Bitcoin Forum
March 19, 2024, 08:02:29 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: ALL of my bitcoins stolen (Around 60) . What the F*CK.  (Read 16724 times)
Oldminer
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001



View Profile
June 27, 2011, 06:03:28 AM
 #21

Also that namecoin binary seems interesting because I too ran a namecoin binary two days before I got hacked. I wonder...hmm...

Hmm..a namecoin binary that steals bitcoins...nice trojan...

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
cschmitz
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
June 27, 2011, 06:04:20 AM
 #22

Oh here we go..attack of the Linux nerds!

OMG OMG the default bitcoin cleint's security sucks..OMG unencrypted wallet.dat is such a good idea!

Anyways, this is the standard response most of you give...so yeah..moving on.


Keep proving the world that you are a bitter troll with no clue about computer security. A wallet.dat encryption is a false security feature, go troll somewhere else.

proud 5.x gh/s miner. tips welcome at 1A132BPnYMrgYdDaRyLpRrLQU4aG1WLRtd
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 27, 2011, 06:05:28 AM
 #23

I don't think they really care about any sum. It all gents blamed on the victim. Tough love?

It is hard because there is no way to prove the theft. The nature of bitcoin makes it impossible.
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1080



View Profile WWW
June 27, 2011, 06:05:35 AM
 #24

This sucks and is really putting me off investing in bitcoin.

What is the point if some hacker can just come in under my nose and steal everything?

There is no security in bitcoin, it's ridiculous.

There is security in bitcoin, but it has to be YOU! Don't count on security by default...

I've been thinking and I've come to the conclusion that Satoshi and the dev team should have never released a bitcoin client for windows!!!

Then right now we'd all be a bunch of Linux geeks enjoying our geeky little currency and nobody would've had the opportunity to steal from us. Later on maybe once the security of the default client is vastly improved, then and only then release a windows version. Just my 2 cents.

mouse
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
June 27, 2011, 06:06:43 AM
 #25

ZOMG people!

You have real money on your computers now.

Stop using Windows.

That is all...

I know mocking windows is a fun past time for many, but lets look at a few facts we already know:
1. The machine is terribly out of date, without even SP1
2. I dont know of any os that is safe to use out of date
3. Windows is targetted more because its used more

And 3 is the kicker. Not being able to use windows with bitcoin is eliminating what, 80% of the world from bitcoin? Sounds like a great plan.

Besides, many of these types of attacks could probably have been prevented with an encrypted wallet, currently a HIGH priority of devs, and yet nobody dares blame them. And to those that say 'encrypting the wallet will make no difference' do you really think that the devs are thus adding it to pander to 'noobs', but that is secretly known as a waste of time?
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1080



View Profile WWW
June 27, 2011, 06:08:40 AM
 #26

Oh here we go..attack of the Linux nerds!

OMG OMG the default bitcoin cleint's security sucks..OMG unencrypted wallet.dat is such a good idea!

Anyways, this is the standard response most of you give...so yeah..moving on.


Keep proving the world that you are a bitter troll with no clue about computer security. A wallet.dat encryption is a false security feature, go troll somewhere else.

Ha! There are ways to mitigate the risks and make it a lot harder for a hacker to get at your BTC. The worst thing is to just leave it in plain sight sort of speak where any simple coder can just ftp or e-mail the wallet.dat file.


DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 27, 2011, 06:10:07 AM
 #27

ZOMG people!

You have real money on your computers now.

Stop using Windows.

That is all...

I know mocking windows is a fun past time for many, but lets look at a few facts we already know:
1. The machine is terribly out of date, without even SP1
2. I dont know of any os that is safe to use out of date
3. Windows is targetted more because its used more

And 3 is the kicker. Not being able to use windows with bitcoin is eliminating what, 80% of the world from bitcoin? Sounds like a great plan.

Besides, many of these types of attacks could probably have been prevented with an encrypted wallet, currently a HIGH priority of devs, and yet nobody dares blame them. And to those that say 'encrypting the wallet will make no difference' do you really think that the devs are thus adding it to pander to 'noobs', but that is secretly known as a waste of time?

They are working on encryption. It should be in the next version.

https://github.com/bitcoin/bitcoin/pull/232
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1080



View Profile WWW
June 27, 2011, 06:12:53 AM
 #28

I don't think they really care about any sum. It all gents blamed on the victim. Tough love?

It is hard because there is no way to prove the theft. The nature of bitcoin makes it impossible.

True :/ . But I think there can be such a case as within a reasonable doubt. I bet there are other people who've had the same thing happen to them but they're afraid to ever speak of it for they know that forum trolls will just plain ridicule them.

There are thing that the OP can do however to be more convincing such as consult with an expert in BTC security or someone at one of the exchanges, send him the wallet.dat file, have it analyzed. Send the debug.log. Submit a theft report to the police and share that with a trusted member of the BTC community. But *shrug* in the end most will still yell "scammer" or 'liar"


bolapara
Member
**
Offline Offline

Activity: 78
Merit: 10


View Profile
June 27, 2011, 06:13:38 AM
 #29

EDIT: I can't find that link anywhere on the forum. Where did you find it?

Can't find it myself either.  Google show nothing...
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1080



View Profile WWW
June 27, 2011, 06:16:21 AM
 #30

ZOMG people!

You have real money on your computers now.

Stop using Windows.

That is all...

I know mocking windows is a fun past time for many, but lets look at a few facts we already know:
1. The machine is terribly out of date, without even SP1
2. I dont know of any os that is safe to use out of date
3. Windows is targetted more because its used more

And 3 is the kicker. Not being able to use windows with bitcoin is eliminating what, 80% of the world from bitcoin? Sounds like a great plan.

Besides, many of these types of attacks could probably have been prevented with an encrypted wallet, currently a HIGH priority of devs, and yet nobody dares blame them. And to those that say 'encrypting the wallet will make no difference' do you really think that the devs are thus adding it to pander to 'noobs', but that is secretly known as a waste of time?

Well said. IMHO this was a big faux paux on the part of Satoshi and the early devs. They should've foresaw the coming waves of thieves that would try anything to get their hands on a person's BTC.

Let me just put it this way. BTC was a system designed by coders for coders. It was meant to be an interesting experiment. I don't think the "elders of bitcoin" foresaw that it would grow into what it is today. They were caught off-guard.

DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 27, 2011, 06:19:26 AM
 #31

The client is still young. The bitcoin system itself is very secure, robust and well designed. It is the client that is the problem. The client keeps a wallet in plaintext. And notice the version 0.33, it is still beta. Things will resolve themselves. Bitcoin is still very young, we are all early adopters here.
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
June 27, 2011, 06:23:36 AM
 #32

Sounds very fishy.

If you had it encrypted, any ideas on how it was stolen?

If you're being honest, I'm terribly sorry for your loss. That stinks.

Yea, it does. I had /backups/ encrypted, I should have been clear. Any virus/trojan/person could have just coppied the wallet file from %appdata%/bitcoin.

Encryption cannot protect wallets in use, because your legitimate client has to decrypt it anyway. Encryption is good for backups only.

Misspelling protects against dictionary attacks NOT
FuzzyCoins
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
June 27, 2011, 06:26:29 AM
 #33

Quote
And to those that say 'encrypting the wallet will make no difference' do you really think that the devs are thus adding it to pander to 'noobs', but that is secretly known as a waste of time?

Encrypting the wallet will help, but it doesn't solve the problem. When the BitCoin client is running, it will have decrypted your private keys and they will likely be in the memory of your machine. If you have a virus on your machine, that virus can access memory and get your private keys. Even if the devs of BitCoin work real hard and keep your keys encrypted when in memory, at some point they have be decrypted so they can be used. They may only be in memory or machine registers for a few milliseconds, but if you have a smart enough virus, your keys (and your BTC) will be compromised.

Encryption will help when the Bitcoin client is not running and it will protect you against an attack against your backups or other offline copies of your data.

It is essential for security (and the safekeeping of your BTC) that you keep your machine virus and malware free. If you can get to your money on your machine, so can a virus.

There is lots of good advice out there on how to keep your machine virus free, but the basics are to keep your machine patched, use antivirus, and never, ever, under any circumstances, access the Internet when you are logged in with administrative, root, or any other kind of elevated privileges.

In the Windows world turn on auto updates and let them run every day. Use a current, supported version of windows (that means Windows 7, not XP.) The anti-virus software the Microsoft gives out for free is solid - there is no excuse to not have anti-virus protection. Make sure your login account is not an "administrator". Only log in as an administrator when you want to install software.

In the Linux world, make sure you apply security packages from your distribution frequently. Don't run as root.

I don't post this to taunt or scold the OP, just to provide advice to prevent it happening to others.
EricJ2190
Full Member
***
Offline Offline

Activity: 134
Merit: 102


View Profile
June 27, 2011, 06:38:10 AM
 #34

I have a copy of that Namecoin build as well. I haven't encountered any theft, but I have certain measures in place to protect my wallet.

I was sure I got that build from the original Namecoin thread, but I was unable to find it there again. That's got me suspicious.
ElHajjaj
Newbie
*
Offline Offline

Activity: 24
Merit: 0



View Profile
June 27, 2011, 06:42:56 AM
 #35

I usually read the description whenever my Win 7 box wants to download updates, and it seems like lots of times I'll see a security update that says it patches a vulnerability that could "allow an attacker to execute arbitrary code" or something ominous like that, so if anything I'd bet that it was not staying up to date that screwed you over.
mouse
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile
June 27, 2011, 06:43:44 AM
 #36

Is crossposting bad?

http://forum.bitcoin.org/index.php?topic=23085.0

I might look at making a bounty if I can afford one, others could think about adding a bounty too, esp if youve been a victim (I havent, but I want to see bitcoin succeed)
beeph
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 27, 2011, 06:44:40 AM
 #37

how about we add a few bits and let people do wallet locks?  i think most of us at this time are hoarders who know bitcoisn will be worth 100,000$ per bitcoin one day

a wallet lock is something that only honest users would be interested in imho.. u can use a password to lock/unlock but not to send coins

the fact is.. yeah windows has exploits that pretty much allow hackers at anytime to own your system, they are in the wild before they're even patched and no windows  box is ever totally secure at any given time.. a 0-day hacker can always rape yer bitcoinZ
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1080



View Profile WWW
June 27, 2011, 06:48:34 AM
 #38

Sounds very fishy.

If you had it encrypted, any ideas on how it was stolen?

If you're being honest, I'm terribly sorry for your loss. That stinks.

Yea, it does. I had /backups/ encrypted, I should have been clear. Any virus/trojan/person could have just coppied the wallet file from %appdata%/bitcoin.

Encryption cannot protect wallets in use, because your legitimate client has to decrypt it anyway. Encryption is good for backups only.

Yep you're right. Even if the client encrypted the wallet when not in use it eventually has to decrypt it when you want to spend from it. AT that moment it is vulnerable to key logger attack and to any nasty viruses that could are residing in memory (waiting for the opportunity to strike). Someone on a different thread (forget which one) suggested that the client implement a unix style permissions system. Maybe also running the client in it's own chroot (something equivalent in windows) would be a good idea. But in the end it's still quite hard to avoid all avenues of attack. My point is that still the more security measures you can implement the lower the odds that some unclever hacker is easily able to steal your coins.


FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1014


Strength in numbers


View Profile WWW
June 27, 2011, 06:50:31 AM
 #39

 
Let me just put it this way. BTC was a system designed by coders for coders. It was meant to be an interesting experiment. I don't think the "elders of bitcoin" foresaw that it would grow into what it is today. They were caught off-guard.

Someone was caught off guard, but it wasn't the 'elders'.

Oh here we go..attack of the Linux nerds!

OMG OMG the default bitcoin cleint's security sucks..OMG unencrypted wallet.dat is such a good idea!

Anyways, this is the standard response most of you give...so yeah..moving on.


Yeah, leaving tens of coins in an unencrypted wallet would be fucking stupid.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
June 27, 2011, 06:55:44 AM
 #40

Ever since A Cost Analysis of Windows Vista Content Protection, Microsoft has been dead to me. I have been using Gnu/Linux as my primary OS since the turn of the century. That said, those people claiming "Windows is the problem" are being Naive.

Yes it is difficult to keep a Windows Installation secure, but that does not imply that GNU/Linux distros are immune to similar vulnerabilities. Windows is the market leader. It is perceived to be "easy to use." As a result, many poorly-though out features are simply copied to make Windows users feel more at home. IMO that strategy always leads to failure; with Gnu/Linux seen as "Second best" with little room to innovate. Luckily, users have a choice: they don't have to install Ubuntu if they don't want to Smiley

Examples of bad functionality copied:
  • Wine was vulnerable to the WMF exploit
  • Microsoft has finally disabled autorun on USB drives; just as Ubuntu is introducing it.
  • Icon previews and all the vulnerable code they expose.
  • I'm probably missing many more

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!