Bitcoin Forum
November 18, 2017, 09:39:27 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: bitstamp and mtgox accounts hacked at same time  (Read 1863 times)
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 27, 2013, 06:34:00 PM
 #1

bitstamp and mtgox accounts hacked at same time


all my bitcoin where tranfered out of my bitstamp account

after I tranfered them from mtgox

Withdrawal  Aug. 27, 2013, 1:49 p.m. -30.00000000 BTC   $0.00 
Deposit  Aug. 27, 2013, 4:49 a.m. 30.00000000 BTC   $0.00 

history

Aug. 27, 2013, 1:47 p.m. 98.102.149.174 Opened bitcoin withdrawal request for 30 BTC to 1H4hcUpbV4E2noZpKSoQa2wszC2ghBxpXC
Aug. 27, 2013, 12:32 p.m. 98.102.149.174 Logged in


98.102.149.174  is not my ip and 1H4hcUpbV4E2noZpKSoQa2wszC2ghBxpXC is not my wallet
also my bitstamp account was deleted


 and
also I cannot login to my mtgox account

Have sent them both ticket
have different passwords on both account
checked pc for virues

can someone  help
1511041167
Hero Member
*
Offline Offline

Posts: 1511041167

View Profile Personal Message (Offline)

Ignore
1511041167
Reply with quote  #2

1511041167
Report to moderator
1511041167
Hero Member
*
Offline Offline

Posts: 1511041167

View Profile Personal Message (Offline)

Ignore
1511041167
Reply with quote  #2

1511041167
Report to moderator
1511041167
Hero Member
*
Offline Offline

Posts: 1511041167

View Profile Personal Message (Offline)

Ignore
1511041167
Reply with quote  #2

1511041167
Report to moderator
A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
escrow.ms
Legendary
*
Offline Offline

Activity: 1092

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
August 27, 2013, 06:41:13 PM
 #2

Well I will suggest you to use a different PC and change all your passwords immediately, Also try to recover hacked accounts.

Scan your pc  with Malware byet's anti malware or comodo internet security, also don't forget to download a firewall and check incoming/outgoing connections.


Ps: Read this thread to avoid any viruses in future.
https://bitcointalk.org/index.php?topic=203876.

Sorry for your loss. Sad

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 27, 2013, 07:35:00 PM
 #3

Well I will suggest you to use a different PC and change all your passwords immediately, Also try to recover hacked accounts.

Scan your pc  with Malware byet's anti malware or comodo internet security, also don't forget to download a firewall and check incoming/outgoing connections.


Ps: Read this thread to avoid any viruses in future.
https://bitcointalk.org/index.php?topic=203876.

Sorry for your loss. Sad


Thanks

I have changed all password on other accounts
cannot loging to
bitstamp
or mtgox  I think both account are deleted

have checked with malwarebytes and avg  -- no virues

so think hacked Huh

using another pc to be safe

no response from tickets on bitstamp or mtgox

Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
August 27, 2013, 09:34:14 PM
 #4

Possible keylogger.
If you're scans are clean. If you used weak passwords he could have done some sort of reverse social engineering and figure out the likely passphrase that you have used. Also 30BTC is a lot to keep in 1 account if it's not safe.
Buy a cheap laptop, clean install, get good AV protection and use it for bitcoin transfers only. Watch out for infected downloads, always get your files from the official links.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 27, 2013, 09:42:08 PM
 #5

Possible keylogger.
If you're scans are clean. If you used weak passwords he could have done some sort of reverse social engineering and figure out the likely passphrase that you have used. Also 30BTC is a lot to keep in 1 account if it's not safe.
Buy a cheap laptop, clean install, get good AV protection and use it for bitcoin transfers only. Watch out for infected downloads, always get your files from the official links.


Thanks password were long and different on accounts

also is there anyway of tracing ip or wallet ?

98.102.149.174  is not my ip and 1H4hcUpbV4E2noZpKSoQa2wszC2ghBxpXC is not my wallet
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
August 27, 2013, 09:44:26 PM
 #6

You can trace the coins on blockchain.info

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
August 27, 2013, 09:45:38 PM
 #7

IP traced:
http://whatismyipaddress.com/ip/98.102.149.174
http://www.ip-adress.com/ip_tracer/98.102.149.174
http://whois.domaintools.com/98.102.149.174

I've done some quick researching, the thief is possibly one of these people: http://www.spokeo.com/Sunrise+Valley+Dr+Herndon+VA+addresses#478729811
That is 15 suspects.

The btc withdraw adress: https://blockchain.info/address/1H4hcUpbV4E2noZpKSoQa2wszC2ghBxpXC
It was used only to withdraw those coins and send it somewhere else. To this adress: 1KRj8opQ5y3h2dw8FjnskxuVZ5qtu5Uuid  
Link: https://blockchain.info/address/1KRj8opQ5y3h2dw8FjnskxuVZ5qtu5Uuid
I don't know what this adress is for, most likely some service since there is a lot of btc transfers on it.


If that helped, feel free to tip me.  Smiley


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 27, 2013, 10:05:21 PM
 #8

IP traced:
http://whatismyipaddress.com/ip/98.102.149.174
http://www.ip-adress.com/ip_tracer/98.102.149.174
http://whois.domaintools.com/98.102.149.174

I've done some quick researching, the thief is possibly one of these people: http://www.spokeo.com/Sunrise+Valley+Dr+Herndon+VA+addresses#478729811

The btc withdraw adress: https://blockchain.info/address/1H4hcUpbV4E2noZpKSoQa2wszC2ghBxpXC
It was used only to withdraw those coins and send it somewhere else. To this adress: 1KRj8opQ5y3h2dw8FjnskxuVZ5qtu5Uuid  
Link: https://blockchain.info/address/1KRj8opQ5y3h2dw8FjnskxuVZ5qtu5Uuid
I don't know what this adress is for, most likely some service since there is a lot of btc transfers on it.


If that helped, feel free to tip me.  Smiley

Thanks it is a help

not sure how I am going to recover my bitcoins


will tip (when I have some bitcoins)
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
August 27, 2013, 10:08:58 PM
 #9

Thanks it is a help

not sure how I am going to recover my bitcoins
will tip (when I have some bitcoins)
Well I could help you out more in private possibly.
This narrows it down to 15 people.
If we assume that the stealer is a male, which is highely likely, it comes down to 6 people and 1 more person whose gender is unknown.


I'm not sure if time warner (http://www.timewarner.com/) would reveal information on a specific IP adress if you had contacted them.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 28, 2013, 04:16:39 AM
 #10

Thanks it is a help

not sure how I am going to recover my bitcoins
will tip (when I have some bitcoins)
Well I could help you out more in private possibly.
This narrows it down to 15 people.
If we assume that the stealer is a male, which is highely likely, it comes down to 6 people and 1 more person whose gender is unknown.


I'm not sure if time warner (http://www.timewarner.com/) would reveal information on a specific IP adress if you had contacted them.


have sent PM
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
August 28, 2013, 04:59:09 AM
 #11

I wouldn't trust that IP geolocation to get the exact house.  I think it's just somewhere in the city.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
August 28, 2013, 07:00:23 AM
 #12

You're also right about that. I said possibly, in case if it were true.

If someone knows what this adress is for, please provide info: 1KRj8opQ5y3h2dw8FjnskxuVZ5qtu5Uuid


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
Kj1
Sr. Member
****
Offline Offline

Activity: 319



View Profile
August 28, 2013, 10:13:34 AM
 #13

if u use your mobile for gox & stamp; also check it.  Android and the like are prone to viruses and are imo a bigger risk then a pc which you can easily protect adequately.

PS doesnt bitstamp require email verification for withdrawls?  If you receive your mails on your mobile, it would take only one minute for such a thing on mobile from people having fysical acces to your mobile device.  All the info would also be found at the linked google account if you use android.

In all cases, use two-factor authentication!  Cumbersome but it will decrease the chance for such events.


          ▄████▄
          ██  ██
 ▄▄▄▄     ▀████▀     ▄▄▄▄
██▀▀██     ▄▄▄▄     ██▀▀██
██▄▄███▄▄██▀▀▀▀██▄▄███▄▄██
 ▀▀▀▀ ▀██▀▄████ ▀██▀ ▀▀▀▀
       ██ ██     ██
 ▄▄▄▄  ██▄▀████ ▄██  ▄▄▄▄
██▀▀██  ▀██▄▄▄▄██▀  ██▀▀██
██▄▄██     ▀██▀     ██▄▄██
 ▀▀▀▀     ▄████▄     ▀▀▀▀
          ██  ██
          ▀████▀
Coinlancer
          ▄▄████████▄▄
      ▄▄████████████████▄▄
    ▄█████████████████████▄
   ▄████████████████████████▄
  ████████████████████████████
█████████████████████████████▄
████████████████████████████████
██████████████████████████████
███████████████████████████████
████████████████████████████████
███████████████████████████████
▀█████████████████████████████▀
  █████████████████████████
   ▀███████████████████████▀
    ▀█████████████████████▀
      ▀▀████████████████▀▀
          ▀▀████████▀▀
CL
WHITEPAPER         ANN THREAD
Coinlancer
FACEBOOK     TWITTER     MEDIUM     TELEGRAM
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
!!
Kj1
Sr. Member
****
Offline Offline

Activity: 319



View Profile
August 28, 2013, 10:30:59 AM
 #14

wow thats a lot of btc's into/out that adress.
I wonder if its a worm or something.

          ▄████▄
          ██  ██
 ▄▄▄▄     ▀████▀     ▄▄▄▄
██▀▀██     ▄▄▄▄     ██▀▀██
██▄▄███▄▄██▀▀▀▀██▄▄███▄▄██
 ▀▀▀▀ ▀██▀▄████ ▀██▀ ▀▀▀▀
       ██ ██     ██
 ▄▄▄▄  ██▄▀████ ▄██  ▄▄▄▄
██▀▀██  ▀██▄▄▄▄██▀  ██▀▀██
██▄▄██     ▀██▀     ██▄▄██
 ▀▀▀▀     ▄████▄     ▀▀▀▀
          ██  ██
          ▀████▀
Coinlancer
          ▄▄████████▄▄
      ▄▄████████████████▄▄
    ▄█████████████████████▄
   ▄████████████████████████▄
  ████████████████████████████
█████████████████████████████▄
████████████████████████████████
██████████████████████████████
███████████████████████████████
████████████████████████████████
███████████████████████████████
▀█████████████████████████████▀
  █████████████████████████
   ▀███████████████████████▀
    ▀█████████████████████▀
      ▀▀████████████████▀▀
          ▀▀████████▀▀
CL
WHITEPAPER         ANN THREAD
Coinlancer
FACEBOOK     TWITTER     MEDIUM     TELEGRAM
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
!!
hardpick
Sr. Member
****
Offline Offline

Activity: 252



View Profile
August 28, 2013, 10:34:11 AM
 #15

"PS doesnt bitstamp require email verification for withdrawls?  If you receive your mails on your mobile, it would take only one minute for such a thing on mobile from people having fysical acces to your mobile device.  All the info would also be found at the linked google account if you use android."

did not receive any email when the hacker withdrew all my btc
Kj1
Sr. Member
****
Offline Offline

Activity: 319



View Profile
August 28, 2013, 11:10:57 AM
 #16

you should enable that email verification in security settings

          ▄████▄
          ██  ██
 ▄▄▄▄     ▀████▀     ▄▄▄▄
██▀▀██     ▄▄▄▄     ██▀▀██
██▄▄███▄▄██▀▀▀▀██▄▄███▄▄██
 ▀▀▀▀ ▀██▀▄████ ▀██▀ ▀▀▀▀
       ██ ██     ██
 ▄▄▄▄  ██▄▀████ ▄██  ▄▄▄▄
██▀▀██  ▀██▄▄▄▄██▀  ██▀▀██
██▄▄██     ▀██▀     ██▄▄██
 ▀▀▀▀     ▄████▄     ▀▀▀▀
          ██  ██
          ▀████▀
Coinlancer
          ▄▄████████▄▄
      ▄▄████████████████▄▄
    ▄█████████████████████▄
   ▄████████████████████████▄
  ████████████████████████████
█████████████████████████████▄
████████████████████████████████
██████████████████████████████
███████████████████████████████
████████████████████████████████
███████████████████████████████
▀█████████████████████████████▀
  █████████████████████████
   ▀███████████████████████▀
    ▀█████████████████████▀
      ▀▀████████████████▀▀
          ▀▀████████▀▀
CL
WHITEPAPER         ANN THREAD
Coinlancer
FACEBOOK     TWITTER     MEDIUM     TELEGRAM
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
!!
b!z
Legendary
*
Offline Offline

Activity: 1568



View Profile
September 01, 2013, 10:37:49 AM
 #17

Format hard drive, and don't recycle passwords.

Kj1: nobody uses "worms", it is not 1995.
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
September 01, 2013, 11:06:05 AM
 #18

Format hard drive, and don't recycle passwords.

Kj1: nobody uses "worms", it is not 1995.
I use worms  Cheesy


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
b!z
Legendary
*
Offline Offline

Activity: 1568



View Profile
September 02, 2013, 06:37:02 AM
 #19

Format hard drive, and don't recycle passwords.

Kj1: nobody uses "worms", it is not 1995.
I use worms  Cheesy

Ok, now I know at least 1 person still uses 'worms'.
Lauda
Legendary
*
Offline Offline

Activity: 1666


GUNBOT Licenses -10% with ref. code 'GrumpyKitty'


View Profile WWW
September 02, 2013, 10:03:49 AM
 #20

Format hard drive, and don't recycle passwords.

Kj1: nobody uses "worms", it is not 1995.
I use worms  Cheesy

Ok, now I know at least 1 person still uses 'worms'.
It's something.


▄██████████████████
███████████████████
███████████████████
█████████████████
███████████████
████████████████
████████████████
█████████████████
███████████████████
████████████████████
█████████████████████
▀████████████████████
Bazista®
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██

██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
██ █  ██ ██
██   ██  ██
██  ██   ██
██ ██  █ ██
|||
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!