I just got hacked - any help is welcome! (25,000 BTC stolen)

[allinvain]

Hi everyone. I have a brief update. I have a way to keep track of the transactions through the blockchain:

http://folk.uio.no/vegardno/allinvain-transactions.txt

http://folk.uio.no/vegardno/allinvain-addresses.txt

http://folk.uio.no/vegardno/allinvain-transactions-addresses.txt

I'm hoping to soon have an open source script that will check for you if you've unknowingly accepted stolen funds.

Those links continually update with the most recent transactions at the bottom and the earliest at the top, so you can refresh to get the latest.

This kind of bothers me.  What if someone is the recipient 20 iterations from now, are they supposed to send the coins back if they were purchased legitimately?
 
If someone stole $25k in cash, are merchants/banks/etc supposed to verify every serial number they come across?
 
I feel your pain, really I do.  I'm sure it was like a punch in the gut (or worse), but if buy coins from someone (*especially if the stolen coins are 10 or more iterations from the original*), I'll be God-damned if I'm going to give them away for free.  (unless I'm caught on a very good day, then I might sell back at a slight loss)

Banks are supposed to because they have the means and are integrated into the monetary system, but merchants can't realistically be expected to have the equipment to check on a bill's serial #. In the bitcoin world we don't have the equivalent of banks - except maybe the major exchanges which sort of act as quasi banks - but it by far easier and cheaper to keep track of bitcoins. But like I've said so many times it doesn't really matter that much because you cannot enforce your claim to stolen bitcoins due to the fact that it's damn near impossible to attach a real identity to a bitcoin address.

Honestly I would not expect that someone would hand them back 20 iterations from now. The best hope is that someone who gets them somehow almost freshly stolen (I can't think of a more technical term for this situation at the moment - maybe closer to the source is appropriate) notices that they're stolen and either a) refuses to do business with that person or b) receives the funds but in a sort of street justice  way does not send the money or whatever value was requested by the seller in exchange for the bitcoins, and then this person would proceed to hand over the bitcoins to some police authority or some organization or institution that can arbitrate the dispute.

This would be easier if there was a site that would keep track of reported stolen btc. Think of how many people had their wallet.dat files stolen by trojans and such. It would be great if we can make the life of these parasite "hackers" just that much harder by everyone refusing to accept stolen property.

Also I'm thinking some sort of free-market bitcoin court or legal structure would come in handy. If we want people to have trust in bitcoins I think there has to be some hope for the victim. As things stand if you somehow get robbed of your bitcoins you're pretty much fucked - pardon my french

[1714023309]

1714023309

[1714023309]

1714023309

[1714023309]

1714023309

[allinvain]

Yeah, that's like $300K right now. Imagine knowing you had that for a year or more and that it could finally be a safe nest egg for you and your family, only to lose it because you were trying to be safe by backing it up to Dropbox, because that's a very popular way to back stuff up. Regardless of Allinvain's technical acumen and what he should or should not have known and done, it's a very crappy situation for him.

For Bitcoin to gain any kind of real acceptance, people have to learn from this Universal lesson. This needs to happen now, because it's shaking out the fears and the realities of a world-wide, decentralized digital currency. It's a hard lesson to learn, and Allinvain is going to be remembering this for the rest of his life. Why not help to soften those memories a bit for him?

I agree. There are numerous key infrastructures that btc does not have which almost every other standard currency does. As it stands BTC  = wild west of currencies. This is not to say that it won't change; I'm hoping it does.

My biggest regret (besides me not moving the coins to a linux box) is not having the wallet.dat encrypted by default. I am almost 99% sure that the coins would not have been stolen had the file been encrypted.

[phungus]

Allinvain, was it possibly your 20K in coins that just got cashed out on MtGox?

Just curious if you've been able to track it.

[allinvain]

Allinvain, was it possibly your 20K in coins that just got cashed out on MtGox?

Just curious if you've been able to track it.

I'm able to track it to a certain degree, but the tool that I'm using needs to be ran on a regular basis and I haven't ran it recently (kind of given up on this thing). The problem for me is that I do not have the coding skills necessary to properly track the coins. I can run this tool that was built for me, but then again all that does is spew up a ton of addresses and transaction, but does not provide any other info.

Do you know the address of where some of the coins came from?

[phungus]

I don't. Word just came through IRC that there was a big selloff on MtGox just a bit ago. Maybe we'll get more info soon?

20,000 BTC sold though. How many folks would sell it all in one big chunk like that?

[allinvain]

I don't. Word just came through IRC that there was a big selloff on MtGox just a bit ago. Maybe we'll get more info soon?

20,000 BTC sold though. How many folks would sell it all in one big chunk like that?

I don't think that is related to the theft, but I read on that thread you opened that it wasn't 20K but more like 10K.

[dreamamine]

Blimey! just finished reading every single post on this thread....*rubs eyes*

beens that at my current hashing rate i will generate (if the difficulty never goes up) 25,000 coins in approximatly 1712 years i really feel for you allinvain

[allinvain]

Blimey! just finished reading every single post on this thread....*rubs eyes*

beens that at my current hashing rate i will generate (if the difficulty never goes up) 25,000 coins in approximatly 1712 years i really feel for you allinvain

Yeah  Not sure what else I can really say.

Best of luck with your mining!

[bitcoinminer]

Jesus, let this zombie thread DIE already.

[allinvain]

Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com

[Remember remember the 5th of November]

Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com

Just want to say allinvain, that you arent alone anymore.

[indicasteve]

Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com

Just want to say allinvain, that you arent alone anymore.

+1

[allinvain]

Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com

Just want to say allinvain, that you arent alone anymore.

Yep, sadly no. The bitcoin community has been plagued by thieves lately but I sincerely hope this only makes us stronger/smarter/more secure.

[allinvain]

I'd also like to say that if any of you can come up with an improved version of that C program I shared please by all means feel free to do so. I'd also like to thank a guy that goes by the IRC handle of vegard for creating this program. I am sure he would have no problems with modifications to his program. But I'd kindly ask that if you improve it/modify it that you'd share it with the bitcoin community in the same spirit that I/vegard have done.

Take care everyone!

[mrb]

It would be nice if there was a centralized database/website where people like allinvain could report fraudulent transactions with as much details as possible ("theft of 25k BTC", link to forum thread), and if the Bitcoin client could check this database and would instantly alert its user when receiving coins that are linked to these fraudulent transactions. The receiver of the coins could report, on the website, as much info as possible about the sender of the coins, who could, in turn, be contacted, and so on, to trace the transactions backward up to the original thief. Think about this as an open platform for voluntarily de-anonymizing Bitcoin transactions.

Of course, some problems need to be addressed. One of them being that malicious users would attempt to pollute the centralized database by reporting many "fraudulent transactions". A rating system could be implemented to allow the community to rate the plausibility of each theft. The Bitcoin client would only alert its user if a certain level of plausibility is met. By default only the most well-known thefts that have been largely publicized would be tracked by the client. (For example most people recognize that the theft of allinvain's money is real, given how much energy/time he has spent on the forums tracking it and communicating about it.)

Another problem is that the original thief would most likely transfer the coins to a few addresses, and create a fake persona X pretending to have received them from Y, and them would spend the coin while pretending to be X. The voluntary de-anonymizer platform would be able to trace the thief at least up to persona "X" but would have no way to distinguish if X is the thief, or Y, etc. It would have successfully traced back to the thief, but its identity would be unknown, so... would that make it useful or not?

[allinvain]

Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!

[SgtSpike]

Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!

I don't see much profit in it.  There's no way that such a company could recover the funds, even if they were labeled as stolen.  And all someone would have to do is some quick laundering if they noticed some of the coins they had were on the list.  Sending them to a couple of exchanges, then back to themselves would suffice.

That said, I would like to build a tracker program with some reasonable statistical analysis.  People would be able to outsmart it, but for the most part, you would be able to see what addresses/coins are associated with a particular address.  It would be a fascinating analysis for sure.

[slippyrocks]

Re: I just got hacked - any help is welcome! (25,000 BTC stolen)
$5 flash drive w/ multiple wallets in non-default locations
Windows 7, third party browser like Opera, and AV
Even more serious? Bitlocker or Truecrypt
Not loosing 25,000 BTC priceless
Makes a lot more sense than tracking everyone's BTC transactions.

[jackjack]

Re: I just got hacked - any help is welcome! (25,000 BTC stolen)
$5 flash drive w/ multiple wallets in non-default locations
Windows 7, third party browser like Opera, and AV
Even more serious? Bitlocker or Truecrypt
Not loosing 25,000 BTC priceless
Makes a lot more sense than tracking everyone's BTC transactions.

Closed-source browser? Interesting choice

[allinvain]

Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!

I don't see much profit in it.  There's no way that such a company could recover the funds, even if they were labeled as stolen.  And all someone would have to do is some quick laundering if they noticed some of the coins they had were on the list.  Sending them to a couple of exchanges, then back to themselves would suffice.

That said, I would like to build a tracker program with some reasonable statistical analysis.  People would be able to outsmart it, but for the most part, you would be able to see what addresses/coins are associated with a particular address.  It would be a fascinating analysis for sure.

You're definitely right, the nature of bitcoin makes it easy to launder funds. I'd certainly like to demo your tracker program Good luck with it!