Linuxxl (OP)
Newbie
 Offline
Activity: 6
Merit: 0
|
 |
November 06, 2013, 02:48:43 PM |
|
As I noticed that the bitcoin price is rising over last month, I wanted to sell some for extra pocket money...
Upon opening my bitcoin client I found out most of them were gone...
On 16-9-2013 20:15 11.79406039 BTC were withdrawn from my Bitcoin wallet to the following address 18nVNeiaQ22ajSzV9i3jce5VqQL4VJqEJt
Trying to accept my loss, struggling with anger, sadness and most of all the fact that I do not have a clue how "they" did it...
Since I'm not expecting to see any of my GPU produced coins again, I would like to try and make my loss a lesson for any other (honest) bitcoin owner.
I hope this community can help me find out what I did wrong, and what would be the method most likely used to do the job.
The answer might be very obvious to some of you, but with the knowledge I posses I can't figure out where I've gone wrong.
My situation: (In which of course my new wallet won't be...)
My wallet was stored (encrypted) on my local server. The password is stored on a USB thumbdrive using KeePass in a TrueCrypt partition.
My server runs Windows Server 2008 R2
My PC runs Windows 8 SP1, both having all updates installed.
My Bitcoin-QT software was version 0.8.3
I've never used my browser on my server.
My PC uses FireFox, the only add-on I could think of that would improve my security would be Ghostery.
I access my server using Remote Desktop or Clover, witch enables tab browsing. I mainly use it for storage, downloading and streaming.
I feel so stupid and really don't have a clue on how they got to me. Please help me out, so I can make sure this won't happen again.
|
|
|
|
|
conspirosphere.tk
Legendary
Offline
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
|
 |
November 06, 2013, 03:04:01 PM |
|
was the password easy/short/dictionary?
do anyone else knew about it?
"local server" was serving anything on the internets?
|
|
|
|
|
|
Dealazer
|
|
November 06, 2013, 03:05:34 PM |
|
First of all we need to know what kinda place your wallet was at, as you should know inputs.io does give back the stolen property in some means, only if it's able too see the stolen goods taken to that address at very many transactions going to that account.
Also having to scan your computer with bitdefender and Ad-aware by lavasoft, that can peek into discovery of some keyloggers. But again as I know the best solution for home computer is using ZoneAlarm Firewall, from that point some keyloggers cannot get inside.
I'm really sorry about your encounter with hackers, thieves. But there might be some precautions that you did not keep. As for iputs.io it got hacked recently all those who had amounts there could easly loose them.
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
November 06, 2013, 03:15:58 PM |
|
sorry to hear this man. First thing to know is that you did nothing "wrong". It was the thief who did a wrong.
From what you said, I would be most suspicious of remote desktop. But as the value of btc goes up, so does the sophistication of thieves. Security will be an ongoing problem in bitcoin. I think keeping all but a small amount of coins in cold storage is the best option now.
|
|
|
|
Linuxxl (OP)
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 06, 2013, 03:17:04 PM |
|
Thanks for your responses.
@conspirosphere
The password is 228 Bits and was generated by the pw generator that KeePass supplies.
My server is only used for streaming within my network, and downloading via torrents or usenet.
@Dealazer
My wallet was in the default location.
The reason I did not have any anti-virus (ect.) protection was because at the time I installed my server I could not find a free software that would allow installation on a server.
I will try bitdefender and Ad-Aware.
About inputs.io, what does that have to do with my sitiation? I did not use that wallet...? What am I missing here?
|
|
|
|
|
|
greyhawk
|
|
November 06, 2013, 03:22:52 PM |
|
About inputs.io, what does that have to do with my sitiation? I did not use that wallet...? What am I missing here?
Nothing. He just has no idea what he's talking about. |
|
|
|
|
JessicaSe
Legendary
Offline
Activity: 840
Merit: 1000
|
|
November 06, 2013, 03:23:20 PM |
|
As I noticed that the bitcoin price is rising over last month, I wanted to sell some for extra pocket money...
Upon opening my bitcoin client I found out most of them were gone...
On 16-9-2013 20:15 11.79406039 BTC were withdrawn from my Bitcoin wallet to the following address 18nVNeiaQ22ajSzV9i3jce5VqQL4VJqEJt
Trying to accept my loss, struggling with anger, sadness and most of all the fact that I do not have a clue how "they" did it...
Since I'm not expecting to see any of my GPU produced coins again, I would like to try and make my loss a lesson for any other (honest) bitcoin owner.
I hope this community can help me find out what I did wrong, and what would be the method most likely used to do the job.
The answer might be very obvious to some of you, but with the knowledge I posses I can't figure out where I've gone wrong.
My situation: (In which of course my new wallet won't be...)
My wallet was stored (encrypted) on my local server. The password is stored on a USB thumbdrive using KeePass in a TrueCrypt partition.
My server runs Windows Server 2008 R2
My PC runs Windows 8 SP1, both having all updates installed.
My Bitcoin-QT software was version 0.8.3
I've never used my browser on my server.
My PC uses FireFox, the only add-on I could think of that would improve my security would be Ghostery.
I access my server using Remote Desktop or Clover, witch enables tab browsing. I mainly use it for storage, downloading and streaming.
I feel so stupid and really don't have a clue on how they got to me. Please help me out, so I can make sure this won't happen again.
hm.. seems secured.... KeePass is the problem maybe? |
|
|
|
|
JessicaSe
Legendary
Offline
Activity: 840
Merit: 1000
|
|
November 06, 2013, 03:24:40 PM |
|
About inputs.io, what does that have to do with my sitiation? I did not use that wallet...? What am I missing here?
Nothing. He just has no idea what he's talking about. inputs.io is an online wallet, I would say Bitcoin-qt should be more secure compare to inputs... |
|
|
|
|
capnjames
Newbie
Offline
Activity: 27
Merit: 0
|
|
November 06, 2013, 03:26:04 PM |
|
Damn, pretty tight security operation and they still got you...
No idea how they got you, but sorry for your loss.
|
|
|
|
|
|
joeyjoe
|
|
November 06, 2013, 03:30:15 PM |
|
Hate to be the one to say but I call BS
|
Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
|
|
|
The 4ner
aka newbitcoinqtuser
Hero Member
Offline
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
|
|
November 06, 2013, 03:31:26 PM |
|
Would the client version have been the problem? I know from what Gavin had mentioned there were several serious issues with
the older version and as a result he issued another update of the app almost immediately after having released Bitcoin-Qt version 0.8.4.
The latest version is 0.8.5
|
|
|
|
|
The 4ner
aka newbitcoinqtuser
Hero Member
Offline
Activity: 602
Merit: 500
R.I.P Silk Road 1.0
|
|
November 06, 2013, 03:32:00 PM |
|
Hate to be the one to say but I call BS
Huh? What do you mean? |
|
|
|
|
|
joeyjoe
|
|
November 06, 2013, 03:35:34 PM |
|
Have to go back to work but I'll explain later
|
Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
|
|
|
sushi
Full Member
Offline
Activity: 238
Merit: 100
ASIC Myth Buster
|
|
November 06, 2013, 03:36:01 PM |
|
Seems like whoever took your coins, they re-distributed quite a few times in so many chunks
|
>>> PM me for New ASIC Miner's Info. We will go check it out <<<
FEEL GENEROUS TODAY? ==> 1AHNusc3BQA2QJCokySAQ1Qtymr1ZyAG6P
|
|
|
Linuxxl (OP)
Newbie
Offline
Activity: 6
Merit: 0
|
|
November 06, 2013, 04:17:13 PM |
|
Have to go back to work but I'll explain later
Please do so. I'm really curious why you think this is "BS"... For those who did try to cuntribute anything usefull to this topic, I thank you. |
|
|
|
|
Ardenyham
Legendary
Offline
Activity: 980
Merit: 1000
Don't Hesitate to Tip me for My Helps and Guides.
|
|
November 06, 2013, 04:26:03 PM |
|
My server is only used for streaming within my network, and downloading via torrents or usenet.
The reason I did not have any anti-virus (ect.) protection was because at the time I installed my server I could not find a free software that would allow installation on a server.
Server connected to internet without anti-virus and firewall and running torrents ? Seems hackable to me, it might be the problem |
|
|
|
|
conspirosphere.tk
Legendary
Offline
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
|
|
November 06, 2013, 04:49:40 PM |
|
Server connected to internet without anti-virus and firewall and running torrents ?
Seems hackable to me, it might be the problem
and the encrypted wallet? that takes a keylogger or an insider |
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
November 06, 2013, 04:58:18 PM |
|
My server is only used for streaming within my network, and downloading via torrents or usenet.
The reason I did not have any anti-virus (ect.) protection was because at the time I installed my server I could not find a free software that would allow installation on a server.
Windows Server connected to internet without anti-virus and firewall, with Remote Desktop enabled and running torrents ? Seems hackable to me, it might be the problem FTFY  Recipe for disaster! |
|
|
|
|
|
Dealazer
|
|
November 06, 2013, 05:00:25 PM |
|
Ad-Aware by lavasoft.com will most likely make an display of all keyloggers available on the internet. As for bitdefender it would not display what was inside computer.
As for the wallet it's connected through email if you in most cases used the same email at places where bitcoin talk is available, but in most cases that could not happen since your wallet code was unbreakable for most hackers.
Is then your wallet trustable?, does it contain trustworthy wallet security?, in most cases it can be insider of the firm that has the wallet for you.
|
|
|
|
|
marketorder
|
|
November 06, 2013, 05:01:44 PM |
|
1st security issue is that you're running windows
2nd you're running downloadable torrents off of you're server
3rd You had no firewall and a p2p torrent operation
4th I'm sure you told someone that runs your server about the coins they likely stole it
|
|
|
|
|
|
