Bitcoin Forum
October 20, 2017, 02:11:29 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: [XPM] 7800 STOLEN - Please read / help  (Read 3115 times)
Fernandez
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 19, 2013, 01:31:08 PM
 #21

Sounds great, Im a bit new...what a cold wallet?

Is it one that does stay online and up-to-date with the blockchain?

Exactly the opposite  Smiley






██████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████▄▄▄███████████████████████
███████████████████████████████████████████████████████████████████████▀▀▀████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████





...INTRODUCING WAVES........
...ULTIMATE ASSET/CUSTOM TOKEN BLOCKCHAIN PLATFORM...






1508465489
Hero Member
*
Offline Offline

Posts: 1508465489

View Profile Personal Message (Offline)

Ignore
1508465489
Reply with quote  #2

1508465489
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508465489
Hero Member
*
Offline Offline

Posts: 1508465489

View Profile Personal Message (Offline)

Ignore
1508465489
Reply with quote  #2

1508465489
Report to moderator
hathmill
Full Member
***
Offline Offline

Activity: 186



View Profile
August 19, 2013, 01:31:30 PM
 #22

Sorry for your loss. In the future, run Ubuntu from CD, install Qt, disconnect from internet physically, never mind syncing blocks, create new wallet, extract private key and save on paper or somerhing, switch of power to computer. Now when you do mining, send all proceeds to this cold storage and do it at once you get the coins.
itsAj
Hero Member
*****
Offline Offline

Activity: 588



View Profile
August 19, 2013, 02:13:37 PM
 #23

Sorry to hear about your loss. Use multiple wallets and strong passwords next time.
Entz
Full Member
***
Offline Offline

Activity: 210


I not use any kind of messenger beware of scammers


View Profile
August 19, 2013, 02:16:09 PM
 #24

I am sorry for your loss as well.

In an effort to help prevent this from happening to others I have a question:
- You mentioned "those instances were 100% using an encrypted wallet." I thought you couldn't mine with an encrypted wallet?
- On EC2 where you running windows or linux instances? I know with linux instances you can only log in with your keypair (pem) and all ports are blocked unless you open them with a custom security group config. Not sure on windows (I believe you can set a custom administrator password and clone with the same windows login ID and RPD easily to it)

As you mentioned this likely happened earlier though... This is why I do not use shared wallets. Or store my central wallets on windows =/


The problem with cold wallets is, by design, you have no access to it. Which makes it hard to "sell" coins to recoup expenses (and opens it up to being stolen via a compromised system)

01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 742



View Profile
August 19, 2013, 02:19:35 PM
 #25

Perhaps he brute forced the root password and got into SSH/SFTP? If so, Fail2ban could have prevented that and i recommend every server user to install it. Those VPS mining guides, while useful, did not take malicious intent into account.
Sucks man...
Fail2ban is vulnerable to DOS of the entire server via log poisoning.

Deactivate password login and only use key-based authentication, problem solved.
psybits
Legendary
*
Offline Offline

Activity: 1302


Crypto Addicto


View Profile WWW
August 19, 2013, 02:24:32 PM
 #26

I wonder if these guys can help:

http://bitcoinprbuzz.com/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin/

Qantaqa
Jr. Member
*
Offline Offline

Activity: 39


View Profile
August 19, 2013, 02:27:19 PM
 #27

Thats a lot of XPM, hope my donation helps cover a small piece of the costs. Please keep us updated on your findings. You could make a good guide about securely using your wallet on different machines, which in itself could be worth some nice donations.

Good luck and I hope the XPM will come back to you.

Ψ AP2L7mH6T3hBfbFe6BYhJAjQCpkp6Fe4mC
cryptohunter
Legendary
*
Offline Offline

Activity: 1526


View Profile
August 19, 2013, 02:36:20 PM
 #28

I don't have any coin i guess worth anything like 7k  however would be good to know there is a way to thwart people stealing your coins to some degree. I don't see how it would work ? why was he only trying to draw 10xpm at one time, why did he not extract the coins in one large transaction?

I would guess because the block value is a little over 10 XPM right now.

Really sorry to hear what happened to you, Paul. I had my Bter account hacked a couple of months back, and while my losses pales in comparison to yours, they were quite significant to me and hurt a lot.

Mail the shit out of all the exchanges and tell them not to accept any transactions from that address. Also keep a lookout to see where the coins move.
Indeed 7068 were taken in one hit, then 10 XPM at a time when each block matured.  The blocks were all around 10.5 in value to be on the safe side and account for fees he was sending 10 at a time.  The script was simply...
Code:
#!/bin/bash
while true; do ./primecoind sendtoaddress <myaddress> 10.4; done;


Ah, thanks i understand now. Sorry to hear this.

"Mail the shit out of all the exchanges and tell them not to accept any transactions from that address"   - would that work?  could they just not create another wallet on another machine and clean them through that?
I wonder in the future if the actual coins can be identified and black listed if proven to be stolen. Probably not i guess since that would have been done, and who would decide if they were really stolen or not hmmm

Sadly the sort of person that would hack into your machine and take every single coin is probably not going to give any back. Sad

████████
████████
████
████





████
████
████████
████████
     ▄▄████████▄▄
   ▄██████████████▄
 ▄██████████████████▄
██████▀▀▀▀▀█████▀▀▀▀▀█
██████     █████     █
██████     █████     █             ▄▄▄
██████     ▀▀▀▀▀     █        ███  ███
 ▀████                  ▄▄▄   ███  ▄▄▄ ▄▄▄  ▄▄▄ ▄▄▄ ▄▄▄  ▄▄
   ▀██     ▄▄▄▄▄      ▄█████▄ ███  ███ ███  ███ ████████████▄
     ▀     █████      ███▄▄██ ███  ███ ███  ███ ███ ▀███ ▀███
           ▀▀███      ███▄▄▄  ███▄ ███ ███▄████ ███  ███  ███
               ▀       ▀████▀  ▀██ ███ ▀███▀███ ███  ███  ███
                   ▀█
████████
████████
████
████





████
████
████████
████████
█  ████▀  █
█  ██▀▄█  █
█  ▀▄███  █
█  ████▀  █
██▀▄█
▀▄███
████▀
██▀▄█

▀▄███

█  ████▀  █

█  ██▀▄█  █

█  ▀▄███  █

█  █████  █
|
█  ████▀  █
█  ██▀▄█  █
█  ▀▄███  █
█  ████▀  █
██▀▄█
▀▄███
████▀
██▀▄█

▀▄███

█  ████▀  █

█  ██▀▄█  █

█  ▀▄███  █

█  █████  █
paulthetafy
Hero Member
*****
Online Online

Activity: 804


View Profile
August 19, 2013, 02:43:11 PM
 #29

In an effort to help prevent this from happening to others I have a question:
- You mentioned "those instances were 100% using an encrypted wallet." I thought you couldn't mine with an encrypted wallet?
- On EC2 where you running windows or linux instances? I know with linux instances you can only log in with your keypair (pem) and all ports are blocked unless you open them with a custom security group config. Not sure on windows (I believe you can set a custom administrator password and clone with the same windows login ID and RPD easily to it)

As you mentioned this likely happened earlier though... This is why I do not use shared wallets. Or store my central wallets on windows =/


Yes mining with an encrypted wallet is fine.  You can't use sendtoaddress while encrypted though.
I was using Linux instances with all incoming ports closed except 22 for SSH.

I've learned my lesson with shared wallets.  Even though it is significantly easier to manage across lots of machines, I'll never do it again!

Thats a lot of XPM, hope my donation helps cover a small piece of the costs. Please keep us updated on your findings. You could make a good guide about securely using your wallet on different machines, which in itself could be worth some nice donations.

Good luck and I hope the XPM will come back to you.
Thanks, that's very kind of you

Boomsling
Member
**
Offline Offline

Activity: 113


View Profile
August 19, 2013, 02:52:18 PM
 #30

Sounds great, Im a bit new...what a cold wallet?

Is it one that does stay online and up-to-date with the blockchain?

Exactly the opposite  Smiley

Typo, meant Doesn't

Cheers! Smiley

UPDATEAdmin from ypool has responded.


:jh00: I have already contacted paulthetafy. Sadly we have no transaction that involves the thief's XPM address.

Hope some other avenue opens up.
hendo420
Sr. Member
****
Offline Offline

Activity: 392



View Profile WWW
August 19, 2013, 02:54:38 PM
 #31

Sounds great, Im a bit new...what a cold wallet?

Is it one that does stay online and up-to-date with the blockchain?

You keep it in the freezer.  Tongue

The cold wallet does not stay synced to the block chain. You just backup your wallet.dat Once you have the address you can send coins to it and all you have to do to use thoes coins is to import the wallet.dat into a wallet/client.

I'm not sure how clear i'm being. lol

42 The Meaning of Life and CryptoCurrency       http://www.coingig.com/Hendo420
Boomsling
Member
**
Offline Offline

Activity: 113


View Profile
August 19, 2013, 03:34:02 PM
 #32

I think Ive got it.

Im gonna do something else which I hope is just as good.

Create a bootable USB with Ubuntu or similar on it and have a wllaet on there and keep my saving on it.

I just plug it in every now and again to update the wallet with coins Ive sent.

Is there a expiry time for transfere?

e.g.

I send coins to my USB wallet on Saturday and only update on the Friday. Will they always show up?

Sorry to OP for slightly derailing the thread but I'm sure others will find this info useful or at least make them think about their own security.
hendo420
Sr. Member
****
Offline Offline

Activity: 392



View Profile WWW
August 19, 2013, 04:02:56 PM
 #33

I think Ive got it.

Im gonna do something else which I hope is just as good.

Create a bootable USB with Ubuntu or similar on it and have a wllaet on there and keep my saving on it.

I just plug it in every now and again to update the wallet with coins Ive sent.

Is there a expiry time for transfere?

e.g.

I send coins to my USB wallet on Saturday and only update on the Friday. Will they always show up?

Sorry to OP for slightly derailing the thread but I'm sure others will find this info useful or at least make them think about their own security.

Your wallet could be offline for 10 years and still get the transaction when you bring it online.

If you go with the bootable linux. Make sure you make a copy, usb flash drives dont fail often but THEY DO FAIL so be careful.

Another option is to print out a paper wallet and send coins to it. Just don't lose it.  Cheesy

42 The Meaning of Life and CryptoCurrency       http://www.coingig.com/Hendo420
r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
August 19, 2013, 05:23:22 PM
 #34

are you the guy who accused me of stealing 7000 xpms on mcxnow chat? i'm sorry for your loss man but i kinda take offense to being accused of it out of the blue. i understand you were running j-coin on the same server iirc, hence your suspicions since i made j-coin. if someone could strip j-coin down and look it over for signs of a wallet stealer i'd really appreciate it. I don't need this bad publicity with everone already accusing me of being a scammer over the Gascoin debacle

My negative trust rating is reflective of a personal vendetta by someone on default trust.
paulthetafy
Hero Member
*****
Online Online

Activity: 804


View Profile
August 19, 2013, 05:54:57 PM
 #35

are you the guy who accused me of stealing 7000 xpms on mcxnow chat? i'm sorry for your loss man but i kinda take offense to being accused of it out of the blue. i understand you were running j-coin on the same server iirc, hence your suspicions since i made j-coin. if someone could strip j-coin down and look it over for signs of a wallet stealer i'd really appreciate it. I don't need this bad publicity with everone already accusing me of being a scammer over the Gascoin debacle
Oh I absolutely didn't accuse - I think there was a misunderstanding there.  Someone asked what else I had installed on that machine and I said that the only thing was the j-coin wallet.  No implication there and I didn't for a minute suggest that you/it were to blame.  I've said all along I thought the wallet was probably copied weeks ago.  Sorry if it came across wrongly. 

r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
August 19, 2013, 05:58:15 PM
 #36

are you the guy who accused me of stealing 7000 xpms on mcxnow chat? i'm sorry for your loss man but i kinda take offense to being accused of it out of the blue. i understand you were running j-coin on the same server iirc, hence your suspicions since i made j-coin. if someone could strip j-coin down and look it over for signs of a wallet stealer i'd really appreciate it. I don't need this bad publicity with everone already accusing me of being a scammer over the Gascoin debacle
Oh I absolutely didn't accuse - I think there was a misunderstanding there.  Someone asked what else I had installed on that machine and I said that the only thing was the j-coin wallet.  No implication there and I didn't for a minute suggest that you/it were to blame.  I've said all along I thought the wallet was probably copied weeks ago.  Sorry if it came across wrongly. 

ah okay, i just wanted to clear that up since i caught the tail end of the conversation. you had already moved on from the conversation and the trolls were all over me giving me the what for. again, i'm sorry for your loss. i hope they catch the guy. all scammers must pay

My negative trust rating is reflective of a personal vendetta by someone on default trust.
CryptoBullion
Sr. Member
****
Offline Offline

Activity: 266


View Profile
August 19, 2013, 08:54:00 PM
 #37

for future use of vpn i urge everyone to do this


Code:
apt-get update && apt-get --yes upgrade

useradd -m -G sudo,adm -s /bin/bash yournewusername

passwd root

start a text file one your home pc and start beating up your keyboard , use the shift key and numbers to get special chars.  about 20-50 chars long should do.

it should like like

!W45ygbw4%BN56j8u46m7mki578,o0,5mrn6Uw4b5vy1q34tv13%By2n456@$5y2v#$%t1cf34Tg2v345t24%BY@$YH#%6unh5&U#bv45c@#$!#!#RE$T!#$VQ#$

save your text file!!!! and don't lose it.

make two of these passwords, so you can add a secure password to your new user u added.

Code:
passwd yournewusername

next you should also disable root access

Code:
nano /etc/ssh/sshd_config

change the permit root login option to no , save the file.

Code:
exit

log out as root, and log back in using your new username and password in your text file. Obviously you will just copy / paste the password, right click on your ssh console to paste it in.

This should prevent anyone from getting into your vps.

Fold Proteins, earn cryptos! CureCoin. https://bitcointalk.org/index.php?topic=268556.0
CryptoPCS.com Prepaid phone refills, post paid phone payments, and bill payments https://bitcointalk.org/index.php?topic=285148.0
Duetschpire
Sr. Member
****
Offline Offline

Activity: 369


bitify.com - Bitcoin Marketplace & Auction site


View Profile WWW
August 19, 2013, 10:03:31 PM
 #38

Incidents like this make me wonder how long it's gonna be before crypto gets a proper organization to avoid and resolve such activities. With so many coins losses from theft, scams and password/wallet loss, even guys like us who have dedicated a lot of their time, effort and money into crypto are going to give up on it one day. A $5,000 loss and a huge Amazon bill would be quite depressing and should it happen again it WILL kill the trust in crypto for both Paul and those close to him.

I'm really sorry this happened to you mate, I don't understand why bad things happen to good people, this universe sucks!

I will be sending few coins across today, and I urge everyone who can to do the same. I know Paul quite well and I know that he'd do the same should this happen to me or anyone in the community.

Hope you'll catch him mate...


yourofl10
Full Member
***
Offline Offline

Activity: 168


View Profile
August 19, 2013, 10:06:26 PM
 #39

From https://bitcointalk.org/index.php?topic=259022.0:

cd
mkdir -p .primecoin
echo 'server=1
gen=1
rpcallowip=127.0.0.1
rpcuser=primecoinrpc
rpcpassword=SOME_SECURE_PASSWORD
sievesize=1000000' > .primecoin/primecoin.conf
sed -i -e "s/SOME_SECURE_PASSWORD/`< /dev/urandom tr -cd '[:alnum:]' | head -c32`/" .primecoin/primecoin.conf

Creates a random password.

shazbits
Member
**
Offline Offline

Activity: 105



View Profile
August 19, 2013, 10:45:50 PM
 #40

So without rpcallowip=127.0.0.1, could someone bruteforce the rpc password and do a sendtoaddress? But he said he ony had port 22 open.
And how about upnp?
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!