Bitcoin Forum
October 22, 2017, 11:03:32 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
Author Topic: my wallets were stolen just now, can any one help me?  (Read 11766 times)
watertech666
Member
**
Offline Offline

Activity: 62



View Profile WWW
August 19, 2013, 03:50:58 PM
 #1

unfortunately. my 2 wallets were stolen 2 hours ago by same thief. thief's address is 1FeUJVtvchu3NREJnACpWAYG6B1xN4oBKB . he stole 42 btc from 1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc    and  221.84btc from 1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn    

can any one help me to track this address and catch this thief?

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
1508713412
Hero Member
*
Offline Offline

Posts: 1508713412

View Profile Personal Message (Offline)

Ignore
1508713412
Reply with quote  #2

1508713412
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508713412
Hero Member
*
Offline Offline

Posts: 1508713412

View Profile Personal Message (Offline)

Ignore
1508713412
Reply with quote  #2

1508713412
Report to moderator
peonminer
Hero Member
*****
Offline Offline

Activity: 588



View Profile
August 19, 2013, 04:03:47 PM
 #2

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
m19
Full Member
***
Offline Offline

Activity: 187


View Profile
August 19, 2013, 04:06:58 PM
 #3

Sucks man, looks like he stole alot more than that, that address received alot more BTC today.
impulse
Full Member
***
Offline Offline

Activity: 151


View Profile
August 19, 2013, 04:16:05 PM
 #4

If you don't mind me asking, how were these coins stored and secured? It might help if you can figure out how they were compromised.
auzaar
Full Member
***
Offline Offline

Activity: 151



View Profile
August 19, 2013, 04:17:28 PM
 #5

How?
BurtW
Legendary
*
Offline Offline

Activity: 2058

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:22:55 PM
 #6

What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Elwar
Legendary
*
Offline Offline

Activity: 2254


www.bitpools.com


View Profile WWW
August 19, 2013, 04:27:09 PM
 #7

IP address shows France but it could just be a hop.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
watertech666
Member
**
Offline Offline

Activity: 62



View Profile WWW
August 19, 2013, 04:35:20 PM
 #8

What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
BurtW
Legendary
*
Offline Offline

Activity: 2058

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:40:27 PM
 #9

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left


Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
auzaar
Full Member
***
Offline Offline

Activity: 151



View Profile
August 19, 2013, 04:44:34 PM
 #10

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

...
I am looking into it but so far it looks like your are the victim of a known issue, the bad signature bug caused by a faulty secure random number generator.
...
News: Due to a serious flaw in Android, all users of Android-based wallets must take immediate action. More info

You can find out more there.


But he said "i don't use android phone." does this RNG problem affects web wallets too, then whole internet is doomed
M4v3R
Hero Member
*****
Offline Offline

Activity: 607



View Profile
August 19, 2013, 04:50:54 PM
 #11

@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
August 19, 2013, 04:51:42 PM
 #12


<snipped incorrect information deleted by BurtW. I left the explanation at it may help others to understand Bitcoin tx better>

304402205713e765e3c010b6d8f7bfee8e574f1423c88fdd9504d4ec0128b8f6f0037e6702204f625cb1772dc54dcc662cabade0a20141b849e5e4b4d80c98876c42bcd5f98f01 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

and

3046022100ce9509ae9b442f0ad2684b7fd83923b4f6df70c9197f22c616c429a6efac03a3022100da424212a11effccc7eadf8bf532250911706636483376dbd5ef04033f75104201 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5


The signatures are not the same.  The bolded portions is the public key and it will remain the same for all tx from the same address.
What is commonly (and incorrectly) referred to as the "signature" is actually the "ScriptSig & PubKey".  
The portion beginning with 0x30 is the actual signature.  The portion of the signature that is the unique random number is underlined (thank for correction: M4v3R).
The portion  beginning with 0x04 is the pubkey.

This diagram might help it shows a breakdown of the TxIn structure.
https://en.bitcoin.it/w/images/en/e/e1/TxBinaryMap.png

For secure ECDSA signatures one must use a nonce (number used once) which hasn't already been used in a prior signatures.  Although it doesn't need to be random (just unique) large random numbers are normally used to simplify nonce selection.  If the nonce is reused then the private key can be reconstructed from the other information.  The android flaw is that it duplicated random numbers however the OP indicated he doesn't use an android phone.

On edit: r value can be "eyeballed" but it is the portion underlined not the bolded portion.  Thanks M4v3R
TitanBTC
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
August 19, 2013, 04:54:38 PM
 #13

Can you contact blockchain to get a record of logins to your account?  You may have a key stroke logger program that is installed on your machine and they just collected your login info from that data.  If blockchain shows someone logged in as you, at a time that doesn't look familiar to you, they probably used more traditional hacking methods to get access.  Let's rule out the easy stuff first.

rumbitla
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2013, 04:55:47 PM
 #14


i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
Did you have 2 factor authorization activated on blockchain.info?
BurtW
Legendary
*
Offline Offline

Activity: 2058

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:57:34 PM
 #15

@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
Thanks, deleting my stupid post now.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Chef Ramsay
Legendary
*
Offline Offline

Activity: 1540



View Profile
August 19, 2013, 04:57:47 PM
 #16

Holy crap!! I sure hope we can get to the bottom of this. Sad
BurtW
Legendary
*
Offline Offline

Activity: 2058

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 05:03:44 PM
 #17

Also, thanks to D&T for your great post (as always).

However, let's talk about your password on blockchain.info.  How many characters is it?  Did you use the same password anywhere else?  Was it "strong" and "long"?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
The Bitcoin Catalog
Full Member
***
Offline Offline

Activity: 238


The Bitcoin Catalog ---> Get Started!


View Profile WWW
August 19, 2013, 05:06:10 PM
 #18

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.

http://bitcoinprbuzz.com/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin/

The Bitcoin Catalog: Second edition coming out in November! Click here for a  FREE pdf catalog!
Follow us on twitter! @BTCcatalog
dddbtc
Sr. Member
****
Offline Offline

Activity: 448


Cryptome.org | Privacy, Security & Spying News | ฿


View Profile WWW
August 19, 2013, 05:08:02 PM
 #19

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left



Oh come on now, don't throw salt in this users wound.  If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket.  You'd tell people they stole ALL your money too.

rumbitla
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2013, 05:11:39 PM
 #20

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!