Computer Hacked

[yodoberman]

What happened to me last night:

I have around 20 wallets and a cryptsy account. Last night i was on my desktop doing a bit of trading on Cryptsy. I just put up a buy order, for about 1.15 bitcoin. In the mean wile i was reading some topics here about stuff. After i head back to Cryptsy to look if my order already bought the coins i wanted i see it issnt there anymore. I head to Balance to see nothing there as well. Strange i think at that point. Then i look at withdrawls and see 1.15 BTC has been transferd out and confirmed!! At this time a bit of panic starts to rise.

After checking my mail, becouse a withdrals requires a conformation by mail the terror is complete. It indeed has been confirmed. 1.15 BTC stolen. So they got into my computer i realise. Immediatly i check all my wallets, and all wallet.dat files from all the wallets are gone as well. A total estimate of 3 BTC in alts stolen.

A couple hours later and i understand now i have to secure my computer and accounts better. I just wanted to share this with you guys to prevent anything like this happening to you, make sure to secure youre desktop. I am still very pissed off.

[Siegfried]

Were you using Windows?

[RaTTuS]

see lastpass.com keeppass.info
pirated software
trojans
firewalls
common sense
your virus software being kept uptodate
ipcop
not re-using passwords
not downloading software from dubious places
what dialogs tell you
and a host of other things

your computers was not hacked - you probably installed it.

[yodoberman]

Windows yes, offc i must put a big finger towards myself i know this. I was thinking to light.

[Sephera]

Is lastpass safe?

[stash]

Is lastpass safe?

lastpass safe enough if you enabled it 2FA with yubikey.

[Sephera]

Is lastpass safe?

lastpass safe enough if you enabled it 2FA with yubikey.

Oh do they have google authenticator option?

Found it, is it possible to copy and print those barcodes in case you lose your phone?

[DCP]

A couple hours later and i understand now i have to secure my computer and accounts better. I just wanted to share this with you guys to prevent anything like this happening to you, make sure to secure youre desktop. I am still very pissed off.

Sorry to hear that man, that really sucks.

[Sephera]

Soon we have to start securing our desktops with 2FA.

[xb0x]

seems a RAT did it, as with keylogger one can get your pwds but not directly your wallet.dat file.

or a custom keylogger  / bot targetting crypto did it

[btcfaucet]

see lastpass.com keeppass.info
pirated software
trojans
firewalls
common sense
your virus software being kept uptodate
ipcop
not re-using passwords
not downloading software from dubious places
what dialogs tell you
and a host of other things

your computers was not hacked - you probably installed it.

One more for the list: Ad Phishing.

Is there any chance that you didn't type in 'cryptsy' into the URL bar but into Google and clicked the first link?
Attackers obtained 25 BitBargain passwords recently (and withdrew coins) using this method (paid AdWords ads).

More information: http://blog.bitbargain.com/post/72291969464/phishing-attack-mtgox-name

I'm guessing BitBargain wasn't the first or the last website they pulled this with.

[yodoberman]

I always type it in the url bar.

[Kiki112]

try scanning your computer with an antivirus, you might find out that someone has remote access to your PC and don't let it happen again!!
if he had access once, he can do it again,so make sure it doesn't happen..

altough it might  be something with cryptsy so  try contacting their support
low odds but it's worth a try

[Sephera]

What steps do you need to do to secure all computers, accounts and wallets?

[manobra]

What steps do you need to do to secure all computers, accounts and wallets?

As a developer, I'll tell you how it works...

Wallets are a very specific new target to be stolen...(and very sma in Kb).

Keyloggers that can Make a screen shot of every click and key press (50kb)

If I send it to you, u can try it on virustotal.com (or anti antivirus software), ZERO detection.

I can say: hey! Take this miner that works better for your kind of rig....

My program is inside this "miner", and as soon as u execute it... Your computer is mine...

I mean... It can be configured to follow my instructuions (log your keys, screen shot, download wallet.dat, etc...)

But if I run it under a virtual machine in order to watch its behaviour?
No, no, no.... My program shows you a different screens when under vmware/virtual box/etc...

My firewall may block it? Hmmmm... Forget about Windows firewall, my program creates The rules for itself.

And running as a Windows service, my program have The same rights to do the same things as your firewall/antisomething have... That means I could disable it...

Remember: if The user open The door, antivirus/malware/etc.. cant do much...

You are your Bank... You r your security...

O can just give my opinion on this matter....

[Sephera]

BTC really need to take measures against hacking and stealing. I think that's the only flaw in BTC.

[cp1]

I have around 20 wallets

I'm betting one of them was malicious.

[Vod]

BTC really need to take measures against hacking and stealing. I think that's the only flaw in BTC.

No, that's a flaw in the people who use BTC.

It's not hard to protect your coins as long as you know how to protect your computer. 

[manobra]

BTC really need to take measures against hacking and stealing. I think that's the only flaw in BTC.

No, that's a flaw in the people who use BTC.

It's not hard to protect your coins as long as you know how to protect your computer. 

Agreed 100%!

[mprep]

BTC really need to take measures against hacking and stealing. I think that's the only flaw in BTC.

No, that's a flaw in the people who use BTC.

It's not hard to protect your coins as long as you know how to protect your computer. 

Yeah, just treat it like your money. Would you walk around flashing your wallet everywhere?