Bitcoin Forum
March 28, 2024, 07:02:30 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: ETH stolen - need help to figure out how is it even possible  (Read 139 times)
throwaway_losteth (OP)
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
November 12, 2017, 09:00:40 PM
 #1

I lost 1.09 ETH just 7 hours ago after creating a temporary private key by hand (64 hexadecimal characters) 2 days ago and transferred 1 ETH to it to trade on EtherDelta. I bought 100 DICE but wasn't able to withdraw back to my main wallet due to DICE contract not allowing token transfer during their current payout period (which ends tomorrow). I was checking EtherDelta a while ago and was shocked to find that my account balance became zero.

I'm frustrated not only because I just lost ETH, but I couldn't understand at all how did someone managed to get my private key. I checked my web browser history and can confirm that I've only entered my private key (by hand) on two domains:

myetherwallet.com
etherdelta.com

These are the transactions on my address: https://etherscan.io/address/0x776b0ccbd601fd5d708973f781ae4807669afb41

Private key is 9137 repeated 15 times in hexadecimal (yes, I created this by hand, and you can verify it by going to MEW)

I checked to the output address (belonging to the guy who stole my ETH) and it seemed like a real human who has been using EtherDelta and EtherMine based on related transactions: https://etherscan.io/address/0x8c19ca4a865911a47c22ae8c33026ffcbd369452

He even attempted to withdraw DICE and failed because of the same reason I mentioned above. Then he proceeded to sell off the DICE and withdraw the balance as ETH.

If you're the thief and are reading this, I don't expect you to return my ETH, but can you (or anyone reading this) at least tell me how you actually did it? Did you actually scan for simple private keys (like mine above), or did I get phished (I searched through my browser history and didn't find anything wrong)? Was my machine compromised (I'm on a Mac - not saying that Macs are not vulnerable but have been very, very careful with what I run on this machine)?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!