Bitcoin Forum
December 12, 2024, 01:46:04 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Cyber-heisted myself for (1.001 BTC)  (Read 1051 times)
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 08, 2017, 06:20:37 AM
Last edit: August 08, 2017, 09:27:33 PM by nwfella
 #1

Tis indeed a seriously sad day for yours truly. I went ahead and pulled out the majority of my holdings on Bitfinex to this locally controlled Core wallet address 1GAehh7TsJAHuUAeKZcXf5CnwuGuGgyX2S

Sadly, the second it received it's first confirmation it was on its way to some fat happy hacker's wallet here
https://blockchain.info/address/1PYnrYNPiq7YWrxFGMhJhm9Jqwnuoaj1qE

*Not sure if as a result of recently purchased USB stick that was unfortunately plugged into my Core system or if the private key on that addy has been compromised for sometime now but definitely first strange behavior like this I've noticed from any addy's held in this node's wallet.


/facepalm, further investigation reveals that this addy has always behaved this way so apparently it's been compromised for sometime Shocked  time to do a full wipe on this puppy and start from scratch sadly.

Where the heck is the dang Ctrl-Z function on this thing!! :/

  Embarrassed

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
leonair
Sr. Member
****
Offline Offline

Activity: 1428
Merit: 420



View Profile
August 08, 2017, 06:52:29 AM
 #2

Can you recall what did you do with your Bitfinex account? because why in the hell did it goes to a wrong person and did you contact Bitfinex support already? did you messed up for yourself?

▄██▄▄
███████▄▄
████▀▀█████▄▄
████░░░░▀▀█████▄
████▄▄░░░░░░████
▀████████▄▄████▀
░░░▀▀█████████▄
░▄▄██████▀▀█████
█████▀▀░░░░░████
████░░░░▄▄█████
████▄▄█████▀▀
███████▀▀
▀██▀▀

 BETUNLIM
▄█▀▀█▄░▄█▀▀█▄
█▄░░░█▄█░░░▄█
▀▀█▄▄█▄▄█▀▀

███████████████████████
███████████████████████
▄▄▄▄▄▄▄▄░▄▄▄░▄▄▄▄▄▄▄▄
████████░███░████████
████████░███░████████
████████░███░████████
████████░███░████████
████████░███░████████
████████░███░████████

█████████████████████████████
█████████████████████████████
▄▄▄▄▄▄▄▄▄░▄▄▄▄▄▄▄▄▄░▄▄▄▄▄▄▄▄▄
█████████░█████████░█████████
█████████░█████████░█████████
██▄▄█████░██▄▄█████░██▄▄█████
█████████░█████████░█████████
█████████░█████████░█████████
█████████░█████████░█████████
▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀▀▀░▀▀▀▀▀▀▀▀▀

█████████████████████████████
█████████████████████████████
SLOTS &
LIVE CASINO
▄██▄░░██░░██░░██
▀██▀░░▀████████▀
░░░░░░░▀██████▀░░░▄██▄
░░░░░░░▄▄▄▄▄▄▄▄░░░▀██▀
░░░░▄████████████▄
░░░████████████████
░░███████▄▄███████
░░███████▄▄░▀███████
░░███████▀▀███████
░░▀████████████████▀
░░░▀██████████████▀
░░░░░░▀▀██████▀▀
GET BONUS ]
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 08, 2017, 07:01:07 AM
 #3

Can you recall what did you do with your Bitfinex account? because why in the hell did it goes to a wrong person and did you contact Bitfinex support already? did you messed up for yourself?

Nope, not a bitfinex issue at all.  As I mentioned in the OP it looks like this addy has been compromised for quite sometime as seemingly all previous tx's have behaved in exactly the same way.  I believe the source of the problem is either:
a.) a compromised private key for that specific addy
or
b.) the laptop that had full core running on it has been compromised by an unauthorized usb stick being plugged into it :/

Hard to believe I ended up having to screw up with over $3400+ in BTC before I noticed it.  In total, 1.45602349 BTC has been lost to this compromised addy.

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
buwaytress
Legendary
*
Offline Offline

Activity: 3024
Merit: 3727


Join the world-leading crypto sportsbook NOW!


View Profile
August 08, 2017, 07:07:35 AM
 #4

Indeed, the history of your address seems to indicate that this has been going on for a while... although almost all of them anyway drain the address after receiving even from 2013. The most recent are the ones similar to the one you posted though - near instant spends after confirmation. You need to do that wipe right now.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 08, 2017, 07:12:02 AM
 #5

Indeed, the history of your address seems to indicate that this has been going on for a while... although almost all of them anyway drain the address after receiving even from 2013. The most recent are the ones similar to the one you posted though - near instant spends after confirmation. You need to do that wipe right now.
Doing it now. Also going thru and trying to verify i dont have any sort of recurring payouts going to it.

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
talkbitcoin
Legendary
*
Offline Offline

Activity: 1372
Merit: 1032


All I know is that I know nothing.


View Profile
August 08, 2017, 09:01:59 AM
 #6

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 08, 2017, 04:05:37 PM
 #7

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format
Yup, that would certainly be it. Doesnt take away the finamcial stimg obviously nor tell me exactly how i initially exposed it..thanks for the heads up, at least now i know definitively why my lively satoshis got snatched away right before my watery, frustration filled eyes.

Talk about incentive for purchasing a dedicated hardware wallet.  So pissed, no wonder all those hacker stereotypes are all wearin masks!!

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
Kaller
Hero Member
*****
Offline Offline

Activity: 752
Merit: 501


View Profile
August 08, 2017, 05:20:16 PM
 #8

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

Gosh darn. It is never a good idea to upload private keys online.
That is asking to get your Bitcoin stolen.
and look what happened.... live and learn.
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 08, 2017, 09:25:16 PM
 #9

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

Gosh darn. It is never a good idea to upload private keys online.
That is asking to get your Bitcoin stolen.
and look what happened.... live and learn.
this just keeps getting better.  turns out I cyberheisted myself.  The private key I apparently imported while learning about bitcoin-cli from this very same article https://en.bitcoin.it/wiki/Wallet_import_format, didn't give it a label, forgot all about it and then sent the bitcoin to it.  What a bone-head maneuver that was. Well, one things for sure, won't be making that mistake again.

Undoubtedly some clever hacker out there has some kinda program running to constantly scan that addy and shoot whatever comes into it to privately held wallet.  Live and learn indeed!

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
Taras
Legendary
*
Offline Offline

Activity: 1386
Merit: 1053


Please do not PM me loan requests!


View Profile WWW
August 10, 2017, 06:58:56 AM
 #10

Some new precautions will be taken on the wiki following this incident:
  • Copying a sample address or private key from the wiki to a clipboard will also add some text to the clipboard stating that it is a sample key and should not be sent to or imported
  • A hatnote will be added to pages that make use of sample keys warning users not to send to or import them
  • Private keys will only be included on wiki pages when they are necessary to explain bitcoin functionality
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 10, 2017, 04:37:43 PM
 #11

Some new precautions will be taken on the wiki following this incident:
  • Copying a sample address or private key from the wiki to a clipboard will also add some text to the clipboard stating that it is a sample key and should not be sent to or imported
  • A hatnote will be added to pages that make use of sample keys warning users not to send to or import them
  • Private keys will only be included on wiki pages when they are necessary to explain bitcoin functionality
Thx Taras. Hopefully this will help prevent others from making the same mistake.

Note to self, if your going to play with publicly exposed private keys, do it on a junker system labeled with a huge bitcoin symbol with a giant red X over it followed by the word dummy!

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
skyline247
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
August 10, 2017, 06:50:52 PM
 #12

Dude it is seriously unbelievable how many hacks/scams there are in Bitcoin.

And also do people think stealing other's money is going to make them happy or their life better?!

What is wrong with people these days...  Undecided
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
August 10, 2017, 09:59:27 PM
 #13

Dude it is seriously unbelievable how many hacks/scams there are in Bitcoin.

And also do people think stealing other's money is going to make them happy or their life better?!

What is wrong with people these days...  Undecided
True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
ed-ro0t
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile WWW
September 09, 2017, 07:07:25 AM
 #14

True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

right,
i've found your tx on random wallet file...
https://puu.sh/xvd8R/b5c28c0035.png
nwfella (OP)
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
September 09, 2017, 06:53:41 PM
 #15

True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

right,
i've found your tx on random wallet file...
https://puu.sh/xvd8R/b5c28c0035.png
PM sent

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!