My Wallet got hacked and the hacker paid huge transaction fees to take the money

[Altoidnerd]

if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.

But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?

Nothing has to be running for someone to initiate a transfer of your funds if they have your sensitive information. 

[gamybtc]

You are wrong, Hacker did not paid huge fees.

check this out :



Why would he pay high fee?

[Forexperiments]

That's so bad 
How could the attacker hack a multibit wallet?
A custom trojan?

[jbssm]

You are wrong, Hacker did not paid huge fees.

check this out :



Why would he pay high fee?

Hi, I know that now, it's just that Multibit gave some 3.4 BTC fees like the screenshot I posted, but that part must have been some mistake.

[jbssm]

That's so bad  
How could the attacker hack a multibit wallet?
A custom trojan?

Well, I know the hacker had access to my email (I saw a login using the security questions in the GMAIL logs, it comes from some guy in Austria, but I think he was just running a TOR node).
Now, since the wallet backup was sent by email to another person, I think that's how he got it.

I don't know how he got the password tough... I have some suspicion it has something to do with Dropbox, but I can't find any logs in Dropbox to confirm this.

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.

[paul44]

I would work on the same principle as with anything related to security. Once compromised, always compromised. Backup the essentials and start afresh, its most likely the only option after any infiltration.

[cr1776]

That's so bad  
How could the attacker hack a multibit wallet?
A custom trojan?

Well, I know the hacker had access to my email (I saw a login using the security questions in the GMAIL logs, it comes from some guy in Austria, but I think he was just running a TOR node).
Now, since the wallet backup was sent by email to another person, I think that's how he got it.

I don't know how he got the password tough... I have some suspicion it has something to do with Dropbox, but I can't find any logs in Dropbox to confirm this.

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.

If your computer was compromised, be sure to change your password at blockchain.info from a different machine or be absolutely sure that it is clean now.

[paul44]

When it comes to things I fell I simply cannot lose, I am on suspicion alert 101%. Online backups from other parties are not trustworthy at all, if they have access (which could be a possibility) then there would be a lucrative market selling information. Trust nothing or no-one.

[Rannasha]

if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.

But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?

One way or the other, the attacker got access to your wallet file and the password. Whether that's from your backup or from your main machine is unknown. Note that if your computer has been compromised, the attacker could empty the wallet at any time, even when your computer is off.

[paul44]

and that's the most important point I feel. You have to be paranoid when it comes to anything money related. Not even directly but anything which could affect YOUR money. I am paranoid but I feel totally justified in being so.

[Abdussamad]

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.

blockchain.info is even worse than a desktop client! You computer has been compromized. Moving to blockchain.info won't make things any better.

What you should do is backup essential documents, delete everything on your computer, reinstall the operating system, install anti-malware software like anti-virus apps and scan and restore the backups. Then change your passwords everywhere including your email accounts. As far as bitcoins go you should move all the coins to a new wallet. Make sure you set a password on your new wallet.

[paul44]

This is exactly the sort of advice I was expecting and for that I thank you. Once something is compromised then its gone, out of the door, bolted!

Its how you move on from there that is important. I hope you can win!

[IsaacGoldbourne]

if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.

But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?

Not he wouldn't, just to add I use armory for any large amount of coin. Electrum offline storage also works well.

[jbssm]

Ok, thank you all for the support.

I already spent most of the day changing the most important passwords I have (email, dropbox, ebay, paypla, etc...).
I had installed Maverics (Mac OSX) about 1 month ago from scratch, but well, I guess it's time to be a bit paranoid so I'll install it again like you suggest.

About the lost bitcoins, perhaps it's a silly question, but do you think it's worth to make a complaint in the police? So far the hacker didn't move them from any of the two addresses where he sent them.

The IP address the hacker used was: 79.134.234.200
I can see this belongs to some guy in Austria, but like I said, I think he's just someone how runs a TOR server.

[jbssm]

if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.

But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?

Not he wouldn't, just to add I use armory for any large amount of coin. Electrum offline storage also works well.

Ok, just one thing. Where do you keep the backups for this? I mean, I could make a linux installation in a USB pen and use it just for keeping the bitcoins. But I'm afraid that if something happened to that USB pen, my BTC would be lost forever that way.

[paul44]

If it really is TOR then what is the point? It could be anyone and anywhere. Really sorry but its likely gone forever.

[jbssm]

If it really is TOR then what is the point? It could be anyone and anywhere. Really sorry but its likely gone forever.

Yeah, I kind of accept that would be the outcome. But I still feel the right thing would be to tell the police about it... even if they do nothing about the stuff :/

[GoodHosting]

*.is is Iceland.

Code:

% Abuse contact for '79.134.224.0 - 79.134.255.255' is 'abuse@fink.org'

inetnum:        79.134.224.0 - 79.134.255.255
netname:        CH-GLOBAL-20071024
descr:          Backbone ehf
remarks:        icecell-net
country:        IS
org:            ORG-GNSA2-RIPE
admin-c:        AF15-RIPE
tech-c:         AF15-RIPE
tech-c:         ME2795-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      AF15-MNT
mnt-routes:     AF15-MNT
notify:         noc@backbone.is

Also it does appear to be a Tor node.

 * Dns resolved 79.134.234.200 to masterchief2.tor.leo-unglaub.net

[empoweoqwj]

I currently keep mine in a blockchain.info wallet as it was recommended to me a while back. I would certainly be interested to hear if there is something more desirable though.

Electrum. I could never recommend storing your bitcoins online, sorry.

[blanc1664]

If your system is compromised they may have a key logger and have captured logins,password, and everything else.

How is it that the transfer AND the fee went to the same wallet?  Don't fees go to miners?