Bitcoin Forum
July 30, 2021, 11:28:43 AM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Cyber-heisted myself for (1.001 BTC)  (Read 979 times)
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 08, 2017, 06:20:37 AM
Last edit: August 08, 2017, 09:27:33 PM by nwfella
 #1

Tis indeed a seriously sad day for yours truly. I went ahead and pulled out the majority of my holdings on Bitfinex to this locally controlled Core wallet address 1GAehh7TsJAHuUAeKZcXf5CnwuGuGgyX2S

Sadly, the second it received it's first confirmation it was on its way to some fat happy hacker's wallet here
https://blockchain.info/address/1PYnrYNPiq7YWrxFGMhJhm9Jqwnuoaj1qE

*Not sure if as a result of recently purchased USB stick that was unfortunately plugged into my Core system or if the private key on that addy has been compromised for sometime now but definitely first strange behavior like this I've noticed from any addy's held in this node's wallet.


/facepalm, further investigation reveals that this addy has always behaved this way so apparently it's been compromised for sometime Shocked  time to do a full wipe on this puppy and start from scratch sadly.

Where the heck is the dang Ctrl-Z function on this thing!! :/

  Embarrassed

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1627644523
Hero Member
*
Offline Offline

Posts: 1627644523

View Profile Personal Message (Offline)

Ignore
1627644523
Reply with quote  #2

1627644523
Report to moderator
1627644523
Hero Member
*
Offline Offline

Posts: 1627644523

View Profile Personal Message (Offline)

Ignore
1627644523
Reply with quote  #2

1627644523
Report to moderator
leonair
Sr. Member
****
Offline Offline

Activity: 728
Merit: 296


View Profile
August 08, 2017, 06:52:29 AM
 #2

Can you recall what did you do with your Bitfinex account? because why in the hell did it goes to a wrong person and did you contact Bitfinex support already? did you messed up for yourself?
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 08, 2017, 07:01:07 AM
 #3

Can you recall what did you do with your Bitfinex account? because why in the hell did it goes to a wrong person and did you contact Bitfinex support already? did you messed up for yourself?

Nope, not a bitfinex issue at all.  As I mentioned in the OP it looks like this addy has been compromised for quite sometime as seemingly all previous tx's have behaved in exactly the same way.  I believe the source of the problem is either:
a.) a compromised private key for that specific addy
or
b.) the laptop that had full core running on it has been compromised by an unauthorized usb stick being plugged into it :/

Hard to believe I ended up having to screw up with over $3400+ in BTC before I noticed it.  In total, 1.45602349 BTC has been lost to this compromised addy.

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
buwaytress
Legendary
*
Offline Offline

Activity: 1792
Merit: 1662


Join the world-leading crypto sportsbook NOW!


View Profile
August 08, 2017, 07:07:35 AM
 #4

Indeed, the history of your address seems to indicate that this has been going on for a while... although almost all of them anyway drain the address after receiving even from 2013. The most recent are the ones similar to the one you posted though - near instant spends after confirmation. You need to do that wipe right now.

nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 08, 2017, 07:12:02 AM
 #5

Indeed, the history of your address seems to indicate that this has been going on for a while... although almost all of them anyway drain the address after receiving even from 2013. The most recent are the ones similar to the one you posted though - near instant spends after confirmation. You need to do that wipe right now.
Doing it now. Also going thru and trying to verify i dont have any sort of recurring payouts going to it.

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
talkbitcoin
Legendary
*
Offline Offline

Activity: 1372
Merit: 1032


All I know is that I know nothing.


View Profile
August 08, 2017, 09:01:59 AM
 #6

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 08, 2017, 04:05:37 PM
 #7

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format
Yup, that would certainly be it. Doesnt take away the finamcial stimg obviously nor tell me exactly how i initially exposed it..thanks for the heads up, at least now i know definitively why my lively satoshis got snatched away right before my watery, frustration filled eyes.

Talk about incentive for purchasing a dedicated hardware wallet.  So pissed, no wonder all those hacker stereotypes are all wearin masks!!

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
Kaller
Hero Member
*****
Offline Offline

Activity: 753
Merit: 501


View Profile
August 08, 2017, 05:20:16 PM
 #8

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

Gosh darn. It is never a good idea to upload private keys online.
That is asking to get your Bitcoin stolen.
and look what happened.... live and learn.
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 08, 2017, 09:25:16 PM
 #9

here is your private key which is easily found with a quick google search:
Code:
5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ

you've probably imported this key some time in the past (for some weird reason) and have forgotten about it and now you have paid the price.

p.s. it is found here by the way: https://en.bitcoin.it/wiki/Wallet_import_format

Gosh darn. It is never a good idea to upload private keys online.
That is asking to get your Bitcoin stolen.
and look what happened.... live and learn.
this just keeps getting better.  turns out I cyberheisted myself.  The private key I apparently imported while learning about bitcoin-cli from this very same article https://en.bitcoin.it/wiki/Wallet_import_format, didn't give it a label, forgot all about it and then sent the bitcoin to it.  What a bone-head maneuver that was. Well, one things for sure, won't be making that mistake again.

Undoubtedly some clever hacker out there has some kinda program running to constantly scan that addy and shoot whatever comes into it to privately held wallet.  Live and learn indeed!

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
Taras
Legendary
*
Offline Offline

Activity: 1386
Merit: 1042


Please do not PM me loan requests!


View Profile WWW
August 10, 2017, 06:58:56 AM
 #10

Some new precautions will be taken on the wiki following this incident:
  • Copying a sample address or private key from the wiki to a clipboard will also add some text to the clipboard stating that it is a sample key and should not be sent to or imported
  • A hatnote will be added to pages that make use of sample keys warning users not to send to or import them
  • Private keys will only be included on wiki pages when they are necessary to explain bitcoin functionality
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 10, 2017, 04:37:43 PM
 #11

Some new precautions will be taken on the wiki following this incident:
  • Copying a sample address or private key from the wiki to a clipboard will also add some text to the clipboard stating that it is a sample key and should not be sent to or imported
  • A hatnote will be added to pages that make use of sample keys warning users not to send to or import them
  • Private keys will only be included on wiki pages when they are necessary to explain bitcoin functionality
Thx Taras. Hopefully this will help prevent others from making the same mistake.

Note to self, if your going to play with publicly exposed private keys, do it on a junker system labeled with a huge bitcoin symbol with a giant red X over it followed by the word dummy!

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
skyline247
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
August 10, 2017, 06:50:52 PM
 #12

Dude it is seriously unbelievable how many hacks/scams there are in Bitcoin.

And also do people think stealing other's money is going to make them happy or their life better?!

What is wrong with people these days...  Undecided
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
August 10, 2017, 09:59:27 PM
 #13

Dude it is seriously unbelievable how many hacks/scams there are in Bitcoin.

And also do people think stealing other's money is going to make them happy or their life better?!

What is wrong with people these days...  Undecided
True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ed-ro0t
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile WWW
September 09, 2017, 07:07:25 AM
 #14

True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

right,
i've found your tx on random wallet file...
https://puu.sh/xvd8R/b5c28c0035.png
nwfella
Legendary
*
Offline Offline

Activity: 1554
Merit: 1000


btc tips: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ


View Profile
September 09, 2017, 06:53:41 PM
 #15

True enough.  But can't blame this one on anybody but myself for this FUBAR.  Be sure to check and re-check that whatever addy your sending BTC too for long term storage has a private key which is under your control exclusively.

right,
i've found your tx on random wallet file...
https://puu.sh/xvd8R/b5c28c0035.png
PM sent

Bibox Exchange
https://www.bibox.com/signPage?id=11907482

BTC: 1NPQP9Z4Ju6rTnH4uR6986kGVnEkpyYFJZ
LTC: M9Eo9tTiohSLwDMKyMeAFdsuVaFWCCxM3G
ETH/ERC20: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
ETC: 0x4360038b0f4b198b18458a1f0e468b3ebe483ee6
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!