haimcn (OP)
Newbie
 Offline
Activity: 15
Merit: 0
|
 |
July 07, 2013, 03:06:02 PM |
|
Hi I'm not that newbie, or at least i thought so, but I think I have been hacked and I wondered if someone can hint on how. I used my account in blockchain.info for satoshidice gambling from address 16io8zfbhStqe9WVdHN3JLzc29D73okaoy. On Saturday, 45 minutes after a the last satoshidice transactions, an unknown transaction emptied my wallet. First, I assume I have nothing to do with it and the coins were lost, correct? Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone. Thanks, Haim |
|
|
|
|
|
|
|
|
|
|
|
|
|
The Bitcoin software, network, and concept is called "Bitcoin" with a capitalized "B". Bitcoin currency units are called "bitcoins" with a lowercase "b" -- this is often abbreviated BTC.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Mutated btc
Member
Offline
Activity: 84
Merit: 10
|
|
July 07, 2013, 03:44:10 PM |
|
how many coins lost?
|
|
|
|
|
|
Lohoris
|
|
July 07, 2013, 03:45:29 PM |
|
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase? Did you contact blockchain.info's support? |
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1130
All paid signature campaigns should be banned.
|
|
July 07, 2013, 04:00:33 PM |
|
I am interested in the change address. Did they really clean you out but leave 0.0015629 in change on one of your addresses? Is this one of your addresses? https://blockchain.info/address/1GhrHe13nFhAHMJ5UZLJJN1uaGHF6n4hN8 |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 04:17:54 PM |
|
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase? Did you contact blockchain.info's support? Thanks for the reply. Yes, I used strong passphrase but only single password...  I contacted the support but haven't got response yet, I assume that they can do nothing about that. |
|
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 04:19:11 PM |
|
I agree the change is weird, it is not my address. |
|
|
|
|
|
ABitBack
|
|
July 07, 2013, 05:43:28 PM |
|
Second, can anyone help me understand what happened? I used blockchain.info both on my computer and my Android smartphone.
Do you have a strong passphrase? Did you contact blockchain.info's support? Thanks for the reply. Yes, I used strong passphrase but only single password... I contacted the support but haven't got response yet, I assume that they can do nothing about that. You may have a key logger. |
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1130
All paid signature campaigns should be banned.
|
|
July 07, 2013, 06:22:52 PM |
|
I agree the change is weird, it is not my address. I hate to ask such a simple question but I do not know exactly how much of a noob you are (or are not). If you go to the "Receive Money" tab in your blockchain.info wallet how many addresses are listed under each of the sub tabs "Active", "Archived" and "Shared" Make sure you go through all three and see if either of the addresses in question are listed there (especially the change address) Now more interesting questions: Do you have any remaining balance in your wallet or did they take everything from all addresses in that wallet? Are you using the web site directly or using a plug in (plug in is a bit safer)? Are you using two factor authentication? Are you using the web site only, android application only or a combination of the two? Do you have any other wallets besides your blockchain.info wallet? Do you use the password you use at blockchain.info at any other web site anywhere? |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 06:35:03 PM |
|
Thanks for the assistance. If you go to the "Receive Money" tab in your blockchain.info wallet how many addresses are listed under each of the sub tabs "Active", "Archived" and "Shared"
Make sure you go through all three and see if either of the addresses in question are listed there (especially the change address)
I have only 3 active addresses, 2 of them never had coins, and all of them are empty Now more interesting questions:
Do you have any remaining balance in your wallet or did they take everything from all addresses in that wallet?
Currently I have balance of 0.00. Are you using the web site directly or using a plug in (plug in is a bit safer)?
I used the web interface, from Firefox and Chrome and from several computers... Which raise the question of where is the keylogger, if this is the explanation...  Are you using two factor authentication?
No, though, I guess it wouldn't help for keylogger. Are you using the web site only, android application only or a combination of the two?
Both, the transaction in question happened after some usage of the Android app. Do you have any other wallets besides your blockchain.info wallet?
I created few addresses on my computer when I played with the client, nothing alive or with coins. Do you use the password you use at blockchain.info at any other web site anywhere?
Not on the web, I won't use it anymore... Thanks. |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1130
All paid signature campaigns should be banned.
|
|
July 07, 2013, 06:41:17 PM |
|
Are you using the web site only, android application only or a combination of the two?
Both, the transaction in question happened after some usage of the Android app. This line of thinking might be worth some checking. The keylogger/thief/bad mojo may be on your phone. I don't think it is the ap but I have to ask, where did you get the ap? Assuming it is not the ap itself can you check your phone for malware? I still have to wonder, what the hell is up with the change? Why is there change? Where did it go? Strange. It is still sitting there. I guess you can monitor that address for movement. |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 06:51:48 PM |
|
I don't think it is the ap but I have to ask, where did you get the ap?
Assuming it is not the ap itself can you check your phone for malware?
I still have to wonder, what the hell is up with the change? Why is there change? Where did it go? Strange. It is still sitting there. I guess you can monitor that address for movement.
The app is the formal blockchain.info app, I think I got it from the Play Store. I will try to look for malwares on the phone, will get some reading. The change is a good question indeed. Although both payment still sit in the receiver accounts and I can track them, I don't really have what to do with it. This is the essence of Bitcoin, anonymity, isn't it? I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them). |
|
|
|
|
|
Lohoris
|
|
July 07, 2013, 07:03:00 PM |
|
I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work. |
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 07:08:30 PM |
|
I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work. I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did. Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all. |
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1130
All paid signature campaigns should be banned.
|
|
July 07, 2013, 07:09:11 PM |
|
Next question, where did you get your keypair? In other words, did you generate the keypair externally and then import the private key or did blockchain.info generate the keypair (using javascript on your computer)?
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
Lohoris
|
|
July 07, 2013, 07:17:39 PM |
|
I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work. I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did. Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all. No, this cannot be solved, period. Cash is cash is cash. Or it's not cash anymore. If someone steals 1 dollar and then uses to pay a few apples at the groceries, you can't take that dollar from the grocery store, or the concept itself of cash is dead. So, no tainted coins. |
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 07:25:06 PM |
|
I guess in the future, the network can develop a mechanism to mark "bad" address and then avoid taking payments from such address, today there is no such mechanism (I guess bigger thefts can be tracked and nothing can be done with them).
No, bitcoins are cash, there is no possible way to make such a thing work. I disagree with this statement, though I'm aware to the fact that there are many problems with such approach - mainly, how do I prove that this is theft and not transaction I did. Resolving these problems will make Bitcoin theft irrelevant and enable better security, and from feasibility point of view it is not hard at all. No, this cannot be solved, period. Cash is cash is cash. Or it's not cash anymore. If someone steals 1 dollar and then uses to pay a few apples at the groceries, you can't take that dollar from the grocery store, or the concept itself of cash is dead. So, no tainted coins. Though, big money transfers are being done with marked bills, which gives the option to catch the thief. |
|
|
|
|
haimcn (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
July 07, 2013, 07:26:09 PM |
|
Next question, where did you get your keypair? In other words, did you generate the keypair externally and then import the private key or did blockchain.info generate the keypair (using javascript on your computer)?
The keypair was generated in blockchain.info, I don't remember how (probably javascript) |
|
|
|
|
fxj
Newbie
Offline
Activity: 28
Merit: 0
|
|
July 07, 2013, 07:29:13 PM |
|
IF your computer was hacked, there are so many ways this could have happened. You can't expect to find out how by asking here on the forum. To stand a realistic chance of getting the answer, you'd have to let somebody in the know examine your computer.
Read up on best practices for computer security and BC security, re-install your OS, get a new start.
|
|
|
|
|
|
Lohoris
|
|
July 07, 2013, 07:32:54 PM |
|
Though, big money transfers are being done with marked bills, which gives the option to catch the thief.
You can catch the thief, but you can't confiscate them from a third party if he was uninvolved and just happened to be paid with one such bills. And you can already try to do that with bitcoin: the ledger is public and you can look at the path that those coins will follow, eventually hitting a known address. Which might or might not be related with the thief. It likely won't. |
|
|
|
|
