Bitcoin Forum
November 09, 2024, 08:09:52 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Silk Road Theft  (Read 1548 times)
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 09, 2013, 10:08:59 AM
 #1

Hey guys,

Just wanted to post a quick word of warning.  A couple of days ago I had BTC0.5 stolen from my Silk Road account.  I post this because for such a thing to happen the thief would need my username, password, and pin.  The username and password are scattered around a bit (I know, my bad.) but I can only think of a few websites which I have used my pin on.

I have since changed all my passwords and pin numbers.

Also note that I am very vigilant about keeping my computer free of keyloggers and such, and also am keen on staying away from phishing sites.

Please note that I am not saying the operators of any of these websites actually took my money, only that they are the only ones that would have had access to my Silk Road pin.

http://feathercoin.is-a-geek.com/

http://gld.vircurpool.com/

http://gld.cryptocoinmine.com/

The only other thing I can think of is Silk Road themselves stealing it.  Customer support would not give me the address it was sent to, only that it had been taken.

Please don't respond telling me I screwed up.  I already know that.   Roll Eyes

Here is how it happened:

I sent BTC0.5 to my Silk Road address.

The money shows up in my account, but I get a message from silk road support telling me the money was sent to an "archived address."  (Which was not the case, I was using my current address.)

Then silk road stops loading for about ten minutes.  When I finally get back, all my money has been taken.  I know for a fact that the url was always correct and I had not been phished.

Someone must have known all my log in information, and also been waiting for me to deposit.  I am unsure though how they would have prevented me from loading the site, though.

I also don't want to discuss the moral implications of using the Silk Road.  I will only say that the items I buy from there are not for illegal or malicious use.

Has this happened to anyone else?
QuantumKiwi
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
September 10, 2013, 12:13:58 AM
 #2

I would suspect you've been sniffed via a bad TOR node.

This has been happening a bit more often as people are running more and more rogue nodes on the tor network.

Your basic login info gets sniffed out on the tor relay node, they get your login details in plain text basically.

Starting your own website?
CLOUD Hosting from $4.95/0.05BTC!
sublime5447
Legendary
*
Offline Offline

Activity: 966
Merit: 1000



View Profile
September 10, 2013, 12:17:46 AM
 #3

What about a bad node now?

For the tech illiterate please... what is it how can it be prevented?
moni3z
Hero Member
*****
Offline Offline

Activity: 899
Merit: 1002



View Profile
September 10, 2013, 12:34:34 AM
 #4

Tor traffic is all encrypted internally, it's more likely that he's running a windows botnet droned comp, or somebody brute forced his account because the password was password123 and his pin was 1234.

The MITM sniffing attacks happen when you try to SSL out of an exit relay, not access a .onion site. They also wouldn't happen if you were using chromium TLS stack or firefox with pinned SSL certs for whatever sites you are using.
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 10, 2013, 01:21:21 AM
 #5

Tor traffic is all encrypted internally, it's more likely that he's running a windows botnet droned comp, or somebody brute forced his account because the password was password123 and his pin was 1234.

The MITM sniffing attacks happen when you try to SSL out of an exit relay, not access a .onion site. They also wouldn't happen if you were using chromium TLS stack or firefox with pinned SSL certs for whatever sites you are using.

No, I actually have a pretty large password database, and neither my password or pin are in it.  (Both are unique and complex.)
sdp
Sr. Member
****
Offline Offline

Activity: 469
Merit: 281



View Profile WWW
September 10, 2013, 11:02:16 AM
 #6

I am curious.  Why does a person need to leave money with SR.  I always guessed the money went from buyer to seller directly.  I would have expected better from SR than this.  Now you have no legal recourse to get your money back.   Angry   SR is a hidden service and contracts involving banned substances are illegal themselves. 

Here in Argentina.  Someone bought something on the eBay equivalent and received instead an empty box package.


Coinsbank: Left money in their costodial wallet for my signature.  Then they kept the money.
monbux
Legendary
*
Offline Offline

Activity: 1736
Merit: 1029



View Profile WWW
September 10, 2013, 11:39:44 PM
 #7

Could a botnet have been implemented on your computer?
QuantumKiwi
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile WWW
September 11, 2013, 12:22:31 AM
 #8

I am curious.  Why does a person need to leave money with SR.  I always guessed the money went from buyer to seller directly.  I would have expected better from SR than this.  Now you have no legal recourse to get your money back.   Angry   SR is a hidden service and contracts involving banned substances are illegal themselves. 

Here in Argentina.  Someone bought something on the eBay equivalent and received instead an empty box package.



There is logical sense of why SR has an internal payment system - escrow system.

How would SR be anonymous if you sent the btc directly to the sellers btc address? lol.

Starting your own website?
CLOUD Hosting from $4.95/0.05BTC!
ITsTanked
Newbie
*
Offline Offline

Activity: 54
Merit: 0


View Profile
September 11, 2013, 12:45:30 AM
 #9

You crazy if you think SR steal it.  millions of dollars a year, they not give any fuck about .5 BTC.  You credibility drop from this statement.
This is how I would have did it.

1.  Your info taken from hacking another site, and i log in and brute your 4 digit pin
2.  Put RAT on you PC ( remote access terminal )

chances of bad node, any MITM are too small.  Probably it was #2 because you say you were blocked for 10 minutes.
I dont care about how secure you THINK you pc is, nobody is 100% not even me.  many rat and malware are FUD ( fully un-detectable )

Download/run hijackthis and pm me log or post here, also copy of the host file.  Maybe run combofix after but you need wait.  combofix will delete bitcoin-qt folder including the wallet.dat.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!