Theft from Paper Wallet - FLHippy Notes compromised

[nomorecoin]

I have a paper note, unredeemed, that appears to be cleaned out. FLhippy appears to be a scammer.

[CIYAM]

From some other recent topics it appears that there might be a problem with blockchain.info wallets (similar to the problem with Android ones).

If you have any other BTC in a blockchain.info wallet you might be best to move it *offline* (i.e. to an address created using bitcoin-qt or perhaps vanitygen - not something created by an online wallet).

[icey]

Latest info from piuk

https://bitcointalk.org/index.php?topic=277595.msg2970668#msg2970668

Hopefully they can help and reimburse you

[Abdussamad]

If the funds were sent from blockchain.info TO the paper wallet then how does that explain the theft from the paper wallet? The rng problem would affect the blockchian.info wallet and not the paper wallet unless said paper wallet was imported into blockchian.info and the coins spent.

[Tirapon]

Can you give more information about the paper wallet? If funds were already sent to the wallet, they should not have been affected by any issues with blockchain.info

[Tirapon]

A second note, created for a friend, given to him to get him started in Bitcoin

Who created these paper wallets?

[Abdussamad]

If you imported the paper wallet key into blockchain.info and then used it to send coins you could have been affected by the bad rng problem.

Never import a private key into your main wallet.

Import it into a new wallet, spend all the coins and never use the wallet or that private key's bitcoin address again

[Abdussamad]

If you imported the paper wallet key into blockchain.info and then used it to send coins you could have been affected by the bad rng problem.

Never import a private key into your main wallet.

Import it into a new wallet, spend all the coins and never use the wallet or that private key's bitcoin address again

Crap. At the time, I though this was the most secure way to do it. Worst case, I thought, facing a "race' with someone who had live access to my wallet, or communications. I never imagined I could have exposed the forward addresses key.

You may want to read this article I wrote. It covers some the basic concepts of bitcoin:

http://bitcoinspakistan.com/blog/private-key-public-key-bitcoin-address-and-the-blockchain/

A private key is basically a number and a wallet is just a collection of private keys. Once you have a private key you can spend the coins using any number of ways. You don't need access to blockchain.info.

[nomorecoin]

How about a new theory?

FLHippy did it. https://blockchain.info/address/12nYheijKSLStynPSoNvnTMF8V5y9essVL

See any pattern to the keys originating transactions?

[TitanBTC]

How about a new theory?

FLHippy did it. https://blockchain.info/address/12nYheijKSLStynPSoNvnTMF8V5y9essVL

See any pattern to the keys originating transactions?

I'm with you on this one. 

[EmperorBob]

Not just that but this address is also receiving money from 1FLH1pPyN5nNxhJUafyd2cUkBwbAaZUNQP directly.

[Abdussamad]

Normally when you buy paper wallets they don't come with private keys already printed on them. That is something you do on your own. Because otherwise how can you trust the security of that wallet? The person selling it to you could have kept a copy of the private key to spend your coins at any moment he chooses.

[Tirapon]

That was my worry on this one - A paper wallet is only as trustworthy as the person who created it. So if you want to trust it completely, you have to make it yourself...

[johnniewalker]

Funny that on the original thread (here: https://bitcointalk.org/index.php?topic=120221.0) not a SINGLE person brought up the notion that the OP could VERY easily have sent out bills w/keypairs generated on bitaddress or something, kept records of them, periodically checked them on blockchain, and then when he saw a balance CHA CHING. The notion that the OP was last active 12/12 is probably something to consider, too.

The verdict: SCAMMER TAG and also common sense - you and only you (unless you are gifting a bill/coin) should EVER see the private keys.

[escrow.ms]

Sorry for your loss man, contact bitmit, they might have his address, get it and file a complaint against him.
Ps: His pics http://www.flickr.com/photos/flhippy/

[Abdussamad]

There is another possibility. This shows transfers *from* flhippy's own address to the scammers address:

https://blockchain.info/address/12nYheijKSLStynPSoNvnTMF8V5y9essVL

So maybe what happened was that flhippy's computer got hacked and the scammer got all the private keys and cleaned them out.

[Abdussamad]

Funny that on the original thread (here: https://bitcointalk.org/index.php?topic=120221.0) not a SINGLE person brought up the notion that the OP could VERY easily have sent out bills w/keypairs generated on bitaddress or something, kept records of them, periodically checked them on blockchain, and then when he saw a balance CHA CHING.

Because people don't know the basics of what they are dealing with. They don't the importance of keeping the private key safe. They have no idea that once the private key is out it doesn't matter if your blockchain.info wallet is protected or not your funds will get stolen. Take this quote for example:

Worst case, I thought, facing a "race' with someone who had live access to my wallet, or communications.

[johnniewalker]

Funny that on the original thread (here: https://bitcointalk.org/index.php?topic=120221.0) not a SINGLE person brought up the notion that the OP could VERY easily have sent out bills w/keypairs generated on bitaddress or something, kept records of them, periodically checked them on blockchain, and then when he saw a balance CHA CHING.

Because people don't know the basics of what they are dealing with. They don't the importance of keeping the private key safe. They have no idea that once the private key is out it doesn't matter if your blockchain.info wallet is protected or not your funds will get stolen. Take this quote for example:

Worst case, I thought, facing a "race' with someone who had live access to my wallet, or communications.

OK, but its all about 1 person. AT LEAST one early, bitcoin-savy person must have seen that posting, I think its safe to say. Yet no one warned "customers" about any risks (which said "bitcoin pioneers" certainly knew about). Maybe I'm just too bitcoin-altruistic lol, I would have done it.

[Abdussamad]

Well there is no guarantee that someone knowledgeable will see every thread out there. Even the mods put up notices that they don't delete threads with suspected scams.

[piuk]

http://blockchain.info/address/1NoteMZQT89tRZpEdf2UrGLnjixMf9ME9b
and
http://blockchain.info/address/1NoTezXo3e4SzawYki7tm9thSUgQXz5X64

No transactions from these addresses appear to have been made from blockchain.info and they are not affected by the recent rng problem.

Unfortunately it looks like the person who generated the paper wallet may have retain a copy of the private keys and waited for you to fund the addresses.