xsfgsdrwe
Newbie
 Offline
Activity: 56
Merit: 0
|
 |
September 28, 2013, 07:05:48 AM |
|
I am sorry to hear about your loss.
Questions so other newbs like myself can learn. If OP would have had 2 way authenticator activated and second password for spending transactions could this still have happened?
Next I always see these paper wallet suggestions, but is that really necessary if your protect your computer? Honestly if paper is the only it really makes Bitcoin less useful since once you put your coins on a paper wallet, spending them is a pain in the butt.
If paper wallets are the way to go for higher quantities, what is considered a high quantity?
If I should start a thread on this no problem, just thought maybe it pertained to this thread.
If you read this thread https://bitcointalk.org/index.php?topic=303795.0you will see nothing is considered too high or low. Someone must of went through a lot of searching to steal just over 1 BTC. HUMM it's interesting that someone else had their wallet hacked today as well... it looks like they didn't get that much but it's likely that person didn't have as much in his account. I don't know if any other people got their blockchain accounts hacked today or within the last 24 hours but if it is more than just me then it could mean that someone found a way to exploit Blockchain wallets! This could really answer all the questions of how they got into my account because I don't see how anyone could have done it otherwise... Maybe when others check their blockchain wallets and find that they were hacked too then it would be up to blockchain to fix these... at least this would give me some hope... I'm thinking whoever is behind this is getting a lot of people. The address of the other thief has had at least 2 more transactions totaling over 10 BTC enter his account since the hack. Is there anybody at blockchain.info that can shed light on the subject, or is that not possible? I wouldn't be surprised if there is an exploit somewhere along the line. |
|
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
September 28, 2013, 07:16:45 AM |
|
I hope my blockchain.info coins are safe. I will have to check later.
|
|
|
|
|
xsfgsdrwe
Newbie
Offline
Activity: 56
Merit: 0
|
|
September 28, 2013, 07:54:58 AM |
|
I hope my blockchain.info coins are safe. I will have to check later.
It makes me worried to click any link now. I thought they had to download something on my computer to infect it. Now they say all I have to do is load a page with java and it's over with. Any tech savvy guys give me some pointers on how to keep my PC protected? |
|
|
|
|
|
Eternity
|
|
September 28, 2013, 09:32:11 AM |
|
Sorry to hear about this.
Why do you guys use web wallets ?
Why cant you install bitcoin-qt in your system and use thats way much safer than blockchain.info
If you used mobile to access the website this might have happened
The phone app stores your primary password in plain text, relying on the sandboxing mechanism of the phone OS. And it doesn't support 2-factor. Your secondary characters password could be cracked.
My guess: You have a rooted phone disabling whatever sandboxing protections Android has, and another app on your phone grabbed the cached encrypted wallet on your phone along with the primary password and sent it to the attacker. The attacker then bruteforced the secondary password.
If you think i have helped you donate some coins to me address can be found in my sign
|
|
|
|
|
ReBoRn
Sr. Member
Offline
Activity: 392
Merit: 250
Bitcoin will survive
|
|
September 28, 2013, 10:41:12 AM |
|
It's confirmed, and you're probably not going to get it back.
I heard blockchain.info sometimes pays any stolen funds, but I doubt they can do that without any proof.
and its very difficult to give them all proof that you all bitcoins stolen so now you have to manage some other ways to pay your all dues and no one going to help you with this position |
|
|
|
|
Jumpy
|
|
September 28, 2013, 11:01:08 AM |
|
I hope my blockchain.info coins are safe. I will have to check later.
They are probably still there, but aren't what I would call "safe." Just move them to a new wallet (PLEASE use a new private key) on a hard drive. |
PM me if you want to advertise on this signature.
|
|
|
|
xypos
|
|
September 28, 2013, 12:03:17 PM |
|
So, I have about 3 days until I'm late for the payment and really need some help with what to do about this. I will be forever grateful to anyone who can help recover these funds.
Thanks everyone.
How could anyone help you? I am sorry for your loss, but btc transactions can not be cancelled. Your money is gone. Forever. |
|
|
|
|
timmah (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
September 28, 2013, 01:07:58 PM |
|
I used to use the blockchain mobile wallet but it was glitching pretty bad for me...did you use a mobile wallet? Did you use an unsecured network like public Wifi? Did you happen to use a wireless connection? Did you manually type in the private key or copy/paste it? I would say Keylogger or man in the middle attack was the culprit. Yes 2fa 2fa everytime if you ca
I've scanned my computer, the public key was never exposed to an open or an unsecured wireless network. I'm pretty careful when using web wallets but I think I just figured out how my coins were stolen... It was very likely someone who brute force cracked my brain wallet and waited until my account filed up then hit me... I thought it was a very secure brain wallet as it had a 7 word phrase with a special character as well but I guess it was not secure enough. Too many regular words and not enough special characters etc... On another note, I had created a Blockchain.info wallet and made an alias with the account, at that time the site allowed me to use a 4 character account alias and I most likely saved the actual address or recovery words but it was made so long ago that I think that file was lost with a hard drive crash. Does anyone know how I would be able to regain access to the account? I did not know that blockchain had changed the security of the site and did not allow short aliases, now I can't open that wallet even though I have the password too. If I can open that wallet I may be able to have something to pay, so maybe they won't evict me... Thanks all... PS. I have "secured" my brain wallet so that it would be almost impossible to hack. Funny, I though the brainwallet was going to be safe given it was 7 words and a special character but I was wrong and it actually seems so obvious looking back at the mistake (FACE PALM). PPS. If you or someone you know "took" my coins and they are returned to me I will still offer the 5btc reward with no questions asked, that way I won't continue to tag each time the coins are moved with the message that the coins were stolen. Just send them here 1LTLDiacwf3Kt6aVDbT1jd3KhGwv9arhhu minus the 5btc and no questions will be asked... I need these btc that badly, I'm not sure if Starbucks will let me use their store's power and internet connections to mine bitcoins when I'm homeless... ;( |
|
|
|
|
|
dansmith
|
|
September 28, 2013, 01:12:40 PM |
|
@timmah
Was you browser open to your blockchain.info wallet at the time when the theft occured? If so, it is possible that either a browser plugin or the website in another open tab stole the coins.
|
|
|
|
timmah (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
September 28, 2013, 01:17:18 PM |
|
So, I have about 3 days until I'm late for the payment and really need some help with what to do about this. I will be forever grateful to anyone who can help recover these funds.
Thanks everyone.
How could anyone help you? I am sorry for your loss, but btc transactions can not be cancelled. Your money is gone. Forever. Yeah, I understand that but who knows maybe at some point it can be traced back to whoever took them as they do have to send them to be used and I plan to watch the transfers and tag each one with a public message by just sending a few cents to that address with a public message. Maybe when the thief tries to spend them the other party will reject their coins... at least I hope that there are still honest people who would do that... If others want to add a tag I would think that would help as well, just in case I didn't see when it was moved and tag it myself first. Also, I would think that if there are a lot of tags saying the coins are stolen it would get more attention and it only takes a few cents to "tag" their address with a public message. Thanks for the comment though. |
|
|
|
|
timmah (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
September 28, 2013, 01:31:47 PM |
|
@timmah
Was you browser open to your blockchain.info wallet at the time when the theft occured? If so, it is possible that either a browser plugin or the website in another open tab stole the coins.
Hi, No the wallet was not open, I just was checking my balance on blockchain without logging in and saw it was empty, that's when I just about had a heart attack. I then logged into any and all of my wallets that I may have used and noticed that one of my wallets still had the mining public/private key in there so I assumed that it was a Blockchain hack but the more I look at it, it may not be the case. Looking into some of other people that had their wallets emptied it was revealed that it was the "Brain wallet" itself that was hacked, as I used dictionary words it would just be a matter of time until someone just brute force hack the address until it matched then they would also have the private key, hind sight is 20/20, I think it would be a lot easier to just hack the btc address offline than trying to crack blockchain. Then you have all the time in the world to run any brute force hacking without "alerting" someone. So, I think this is the new or "more recent" way that people are stealing coins "magically' as many people use brain wallets with just dictionary words and maybe a special character or 2 but that is still possible to crack, especially these days with powerful CPUs. Don't make my mistake! If you make a brain wallet make sure that it has something else other than just dictionary words, etc. Lame, over 2 months of mining gone and that is after waiting over a year for my BFL miners which don't pay much anymore. I'll be lucky to cover power... Thanks for the comment though. |
|
|
|
|
Anon135246
Member
Offline
Activity: 84
Merit: 10
|
|
September 28, 2013, 03:31:51 PM |
|
Sorry for your loss man, hope someone can track him down for you.
|
|
|
|
|
|
BobMarley
|
|
September 28, 2013, 04:32:16 PM |
|
Your not getting the funds back make other plans
|
|
|
|
|
|
timmah (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
September 29, 2013, 12:02:01 AM |
|
Thanks for the link but it looks like my address was not part of that, hopefully I'll be able to figure out how this happened... My other wallet was completely fine. Does anyone know if you can tell if the thief actually used MY blockchain account to take the funds or if they found the privaete key somehow (or by brute force) and used their own account to move the btc out of my mining address? It would really help if I knew that so that I could at least not make the same mistake. |
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
September 29, 2013, 12:51:28 AM |
|
My guess is that you either have a keylogger on your computer or you were MITM'd with a keylogger on the page. If you have had malware, it is probably still on your computer. Antivirus scans are not good enough.
What version of Java do you have?
|
|
|
|
|
timmah (OP)
Member
Offline
Activity: 70
Merit: 10
|
|
September 29, 2013, 01:20:13 AM |
|
My guess is that you either have a keylogger on your computer or you were MITM'd with a keylogger on the page. If you have had malware, it is probably still on your computer. Antivirus scans are not good enough.
What version of Java do you have?
I'm using Java 7 update 25. I've opened other wallets on that computer as well but those were not emptied. Maybe the hacker is just waiting for me to put more btc in or something. Along with a MITM attack I would think they would get to my other accounts like my bank, credit cards, etc... but just my btc was stolen... This sucks... |
|
|
|
|
b!z
Legendary
Offline
Activity: 1582
Merit: 1010
|
|
September 29, 2013, 05:09:11 AM |
|
I hope my blockchain.info coins are safe. I will have to check later.
They are probably still there, but aren't what I would call "safe." Just move them to a new wallet (PLEASE use a new private key) on a hard drive. Yeah I will have to do that soon. Do you know any easy ways to spend BTC on a cold wallet without using an offline PC, fresh OS install etc? |
|
|
|
|
viboracecata
Legendary
Offline
Activity: 1316
Merit: 1000
Varanida : Fair & Transparent Digital Ecosystem
|
|
September 29, 2013, 08:29:09 AM |
|
No one can help you to recover your money, dude
|
|
|
|
mprep
Global Moderator
Legendary
Offline
Activity: 3766
Merit: 2610
In a world of peaches, don't ask for apple sauce
|
|
September 29, 2013, 08:41:34 PM |
|
Sorry for your loss.  You probably will not recover them. Start making backup plans NOW for your mortgage (friends, family) and don't expect anything to come from this thread. Yeah... I'm just hoping that maybe, just maybe something could be done... I'm just so pissed that I pretty much watched it happen, when I saw that the coins were taken they were still Unconfirmed! It had 0 confirmations still! I wish there were a way to stop 0 confirmation transactions... but that is not how it works... Just hope that maybe someone in the community can do something to help... I've sent a small transaction to the address the thief sent the coins to and embedded a statement that the coins were stolen. Maybe if people keep putting messages on stolen BTC addresses then it may help deter this stuff, so I'm going to watch this and every time the btc moves I will add that tag again. Who knows what will happen, I'm hoping for the best... Also in regards to the other posts, thanks for the suggestions, I'll look into the ip address, I just have NO idea how they got into my account so two things, they are a "pro" hacker and the IP is just a proxy or maybe a lucky script kiddy that did not mask their real IP. Oh, and the thing about looking at my btc address is that it will never show my actual IP because I don't use a BTC client on my computer, it's all brain wallets, paper wallets and I only import them when I need to use them on an online site like blockchain so all IP's will only show the BTC relays. It was just a stupid mistake that I left the mining address in that wallet. Thanks so far... Actually there is. You could've just tried double spending it by simply sending out another transaction using the same funds with a higher fee. If it confirmed first, you would've gotten your funds back. |
|
|
|
|
