Bitcoin Forum
September 21, 2018, 01:06:30 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: HELP!! Hacked using Blockchain.info! Someone sent my BTC AWAY!  (Read 6139 times)
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 08:50:01 PM
 #1

Hi friends, help me please, i just imported some BTC from my paper wallet via Blockchain.info this was my paper wallet public adress

https://blockchain.info/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

It was sent another adress of mine this one: https://blockchain.info/pt/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ this adress was inside my wallet at Blockchain.info webclient.

Then i ve send 4.7131 to another adress of mine 18hZHGUkLSs9dUMJWQ5jHRVpBLZrKB8G2r

But in my wallet it shows another crazy transaction to an UNKNOWN adress, and this transaction kind of RIPS the rest of my whole funds! The transaction goes to this adress:  https://blockchain.info/pt/address/17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2

This is the UNWANTED TRANSACTION:  10c226cc42d80b11249f304f817397e9a30039134afeb9abca181b38a100c55e

Is that possible to track this IP who ordered that? Is that a chance to protect me from that? Maybe paint the coins, HELP!

This is the unwanted transaction, please somebody tell me what may be happening, if there is some miners over there, please don't accept that one, shit, don't know what to do, please help me, i thought this problem of the private key being stoled was already adressed by Blockchain.info... Why the change from the first transaction was sent to the same adress? Somebody please give me a light...

Thanks,

Mark

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537535190
Hero Member
*
Offline Offline

Posts: 1537535190

View Profile Personal Message (Offline)

Ignore
1537535190
Reply with quote  #2

1537535190
Report to moderator
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 08:54:34 PM
 #2

I cant believe somebody just stole 10BTC from me, please help
No expert out there? I ve heard before that it is risky to send BTC from the same adress more than 1 time, maybe that was what happened, please someone help... How can i contact Blockchain.info developers??? Why they havent corrected this flaw???

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
gannicus
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
December 16, 2013, 09:49:00 PM
 #3

There is nothing you can do, your BTCs are lost.
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 09:52:49 PM
 #4

I know, but how can i track that adress who stole my coins?

Is there any service out there? And how about this flaw in Blockchain.info system? Why they just don't DELETE the adress that has already been used and automatically create a new adress of mine if i m sending not all the coins from one adress?

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 09:54:09 PM
 #5

Just found this thing, anyone knows anything else?

http://www.coindesk.com/what-should-we-do-with-stolen-bitcoins/

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
not.you
Legendary
*
Offline Offline

Activity: 1703
Merit: 1017


View Profile
December 16, 2013, 09:54:52 PM
 #6

The fact that it happened immediately after you did your transaction suggests maybe there is malware on the computer you used.  Something may have recorded your keystrokes to log in to the blockchain wallet. Unless you turned on logging on your blockchain account I don't think you can get the IP of the person who accessed your wallet.
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 09:57:27 PM
 #7

Malware? You mean my computer is being watched?

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 16, 2013, 10:36:49 PM
 #8

Tell me more about this address

https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ

Your history with this address shows:

1 BTC deposit on 7/31
1 BTC withdrawal on 8/12 - leaves a zero balance

Later...

14.7037 deposit today @ 20:19
4.7131 withdrawal today, 5 minutes later, change of 9.9905 goes back to this same address

9.9905 sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, still unspent as of this post.

Where did this 1NXboo address come from - in other words how was it generated?

Exactly how did you do the transaction

https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b

What client did you use?  Did you ask for the change to go back to the same address or did the client do that automatically?  Where was the client running (PC, phone, etc.)?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 11:08:17 PM
 #9

This Adress https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ belongs to my wallet inside of Blockchain.info , i m using as a browser cllient on Mozilla Firefox.

The deposit today of 14.7037 BTC @ 20:19 was done from me when i redeemed a private key from my paper wallet, the public key of my paper wallet was https://blockchain.info/pt/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

The 4.7131 BTC withdrawal today was made from me. The change of 9.9905 went back to this same address AUTOMATICALLY and was sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, BUT IT WAS NOT SENT BY ME! When i wanted to distribute the funds to another wallet my account on Blockchain.info was ripped!


To make this transaction https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b
i just sent the amount i wanted to some other adress of mine. Just pushed the send button at the webclient, it worked.

But the sending to this adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 was NOT SEND BY ME! And it was the larger amount of BTC!

I m really sad... there it goes my money so hardly earned! Please if anybody help me to recover those coins i swear i will give a present for you.

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 16, 2013, 11:20:14 PM
 #10

Next questions:

In your blockchain.info wallet on the "recieve money" tab how many addresses are show?  Do any or them say (watch only)?  If so how many of them are watch only?

Back to the 1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ address:  was it automatically generated by blockchain.info?  Did you press the "new address" button OR was it imported from somewhere (paper or brain wallet)?  You first used it back in July.  Do you remember if it was imported or generated and how it was generated?   


Have you ever used blockchain.info on your phone using the phone ap?

Are you going to blockchain.info through the web interface or are you using a browswer plug in?  I assume you are just using the web interface.

Finally:  how many characters is your blockchain.info password?  Do you use 2FA on your blockchain.info account?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 16, 2013, 11:36:38 PM
 #11

Those are the adresses in my receive list:

1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)
12dEHPdNVBjByZEZ7kJjLH574FUnZrfStQ
1JPYNFPWvzsthiGZWWKNED2Lgd9dJbUo3K
1NkptN3nBviUED92FqZL4E9EEYTRcfAbDE
1HbnDpDocF9y6hyptnSp2ucUJqh5jzHMnj (imported from a paper wallet)
1A73FmupXc5brwcc9X4uXs7fHJJpu5VUKd (imported from a paper wallet)
1Bc6aYTdzEsGZT2jBDYgL66HV5jyRGSPJf (imported from a paper wallet)
1NY9Z3vcJHpY2WQabRxEK8fxQduKEceYF2 (imported from a paper wallet)
1H4gLKQB1CB7UsEbyBgPH7TheMywRxu6Ra (imported from a paper wallet)
1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo (this adress was imported the paper wallet, here were my funds, there is 2 options of importing private keys at blockchain.info, one is sending the funds to some already existing adress the second one is bringing the adress to inside of your wallet. First i claimed the coins, then the adress in a desperate attempt to get any coin back)

After i saw i was stolen i added the suspicious adress as watch only and added a label like this:
STOLEN COINS PLEASE SEND THEM BACK TO THE ADRESS THEY WERE STOLED FROM - 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 (Watch Only)

All of this happened by using the blockchain.info through the web interface.

My password at blockchain.info has 11 characters, i didn't use the 2FA on my account there.

Hey BurtW thanks for looking at this issue, i apreciate that, just the fact you are listening i can see some of MY security flaws...

But sad.... sad day!!!! Man....



Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 17, 2013, 12:48:31 AM
 #12

1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)


Do you still have the ipod ap?  Can you look in there and see if your coins are in the ipod?  They might be there (maybe)

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 17, 2013, 12:59:18 AM
 #13

Also, on your blockchain.info account please go to the home page, then account settings, then logging and see if another IP address besides your own has been logging into your account.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 17, 2013, 05:51:27 AM
 #14

Hi, BurtW, just saw the App as i told you it Syncs with the webclient, the adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 where the stolen-lost coins are in "watch only" as the webclient.

I can't see the IPs that used my webclient at the time of the theft because this feature was disabled, i just enabled it but can't see past Logs....  Sad

Just found 2 similar posts with much more coins lost

https://bitcointalk.org/index.php?topic=277595.new#new

and

https://bitcointalk.org/index.php?topic=277601.100

Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 17, 2013, 06:00:39 AM
 #15

How often and exactly how do you back up your blockchain.info wallet?  Is it possible someone could have gotten ahold of one of your wallet backups?

I am about out of ideas so, as a last resort, it is time to check your system for a key logger, etc.

Sorry I could not be of more help.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 17, 2013, 06:15:03 AM
 #16

I noticed you have started posting your problem in multiple theads.  Please stop that.  It will not help your situation and will only piss off those who are here trying to help you.

BTW one of the very first things I checked was whether or not the two transactions from your address had the same R values (a know weakness in ECDSA) and they do not.  That is not your issue.

However, since the key pair was created a pretty long time ago there may have been an issue with the way it was created way back then (possibly a bad PRNG) but I cannot prove that one way or another.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Mark_Twain
Full Member
***
Offline Offline

Activity: 180
Merit: 100



View Profile
December 17, 2013, 07:24:12 AM
 #17

Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention


Litecoins donations: LUNrACL2GoC8RhHqJbd4k2GnqX2xjixooY
Bitcoins donations: 1AWcSjq96oa5tqLyqPG2U729AzGPZW9aW4
icey
Legendary
*
Offline Offline

Activity: 1526
Merit: 1000


May the coin be with you..


View Profile WWW
December 17, 2013, 06:52:52 PM
 #18

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.
The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

This must be the problem.. You may have a RAT\Keylogger installed. What security software you running?
mayax
Legendary
*
Offline Offline

Activity: 1162
Merit: 1001


View Profile
December 17, 2013, 08:46:30 PM
 #19

Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention



Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right? Smiley

BurtW
Legendary
*
Offline Offline

Activity: 2310
Merit: 1009

All paid signature campaigns should be banned.


View Profile WWW
December 17, 2013, 10:36:28 PM
 #20

Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right? Smiley
Put up or shut up you spineless steaming pile of FUD.

You appear to be lost.  This is not the thread you were looking for.  Try this one:

https://bitcointalk.org/index.php?topic=374295.0

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!