My Bitcoin Nightmare.

[ixne]

It baffles me how anyone can do financial transactions on a system with free programs like Avast.  Pay a few bucks and get something that would give you way better security versus losing everything.  Lesson learned.

I wonder that you would trust antivirus programs to offer any serious protection at all. Frankly they do more harm than good, as evidenced in this case where the OP "scanned" his computer and assumed everything was fine.

He/she should have unplugged from the internet as soon as he suspected a keylogger, generated a new address on an unconnected computer or read-only boot image, and moved his bitcoin. Waiting for a virus scan is madness - it takes too long, misses too much, and you can do that after you move your coins anyway. If you do bitcoin transations regularly, keep a small amount of bitcoin on your connected computer, use a crazy long random password to encrypt your wallet and a password manager which lets you unlock with mouse-driven password entry rather than keyboard strokes.

[1714869743]

1714869743

[wasamata]

At this stage im not 100% sure if I was it was a keylogger or not, just guessing.
All I know is I sent 0.05 bitcoin to someone who bought it for 90$.
I Then bought 0.095  btc from virwox and sent it my acct leaving me with 0.7761.
Wake up in the middle of the night, and there's a sent transaction of 0.7761 btc
leaving me with 0.00051932 BTC.
I am guessing this because I changed my passphrase a few hours before all that happened
as well as clicked on a suspicious link which turned out to be an exe file with an icq picture.

[Meuh6879]

  don't use internet explorer or google chrome ... or firefox with keylogger in "add-ons" section (real ...  ).
ok ... don't use a PC 

[MPOE-PR]

OP, you have quite a bit of reading and learning to do re computer security and so forth, and in that sense, yeah, you'd be best sticking with something that nannies your security for you until such time as you can responsibly and confidently handle it yourself.

But it sounds like you at least vaguely understood that you were accepting inordinate amounts of risk at several points in your "nightmare". If you let the perceived urgency of whatever you're doing override your basic instincts towards caution and prudence, you'll likely go through the woodchipper now and then, whether you're working with BTC or anything else. If something seems like a shitty deal, a sketchy company, a bad idea, and you either don't have the time or don't have the interest to make a solid call on it, just don't do it. If for some reason you absolutely must, then you'll have to accept the likely forfeiture of your stuff.

Sucks that all of these hit you in a row, but by now you're in an excellent position to reassess your moves and work on getting a tighter ship together. Good luck.

[CoinHeavy]

Using a cloud wallet with multifactor authentication (password + sms key needed to login) would help significantly.  CoinBase has this.

You should also register your cloud wallet account with an email address that itself has multifactor authentication (e.g gmail).

The other thing you want is a record of all the sessions that occur so that you can regularly audit it to make sure no one else is logging in.

Bitcoin security is operational security.  A dedicated client/wallet machine is a good idea.  So is offloading some of the nuts and bolts of physical security to a professional service.

[qualia8]

First of all, I'm really sorry for your loss.  Blaming yourself on top of things won't do any good.  Security is still a major shortcoming of crypto, it's true.  You didn't do anything "wrong".

However... If you suspected a keylogger, you would have been better off making an account at blockchain.info or coinbase and signing up for 2FA.  The counterparty risk for 1 bitcoin is perfectly acceptable for that amount. The keylogger wouldn't have access to the codes going to your authenticator / sms, so couldn't access your account.

The more laborious method is using a fresh linux boot disk and, while offline, creating an encrypted paper wallet with the code from bitaddress.org.  That would also avoid the keylogger, but it's not yet newbie friendly.  (I know I've seen people selling completely loaded usbs on here, but I can't recall who or how much it costs.)

As others have said, your best bet would have been to come here for advice on how to sell your coin.

Sorry, again.

If I were you, I'd think about how to channel that rage productively.  Anger is the best motivation.  Think about how to channel it to get something you want.

[wasamata]

OP, you have quite a bit of reading and learning to do re computer security and so forth, and in that sense, yeah, you'd be best sticking with something that nannies your security for you until such time as you can responsibly and confidently handle it yourself.

But it sounds like you at least vaguely understood that you were accepting inordinate amounts of risk at several points in your "nightmare". If you let the perceived urgency of whatever you're doing override your basic instincts towards caution and prudence, you'll likely go through the woodchipper now and then, whether you're working with BTC or anything else. If something seems like a shitty deal, a sketchy company, a bad idea, and you either don't have the time or don't have the interest to make a solid call on it, just don't do it. If for some reason you absolutely must, then you'll have to accept the likely forfeiture of your stuff.

Sucks that all of these hit you in a row, but by now you're in an excellent position to reassess your moves and work on getting a tighter ship together. Good luck.

Thanks, I guess I deserved to have my btc collection ripped off like that huh.

"Praises the thieves"   

Can still see my coins sitting in someone else address dangling a carrot

[seanneko]

It baffles me how anyone can do financial transactions on a system with free programs like Avast.  Pay a few bucks and get something that would give you way better security versus losing everything.  Lesson learned.

Something that would give you way better security? Like what?

Anti virus programs are a joke. All they detect are the low hanging fruit like MegaFreeMicrosoftWindow50000.doc.exe. I have no anti virus or other similar programs and I've never had a virus in my life. How? I patch all my software immediately upon a new version being released, and I don't open suspicious files.

You could have every anti virus program in the world installed at the same time, but if a sufficiently motivated attacker targets you, they're all worthless. Whilst they claim to use heuristics to detect new threats that they don't have a signature for, the heuristics are quite poor. It takes virtually no effort to write malware which is not detected by any anti virus.

I'm not saying DON'T use anti virus, but as others have mentioned, they are far from infallible. They give both false positives and false negatives. The paid ones are generally no better than the free ones, and in many cases they're worse.

[Meuh6879]

Something that would give you way better security? Like what?

Kaspersky or G-Data do very good protection (in antivirus version ONLY) ... 
But, like you, i don't have one on the P2P machine ...  because it's useless.

I only have this on my "files & internet" machine. 

[Analyticse]

i am think this difirent some times

[Sonny]

i am think this difirent some times

 
Sorry, can't really understand what you want to say.

[theonewhowaskazu]

I'm reading tons of hack / keylogging complaints on these forums every day. Just goes to show how much further Bitcoin has to go by way of security.

[theonewhowaskazu]

It baffles me how anyone can do financial transactions on a system with free programs like Avast.  Pay a few bucks and get something that would give you way better security versus losing everything.  Lesson learned.

Something that would give you way better security? Like what?

Anti virus programs are a joke. All they detect are the low hanging fruit like MegaFreeMicrosoftWindow50000.doc.exe. I have no anti virus or other similar programs and I've never had a virus in my life. How? I patch all my software immediately upon a new version being released, and I don't open suspicious files.

You could have every anti virus program in the world installed at the same time, but if a sufficiently motivated attacker targets you, they're all worthless. Whilst they claim to use heuristics to detect new threats that they don't have a signature for, the heuristics are quite poor. It takes virtually no effort to write malware which is not detected by any anti virus.

I'm not saying DON'T use anti virus, but as others have mentioned, they are far from infallible. They give both false positives and false negatives. The paid ones are generally no better than the free ones, and in many cases they're worse.

Also, this really needs to be said. AV programs are a complete joke, usually not worth the trouble. A good firewall and knowing how to use it, as well as your computer in general, will go much further than mucking around with all that crap.

[chaolang]

Well ... when you exchange bitcoin (no chargeback) for paypal (with chargeback) ...
Welcome in real world, neo.

lol i like this !!

[AltorXP]

The only real way to be safe with BTC is offline storage, very painstaking indeed, but its the only way to be 100% safe.
Sorry for your loss OP, you couldnt have seen this coming, so it wasn't your fault  
For storing large amounts of BTC ($500+) I'd recommend anyone to use cold storage
As for possible having your PP pass stolen, make sure you change all your passwords, and dispute any unauthorized transactions.

[wasamata]

[/quote]

lol i like this !!
[/quote]


for one, I didn't exchange my "bitcoin for paypal" as genius above indicates.
ill laugh at you when u lose the lot and we'll see who neo is then smarta$$.

[Mobo]

Hope all goes okay