My wallet was just hacked

[bebfoo]

The perils of virtual money :-/

[lovecoins]

so bad

[firefop]

Ok, macs don't really get malware. unless specifically targeted for it. Macs are also very secure, and I really doubt you were hacked.

So question you locked your wallet, and then when you unlocked it crash, that means two things, one that your wallet was never unlocked. Which is the theory I am going with. I do think once you restored from a backup you should click new address and see if that address pops up. It also doesn't contain any fee so did you change your tx fee? I think this is just a freak thing and you have the address sitting your wallet. Unless did you run any java applications from the web, that is the only other way.

Also use -rescan, that will help a lot as well.

PFFT - Macs are less secure than everything exactly because of this bad information that has been marketed by Apple. I do virus removals for a living. OSX is ~15% of the market right now (and that's being very kind) but more than 60% of the virus removals I do are on macs. Mac users are generally clueless about computer security because it's 'well known' that 'macs don't get viruses'. They always seem amazed and confused when I find and remove whatever infection they have.

My advice would be - get a real os (there's nothing wrong with mac hardware, you can run freeBSD or other linux on it just fine). Or if you don't want to bother learning about computer security - get a nice android device and keep your wallet on that.

At the very least - get some sort of security software on your mac and/or some help to track down the infection.

[b!z]

Ok, macs don't really get malware. unless specifically targeted for it. Macs are also very secure, and I really doubt you were hacked.

So question you locked your wallet, and then when you unlocked it crash, that means two things, one that your wallet was never unlocked. Which is the theory I am going with. I do think once you restored from a backup you should click new address and see if that address pops up. It also doesn't contain any fee so did you change your tx fee? I think this is just a freak thing and you have the address sitting your wallet. Unless did you run any java applications from the web, that is the only other way.

Also use -rescan, that will help a lot as well.

PFFT - Macs are less secure than everything exactly because of this bad information that has been marketed by Apple. I do virus removals for a living. OSX is ~15% of the market right now (and that's being very kind) but more than 60% of the virus removals I do are on macs. Mac users are generally clueless about computer security because it's 'well known' that 'macs don't get viruses'. They always seem amazed and confused when I find and remove whatever infection they have.

My advice would be - get a real os (there's nothing wrong with mac hardware, you can run freeBSD or other linux on it just fine). Or if you don't want to bother learning about computer security - get a nice android device and keep your wallet on that.

At the very least - get some sort of security software on your mac and/or some help to track down the infection.

Security software seems much easier for the average user than changing their OS.

[escrow.ms]

You said you restored wallet from a backup.

Does backup wallet was encrypted?
Does backup wallet was in a safe place?
Someone else can physically access your pc or not?

[firefop]

Security software seems much easier for the average user than changing their OS.

Granted - but the problem with all security software is... it doesn't catch new stuff... first the virus has to be documented and a definition distributed for it... before the AV software is able to prevent an infection.

Just an example:

In the past 6 months there's been a FBI virus going around - it took all of 2 weeks to get a good def written and now all major AVs block it. About a week after that, the makers changed the methods used and updated it say DOJ instead of FBI... that one took almost a month to define and about 2 weeks later they pushed a new version (changed DOJ to ICE). And there still isn't a good removal method for that one.

fbi - wasn't present in sm. infection was a rundll.exe loaded item in a temp folder - and had a shortcut in windows startup folder.
doj - is present in sm (and causes reboot to normal mode). also loading through a runonce entry. removal be booting to smcp and creating a temp admin user that could then be logged into to remove.
ice - present in sm (and blocks use), breaks the machines ability to boot into smcp, recovery console and system restore partitions. Only way is recovery console off a cd/dvd or pulling the drive and cleaning it on another machine.

All of these virus ask for moneypak in varying amounts and threaten arrest and prosecution for illegal activity (child porn) if the user doesn't 'pay the fine'

The big 3 AVs (yes there are only 3 legit av networks and they all shares defs with each other):

Norton: can catch FBI & DOJ but can't stop ICE.
Mcafee: can catch FBI but not ICE or DOJ.
Eset: active methods got FBI and DOJ. was able to remove FBI even without a def. Doj was a able to stop it from loading (but wasn't able to remove until defs came out). ICE still flys right by it tho.

~

my whole point is - there's lag time between when a new virus deploys and the AVs catch up. The only really secure way is via a USB bootable optical media with wallet already on it - or a handheld device that has never done and will never do anything else.

[BitOmni]

Where did you download bitcoin-qt from? I hope it was from this forum.

I installed Bitcoin-Qt on my iMac, put some bitcoins in it, and locked the wallet.

When I wanted to make a new address to send some bitcoins to an exchange, it asked me to unlock my wallet. I entered the key, and the wallet application locked up. I had to kill the task. When I started it up, it said my wallet was corrupted. I restored my wallet from a backup, and discovered that all of my bitcoins (over 3 coins  ) had been transferred. They had been transferred to an address I've never used before. In fact, I've never transferred any bitcoins out of my wallet.

Well, the fact that I lost over $USD300 in coins is bad, but I'll chalk that up to experience. What I'd like to know is how it was done. I can only guess that my computer has been infected with malware that was waiting for me to unlock my wallet so it could do a transfer. Is this a known hack?

Thanks,

Random8, bitcoin n00b

[r2vape]

Sorry to hear Random8, but that sounds like the location where you got the bitcoin client from was compromised or not a legitimate application.

For reference to all the pro-Mac people, the firewall on Mac OS is disabled... by default.  Push your "Mac is very secure" antics elsewhere -> coming from someone that has been in the IT support industry (with Macs as well) for the past 12 years.

[blaxxzor]

suprising that it would be on a mac and also I dont understand why a wallet nneds to be installed on a system? is it generally more secure or what.

[JordanL]

The perils of virtual money :-/

Yeah... so much more fraud and theft than with the traditional currencies.   

[voneiden]

Any other bitcoin related applications you have installed? I imagine its quite easy for an app to enable the bitcoind api and then hammer sendbitcoins request over the api until the user unlocks the wallet (which is a security flaw of you ask me. )

[naphto]

Sorry for your loss

[tinus42]

I just picked up a hardware wallet, and I think that will be the future OP should look into getting that.

Only what happens when you get a hardware error? Can you make a backup with those?

[gweedo]

I just picked up a hardware wallet, and I think that will be the future OP should look into getting that.

Only what happens when you get a hardware error? Can you make a backup with those?

BIP 32 and a key phase, that you write down and lock in vault.

[esenminer]

The most reasonable answer is a compromised client - the source is freely avaılable so not too hard to simply adjust code to send to a predefined address after some threshold, compile it for mac and then release it for download.

İ would download the client from a trusted source and compare at least file sizes and/or signatures if they are available. Decompiling and looking at source would also be interesting - maybe the address is hardcoded that would make the compromised parts easy to find.

[cp1]

Can you compare the checksum or hash of your downloaded client to the official one?

[Random8]

Can you compare the checksum or hash of your downloaded client to the official one?

Yep, I can do that, as soon as I find an official version that's the same as mine. I'll let you guys know what I find out.

Random8

[BitGo]

Did you store your private key on your mac? Private keys should be kept in cold storage (ie: offline computers). Perhaps a hacker found your private key.

[macintosh]

Did your coins show up yet

[Petomai]

Did you experiment with any other cryptocurrencies maybe one of them had a keylogger attached to it (or anything you've download lately) I don't know how vulnerable Macs are to website scripts (probably not very) but windows freely accepts virus attacks from tricky java codes if you're not careful.

I'm sorry for your loss of bitcoin