My friend got hacked for 81 BTC

[MWD64]

THREAD LOCKED.
Edit: thread locked because it wasn't going anywhere. My buddy who got the BTC hacked was thinking maybe someone could track it. I figured it couldn't hurt to ask, but just turned into a lot of "you shoulda used Linux" and other obvious stuff.

If anyone does have any useful info beyond that, PM the guy who lost the coin, GuitarAnarchy, not me. He's on this thread a few places.
Thank you.

=-=-=
origional post: He did one thing right (bought 4 years ago and held it, also owned BTC silently, he told no one).

But he did a lot wrong (kept a lot of BTC on web wallets, accessed accounts on computer used for everything, didn't have anti-virus on one of his computers, had his desktop computer with the BTC wireless, not wired and more.

Whole story is on this episode: https://www.freedomfeens.com/?p=13678 We also cover simple preemptive counter measures, if he'd done them, he'd still have his BTC.

Was his life savings. Bought it when it was half this price. He's crushed by it. I don't blame him.

Was stolen from his IP while he was out of town. I suspect key logger, or war driver of router. He was NOT using default router password.

I've walked him through closing all the holes, but there's nothing left now.

He's too busy working and doesn't feel like talking about it, but he's fine with me posting on here with the transactions in case anyone wants to sleuth it and see if they can track where it went. Not expecting to get it back, but I know people always are interested in the address info when this happens.

Lots of details, and were told to me over the phone late at night via phone, and I'm editing more as he adds more in this thread (his user name is GuitarAnarchy). Everything below this line is details from my friend who lost the coins:
===========

I just wanted to say originally i've been using COINBASE btc exhcnage since like july of 2013 with absolutely no problems and out of the blue on 1/31/17 I get this email:
Hello,

Thank you for your interest in Coinbase. Our primary goal is to make digital currency safe and secure for our customers. Coinbase is a regulated Money Services Business under FinCEN (FinCEN.gov), and as part of achieving this goal, we are legally obligated to implement regulatory compliance mechanisms.

Upon careful review, we believe your account has engaged in prohibited use in violation of our Terms of Service and we regret to inform you that we can no longer provide you with access to our service. We respectfully request that you follow the on-screen instructions presented when you log into your Coinbase account to send any remaining balance offsite to an external address.

Should you have any questions or need assistance, please let us know and we'll be happy to help.

Respectfully,

Coinbase Customer Support

then after i saw that my jaw dropped like ugh... what the F....... ? So that's when coinbase said because of the account closure I HAD TO move my 87 bitcoins and that's when i did the blockchain.info wallet half in there and then half in Bitstamp it really caught me off guard the account closure with coinbase I've been using it since the beginning of my bitcoin adventure whatever you wanna call it lol....
   


starting with my bitcoins coming from coinbase (they said they were closing my account for some reason) into my blockchain.info wallet the next transaction was the withdrawal of 40 bitcoins to Bitstamp exchange and of course the last one was the hack of 47 bitcoin

This is the 47 Bitcoin stolen from his online wallet on Bitstamp:
https://blockchain.info/address/1G4zDfdPRdANgGRv2SHeSzyusa6vm1GhBL

This is the 34 Bitcoin stolen from his online wallet on Blockchain.info:
https://blockchain.info/address/17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528

3 total transactions with the wallet ...

February 1 @ 04:21 AM
Sent
To:
1CKav2MDgWxwSq1uPUFtuUBjTJHxVD8PM2
From:
My Bitcoin Wallet
Add a description
47.12411475 BTC                           ** the hacked transaction**



January 31 @ 11:56 AM
Sent
To:
3Bs4fCRpin2VxndjADy6NGAmsaZaN2iNbj
From:
My Bitcoin Wallet
Add a description
40.0001469 BTC       **this transaction i sent the bitcoins to Bitstamp**


January 27 @ 11:57 PM
Received
From:
1FUw3p2LnveF8ZBoRTRJF8aDpmjbNkmmRR   ** this transaction was the closed coinbase account where i moved my bitcoins here**
To:
87 bitcoins      

[ProfessionalGoogler]

It was YOU...

[MWD64]

It was YOU...

lol. says the guy with

"-3: -2 / +1 Warning: Trade with extreme caution!"

nope. I didn't know he had it until he called me after he lost it. Plus I'm a good guy.

[ArticMine]

When this issue comes up my first question is: What was the OS on your friend's computer? Let me guess: Microsoft Windows.

The first step is simple: Replace Microsoft Windows with GNU / Linux. This has worked very well for me since 2006 not just to keep my crypto currencies safe but also to prevent the emptying of my fiat bank accounts.

[ProfessionalGoogler]

It was YOU...

lol.
lol. says the guy with

"-3: -2 / +1 Warning: Trade with extreme caution!"

nope. I didn't know he had it until he called me after he lost it. Plus I'm a good guy.

Suuuuuuuure....  

[ProfessionalGoogler]

When this issue comes up my first question is: What was the OS on your friend's computer? Let me guess: Microsoft Windows.

The first step is simple: Replace Microsoft Windows with GNU / Linux. This has worked very well for me since 2006 not just to keep my crypto currencies safe but also to prevent the emptying of my fiat bank accounts.

I think the simple way anyone can do is -- download the bitcoin client -- disconnect from internet -- generate wallet -- print or move to a few USB sticks -- smash computer.

[MWD64]

When this issue comes up my first question is: What was the OS on your friend's computer? Let me guess: Microsoft Windows.

The first step is simple: Replace Microsoft Windows with GNU / Linux. This has worked very well for me since 2006 not just to keep my crypto currencies but also to prevent the emptying of my fiat bank accounts.

True. But linux lovers always say that like it's the only answer.
I'll bet if on day one he'd made paper wallets with a Windows computer that had never been online he's still have it. And buying a cheap air-gap is a small price when dealing with that much.

[MWD64]

When this issue comes up my first question is: What was the OS on your friend's computer? Let me guess: Microsoft Windows.

The first step is simple: Replace Microsoft Windows with GNU / Linux. This has worked very well for me since 2006 not just to keep my crypto currencies safe but also to prevent the emptying of my fiat bank accounts.

I think the simple way anyone can do is -- download the bitcoin client -- disconnect from internet -- generate wallet -- print or move to a few USB sticks -- smash computer.

Yup.

[GuitarAnarchy]

Hello peoples on the interwebs this is THAT guy....

[MWD64]

Hello peoples on the interwebs this is THAT guy....

to be clear "the guy who got hacked."

[BitcoinNewsMagazine]

Sorry for your friend's loss. Glad you mentioned hardware wallets in the show. The loss could have been totally prevented if Ledger Nano S was used to store the bitcoin. There is also new malware going around that will steal from bitcoin wallets on your computer. You also mentioned paper wallets as an option and while free, paper wallets should best be used by bitcoin veterans who understand how improper use could cause loss of bitcoin or private key leaks. A $65 Ledger Nano S can protect your bitcoin from all attack vectors and give you peace of mind.

[GuitarAnarchy]

yeah i'm "the one" .....  unfortunately yeah i'm trying to put in a ticket for bitstamp and contact techncial support about is it possible there is a security loophole on their end that made it so the person was able to withdrawal my bitcoins. the history on the site shows the person got the notification for it and it went through and stuff while in my account settings my number and my email were the only thing in the system i checked all other sub menus for anything else that could have happened....  i didn't get a response from them yet

[ArticMine]

...

I think the simple way anyone can do is -- download the bitcoin client -- disconnect from internet -- generate wallet -- print or move to a few USB sticks -- smash computer.

Sure. This assumes the Microsoft Windows systems was not compromised beforehand. Microsoft Windows computers bearing Microsoft's official trademarked "Designed for Windows xx" logo have been deliberately compromised by Microsoft's partner. Furthermore after the scandal was revealed Microsoft has continued licensing its trademarks to the the very same partner. These computers were sold at retail. https://www.wallstreetdaily.com/2015/02/27/lenovo-superfish/fte the scandal  

[xhomerx10]

He did one thing right (bought 4 years ago and held it, also owned BTC silently, he told no one).

But he did a lot wrong (kept a lot of BTC on web wallets, accessed accounts on computer used for everything, didn't have anti-virus on one of his computers, had his desktop computer with the BTC wireless, not wired and more.

Whole story is on this episode: https://www.freedomfeens.com/?p=13678 We also cover simple preemptive counter measures, if he'd done them, he'd still have his BTC.

Was his life savings. Bought it when it was half this price. He's crushed by it. I don't blame him.

Was stolen from his IP while he was out of town. I suspect key logger, or war driver of router. He was NOT using default router password.

I've walked him through closing all the holes, but there's nothing left now.

He's too busy working and doesn't feel like talking about it, but he's fine with me posting on here with the transactions in case anyone wants to sleuth it and see if they can track where it went. Not expecting to get it back, but I know people always are interested in the tx info when this happens:

This is the 47 Bitcoin stolen from his online wallet on BitPay:
https://blockchain.info/address/1G4zDfdPRdANgGRv2SHeSzyusa6vm1GhBL

This is the 34 Bitcoin stolen from his online wallet on Blockchain.info:
https://blockchain.info/address/17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528

  You showed us 2 links to a specific addresses where coins were transferred from his online wallet; one presumably blockchain.info and the other presumably Bitpay.  I want to focus on the Blockchain.info "wallet".
 This link - https://blockchain.info/address/17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528 - takes us to a specific address rather than a specific transaction.  This is a screen cap of the web page with some specific information highlighted:


 


How do you know that these are specifically the coins previously belonging to your friend?  If all those coins came from one address and were moved to 17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528, I wouldn't have reason to ask this question but if we back out and look at the entire transaction rather than just one individual address containing 34 bitcoins:


 


We can clearly see that these are the same transaction IDs and the 34 coins in the address 17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528 allegedly belonging to your friend were part of a larger group of coins residing in the multisig address 39xfyaTTefAPtRiTopLdWzaYXzPzpTkcdR!
 So how is it possible that he only lost 34 of these coins from a blockchain.info wallet?  How was the thief able to discern which of the 34 coins were your friends in order to move them to 17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528.  Who owns the other coins from this multisig address?!  I'm not a Bitcoin forensics expert but this story doesn't make sense to me based on the information you have provided.

[MWD64]

 So how is it possible that he only lost 34 of these coins from a blockchain.info wallet?  How was the thief able to discern which of the 34 coins were your friends in order to move them to 17paadXLu4ryTgCR8ZwUxyGrP7wuAG1528.  Who owns the other coins from this multisig address?!  I'm not a Bitcoin forensics expert but this story doesn't make sense to me based on the information you have provided.[/b]

Questions are good. Looking for any info that can help.

I would assume some exchanges use multisig wallets as anti-theft, where more than one one part of the exchange must authorize a transfer.

And they probably do more than one tx on each address.

I know that when I buy from an online merchant with BTC (not dark web, I'm talking mainstream big commerce sites that take BTC) , if I check the send-to address they give me on a block explorer, it's usually got a few transactions other than mine. And usually has more BTC than the amount I sent. Usually not a lot more, but some. like maybe they use each address for 3 or 4 incoming transactions before switching to another.

[mobnepal]

Sorry for your friends loss 81BTC is really big amount, i prefer paper wallet printed on offline computer or hardware wallet for long term storage. Web wallets are not good place to store such a huge number of bitcoin.

EDIT: I was talking about withdrawing, poloniex deposit address is unique to everyone.

[MWD64]

And they probably do more than one tx on each address.

I know that when I buy from an online merchant with BTC (not dark web, I'm talking mainstream big commerce sites that take BTC) , if I check the send-to address they give me on a block explorer, it's usually got a few transactions other than mine. And usually has more BTC than the amount I sent. Usually not a lot more, but some. like maybe they use each address for 3 or 4 incoming transactions before switching to another.

Yes it is normal to exchange platform, poloniex also do so and i think this is to reduce transactions fee.

Sorry for your friends loss 81BTC is really big amount, i prefer paper wallet printed on offline computer or hardware wallet for long term storage. Web wallets are not good place to store such a huge number of bitcoin.

+1 to all that.

[xhomerx10]

And they probably do more than one tx on each address.

I know that when I buy from an online merchant with BTC (not dark web, I'm talking mainstream big commerce sites that take BTC) , if I check the send-to address they give me on a block explorer, it's usually got a few transactions other than mine. And usually has more BTC than the amount I sent. Usually not a lot more, but some. like maybe they use each address for 3 or 4 incoming transactions before switching to another.

Yes it is normal to exchange platform, poloniex also do so and i think this is to reduce transactions fee.

Sorry for your friends loss 81BTC is really big amount, i prefer paper wallet printed on offline computer or hardware wallet for long term storage. Web wallets are not good place to store such a huge number of bitcoin.

+1 to all that.

 The problem with that explanation is that Blockchain.info is not an exchange. The Blockchain.info wallet is solely owned by a single user and the coins are not shared.  There is something that doesn't add up in your story.  Perhaps you mixed up which coins came from where?

[MWD64]

And they probably do more than one tx on each address.

I know that when I buy from an online merchant with BTC (not dark web, I'm talking mainstream big commerce sites that take BTC) , if I check the send-to address they give me on a block explorer, it's usually got a few transactions other than mine. And usually has more BTC than the amount I sent. Usually not a lot more, but some. like maybe they use each address for 3 or 4 incoming transactions before switching to another.

Yes it is normal to exchange platform, poloniex also do so and i think this is to reduce transactions fee.

Sorry for your friends loss 81BTC is really big amount, i prefer paper wallet printed on offline computer or hardware wallet for long term storage. Web wallets are not good place to store such a huge number of bitcoin.

+1 to all that.

 The problem with that explanation is that Blockchain.info is not an exchange. The Blockchain.info wallet is solely owned by a single user and the coins are not shared.  There is something that doesn't add up in your story.  Perhaps you mixed up which coins came from where?

I'm relaying what my friend said. He's pretty much a noob with BTC. Worked hard for years an invested in BTC 4 years ago, probably not the best choice. But I'll see if he's around to chime in and answer. He's GuitarAnarchy on this thread.

[President79]

I say, that's one weakness of the bitcoin, there is always news of theft and hack. This is a serious problem, who can solve this? It certainly was all of us as a user of bitcoin. the existence of the new coins I am sure can overcome this.