Bitcoin Forum
November 14, 2024, 08:58:19 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
Author Topic: my wallets were stolen just now, can any one help me?  (Read 12233 times)
watertech666 (OP)
Member
**
Offline Offline

Activity: 61
Merit: 10



View Profile WWW
August 19, 2013, 03:50:58 PM
 #1

unfortunately. my 2 wallets were stolen 2 hours ago by same thief. thief's address is 1FeUJVtvchu3NREJnACpWAYG6B1xN4oBKB . he stole 42 btc from 1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc    and  221.84btc from 1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn    

can any one help me to track this address and catch this thief?

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
peonminer
Hero Member
*****
Offline Offline

Activity: 798
Merit: 531


Crypto is King.


View Profile
August 19, 2013, 04:03:47 PM
 #2

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
m19
Full Member
***
Offline Offline

Activity: 186
Merit: 100


View Profile
August 19, 2013, 04:06:58 PM
 #3

Sucks man, looks like he stole alot more than that, that address received alot more BTC today.
impulse
Full Member
***
Offline Offline

Activity: 151
Merit: 100


View Profile
August 19, 2013, 04:16:05 PM
 #4

If you don't mind me asking, how were these coins stored and secured? It might help if you can figure out how they were compromised.
auzaar
Full Member
***
Offline Offline

Activity: 151
Merit: 100



View Profile
August 19, 2013, 04:17:28 PM
 #5

How?
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:22:55 PM
 #6

What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
August 19, 2013, 04:27:09 PM
 #7

IP address shows France but it could just be a hop.

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
watertech666 (OP)
Member
**
Offline Offline

Activity: 61
Merit: 10



View Profile WWW
August 19, 2013, 04:35:20 PM
 #8

What wallet were you using?  

Do you have an android phone?

Do you have a Bitcoin wallet on your android phone?  If so which one?

The fact that the thief gave you change is interesting.  Why not steal all the BTC?
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

Water Filter supplier who accept bitcoin.  http://www.asiawaterfilter.com
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:40:27 PM
Last edit: August 19, 2013, 04:58:07 PM by BurtW
 #9

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left


Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
auzaar
Full Member
***
Offline Offline

Activity: 151
Merit: 100



View Profile
August 19, 2013, 04:44:34 PM
 #10

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

...
I am looking into it but so far it looks like your are the victim of a known issue, the bad signature bug caused by a faulty secure random number generator.
...
News: Due to a serious flaw in Android, all users of Android-based wallets must take immediate action. More info

You can find out more there.


But he said "i don't use android phone." does this RNG problem affects web wallets too, then whole internet is doomed
M4v3R
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500


View Profile
August 19, 2013, 04:50:54 PM
 #11

@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
August 19, 2013, 04:51:42 PM
Last edit: August 19, 2013, 05:35:40 PM by DeathAndTaxes
 #12


<snipped incorrect information deleted by BurtW. I left the explanation at it may help others to understand Bitcoin tx better>

304402205713e765e3c010b6d8f7bfee8e574f1423c88fdd9504d4ec0128b8f6f0037e6702204f625cb1772dc54dcc662cabade0a20141b849e5e4b4d80c98876c42bcd5f98f01 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

and

3046022100ce9509ae9b442f0ad2684b7fd83923b4f6df70c9197f22c616c429a6efac03a3022100da424212a11effccc7eadf8bf532250911706636483376dbd5ef04033f75104201 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5


The signatures are not the same.  The bolded portions is the public key and it will remain the same for all tx from the same address.
What is commonly (and incorrectly) referred to as the "signature" is actually the "ScriptSig & PubKey".  
The portion beginning with 0x30 is the actual signature.  The portion of the signature that is the unique random number is underlined (thank for correction: M4v3R).
The portion  beginning with 0x04 is the pubkey.

This diagram might help it shows a breakdown of the TxIn structure.
https://en.bitcoin.it/w/images/en/e/e1/TxBinaryMap.png

For secure ECDSA signatures one must use a nonce (number used once) which hasn't already been used in a prior signatures.  Although it doesn't need to be random (just unique) large random numbers are normally used to simplify nonce selection.  If the nonce is reused then the private key can be reconstructed from the other information.  The android flaw is that it duplicated random numbers however the OP indicated he doesn't use an android phone.

On edit: r value can be "eyeballed" but it is the portion underlined not the bolded portion.  Thanks M4v3R
TitanBTC
Sr. Member
****
Offline Offline

Activity: 366
Merit: 258



View Profile WWW
August 19, 2013, 04:54:38 PM
 #13

Can you contact blockchain to get a record of logins to your account?  You may have a key stroke logger program that is installed on your machine and they just collected your login info from that data.  If blockchain shows someone logged in as you, at a time that doesn't look familiar to you, they probably used more traditional hacking methods to get access.  Let's rule out the easy stuff first.

rumbitla
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
August 19, 2013, 04:55:47 PM
 #14


i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
Did you have 2 factor authorization activated on blockchain.info?
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 04:57:34 PM
 #15

@BurtW: Incorrect. The ECDSA signature is the first part of the script, starting with 304…. The last part that you've highlighted is scriptPubKey, which is the same because the Bitcoin address for both transactions you checked was the same. So no, this was not the cause of the theft.
Thanks, deleting my stupid post now.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Chef Ramsay
Legendary
*
Offline Offline

Activity: 1568
Merit: 1001



View Profile
August 19, 2013, 04:57:47 PM
 #16

Holy crap!! I sure hope we can get to the bottom of this. Sad
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 19, 2013, 05:03:44 PM
 #17

Also, thanks to D&T for your great post (as always).

However, let's talk about your password on blockchain.info.  How many characters is it?  Did you use the same password anywhere else?  Was it "strong" and "long"?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
The Bitcoin Catalog
Full Member
***
Offline Offline

Activity: 238
Merit: 100


The Bitcoin Catalog ---> Get Started!


View Profile WWW
August 19, 2013, 05:06:10 PM
 #18

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.

http://bitcoinprbuzz.com/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin/

The Bitcoin Catalog: Second edition coming out in November! Click here for a  FREE pdf catalog!
Follow us on twitter! @BTCcatalog
dddbtc
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250



View Profile
August 19, 2013, 05:08:02 PM
 #19

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left



Oh come on now, don't throw salt in this users wound.  If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket.  You'd tell people they stole ALL your money too.
rumbitla
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
August 19, 2013, 05:11:39 PM
 #20

Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/
Pages: [1] 2 3 4 5 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!