How to deal with hack

[btcgoods]

Hey guys, I just got hacked I'm guessing on Cryptsy and Cavirtex somehow. I'm assuming a password was received from pool operators and the hacking started from there. I sent a support ticket to Cryptsy and i'm guessing it 'll take a while before they get back to me and I will call cavirtex tomorrow. I noticed in cavirtex that I received email abuot a login and if I should accept that device as legit. I didn't click the link to allow the login then I went into my account and changed the password and my BTC was in the account and fine. I come home tonight and it was shown that someone took the BTC out and I"m feeling sick about it. I'm not sure what to do about it if anything can be done about it. This is really disheartening. I put 2-factor authentication everywhere and now I'm extremely paranoid.

What do I do now? I guess I need to stomach that the BTC is gone? this is horrible :S

Just to add, here are the perpetrators addresses that they sent to:

1KkVU1bzBEtGmmUzk1iwPbfDLqcayoMsWA
1GCJW8SQW6s5oQ1atBanawmZ67Tn9nPS8R

And here are some transactoin IDs. Anyway to track this douche down?
262e1f872a35c2c0fa5dc9b29a884808265ab5ba0a0c0df2649a6ec679f6141f
002690eebcd4976a39ffdf0528e3ac1460a55aa432dc7b082e657786c309cb87

Also let's say my email, cryptsy and virtex account were all hacked. By changing passes to all different long passes and adding 2 way authentication and adding my cell number in gmail, should I feel safe? If this guy still has sessions open can he still use my accounts? I can't believe it, i really can't.

[Lucky Cris]

So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

[btcgoods]

So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.

[Lucky Cris]

Which wallets? Some are known to install the baddies...

Your AV software won't detect a keylogger. You might want to consult Google, but refrain from downloading anything that claims to be able to remove it unless you 100% can trust its validity.

I wish I could help you more, but that's as far as my knowledge goes. Hopefully someone else might be able to help. All else fail, wipe everything and install your OS. But before installing all those wallets, do a search on this forum to see if it's one of the ones installing shit on people's shit.

Also, don't use the same computer to change your passwords, use a tablet or something. Change all of your passwords. And 2F authentication is a must.

Keep us posted.

[btcgoods]

Which wallets? Some are known to install the baddies...

Your AV software won't detect a keylogger. You might want to consult Google, but refrain from downloading anything that claims to be able to remove it unless you 100% can trust its validity.

I wish I could help you more, but that's as far as my knowledge goes. Hopefully someone else might be able to help. All else fail, wipe everything and install your OS. But before installing all those wallets, do a search on this forum to see if it's one of the ones installing shit on people's shit.

Also, don't use the same computer to change your passwords, use a tablet or something. Change all of your passwords. And 2F authentication is a must.

Keep us posted.

I may have a lead on an IP that points to Fast Serv Networks, LLC . Anyone know of any pools from there? I will verify the IP and give them a call.

[btcgoods]

Also here's a list of my wallets, are any of these known to be corrupt?

42coin
applecoin
baconbits
bosscoin
casinocoin
clockcoin
coinyecoin
cryptonium
datacoin
digibyte
digitalcoin
earthcoin
esportsmoney
fckbankscoin
gamecoin
globalcoin
goldcoin
inifnitecoin
noblecoin
nutcoin
nxt
onlinegamingcoin
philosopherstone
pxlcoin
stalwardbucks
unicoin
velocity

Its a big list I know, some i don't have balances on and will be deleting. Some that I have dleted that I remember, the fake keisercoin, but its long gone.

[BBQminter]

So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.

Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.

[Lucky Cris]

Good lord! That is a list!

I found this thread, pretty informative.

https://bitcointalk.org/index.php?topic=405753.msg4397425#msg4397425

A couple of these could be the culprit, especially if you didn't download from the source. There's a reference left on this link where you can check the wallets.

And if it turns out to be a compromised wallet, a simple uninstall still won't get rid of a Trojan. Please let us know what you find.

[Lucky Cris]

So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.

Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.

Which is why a full system wipe is recommended.

[BBQminter]

You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.

[btcgoods]

I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S

[BBQminter]

So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.

Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.

Which is why a full system wipe is recommended.

Agreed.

[BBQminter]

I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S

How secure was your password (be honest with yourself)?  Never use the same password for multiple sites or purposes.  Consider ordering a yubikey as well.

[btcgoods]

You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.

You're right, I was actually planning on doing this soon, but time got the best of me and well I should've done it and many other things, i was just so busy with work and 2 side projects trying to hustle to pay bills, in the end this mistake was more expensive.

[btcgoods]

I saw Yubikey recently as an option and was going to look into it. For now i'm using google 2 auth.

[btcgoods]

I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S

How secure was your password (be honest with yourself)?  Never use the same password for multiple sites or purposes.  Consider ordering a yubikey as well.

Well I"m convinced its more from reused password from a pool than a key logger. I will be calilng them tomorrow to see if I can get any additional info.

[Lucky Cris]

You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.

And my dumb ass have VMs and I'm not doing this.

This is great advice, thanks  

[prezbo]

I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S

How secure was your password (be honest with yourself)?  Never use the same password for multiple sites or purposes.  Consider ordering a yubikey as well.

Well I"m convinced its more from reused password from a pool than a key logger. I will be calilng them tomorrow to see if I can get any additional info.

With all those installed clients I'd be very surprised if none of them came with a keylogger.

[btcgoods]

eh yeah I will be doing that virtual machine thing tomorrow and seperating the main wallets from the alts. just a shitty day overall going to try and get some sleep. Thanks for all the suggestions, if I get any leads to a culprit I will post back. Night night

[CatCoin]

You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.

And my dumb ass have VMs and I'm not doing this.

This is great advice, thanks  

No problem.  Be sure to back up these VMs regularly as well.  It might save you a lot of trouble some day, and creating a backup of a virtual machine is as easy as it gets.