Bitcoin Forum
November 09, 2024, 06:45:31 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Attention! This address is stealing BTC now!  (Read 5218 times)
fcmatt
Legendary
*
Offline Offline

Activity: 2072
Merit: 1001


View Profile
June 30, 2011, 02:18:51 AM
 #21

just what are the odds that someone knew what to look for when dropbox had their technical issue?
honestly.. unless there was some way to use google to identify wallet files on dropbox's website OR
someone knew it was there..

i find it highly doubtful that a person on the internet just happened to come upon that file on dropbox
and had the insight to brute force the password.. and then transfer the bitcoins. heck.. just finding a
person on the internet who even cares about bitcoins is a challenge let alone finding a wallet file during
a few hour period.
JusticeForYou
VIP
Sr. Member
*
Offline Offline

Activity: 490
Merit: 271



View Profile
June 30, 2011, 02:29:11 AM
 #22

This address is receiving stolen BTC!

15Afx45asCysyNd9HE7xeZTkzLgDq2JCEx
http://blockexplorer.com/address/15Afx45asCysyNd9HE7xeZTkzLgDq2JCEx

and this one:

1GB8MHka8SXSFbJMViwkP6ANufts1qGnhF
http://blockexplorer.com/address/1GB8MHka8SXSFbJMViwkP6ANufts1qGnhF

All my BTC have transferred to this address hours ago!

------------

I'm using mac osx, and I have made an encrypted disk image to store the wallet.

A possible leak is that I used same account name and password at MtGox and Dropbox, from the first, the password is compromised, and from the last, the wallet backup is stolen, even though I zipped the wallet file with a long password...

OK, so your Mtgox and Drop box were compromised... buy you say: "encrypted disk image to store the wallet" <--Was that PassWord the same too? and then you say: "zipped the wallet file with a long password"

So, you backup your wallet to Dropbox that could have been compromised, in a Encrypted .DMG that might have had the same password, that was Zipped with a long PW <--- BTW Zipped PW is by far full-proof...

I am thinking it is more likely your computer is compromised.... better check that also...

.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
cmh
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
June 30, 2011, 02:31:33 AM
 #23

just what are the odds that someone knew what to look for when dropbox had their technical issue?

I'd say they are pretty good. Do you think none of the programmers working at dropbox know about bitcoin?... "Hey guys, I just published that password code, see you after lunch!" ... (quick trip to starbucks to download a few wallet.dat files) ... "hey guys, I found a problem with the password code... oops!"
bitprotection
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
June 30, 2011, 03:24:27 AM
 #24

We hope to solve this very soon .... http://www.bitprotection.info  more coming soon...

Working on protecting the community!
finack
Member
**
Offline Offline

Activity: 126
Merit: 10


View Profile
June 30, 2011, 03:25:35 AM
 #25

I'd say they are pretty good. Do you think none of the programmers working at dropbox know about bitcoin?... "Hey guys, I just published that password code, see you after lunch!" ... (quick trip to starbucks to download a few wallet.dat files) ... "hey guys, I found a problem with the password code... oops!"

Dropbox staff can access your files directly, no need to introduce a password bug.
finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 30, 2011, 03:42:05 AM
 #26

And no more messages from nakowa?

I'm telling you.....again my theory....

Everytime a "BTC stolen" story gets bumped to the bottom of the page or off the page a new one pops up. Legit? I don't know.

But it's like clock work. It's like the troll brigade just wants that front page of threads to be tainted with scandal. I don't buy it. Or I should say, I'm very skeptical.
nakowa (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
June 30, 2011, 03:58:12 AM
Last edit: June 30, 2011, 04:08:53 AM by nakowa
 #27

And no more messages from nakowa?

I'm telling you.....again my theory....

Everytime a "BTC stolen" story gets bumped to the bottom of the page or off the page a new one pops up. Legit? I don't know.

But it's like clock work. It's like the troll brigade just wants that front page of threads to be tainted with scandal. I don't buy it. Or I should say, I'm very skeptical.

What do you have in mind?

I updated some info by editing the original post.

You're not skeptical, you are dark.

Don't you see the blockexplorer link I've post?

I lost all my BTC. However, do you think I should cry for it everyday?

In fact, I'm busy on updating my BitcoinX (An AutoIt Shell for the official bitcoin client for windows. ) http://forum.bitcoin.org/index.php?topic=23791

Because I have to work on a virtual machine - I'm using a Macbook air, I had no time to back here for crying...
Capitan
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
June 30, 2011, 04:13:52 AM
 #28

And no more messages from nakowa?

I'm telling you.....again my theory....

Everytime a "BTC stolen" story gets bumped to the bottom of the page or off the page a new one pops up. Legit? I don't know.

But it's like clock work. It's like the troll brigade just wants that front page of threads to be tainted with scandal. I don't buy it. Or I should say, I'm very skeptical.

What do you have in mind?

I updated some info by editing the original post.

You're not skeptical, you are dark.

Don't you see the blockexplorer link I've post?

I lost all my BTC. However, do you think I should cry for it everyday?

In fact, I'm busy on updating my BitcoinX (An AutoIt Shell for the official bitcoin client for windows. ) http://forum.bitcoin.org/index.php?topic=23791

Because I have to working on a virtual machine - I'm using a Macbook air, I had no time to back here for crying...

Do you think you could answer the additional questions people have so we could continue in trying to figure out how you were hacked?

It doesn't help your case that right now you are doing what a lot of other "I was hacked" posters do when pushed for more details the "I was hacked" -- being evasive.  (by not providing the info being requested by those trying to help you out)
Capitan
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
June 30, 2011, 04:20:23 AM
 #29

And no more messages from nakowa?

I'm telling you.....again my theory....

Everytime a "BTC stolen" story gets bumped to the bottom of the page or off the page a new one pops up. Legit? I don't know.

But it's like clock work. It's like the troll brigade just wants that front page of threads to be tainted with scandal. I don't buy it. Or I should say, I'm very skeptical.

I'm not normally one to go for conspiracy theory type stuff, but the point you raise is a possibility that can't be ruled out at the moment. It's suspicious how these guys often ask for money, and almost never provide enough info to troubleshoot. When prodded for more details they suddenly post a message with what they believe to be the loophole by which they were hacked, but without a trail of evidence to make it plausible enough to stop troubleshooting/investigating. If I were hacked I know I'd be a lot more systematic about wanting to find out exactly what went wrong, and I'd be a lot more cooperative with the people on the message boards who were trying to help me investigate what happened.

They should just all be pushed into a separate forum and urged to stick to a template if they want to get any help. Yet another case for having a bitcoin forum with better moderation.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56
Merit: 1


View Profile
June 30, 2011, 05:02:53 AM
 #30

Have you run any namecoin binaries?

Can you elaborate on why running namecoin binaries in general (and not just any binary) is risky?

A few other people claiming to be hacked that I've tried to hammed detail out of (it is like pulling teeth, I might buy the conspiracy), mentioned using a namecoin binary.
d3wo
Member
**
Offline Offline

Activity: 69
Merit: 10


Kupo!


View Profile
June 30, 2011, 07:12:27 AM
 #31

This address is receiving stolen BTC!

15Afx45asCysyNd9HE7xeZTkzLgDq2JCEx
http://blockexplorer.com/address/15Afx45asCysyNd9HE7xeZTkzLgDq2JCEx

and this one:

1GB8MHka8SXSFbJMViwkP6ANufts1qGnhF
http://blockexplorer.com/address/1GB8MHka8SXSFbJMViwkP6ANufts1qGnhF

All my BTC have transferred to this address hours ago!

------------

I'm using mac osx, and I have made an encrypted disk image to store the wallet.

A possible leak is that I used same account name and password at MtGox and Dropbox, from the first, the password is compromised, and from the last, the wallet backup is stolen, even though I zipped the wallet file with a long password...

There is a new rootkit MBR virus, karpersky is almost "give up" (I hope they don't, keep it up guys!)
Infected approx 4.5million, this virus is on your harddrive MBR, it's almost impossible to detect,
In my personal oppinion, this kind of viruse cannot be detected & removed with "standard procedure".
I hope you guys are not get invected with these virus. It's P2P type of virus.
Check it out : http://www.computerworld.com/s/article/9218034/Massive_botnet_indestructible_say_researchers?taxonomyId=82&pageNumber=1

Donations Welcome: 1GD3Sg3xcAzoc4V2SbkdTkFT9acio65Wr9
theowalpott
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
June 30, 2011, 08:03:28 AM
 #32

useful article, cept it doesn't tell you how to detect it lol

The advice seems to be - nuke your hard drive and reinstall!

1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 30, 2011, 08:11:07 AM
 #33

Here is an utility that I recommend people use to "nuke" their HD:

http://www.dban.org/

It is free software btw.


theowalpott
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
June 30, 2011, 09:05:31 AM
 #34

dban is a bit overkill if you just want to wipe the MBR and destroy data on a drive. A single zero pass would be fine Smiley Takes a hell of a lot less time!

1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
allinvain
Legendary
*
Offline Offline

Activity: 3080
Merit: 1083



View Profile WWW
June 30, 2011, 01:28:18 PM
 #35

dban is a bit overkill if you just want to wipe the MBR and destroy data on a drive. A single zero pass would be fine Smiley Takes a hell of a lot less time!

It does have that option. I used the so called "least secure" option of a zero pass on a 100 gb HD and it took 2 hours max. Some of the erase options dban offers are insane.

finnthecelt
Full Member
***
Offline Offline

Activity: 140
Merit: 101


View Profile
June 30, 2011, 02:39:14 PM
 #36

And no more messages from nakowa?

I'm telling you.....again my theory....

Everytime a "BTC stolen" story gets bumped to the bottom of the page or off the page a new one pops up. Legit? I don't know.

But it's like clock work. It's like the troll brigade just wants that front page of threads to be tainted with scandal. I don't buy it. Or I should say, I'm very skeptical.

What do you have in mind?

I updated some info by editing the original post.

You're not skeptical, you are dark.

Don't you see the blockexplorer link I've post?

I lost all my BTC. However, do you think I should cry for it everyday?

In fact, I'm busy on updating my BitcoinX (An AutoIt Shell for the official bitcoin client for windows. ) http://forum.bitcoin.org/index.php?topic=23791

Because I have to work on a virtual machine - I'm using a Macbook air, I had no time to back here for crying...

Well obviously after you had your good cry you were still reading the board!! Your only statement is against me and you call me "dark" (whatever that means) for being skeptical and pointing out a trend.

I'm not calling you a liar. People are getting robbed and I sympathize. I was compromised as well within three days of getting into BTC but I think someone was punishing me for something stupid I did. We all know it's happening.

Nonetheless, I'm skeptical. I and a few others exposed an obvious scam right on the board here so there are reports like yours that are false. If you're going to bring it to the board back up your claim.

Otherwise you are just spreading fear and pessimism and in my world that would be considered "dark".
BitcoinDealer
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
June 30, 2011, 03:03:55 PM
 #37


Dropbox didn't require a login password for a while a couple weeks ago.  Anyone storing a wallet file on dropbox should've promptly transferred the bitcoins to a new wallet file.

Are you serious? They don't run automated tests on something critical like authentication? That's retarded.
theowalpott
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
June 30, 2011, 03:11:29 PM
 #38

dban is a bit overkill if you just want to wipe the MBR and destroy data on a drive. A single zero pass would be fine Smiley Takes a hell of a lot less time!

It does have that option. I used the so called "least secure" option of a zero pass on a 100 gb HD and it took 2 hours max. Some of the erase options dban offers are insane.

Just use a linux liveCD and run:

DISCLAIMER: DO NOT "test" THESE COMMANDS ON A SYSTEM YOU DON'T WANT TO DESTROY!!!!!

dd if=/dev/zero of=/dev/sdX

where X is the device

Did this to a 1TB drive not long ago, took maybe 4 hours... maybe a little more.

You could also do a (psuedo)random data write with

dd if=/dev/urandom of=/dev/sda

Since we were talking about these rootkit viruses within the MBR.. If you just wanted to kill the MBR:

dd if=/dev/null of=/dev/sdX bs=446 count=1

and to remove both the MBR and the partition table (which you'd have to rebuild if you wanted to use the partitions again!):
dd if=/dev/null of=/dev/sdX bs=512 count=1

DISCLAIMER: DO NOT "test" THESE COMMANDS ON A SYSTEM YOU DON'T WANT TO DESTROY!!!!!

I'd imagine these rootkits would get back into the MBR as soon as windows boots again, so I don't think this would fix it without at least killing the processes/services which it depends on in windows.

Interesting virus.. very nasty Sad I'm gonna do some checking on all my systems. Guess its perfectly possible that poeple are losing their wallets to this rootkit/botnet - they could easily send a command to the infected machines to search for wallet.dat and send email/send it somewhere. Obviously I'm just guessing! But AFAIK you could end up infected just by visiting the wrong website :/


1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
Capitan
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
June 30, 2011, 10:02:56 PM
 #39

Is there any way to detect this virus?
Capitan
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
June 30, 2011, 10:32:49 PM
 #40

Man. Before two weeks ago I wasn't that concerned about security. This forum has made me super paranoid about network and PC security. Thanks a lot, guys.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!