Bitcoin Forum
December 12, 2017, 05:00:08 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
Author Topic: my wallets were stolen just now, can any one help me?  (Read 11884 times)
watertech666
Member
**
Offline Offline

Activity: 62



View Profile WWW
August 19, 2013, 05:14:00 PM
 #21

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left

I am looking into it but so far it looks like you are the victim of a known issue, the bad signature bug caused by a faulty secure random number generator.

The signatures of your most recent two transactions:

https://blockchain.info/tx/a7a0477f8dcff04843d8a9fa734a12125a6a3521c76b6229d434d924123c00fc

https://blockchain.info/tx/d7ca2c2726a8793ceb4681950732721506ec4cb700a116d288754beaeb2149dd

appear to be the same:

304402205713e765e3c010b6d8f7bfee8e574f1423c88fdd9504d4ec0128b8f6f0037e6702204f6 25cb1772dc54dcc662cabade0a20141b849e5e4b4d80c98876c42bcd5f98f01 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

and

3046022100ce9509ae9b442f0ad2684b7fd83923b4f6df70c9197f22c616c429a6efac03a302210 0da424212a11effccc7eadf8bf532250911706636483376dbd5ef04033f75104201 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

Can someone else please verify this is the issue?


If you look up above here on this forum there is a red link that says:

News: Due to a serious flaw in Android, all users of Android-based wallets must take immediate action. More info

You can find out more there.


1.  i don't have android phone. i always use website block chain.info for transactions/
2. https://blockchain.info/tx/a7a0477f8dcff04843d8a9fa734a12125a6a3521c76b6229d434d924123c00fc   this transaction to mtgox.com

So if can I think this thief make transaction to BTC TRADE PLATFORM?

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
1513098008
Hero Member
*
Offline Offline

Posts: 1513098008

View Profile Personal Message (Offline)

Ignore
1513098008
Reply with quote  #2

1513098008
Report to moderator
1513098008
Hero Member
*
Offline Offline

Posts: 1513098008

View Profile Personal Message (Offline)

Ignore
1513098008
Reply with quote  #2

1513098008
Report to moderator
1513098008
Hero Member
*
Offline Offline

Posts: 1513098008

View Profile Personal Message (Offline)

Ignore
1513098008
Reply with quote  #2

1513098008
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513098008
Hero Member
*
Offline Offline

Posts: 1513098008

View Profile Personal Message (Offline)

Ignore
1513098008
Reply with quote  #2

1513098008
Report to moderator
M4v3R
Hero Member
*****
Offline Offline

Activity: 605



View Profile
August 19, 2013, 05:15:49 PM
 #22

You can't spot issues with bad RNG (due to Android or any other future bug) by just eyeballing the signature.   The signature won't be identical as the signature is a signing of the hash of the simplified tx.  Since any two txs will be different the hash will be different and the signature will be different as well.  

I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:

Tx 1: R1, R1
Tx 2: R2, R2

However if your RNG is flawed and spits out two identical random numbers, it becomes:

Tx 1: R, S1
Tx 2: R, S2

And because of that we can calculate the private key used to generate these signatures using equation below:

Private key = (e1*S2 - e2*S1)/(R*(S1-S2))

Where e1 and e2 are hashes of the transaction, which are also public knowledge.

So the point is - you can spot an issue (a specific kind of issue) with the RNG just by looking at the signatures.

Source: PS3 hack slides and Nils Schneider's blog
rumbitla
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2013, 05:15:58 PM
 #23

.
watertech666
Member
**
Offline Offline

Activity: 62



View Profile WWW
August 19, 2013, 05:18:46 PM
 #24


i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
Did you have 2 factor authorization activated on blockchain.info?

YES. I Have google authenticator.

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
August 19, 2013, 05:25:44 PM
 #25

2 address difference password. one of them same password as [REDACTED]

If the attacker is watching you just gave him more accounts to attack.  
1) Delete or modify your post above  ^
2) Change those passwords ASAP.

NEVER reuse passwords at least not for any account which has monetary value.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
August 19, 2013, 05:26:51 PM
 #26

I believe you are also incorrect here ...

In review you are correct.  I fixed the post.  Thanks.
rumbitla
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2013, 05:28:39 PM
 #27

Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?
watertech666
Member
**
Offline Offline

Activity: 62



View Profile WWW
August 19, 2013, 05:31:55 PM
 #28

Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
BurtW
Legendary
*
Offline Offline

Activity: 2114

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 05:32:06 PM
 #29

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left



Oh come on now, don't throw salt in this users wound.  If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket.  You'd tell people they stole ALL your money too.
I was not trying to make him feel worse than he already does.  I consider the fact that the thief left this small amount of BTC and did not take it all a clue.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
rumbitla
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2013, 05:36:36 PM
 #30

Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.
Your computer might be compromised and keylogged and your wallet.aes.json file been stolen.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
August 19, 2013, 05:38:40 PM
 #31

Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.

If attacker has gained access to your computer he would have access to the backup file and could keylog your passphrase the last time you used it (anywhere you typed it not necessarily just blockchain.info).  
Password + backup file is all that is needed.  blockchain.info 2FA only prevents attacker from using the site not from decrypting a backup.

That is the most likely attack scenario however since you reused passwords on multiple sites it is possible (although less likely) the password was compromised from another site.  NEVER reuse passwords.  If you are going to ignore that advice at a minimum use unique strong passwords for financial sites (banks, paypal, bitcoin exchanges, wallets, etc) as well as any method of resetting password for those sites (i.e. email).  Someone hacking your twitter account is much less of a loss than hacking your money.
millsdmb
Sr. Member
****
Offline Offline

Activity: 308


View Profile
August 19, 2013, 05:47:45 PM
 #32

looks like its all going to dice.

Hitler Finds out about the Butterfly Labs Monarch http://www.youtube.com/watch?v=4jYNMKdv36w
Get $10 worth of BTC Free when you buy $100 worth at coinbase.com/?r=51dffa8970f85a53bd000034
Damnsammit
Sr. Member
****
Offline Offline

Activity: 406



View Profile
August 19, 2013, 05:57:03 PM
 #33

Holy shit!  That's a lot of Bitcoin.  Sorry to hear about this Sad

acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
August 19, 2013, 06:18:54 PM
 #34

This is the second incident (I'm aware of) with an attacker gaining access to a blockchain.info account. In the earlier one several account balances were moved to a new one in an apparently coordinated operation.

The victims share similarities. If I remember at least one of the victims in the earlier theft used 2FA, and may have kept a local backup. The best guess I have is similar to DeathAndTaxes which is some kind of keylogger, but even that seems to not fit well because there would be reports of other services being burgled.

It's hard to see where the vulnerability is here. We really need those Trezors. In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
August 19, 2013, 06:22:46 PM
 #35

We really need those Trezors.

I like my hardware wallet.  https://bitcointalk.org/index.php?topic=277583.msg2964099#msg2964099

Just kidding.  Smiley

Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.

01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 742



View Profile
August 19, 2013, 06:22:47 PM
 #36

Why is he now playing SD with tiny amount?
Elwar
Legendary
*
Online Online

Activity: 2310


www.bitpools.com


View Profile WWW
August 19, 2013, 06:25:03 PM
 #37

In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.

Lesson learned for anyone else. Keep large amounts in cold storage. Only use online wallets for day to day spending.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
August 19, 2013, 06:32:58 PM
 #38

We really need those Trezors.

I like my hardware wallet.  https://bitcointalk.org/index.php?topic=277583.msg2964099#msg2964099

Just kidding.  Smiley

Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.

Now that's what I call a safe! Smiley

I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
astrolabe
Newbie
*
Offline Offline

Activity: 20


View Profile
August 19, 2013, 06:35:13 PM
 #39

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/

But also

'In a world first, SYTECH has announced a stolen Bitcoin tracing and recovery service; turning its decades of digital forensics expertise to tracing online Bitcoin criminals and recovering stolen Bitcoin for their clients.'

From http://www.sytech-consultants.com/blog/2013/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin

If it was my coins stolen, I think I'd offer them the job if they would take no more than 50% of what they recovered.
techwtf.
Newbie
*
Offline Offline

Activity: 2


View Profile
August 19, 2013, 06:38:49 PM
 #40

Looks like your pc is compromised. Scan it .
Pages: « 1 [2] 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!