90 BTC stolen!

[Sonny]

No need, if the machine is offline. It can have trojans up the wazoo but if they can't talk to the controller, then they're useless.

Unless it was really sneaky and inserted its own wallet.dat, so that you sent it your coins.

Ok, fine, that's a point. But just for the sake of counterpoint, the wallet can be derived from the seed. So, if simply check that the seed leads to that private key, you should be fine.

Sure, but if they insert their own seed...
And then there's the ultrasonic magic communication the NSA does...
Just reformat

But then there's the low level bios...

Better to build it from scratch, get a CPU fab shop in your garage

Look, all you need is a log-free, virus-free, ultrasonic magic communication-free, SHA calculator, along with hopefully a random number generator (although random numbers can be generated "manually" if need be). That can be an old computer, whatever. I still think in the future there will be dedicated hardware that physically CAN'T get a virus, though.

lol. I couldn't imagine my little disk formatting suggestion could go this far.

[theonewhowaskazu]

No need, if the machine is offline. It can have trojans up the wazoo but if they can't talk to the controller, then they're useless.

Unless it was really sneaky and inserted its own wallet.dat, so that you sent it your coins.

Ok, fine, that's a point. But just for the sake of counterpoint, the wallet can be derived from the seed. So, if simply check that the seed leads to that private key, you should be fine.

Sure, but if they insert their own seed...
And then there's the ultrasonic magic communication the NSA does...
Just reformat

But then there's the low level bios...

Better to build it from scratch, get a CPU fab shop in your garage

Look, all you need is a log-free, virus-free, ultrasonic magic communication-free, SHA calculator, along with hopefully a random number generator (although random numbers can be generated "manually" if need be). That can be an old computer, whatever. I still think in the future there will be dedicated hardware that physically CAN'T get a virus, though.

lol. I couldn't imagine my little disk formatting suggestion could go this far.

This is bitcointalk. Its an unwritten rule that we must take everything anybody posts and take it to the logical extreme.

[Valerian77]

This money is lost - it went through many addresses:
https://blockchain.info/de/tree/109329398

Secondly the root cause seemed to be an old qt wallet that has been password secured later. So that the thief could use an old wallet file with a subest of the private keys to steal the 90 BTC instead of everything.

Thirdly @philipzhai - you may check where you kept your old wallet files. Especially cloud space, forums or email accounts. Maybe you gave an old disc or computer away containing the wallet file.

Finally it should be clear that no wallet is 100% safe. There are many recommendations how to create safe wallets and keep them safe. Eg.
 - create offline paper or brain wallets with btcaddress.org
 - encrypt wallet.dat and keep it offline most of the time
 - use anti malware and anti virus software to detect key loggers
 - ....

From my experience I can say that nothing is finally 100% safe. For one a unencrypted wallet.dat with bitcoin-qt may be safe because it is used in a safe system. For another one even the offline generated paper wallet is not safe because on reuse his smartphone is infected.

This situation is a clear sign that we have to manage system security more carefully because the system use cases are extended into a secure area. Everybody must be aware about the traps and open doors in his systems (computer, smartphone, ...) like everybody keeps care about closing the doors and windows of his house over night. This is a ongoing and demanding task and requires awareness for anybody.

@philipzhai even if I do not think you will ever see your money again (except someone of your near environment was the culprit) I feel pity.

[chaolang]

must be malware

[cczerouno]

If tools like BitIodine were public, maybe these cases would have more chances, and thefts would reduce frequency.
http://miki.it/pdf/BitIodine_presentation.pdf
http://miki.it/pdf/thesis.pdf

is this your paper?

No, it's by an Italian guy from Politecnico of Milano.
I looked at it, but I'm writing in pure C a smaller but more specific learning/forensic tool.

[LiteCoinGuy]

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  ?

[alani123]

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  ?

what's wrong with dogecoin?

[manobra]

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  ?

what's wrong with dogecoin?

He likes to plant the seed... 

[exstasie]

This money is lost - it went through many addresses:
https://blockchain.info/de/tree/109329398

Oh nice!  That's pretty cool.  Didn't realize you could track it like that.

Sorry to the OP for the loss.  That hurts

[reanor]

The only way they can steal anything from any wallet is if they get a hold of the wallet.dat file. There is simply no other way. So at some point you get hacked, you may not even notice this, then when you have enough coins to steal they will sact. I think it makes sense to change your wallets, create a new ones on regular basis and transfer the coins around and always encrypt your wallets with 128bit+ passwords. You may not know when they put a keylogger on your PC if its not properly protected. I wouldn't be surprised if some Pool sites are infected with keylogger scrypts. They dont steal accounts maybe because its easier to just get into your wallet and steal your coins especially if you have weak passwords.

I bet they try to brute force the password, running their little evil scrypts to try to hack your password every day like you are running miner every day. So if password isn't changed like on weekly basis it is eventually hacked. As more often password changed as more complicated is to hack through your wallet as long as you don't have a keylogger. There are also programs out there that would populate the password field for you without you typing anything, in that case keyloggers won't help the hacker.

When you deal with something as open and raw as Internet you need to take 10x times stronger precautions than what you'd do for something like a house or a safe. Use different PCs every month (virtual machines, image, clone etc), transfer your coins around so they don't sit in the same wallet for weeks etc etc. Its hard to catch a log on the river with a strong current.  If you get rich and catch an eye of the hacker they will be tracinh you, hacking you, following your every online move until they get a hold of your wealth. Then they will vanish and you will never find them.

Sorry to hear that OP, but maybe your unfortunate problem can be a reminder for others to watch out, you are on the Internet!

[Satosh¡ Slot]

Now I just want to know how the wallet summary can show a double-direction arrow and a n/a address?

I didn't see anyone answer. I'm pretty sure I have understood this properly:

• The double arrow is shown when a transaction is made that has inputs other than are in the wallet of the QT you are running. It was created by another client that has your privkey and other privkeys that you don't have.
• The n/a address is shown when there are more than one output that is not a change address in your own wallet. In the transaction you are mentioning, none of the outputs are likely a change address, so QT can't know which one to show.

This means that if your wallet file was stolen, the thief imported other addresses before they sent, or they are creating transactions with different software that they importet you privkey and other privkeys to.

-OR-

This kind of transaction is actually most likely to be caused by the real owner after he/she has been exporting and importing addresses and been playing around with wallet files. In this case the coins weren't stolen but just transferred by mistake to another address you own. Coins might not be lost after all!

[jubalix]

I feel like all these stories require further investigation. As much as we all like to talk about backdoors and keyloggers, I have yet to hear ANYONE losing their accounts to keyloggers.

I agree with this.

Post Snowden, It's seems plausible that there are backdoors keylogger in hardware, eg intel and amd. Aso probally widows software.

I mean why wouldn't there be? The Gov just leans on them to do it.

I'm not sure how easy this is to check in the circuitry of an intel chip, though I think some one would have noticed by now....maybe.

Using a linux o/s offline that signs transactions seems the only safe way.

This is one of the driving reasons I wrote my coinwatcher software. I can load a html web page, and see all my addresses with no login, no private keys, no wallet, no sign in or anything and I can conveniently see what is in my addresses. Though I would use behind TOR so block chains that it queries do not get wise to where your IP.

[serenitys]

With all due respect, yall sound absolutely paranoid as all get out.

User error is likely the first main cause of anyone, n00b or seasoned, losing bitcoin or anything else.

I am curious why it's all focused on hackery though. I recognize malware being what it is but it seems logical to me that for anyone to lose 90btc to theft, (what's that again 38 grand?) they were specifically targeted, which doesn't seem like malware which is more random. Malware might scan for it but it has to have a root somewhere to even know TO scan for it. So would a hacker. I could have 90btc right now (I don't, wish like hell I did though!) and who'd know it? How would a hacker have any idea what I have or where I have it or THAT I have anything at all? Seems like random scans are a serious waste of processing power for x number of computers whose users don't even have a clue what bitcoin even is.

That's why it seems like the person was targeted by someone who did know and did know where it was stored and did know what was being used for security. It wasn't a random, wild lucky guess oh hey, this guy has bitcoin, let's take it!

How common is it people get keyloggers - realistically speaking? How do you know if you have one/more? Even the suggestions on the one hand to run all sorts of anti virus/malware scans get opposed by others saying well, you can have them and they're undetectable til it's too late. What the hell are people doing where they end up getting keyloggers?

The exchange the last couple of pages with the one person just digging up every possible FUD gloom scenario is all spooky but how realistic is it the average person will ever encounter all that without some "hacker thief" on the other end expending an ENORMOUS amount of energy, time, and attention to doing all that convoluted shit when he'd make more money just hacking into a regular bank account and swiping it the old fashioned way, or hacking gift cards.

If they're going to this trouble, isn't it more reasonable it'd been a focused specific act of theft?

Can it be positively proven any of these stories of theft are actually theft and not legit transactions - such as the scenario Joe Blow sees "A" transaction of 50btc made and pretends they were "his" all along and tries to get it sent to him instead?

Can any of these tales of theft be proven? Most everything the government and media say about bitcoin is how unsecure it is. If it was THAT risky nobody would be sinking millions of dollars into it. They have way more to lose than some random btc enthusiast with a few bitcoin. Why would any hacker thief in his/her right mind waste a shred of a second going after 90btc when they could go after the people holding hundreds of btc?

Add to that, all these stories (aside from on this forum) all seem to be that hackers hacked the exchange and made off with bitcoin.

Really?

Correct me if I'm mistaken here but exchanges trade fiat currency that is easily spent here and now with digital cryptocurrency that's hardly accepted anywhere. And you mean to tell me a hacker is that much of a screaming dumbass he'd steal virtual currency whose value could be $1 three hours after he steals it instead of fiat he could cash out in a hurry?

These exchanges that popped up - omg we got hacked, *boom* shut down. New one pops up...omg we got hacked too! *boom* shut down. That's the pattern, these new exchanges jump up, claim hackery and bankruptcy and vanish. Sounds to me like someone's full of shit - hackers didn't hack anything, the ones running the exchanges were the real thieves and made off with people's money.

In real life, without being specifically targeted, how common - realistically speaking - is it for bitcoin owners to end up with keyloggers and trojans and malware  specifically programmed to sniff out and steal bitcoin without the user going somewhere specific or downloading something specifically related TO btc in the first place - which would seem rather easy enough to root out.

Sincere questions and observation.

[phillipsjk]

In real life, without being specifically targeted, how common - realistically speaking - is it for bitcoin owners to end up with keyloggers and trojans and malware  specifically programmed to sniff out and steal bitcoin without the user going somewhere specific or downloading something specifically related TO btc in the first place - which would seem rather easy enough to root out.

Sincere questions and observation.

Don't have numbers, but I suspect machine take-over tools may now scan for Bitcoin wallets "just in case". Bitcoin for the first time, allows you to instantly transfer value in an irreversible way: over the Internet. Most online banking involves reversible transactions; and are not nearly as lucrative.

There is also the long-term possibility that trusted giants like Apple, Google, and Microsoft may start installing key loggers for one reason or another (rogue employee, 3-4 letter agency request). The only way to guard against that is to keep the bulk of your funds off-line.

[Satosh¡ Slot]

Correct me if I'm mistaken here but exchanges trade fiat currency that is easily spent here and now with digital cryptocurrency that's hardly accepted anywhere. And you mean to tell me a hacker is that much of a screaming dumbass he'd steal virtual currency whose value could be $1 three hours after he steals it instead of fiat he could cash out in a hurry?

It's not exactly easy to get away with wire transfers as they are processed hours or days later. Bitcoin is probably more convenient to steal.

These exchanges that popped up - omg we got hacked, *boom* shut down. New one pops up...omg we got hacked too! *boom* shut down. That's the pattern, these new exchanges jump up, claim hackery and bankruptcy and vanish. Sounds to me like someone's full of shit - hackers didn't hack anything, the ones running the exchanges were the real thieves and made off with people's money.

Agreed.

[solimi]

You should run an antivirus program on your computer to see if there are trojans or malware.

[Satosh¡ Slot]

Now I just want to know how the wallet summary can show a double-direction arrow and a n/a address?

I didn't see anyone answer. I'm pretty sure I have understood this properly:

• The double arrow is shown when a transaction is made that has inputs other than are in the wallet of the QT you are running. It was created by another client that has your privkey and other privkeys that you don't have.
• The n/a address is shown when there are more than one output that is not a change address in your own wallet. In the transaction you are mentioning, none of the outputs are likely a change address, so QT can't know which one to show.

This means that if your wallet file was stolen, the thief imported other addresses before they sent, or they are creating transactions with different software that they importet you privkey and other privkeys to.

-OR-

This kind of transaction is actually most likely to be caused by the real owner after he/she has been exporting and importing addresses and been playing around with wallet files. In this case the coins weren't stolen but just transferred by mistake to another address you own. Coins might not be lost after all!

I take the freedom to quote myself because the thread was actually about this question mentioned above. The guy has 2 Bitcoin QT wallets and I think I have solved the puzzle... no hacking invlolved. philipzhai, did you ever find out exactly what happened?

[phillipsjk]

You should run an antivirus program on your computer to see if there are trojans or malware.

Does not work if your anti-virus provider is pushing the malware updates (or looking the other way).

/tinfoil hat

[sgk]

I thought a double-direction arrow and "n/a" in the transaction field in Bitcoin-Qt represented a transaction between addresses within the same wallet?

^^ THIS

[omegaflare]

Armory 0.91.2 will def. solve this problem because they have cold-storage wallet. You should scan for viruses daily if you have that much BTC.

Where did you store your 90 BTC? Bitcoin cloud service?