 2011, 08:53:55 AM
 #214

This thread should go sticky!

SECURE YOUR WALLET!!! And if you're not techsavyy enough to do this, take an ewallet account.

Fuck this is annoying.

The client should DO THIS ITSELF. Securing your wallet properly is work. Boring, repetitive work, involving moving and encrypting files. The sort of work computers are good at. Financial data (especially when it *actually is money*) should not be stored in plaintext, ever.

That won't stop your bitcoins from being stolen by spyware, but it will make everyone a lot happier.

Yes I agree too. We really need a client user adn noob-friendly.

Bitcoin-qt seems to go in that direction.
Nescio
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 14, 2011, 09:21:00 AM
 #215

The OP can prove that he has the private keys to the account the money was stolen from.

That means that we have two people claiming property, which is way better than nothing.

So, it ends in a Mad Max style chainsaw fight? Cheesy

That doesn't change much for the person who got ripped off, or possibly for the person who he is trying to rip off. Proof of original ownership doesn't preclude a willing transfer going sour, greed after the fact, or some kind of elaborate collusion scheme (target address owned by friendly) for example hoping to solicit sympathy coins, or if you're paranoid even as a recon exercise into the exchange and/or pools.

Also, what happens if Mt. Gox complies easily, freezes target accounts? Do they have the right/obligation to do so? If so, scammers will try to abuse *that*.

I'm sorry for your loss, but am dumbfounded by the nonchalance with which that kind of 'f*ck you' money is treated. For lots of people a sum that large would mean never having to work again (unless the fed manages to lower interest rates to zero of course).

I'm also very skeptical about 'following the money' (blockchain), every time there is a split or merge all in/outputs are 'infected', at some point making it impossible to follow, let alone prosecute to any meaningful conclusion (do you average your loss over every recipient?).

The only recourse would be to physically trace the perpetrator and get them to admit the theft. Which on the downside would put a dent into the pseudonymous image Bitcoin has.
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
June 14, 2011, 09:24:33 AM
 #216

Sorry for your loss allinvain, just thinking about loosing that amount makes me feel queasy.

Not sure if this has been suggested but try and remember any bitcoin related sites which you might have used the same password.

hlksis
Jr. Member
*
Offline Offline

Activity: 55
Merit: 3


View Profile
June 14, 2011, 09:31:25 AM
 #217

Cases like this one will lead to BTC banks managing the BTCs for the "normal joe". It is simply unrealistic to believe that the "normal joe" is willed and able to understand all steps to max the security for his wallet.dat. In the end we will have "BTC banks" that offer security and insurance like normal banks today.
Dansker
Hero Member
*****
Offline Offline

Activity: 740
Merit: 500


Hello world!


View Profile
June 14, 2011, 09:39:54 AM
 #218

Cases like this one will lead to BTC banks managing the BTCs for the "normal joe". It is simply unrealistic to believe that the "normal joe" is willed and able to understand all steps to max the security for his wallet.dat. In the end we will have "BTC banks" that offer security and insurance like normal banks today.

Exactly.

This would be the same with cash: You only keep smaller amounts in cash, because you realize that if they are stolen, it is very very unlikely you will ever get them back, even if the theif is caught.

Aside from allinvain's most regrettable loss, this really does serve to remind everyone that there is an emerging demand for a bitcoin bank.

You send your money to the bitcoin bank, which then holds and secures the funds for a fee. If the bank loses the money, although this should be just as hard as stealing from a real bank hopefully, then the money would be insured by a third party insurance company.

Just like with "real" money.

Imagine the paranoia of having to be responsible for keeping secure your entire savings in dollar bills under your bed. That goes for BTC too, and is why we need banks.

AntiVigilante
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 14, 2011, 09:47:49 AM
 #219

Cases like this one will lead to BTC banks managing the BTCs for the "normal joe". It is simply unrealistic to believe that the "normal joe" is willed and able to understand all steps to max the security for his wallet.dat. In the end we will have "BTC banks" that offer security and insurance like normal banks today.

Exactly.

This would be the same with cash: You only keep smaller amounts in cash, because you realize that if they are stolen, it is very very unlikely you will ever get them back, even if the theif is caught.

Aside from allinvain's most regrettable loss, this really does serve to remind everyone that there is an emerging demand for a bitcoin bank.

You send your money to the bitcoin bank, which then holds and secures the funds for a fee. If the bank loses the money, although this should be just as hard as stealing from a real bank hopefully, then the money would be insured by a third party insurance company.

Just like with "real" money.

Imagine the paranoia of having to be responsible for keeping secure your entire savings in dollar bills under your bed. That goes for BTC too, and is why we need banks.

This is imposing a broken physical metaphor on bitcoin. A decentralized version of a bank would be a wallet where certain addresses are listed as receive only.

No central bank needed. The real bottleneck right now is the Windowsisms that came into the design.
Use of development branch of Wxwidgets. Boneheaded.
.dat instead of .csv. Are we still in 1980?
An interface that doesn't label addresses (Linux), doesn't understand accounts (Windows), and calls receiving addresses the Address Book.
A client that is also the president of the Hair Club for Men. Separate policy from information.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
AntiVigilante
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 14, 2011, 09:55:11 AM
Last edit: June 14, 2011, 11:21:20 AM by AntiVigilante
 #220

The OP can prove that he has the private keys to the account the money was stolen from.
That doesn't change much for the person who got ripped off, or possibly for the person who he is trying to rip off. Proof of original ownership doesn't preclude a willing transfer going sour, greed after the fact, or some kind of elaborate collusion scheme (target address owned by friendly) for example hoping to solicit sympathy coins, or if you're paranoid even as a recon exercise into the exchange and/or pools.

Also, what happens if Mt. Gox complies easily, freezes target accounts? Do they have the right/obligation to do so? If so, scammers will try to abuse *that*.

Implement receive, send, activate permissions on addresses and accounts. In fact start calling accounts folders. Addresses is fine.

Quote
I'm sorry for your loss, but am dumbfounded by the nonchalance with which that kind of 'f*ck you' money is treated. For lots of people a sum that large would mean never having to work again (unless the fed manages to lower interest rates to zero of course).

I'm also very skeptical about 'following the money' (blockchain), every time there is a split or merge all in/outputs are 'infected', at some point making it impossible to follow, let alone prosecute to any meaningful conclusion (do you average your loss over every recipient?).

Chaos obscures. Absolute chaos obscures absolutely.

Quote
The only recourse would be to physically trace the perpetrator and get them to admit the theft. Which on the downside would put a dent into the pseudonymous image Bitcoin has.

Not really. Pseudonyms are for difficulty and deterence not impossibility. I've been doxed 3x already. My heart goes out to the person at my old address.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
Pages: « 1 2 3 4 5 6 7 8 9 10 [11] 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!