Bitcoin Forum
April 16, 2014, 03:59:17 PM *
News: ♦♦ A bug in OpenSSL, used by Bitcoin-Qt/Bitcoin Core, could allow your bitcoins to be stolen. Immediately updating Bitcoin Core to 0.9.1 is required in some cases, especially if you're using 0.9.0. Download. More info.
The same bug also affected the forum. Changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3  All
  Print  
Author Topic: Have I been hacked? how?  (Read 5155 times)
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 03:06:02 PM
 #1

Hi

I'm not that newbie, or at least i thought so, but I think I have been hacked and I wondered if someone can hint on how.

I used my account in blockchain.info for satoshidice gambling from address 16io8zfbhStqe9WVdHN3JLzc29D73okaoy.
On Saturday, 45 minutes after a the last satoshidice transactions, an unknown transaction emptied my wallet.

First, I assume I have nothing to do with it and the coins were lost, correct?
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.

Thanks, Haim
1397663957
Hero Member
*
Offline Offline

Posts: 1397663957

View Profile Personal Message (Offline)

Ignore
1397663957
Reply with quote  #2

1397663957
Report to moderator
180GH/s ANTMINER S1 Classical mining rig by the trustworthy vendor BITMAIN
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397663957
Hero Member
*
Offline Offline

Posts: 1397663957

View Profile Personal Message (Offline)

Ignore
1397663957
Reply with quote  #2

1397663957
Report to moderator
1397663957
Hero Member
*
Offline Offline

Posts: 1397663957

View Profile Personal Message (Offline)

Ignore
1397663957
Reply with quote  #2

1397663957
Report to moderator
Mutated btc
Jr. Member
*
Offline Offline

Activity: 56


View Profile

Ignore
July 07, 2013, 03:44:10 PM
 #2

how many coins lost?
Lohoris
Sr. Member
****
Offline Offline

Activity: 448


Bitgoblin


View Profile

Ignore
July 07, 2013, 03:45:29 PM
 #3

Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase?

Did you contact blockchain.info's support?

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
July 07, 2013, 04:00:33 PM
 #4

I am interested in the change address.  Did they really clean you out but leave 0.0015629 in change on one of your addresses?

Is this one of your addresses?   https://blockchain.info/address/1GhrHe13nFhAHMJ5UZLJJN1uaGHF6n4hN8

Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
July 07, 2013, 04:01:53 PM
 #5

how many coins lost?
1.22747917 BTC went to this interesting address:  https://blockchain.info/address/1HKywxiL4JziqXrzLKhmB6a74ma6kxbSDj

Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 04:17:54 PM
 #6

Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase?

Did you contact blockchain.info's support?


Thanks for the reply.

Yes, I used strong passphrase but only single password...  Sad
I contacted the support but haven't got response yet, I assume that they can do nothing about that.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 04:19:11 PM
 #7

I am interested in the change address.  Did they really clean you out but leave 0.0015629 in change on one of your addresses?

Is this one of your addresses?   https://blockchain.info/address/1GhrHe13nFhAHMJ5UZLJJN1uaGHF6n4hN8

I agree the change is weird, it is not my address.
ABitBack
Sr. Member
****
Offline Offline

Activity: 361


Earn BTC + LTC via offers, trials, purchases, +


View Profile WWW

Ignore
July 07, 2013, 05:43:28 PM
 #8

Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase?

Did you contact blockchain.info's support?


Thanks for the reply.

Yes, I used strong passphrase but only single password...  Sad
I contacted the support but haven't got response yet, I assume that they can do nothing about that.

You may have a key logger.

BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
July 07, 2013, 06:22:52 PM
 #9

I am interested in the change address.  Did they really clean you out but leave 0.0015629 in change on one of your addresses?

Is this one of your addresses?   https://blockchain.info/address/1GhrHe13nFhAHMJ5UZLJJN1uaGHF6n4hN8

I agree the change is weird, it is not my address.
I hate to ask such a simple question but I do not know exactly how much of a noob you are (or are not).

If you go to the "Receive Money" tab in your blockchain.info wallet how many addresses are listed under each of the sub tabs "Active", "Archived" and "Shared"

Make sure you go through all three and see if either of the addresses in question are listed there (especially the change address)

Now more interesting questions:

Do you have any remaining balance in your wallet or did they take everything from all addresses in that wallet?
Are you using the web site directly or using a plug in (plug in is a bit safer)?
Are you using two factor authentication?
Are you using the web site only, android application only or a combination of the two?
Do you have any other wallets besides your blockchain.info wallet?
Do you use the password you use at blockchain.info at any other web site anywhere?


Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 06:35:03 PM
 #10

Thanks for the assistance.

If you go to the "Receive Money" tab in your blockchain.info wallet how many addresses are listed under each of the sub tabs "Active", "Archived" and "Shared"

Make sure you go through all three and see if either of the addresses in question are listed there (especially the change address)
I have only 3 active addresses, 2 of them never had coins, and all of them are empty

Now more interesting questions:

Do you have any remaining balance in your wallet or did they take everything from all addresses in that wallet?
Currently I have balance of 0.00.

Are you using the web site directly or using a plug in (plug in is a bit safer)?
I used the web interface, from Firefox and Chrome and from several computers...
Which raise the question of where is the keylogger, if this is the explanation...  Huh

Are you using two factor authentication?
No, though, I guess it wouldn't help for keylogger.

Are you using the web site only, android application only or a combination of the two?
Both, the transaction in question happened after some usage of the Android app.

Do you have any other wallets besides your blockchain.info wallet?
I created few addresses on my computer when I played with the client, nothing alive or with coins.

Do you use the password you use at blockchain.info at any other web site anywhere?
Not on the web, I won't use it anymore...

Thanks.
BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
July 07, 2013, 06:41:17 PM
 #11

Are you using the web site only, android application only or a combination of the two?
Both, the transaction in question happened after some usage of the Android app.

This line of thinking might be worth some checking.  The keylogger/thief/bad mojo may be on your phone.

I don't think it is the ap but I have to ask, where did you get the ap?

Assuming it is not the ap itself can you check your phone for malware?

I still have to wonder, what the hell is up with the change?  Why is there change?  Where did it go?  Strange.  It is still sitting there.  I guess you can monitor that address for movement.

Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 06:51:48 PM
 #12

I don't think it is the ap but I have to ask, where did you get the ap?

Assuming it is not the ap itself can you check your phone for malware?

I still have to wonder, what the hell is up with the change?  Why is there change?  Where did it go?  Strange.  It is still sitting there.  I guess you can monitor that address for movement.
The app is the formal blockchain.info app, I think I got it from the Play Store.

I will try to look for malwares on the phone, will get some reading.

The change is a good question indeed.  Sad
Although both payment still sit in the receiver accounts and I can track them, I don't really have what to do with it. This is the essence of Bitcoin, anonymity, isn't it?

I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
Lohoris
Sr. Member
****
Offline Offline

Activity: 448


Bitgoblin


View Profile

Ignore
July 07, 2013, 07:03:00 PM
 #13

I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work.

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 07:08:30 PM
 #14

I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work.

I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did.
Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all.
BurtW
Hero Member
*****
Offline Offline

Activity: 1050

I no longer support vanity addresses


View Profile

Ignore
July 07, 2013, 07:09:11 PM
 #15

Next question, where did you get your keypair?  In other words, did you generate the keypair externally and then import the private key or did blockchain.info generate the keypair (using javascript on your computer)?

Bitcoin must have unqualified fungibility to survive as a form of money.  We must support all efforts that protect and improve the fungible nature of Bitcoin and stand firmly against anyone or anything which threatens this essential property.
Lohoris
Sr. Member
****
Offline Offline

Activity: 448


Bitgoblin


View Profile

Ignore
July 07, 2013, 07:17:39 PM
 #16

I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work.
I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did.
Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all.
No, this cannot be solved, period.
Cash is cash is cash. Or it's not cash anymore.

If someone steals 1 dollar and then uses to pay a few apples at the groceries, you can't take that dollar from the grocery store, or the concept itself of cash is dead.
So, no tainted coins.

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 07:25:06 PM
 #17

I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work.
I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did.
Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all.
No, this cannot be solved, period.
Cash is cash is cash. Or it's not cash anymore.

If someone steals 1 dollar and then uses to pay a few apples at the groceries, you can't take that dollar from the grocery store, or the concept itself of cash is dead.
So, no tainted coins.

Though, big money transfers are being done with marked bills, which gives the option to catch the thief.
haimcn
Newbie
*
Offline Offline

Activity: 10


View Profile

Ignore
July 07, 2013, 07:26:09 PM
 #18

Next question, where did you get your keypair?  In other words, did you generate the keypair externally and then import the private key or did blockchain.info generate the keypair (using javascript on your computer)?
The keypair was generated in blockchain.info, I don't remember how (probably javascript)
fxj
Newbie
*
Offline Offline

Activity: 16


View Profile

Ignore
July 07, 2013, 07:29:13 PM
 #19

IF your computer was hacked, there are so many ways this could have happened. You can't expect to find out how by asking here on the forum. To stand a realistic chance of getting the answer, you'd have to let somebody in the know examine your computer.

Read up on best practices for computer security and BC security, re-install your OS, get a new start.
Lohoris
Sr. Member
****
Offline Offline

Activity: 448


Bitgoblin


View Profile

Ignore
July 07, 2013, 07:32:54 PM
 #20

Though, big money transfers are being done with marked bills, which gives the option to catch the thief.
You can catch the thief, but you can't confiscate them from a third party if he was uninvolved and just happened to be paid with one such bills.

And you can already try to do that with bitcoin: the ledger is public and you can look at the path that those coins will follow, eventually hitting a known address.
Which might or might not be related with the thief.
It likely won't.

1LohorisJie8bGGG7X4dCS9MAVsTEbzrhu
DefaultTrust is very BAD.
Pages: [1] 2 3  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!