Wallet Hack on 4/25

[silvereagle]

Just finished dinner and checked to find one of my hot accounts had been cleared of Bitcoin in a transaction at 6:22.  Block just had first confirmation 30 minutes later, must not have paid a fee on it.  Not sure if this is blockchain.info related or not, but here's the address:

https://blockchain.info/address/1JKJdYSZNrWSca1b9ajejdmjuqooE7TLFr

Sucks, but my guess is this is all gone.  Anyway of getting back?  From my understanding, no, but huge score for whoever pulled this off.  Jerk off.

[1714031940]

1714031940

[Stephen Gornick]

Just finished dinner and checked to find one of my hot accounts

Hot account?

What client are you using?  Or are you using a hosted (shared) E-Wallet (e.g., Paytunia, Mt. Gox,, etc.), or perhaps a hybrid E-Wallet (Blockchain.info/wallet) ?

[threeip]

Your reaction to this 'heist' is quite understated...

[silvereagle]

Understated given I never keep more than .5 BTC in a hot account.  Pissed, yes.  Extremely. But could've been a whole lot worse.  I have the address both locally on a bitcoin client and on blockchain.info.  Can't rule out either it was a hack on my system, but i keep everything pretty tied down.

[SgtSpike]

I don't buy it.  You just signed up for a bitcointalk.org account on 4/9/13, yet you have quite a lot more than 500 Bitcoins, and you've had a number of regular transactions since at least as far back as 9/14/12?  But on the forum, you're dabbling in microtrades of LTC and FC worth less than 1 BTC?

Nope, sorry.  You found a large recent transaction, then posted it as if it was yours.  You're looking for sympathy and free handouts.

Want to prove me wrong?  Sign a message with any one of the addresses from which your funds were supposedly stolen.

OP said that only one of the above addresses was his.  I retract my statement.

[elrodvoss]

I posted same thing couple topics down.

Second time in two weeks.  One coin each time. Changed pw on every account and activated logging.

No log of withdraw.

Now getting freaked little.

[threeip]

Also, 'prove' you don't own the desti address, etc 

Anyway of getting back?

:bitcoin:

[threeip]

I don't buy it.  You just signed up for a bitcointalk.org account on 4/9/13, yet you have quite a lot more than 500 Bitcoins, and you've had a number of regular transactions since at least as far back as 9/14/12?  But on the forum, you're dabbling in microtrades of LTC and FC worth less than 1 BTC?

Nope, sorry.  You found a large recent transaction, then posted it as if it was yours.  You're looking for sympathy and free handouts.

Want to prove me wrong?  Sign a message with any one of the addresses from which your funds were supposedly stolen.

This kind of post  is why you are hero member SgtSpike

Anyone handing out private keys should realise they have been robbed, even if they haven't lost coins yet.

[silvereagle]

Address in question is 1HHwDwxpeq4ZxRDE3TDNVfhT6jyj6Cx6nE

I don't have nearly 500 BTC.  That's what is screwed up.  Only one of the accounts on that list is from me which seems very odd given not sure how transfers from multiple separate accounts could be under one transaction. 

SgtSpike - Just went back and re-read my original post.  Don't recall asking for handouts.  Just trying to do public service.  Don't jump down my throat.

GyFo+kcxewu+KG51xxXHI+JFOhnpXX0oSr08QzWV22im9mnD1ksVAKxxq7VYkyXR+7tqHczO8DZS94PK7UPJ30w=

[SgtSpike]

Address in question is 1HHwDwxpeq4ZxRDE3TDNVfhT6jyj6Cx6nE

I don't have nearly 500 BTC.  That's what is screwed up.  Only one of the accounts on that list is from me which seems very odd given not sure how transfers from multiple separate accounts could be under one transaction. 

SgtSpike - Just went back and re-read my original post.  Don't recall asking for handouts.  Just trying to do public service.  Don't jump down my throat.

GyFo+kcxewu+KG51xxXHI+JFOhnpXX0oSr08QzWV22im9mnD1ksVAKxxq7VYkyXR+7tqHczO8DZS94PK7UPJ30w=

Ok, we'll run with this.

So your address is 1HHwDwxpeq4ZxRDE3TDNVfhT6jyj6Cx6nE.  What Bitcoin wallet software are you using?

[silvereagle]

have the bitcoin-qt client (behind firewall and encrypted wallet), blockchain.info (pretty tough password) and also have the address on my phone using bitcoinspinner for android (could be weak link).

[tvbcof]

have the bitcoin-qt client (behind firewall and encrypted wallet), blockchain.info (pretty tough password) and also have the address on my phone using bitcoinspinner for android (could be weak link).

My phone was hacked the other day (posted in off-topic.)  I didn't investigate it in detail...just wiped the phone and moved on.  I would have a lot of trouble trusting the phone for anything at this point.  Certainly not a bitcoin client or access to any on-line wallet with more than a few dollars worth of value.  I now don't use it for e-mail on my main e-mail account.  Just set up a secondary e-mail for very limited data and use which is a drag (vs. being able to check my mail e-mail from my phone.)  I guess I'll do the same with on-line wallets which should be easy enough.  I have a Windows machine but would prefer to not access any wallet with more than a few BTC from it as well so this will kill several birds with one stone.

[silvereagle]

Well, i learned my lesson.  Having access on phone is nice so i can transfer when I'm not in front of my machine at home, but agree that's only good for limited amounts.  Fortunately, I've lurked here long enough to learn about cold storage and how to set that up disconnected from network so I'm safe.  I PM'd the other guy that got hacked in the same transaction but haven't hear back yet.  Right now it would appear blockchain.info is the common factor, but if he was running same program on phone I'd probably consider that another possible weak link.

New wallet, one location. 

[BTC Books]

have the bitcoin-qt client (behind firewall and encrypted wallet), blockchain.info (pretty tough password) and also have the address on my phone using bitcoinspinner for android (could be weak link).

My phone was hacked the other day (posted in off-topic.)  I didn't investigate it in detail...just wiped the phone and moved on.  I would have a lot of trouble trusting the phone for anything at this point.  Certainly not a bitcoin client or access to any on-line wallet with more than a few dollars worth of value.  I now don't use it for e-mail on my main e-mail account.  Just set up a secondary e-mail for very limited data and use which is a drag (vs. being able to check my mail e-mail from my phone.)  I guess I'll do the same with on-line wallets which should be easy enough.  I have a Windows machine but would prefer to not access any wallet with more than a few BTC from it as well so this will kill several birds with one stone.

Yeah - phones are worthless for security.  I keep less than $25 on mine - in Bridgewalker - just for showing people how it works and giving them a couple of bitcents to get started playing.

If I'm going to be away from home and in need of bitcoin I take my linux netbook with an encypted bitcoin-qt hot wallet loaded with what I think I'll need.  I consider that adequate for moderate amounts.  I enter passwords with an on-screen keyboard.

[tvbcof]

Well, i learned my lesson.  Having access on phone is nice so i can transfer when I'm not in front of my machine at home, but agree that's only good for limited amounts.  Fortunately, I've lurked here long enough to learn about cold storage and how to set that up disconnected from network so I'm safe.  I PM'd the other guy that got hacked in the same transaction but haven't hear back yet.  Right now it would appear blockchain.info is the common factor, but if he was running same program on phone I'd probably consider that another possible weak link.

New wallet, one location. 

Probably unrelated, but in my case:  I had only one or two apps installed.  Android OS. The only app I remember was a GPS satellite monitoring program...I'd replaced the phone recently because the GPS had given out.  Phones generally are not my thing and I mainly use it for it's navigation functions.

I was out of cell range, but hooked up to a friend's satellite via wi-fi (way way out a rural area where there is just about zero chance that the wi-fi was hacked unless through the friend's hard-wired compute or ipad or router.)  I received a chat and it was in some foreign script.  I then noticed that my keyboard had changed to Arabic.

Later that evening, I noticed several unusual drafts in my outbox so I am pretty sure that the attacker had accessed my e-mail.  I left the house not long after my the chat, so it is possible that the attacker got cut off and did not get a chance to fully do what he wished and/or clean up successfully.

[Kluge]

I was out of cell range, but hooked up to a friend's satellite via wi-fi (way way out a rural area where there is just about zero chance that the wi-fi was hacked unless through the friend's hard-wired compute or ipad or router.)  I received a chat and it was in some foreign script.  I then noticed that my keyboard had changed to Arabic.

Oh -- is this that BTC-e (hope I'm remembering this right -- sorry if I didn't) chatroom javascript hack we saw a week or two ago, anyone? IIRC, it used a keylogger, too.

[piuk]

Unfortunately I think more users are likely to be affected by this transaction.

Any users who own an address used in the above transaction (https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80) please could you answer the following questions:

• Do you have a bitcoin app on your android phone?
• Do you have a blockchain.info wallet holding the address in question?
• If you have a blockchain wallet do you use a public alias the same as your bitcointalk, bitcoin-otc or irc username?
• Do you have accounts on one of the following sites: BTC-e, bitcoin-central or mining.bitcoin.cz?
• Do you reuse the same wallet password on different websites (specifically the above sites)?
• Do you read the BTC-e chat box?
• Does your browser have Java enabled? http://isjavaenabled.com

[casascius]

I know someone personally who lost 4 BTC in one of these blockchain.info wallet heists, where the transaction taking his funds was a multi-txin transaction that combined the funds of many others.

My guess is the OP is not complaining of losing 500+ BTC, he just lost whatever BTC he had, which was part of a single theft from multiple people, the theft totaling 500+ BTC.

[charleshoskinson]

I don't buy it.  You just signed up for a bitcointalk.org account on 4/9/13, yet you have quite a lot more than 500 Bitcoins, and you've had a number of regular transactions since at least as far back as 9/14/12?  But on the forum, you're dabbling in microtrades of LTC and FC worth less than 1 BTC?

Nope, sorry.  You found a large recent transaction, then posted it as if it was yours.  You're looking for sympathy and free handouts.

Want to prove me wrong?  Sign a message with any one of the addresses from which your funds were supposedly stolen.

And that my friends is experience and good judgement.

[silvereagle]

re: casascius -- you are correct, I didn't lose 500+ coins.  I only lost 0.78, still stings given I haven't been at this for long and don't have a ton, but you were right to think that through versus jumping to conclusion like SgtSpike did.  Signed a message for him proving him wrong and never heard back.

re: Piuk --  I'm PM'd the other user to see if we were sharing any apps.  Would be difficult to go through everything or what we've downloaded to ensure no keyloggers, but...

    Do you have a bitcoin app on your android phone?  Yes - BitcoinSpinner
    Do you have a blockchain.info wallet holding the address in question?  Yes.
    If you have a blockchain wallet do you use a public alias the same as your bitcointalk, bitcoin-otc or irc username?  No. Separate name and separate password.
    Do you have accounts on one of the following sites: BTC-e, bitcoin-central or mining.bitcoin.cz? Account on BTC-e
    Do you reuse the same wallet password on different websites (specifically the above sites)?  Different passwords
    Do you read the BTC-e chat box?  Can't say I "read" it but messages are flashing up all the time while I'm on the site.
    Does your browser have Java enabled? http://isjavaenabled.com  -- Tough call on this one.  I've been running noscript for a week or so on Firefox on a fresh install, so should be protected there, but have had that address for a while and know I was on btc-e prior to installing noscript, so all depends when person would gotten my privkey.