About 20 Bitcoins STOLEN from my Blockchain.info wallet! 5btc reward!

[timmah]

Hi,

So I take a look at the address I use to send my mining profits to and it's empty!

The transaction JUST happened when I saw it like 15 minutes!!!

https://blockchain.info/tx/92ba3aef0dc9f174e2de3b69f677ef27032a6da6b687eabdd2329372a519ea7b

19.00129451 BTC were stolen from my mining address 19isNwE5xs2YLgw2G1SLuarrxx2fBJbJMk and sent to 16hyuu6MQQ1hFcs13Aqow9VKL9ecvJabcc

At first I couldn't figure out what was going on because I always (well almost always I guess...) use an off line wallet to store my mining returns for safety.

Well, apparently I made a stupid mistake as I had imported the mining address to Blockchain.info to move the BTC but I forgot to delete it after those batch of coins were moved... so my miners continued mining and made a little over 19btc over the last couple months.  ONLY TO BE STOLEN!

I'm not sure how someone hacked my Blockchain.info account but apparently that's how they were able to access my funds because I didn't delete my mining address from the wallet.  It shows the transfer was made sometime around noon and has not been confirmed, it just amazes me that I basically WATCHED while my hard earned coins were stolen!  When I noticed the coins were moved it was still unconfirmed on the blockchain!

I have antivirus on my computer so I don't think that anyone used a key logger to get my password but I'm not sure how they were able to get into my account and steal my bitcoins or even know they got the correct account identifier!

If anyone can help me with tracking this down and hopefully, hopefully get those funds back I'll offer a 5 BTC reward.  I need those funds to pay for the mortgage or I will be homeless, not even including having to pay for all the extra power and time I spent making sure the miners were always mining!

So, I have about 3 days until I'm late for the payment and really need some help with what to do about this.  I will be forever grateful to anyone who can help recover these funds.

Thanks everyone.

[Vod]

Sorry for your loss. 

You probably will not recover them.  Start making backup plans NOW for your mortgage (friends, family) and don't expect anything to come from this thread.

[MerchantMiner]

Sorry to hear that dude i checked that link and see your ip address but not for the receiving address of the coins , your near Chicago right? im new to bitcoin and im not sure you have any chance of this , you could put out a plea for donations to help you though a tough time seek the support of the community. im new i dont have any bitcoins yet just small fractions from a basic 2x 335Mhash mining rig if i could send you a bit coin i would.

i hope something good happens for you soon   

[TheKoziTwo]

Sorry for your loss.

Other than trying to follow the money flow you're left with the IP address used to relay the transaction. It may be that whoever stole it didn't mask his IP and in that case maybe you can connect it to an account at blockchain.info, bitcointalk.org etc... not sure if they will help you with that though.

Googling the IP doesn't give us much, but we find this:
derekl [derekl!b83abf54@gateway/web/freenode/ip.184.58.191.84] has joined #zeromq

Apparently a guy "derekl" joined a chatroom with that IP. But does it belong to a gateway? I'm not sure how IRC works there, maybe someone else can comment.

[timmah]

Sorry for your loss. 

You probably will not recover them.  Start making backup plans NOW for your mortgage (friends, family) and don't expect anything to come from this thread.

Yeah... I'm just hoping that maybe, just maybe something could be done... I'm just so pissed that I pretty much watched it happen, when I saw that the coins were taken they were still Unconfirmed!  It had 0 confirmations still!  I wish there were a way to stop 0 confirmation transactions... but that is not how it works...

Just hope that maybe someone in the community can do something to help... I've sent a small transaction to the address the thief sent the coins to and embedded a statement that the coins were stolen.

Maybe if people keep putting messages on stolen BTC addresses then it may help deter this stuff, so I'm going to watch this and every time the btc moves I will add that tag again.  Who knows what will happen, I'm hoping for the best...


Also in regards to the other posts, thanks for the suggestions, I'll look into the ip address, I just have NO idea how they got into my account so two things, they are a "pro" hacker and the IP is just a proxy or maybe a lucky script kiddy that did not mask their real IP.

Oh, and the thing about looking at my btc address is that it will never show my actual IP because I don't use a BTC client on my computer, it's all brain wallets, paper wallets and I only import them when I need to use them on an online site like blockchain so all IP's will only show the BTC relays.  It was just a stupid mistake that I left the mining address in that wallet.

Thanks so far...

[TObject]

brain wallets

Were the stolen coins in one?

[adamstgBit]

my advice.

take out a loan to cover your mortgage.

follow the money, maybe the thief will spend them on something, or send them to an exchange, this could maybe somehow tie and identity to this address.

were you using this blockchine.info wallet with your mobile device at any point?

please everyone stop doing this!

paper wallets are really easy to print out.

bitaddress.org

[windjc]

Out of curiosity, did you use a 2nd password for transfer authorizations?

[MerchantMiner]

my advice.

take out a loan to cover your mortgage.

follow the money, maybe the thief will spend them on something, or send them to an exchange, this could maybe somehow tie and identity to this address.

were you using this blockchine.info wallet with your mobile device at any point?

please everyone stop doing this!

paper wallets are really easy to print out.

bitaddress.org

could you please explain step by step for a newbie what the best way of protecting there bitcoins are, maybe we should create a permenant thread for how todo do this

[marcotheminer]

paper wallets are really easy to print out.

How exactly can I make one and how do they work?

[TheKoziTwo]

paper wallets are really easy to print out.

How exactly can I make one and how do they work?

There are many ways... here is one way to do it:

Download this website: bitaddress.org

Save it on an USB stick and boot up your computer without internet connection. Then generate addresses and print out.

PS: I must warn you that even an offline computer could steal your addresses if you ever plug it back online. One way to minimize this risk is to use a live OS such as tails or simply use an old computer that will never connect to the web again.

[timmah]

brain wallets

Were the stolen coins in one?

I use a brain wallet to do my mining and when I want to cash out, NORMALLY I would just import the private key into a "throwaway" blockchain wallet, get the BTC then send it over to an exchange then delete all the info from the blockchain wallet, it usually only has anything in it for a few hours.  It also seems that the wallet IDs that are generated are random or use a complex algorithm so it seems to be hard for someone to brute force the wallet AND the password.  Even if they get in it will be pretty much useless as there is no information or btc in there.

This way I don't need a new address every time I "withdraw" the btc and I can keep track of how much I've mined.

It seems that this time that I imported the address to a wallet that SHOULD have been secure and was one that I've set up to "use" for btc-btc transactions.  I imported the brain wallet, moved the btc from the previous mining then forgot to delete the public/private key from it.

I did not realize this until it was too late, I don't know how someone even got the blockchain wallet id and figured out my password.  I would think that blockchain would also have some sort of protection from someone brute forcing the password.  I would think that my other wallets may be compromised if someone hacked my computer... There is a leak somewhere and at this point it looks like blockchain but maybe the private key was compromised and they just imported it into their account and moved the funds.  I'm not sure if you can see that in the transaction log.

I did not have that wallet synced to my phone or anything else, I didn't use 2 factor authentication which was something I should have done.  It's just that that account was not suppose to have that much funds just sitting there anyway as I usually delete any brain wallet private keys that I may have imported into ANY web wallet.

So, it really sucks and I still have no idea how someone got in the Blockchain.info account or figured out my brain wallet, it was a good long phrase with special characters too.

It seems like my other wallets are safe so far but I'm going to re-secure everything.  I really just have no idea how this could have happened... is there some way for someone to figure out what someone's Blockchain's generated wallet address?  

I've opened a ticket with blockchain and see what they say, hopefully something can be done but I doubt it...

Thanks to everyone for the suggestions and information, hopefully at the very least we can lock up those coins so no one will want to use them if they are "marked" stolen on every address that the thief sends them to.

[timmah]

my advice.

take out a loan to cover your mortgage.

follow the money, maybe the thief will spend them on something, or send them to an exchange, this could maybe somehow tie and identity to this address.

were you using this blockchine.info wallet with your mobile device at any point?

please everyone stop doing this!

paper wallets are really easy to print out.

bitaddress.org

I didn't use this with my phone as far that I am aware of.

In the end I guess I should have taken more steps to secure the account and that address was not deleted like I usually do... some very expensive mistakes!

[monbux]

It's confirmed, and you're probably not going to get it back.
I heard blockchain.info sometimes pays any stolen funds, but I doubt they can do that without any proof.

[Jumpy]

I hope that it isn't lost on the readers of the OP that continuing to use a Private Key after it has been stored on any website for any length of time is not a good idea.

In my opinion, online wallets are good for microtransactions only. Anything else and you really want full control over your funds. I operate an inputs.io account but as soon as funds enter that wallet they are immediately moved to my offline wallet that I have fully encrypted. I suggest a similar workflow to others for both mobile and online wallets.

I hope that you can make it on your mortgage with your current funds. I'm guessing you can cash in your mining equipment locally if need-be.

[IncreaseMyT]

I am sorry to hear about your loss.

Questions so other newbs like myself can learn.  If OP would have had 2 way authenticator activated and second password for spending transactions could this still have happened?

Next I always see these paper wallet suggestions, but is that really necessary if your protect your computer?  Honestly if paper is the only it really makes Bitcoin less useful since once you put your coins on a paper wallet, spending them is a pain in the butt.

If paper wallets are the way to go for higher quantities, what is considered a high quantity?

If I should start a thread on this no problem, just thought maybe it pertained to this thread.

[xsfgsdrwe]

I am sorry to hear about your loss.

Questions so other newbs like myself can learn.  If OP would have had 2 way authenticator activated and second password for spending transactions could this still have happened?

Next I always see these paper wallet suggestions, but is that really necessary if your protect your computer?  Honestly if paper is the only it really makes Bitcoin less useful since once you put your coins on a paper wallet, spending them is a pain in the butt.

If paper wallets are the way to go for higher quantities, what is considered a high quantity?

If I should start a thread on this no problem, just thought maybe it pertained to this thread.

If you read this thread

https://bitcointalk.org/index.php?topic=303795.0

you will see nothing is considered too high or low. Someone must of went through a lot of searching to steal just over 1BTC.

[timmah]

I hope that it isn't lost on the readers of the OP that continuing to use a Private Key after it has been stored on any website for any length of time is not a good idea.

In my opinion, online wallets are good for microtransactions only. Anything else and you really want full control over your funds. I operate an inputs.io account but as soon as funds enter that wallet they are immediately moved to my offline wallet that I have fully encrypted. I suggest a similar workflow to others for both mobile and online wallets.

I hope that you can make it on your mortgage with your current funds. I'm guessing you can cash in your mining equipment locally if need-be.

I know that technically using the private key on a website can compromise it but what I figured is that it would be safe because it was only used on blockchain which is suppose to be a very "trustworthy" site.  I've done many transactions with the site with no issue at all and for quite a long time as well.

I have no idea how it was compromised, I don't think I've ever given any one the blockchain wallet id and never used that password on another site.  Also it only seems that just that wallet/btc address was compromised as the first thing I did was checked was some other offline btc accounts and they seemed to be fine.

Even my other wallet on blockchain was not compromised so I really have no idea how someone did this.
 
I'm usually very careful to make sure that if I have a wallet which I may "actively" use to transact with others it and don't keep a lot of funds in it.  The mining address/private key should have never been on that account as I normally NEVER leave it on there after I've moved the coins out, so I screwed up by not deleting that from the wallet and not using a "throwaway" wallet which I always delete all keys and then abandon.  It was a wallet that I used a long time ago in the past for BTC-BTC transactions and must have forgot that the mining address was still there.

This just kills me because I have no clue how the account was compromised.  Basically the only site that ever had the private key was Blockchain which is why I didn't think that I would have to worry about the private key getting stolen from within the blockchain site.  The only thing I can think that happened was that someone somehow figured out my wallet address and password but still have no clue how that was done as I've never given anyone that info...

Maybe blockchain would be able to shed some light on this so that at least I can figure out where I went wrong (other than not deleting the private key of my mining address).

Thanks to all for the tips so far, I hope that maybe if any address the coins get sent to is tagged with a public message on the blockchain that the thief won't be able to use it with out raising some alerts...

[timmah]

I am sorry to hear about your loss.

Questions so other newbs like myself can learn.  If OP would have had 2 way authenticator activated and second password for spending transactions could this still have happened?

Next I always see these paper wallet suggestions, but is that really necessary if your protect your computer?  Honestly if paper is the only it really makes Bitcoin less useful since once you put your coins on a paper wallet, spending them is a pain in the butt.

If paper wallets are the way to go for higher quantities, what is considered a high quantity?

If I should start a thread on this no problem, just thought maybe it pertained to this thread.

If you read this thread

https://bitcointalk.org/index.php?topic=303795.0

you will see nothing is considered too high or low. Someone must of went through a lot of searching to steal just over 1BTC.

HUMM it's interesting that someone else had their wallet hacked today as well... it looks like they didn't get that much but it's likely that person didn't have as much in his account.  I don't know if any other people got their blockchain accounts hacked today or within the last 24 hours but if it is more than just me then it could mean that someone found a way to exploit Blockchain wallets!

This could really answer all the questions of how they got into my account because I don't see how anyone could have done it otherwise...

Maybe when others check their blockchain wallets and find that they were hacked too then it would be up to blockchain to fix these... at least this would give me some hope...

[frankenmint]

I used to use the blockchain mobile wallet but it was glitching pretty bad for me...did you use a mobile wallet?  Did you use an unsecured network like public Wifi?  Did you happen to use a wireless connection?  Did you manually type in the private key or copy/paste it?  I would say Keylogger or man in the middle attack was the culprit.  Yes 2fa 2fa everytime if you ca