Bitcoin Forum
November 06, 2024, 04:03:05 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: How can the thief be found or my coins recovered?
totally gone - 219 (86.2%)
lawsuit - 18 (7.1%)
techinical help - 17 (6.7%)
Total Voters: 254

Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
Author Topic: 90 BTC stolen!  (Read 14008 times)
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 28, 2014, 01:00:01 AM
 #121


No need, if the machine is offline. It can have trojans up the wazoo but if they can't talk to the controller, then they're useless.

Unless it was really sneaky and inserted its own wallet.dat, so that you sent it your coins.

Ok, fine, that's a point. But just for the sake of counterpoint, the wallet can be derived from the seed. So, if simply check that the seed leads to that private key, you should be fine.

Sure, but if they insert their own seed...
And then there's the ultrasonic magic communication the NSA does...
Just reformat Smiley

But then there's the low level bios...

Better to build it from scratch, get a CPU fab shop in your garage Smiley

Look, all you need is a log-free, virus-free, ultrasonic magic communication-free, SHA calculator, along with hopefully a random number generator (although random numbers can be generated "manually" if need be). That can be an old computer, whatever. I still think in the future there will be dedicated hardware that physically CAN'T get a virus, though.


lol. I couldn't imagine my little disk formatting suggestion could go this far. Cheesy
theonewhowaskazu
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


View Profile
January 28, 2014, 01:40:17 AM
 #122


No need, if the machine is offline. It can have trojans up the wazoo but if they can't talk to the controller, then they're useless.

Unless it was really sneaky and inserted its own wallet.dat, so that you sent it your coins.

Ok, fine, that's a point. But just for the sake of counterpoint, the wallet can be derived from the seed. So, if simply check that the seed leads to that private key, you should be fine.

Sure, but if they insert their own seed...
And then there's the ultrasonic magic communication the NSA does...
Just reformat Smiley

But then there's the low level bios...

Better to build it from scratch, get a CPU fab shop in your garage Smiley

Look, all you need is a log-free, virus-free, ultrasonic magic communication-free, SHA calculator, along with hopefully a random number generator (although random numbers can be generated "manually" if need be). That can be an old computer, whatever. I still think in the future there will be dedicated hardware that physically CAN'T get a virus, though.


lol. I couldn't imagine my little disk formatting suggestion could go this far. Cheesy

This is bitcointalk. Its an unwritten rule that we must take everything anybody posts and take it to the logical extreme.

Valerian77
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
January 28, 2014, 01:48:13 AM
 #123

This money is lost - it went through many addresses:
https://blockchain.info/de/tree/109329398

Secondly the root cause seemed to be an old qt wallet that has been password secured later. So that the thief could use an old wallet file with a subest of the private keys to steal the 90 BTC instead of everything.

Thirdly @philipzhai - you may check where you kept your old wallet files. Especially cloud space, forums or email accounts. Maybe you gave an old disc or computer away containing the wallet file.

Finally it should be clear that no wallet is 100% safe. There are many recommendations how to create safe wallets and keep them safe. Eg.
 - create offline paper or brain wallets with btcaddress.org
 - encrypt wallet.dat and keep it offline most of the time
 - use anti malware and anti virus software to detect key loggers
 - ....

From my experience I can say that nothing is finally 100% safe. For one a unencrypted wallet.dat with bitcoin-qt may be safe because it is used in a safe system. For another one even the offline generated paper wallet is not safe because on reuse his smartphone is infected.

This situation is a clear sign that we have to manage system security more carefully because the system use cases are extended into a secure area. Everybody must be aware about the traps and open doors in his systems (computer, smartphone, ...) like everybody keeps care about closing the doors and windows of his house over night. This is a ongoing and demanding task and requires awareness for anybody.

@philipzhai even if I do not think you will ever see your money again (except someone of your near environment was the culprit) I feel pity.
chaolang
Full Member
***
Offline Offline

Activity: 308
Merit: 100



View Profile
January 28, 2014, 01:50:08 AM
 #124

must be malware
cczerouno
Newbie
*
Offline Offline

Activity: 25
Merit: 0


View Profile
January 28, 2014, 10:44:01 AM
 #125

If tools like BitIodine were public, maybe these cases would have more chances, and thefts would reduce frequency.
http://miki.it/pdf/BitIodine_presentation.pdf
http://miki.it/pdf/thesis.pdf

is this your paper?

No, it's by an Italian guy from Politecnico of Milano.
I looked at it, but I'm writing in pure C a smaller but more specific learning/forensic tool.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
January 28, 2014, 01:52:06 PM
 #126

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  Roll Eyes ?

alani123
Legendary
*
Offline Offline

Activity: 2576
Merit: 1509



View Profile
January 28, 2014, 02:13:53 PM
 #127

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  Roll Eyes ?

what's wrong with dogecoin?

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
manobra
Full Member
***
Offline Offline

Activity: 151
Merit: 100


View Profile
January 28, 2014, 02:28:06 PM
 #128

This recently happend to me to , are you sure you haven't been keylogged or anything?

You too? No, I am not sure.

did you download dogecoin qt or other bad software  Roll Eyes ?

what's wrong with dogecoin?

He likes to plant the seed...  Undecided
exstasie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1521


View Profile
January 28, 2014, 04:10:36 PM
 #129

This money is lost - it went through many addresses:
https://blockchain.info/de/tree/109329398


Oh nice!  That's pretty cool.  Didn't realize you could track it like that.

Sorry to the OP for the loss.  That hurts Sad

reanor
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
January 28, 2014, 05:47:56 PM
 #130

The only way they can steal anything from any wallet is if they get a hold of the wallet.dat file. There is simply no other way. So at some point you get hacked, you may not even notice this, then when you have enough coins to steal they will sact. I think it makes sense to change your wallets, create a new ones on regular basis and transfer the coins around and always encrypt your wallets with 128bit+ passwords. You may not know when they put a keylogger on your PC if its not properly protected. I wouldn't be surprised if some Pool sites are infected with keylogger scrypts. They dont steal accounts maybe because its easier to just get into your wallet and steal your coins especially if you have weak passwords.

I bet they try to brute force the password, running their little evil scrypts to try to hack your password every day like you are running miner every day. So if password isn't changed like on weekly basis it is eventually hacked. As more often password changed as more complicated is to hack through your wallet as long as you don't have a keylogger. There are also programs out there that would populate the password field for you without you typing anything, in that case keyloggers won't help the hacker.

When you deal with something as open and raw as Internet you need to take 10x times stronger precautions than what you'd do for something like a house or a safe. Use different PCs every month (virtual machines, image, clone etc), transfer your coins around so they don't sit in the same wallet for weeks etc etc. Its hard to catch a log on the river with a strong current.  Wink If you get rich and catch an eye of the hacker they will be tracinh you, hacking you, following your every online move until they get a hold of your wealth. Then they will vanish and you will never find them.

Sorry to hear that OP, but maybe your unfortunate problem can be a reminder for others to watch out, you are on the Internet!
Satosh¡ Slot
Full Member
***
Offline Offline

Activity: 164
Merit: 100


Indie Developer


View Profile WWW
May 14, 2014, 03:21:04 AM
Last edit: May 14, 2014, 06:10:41 AM by Satosh¡ Slot
 #131

Now I just want to know how the wallet summary can show a double-direction arrow and a n/a address?

I didn't see anyone answer. I'm pretty sure I have understood this properly:

  • The double arrow is shown when a transaction is made that has inputs other than are in the wallet of the QT you are running. It was created by another client that has your privkey and other privkeys that you don't have.
  • The n/a address is shown when there are more than one output that is not a change address in your own wallet. In the transaction you are mentioning, none of the outputs are likely a change address, so QT can't know which one to show.

This means that if your wallet file was stolen, the thief imported other addresses before they sent, or they are creating transactions with different software that they importet you privkey and other privkeys to.

-OR-

This kind of transaction is actually most likely to be caused by the real owner after he/she has been exporting and importing addresses and been playing around with wallet files. In this case the coins weren't stolen but just transferred by mistake to another address you own. Coins might not be lost after all!

jubalix
Legendary
*
Offline Offline

Activity: 2632
Merit: 1023


View Profile WWW
May 14, 2014, 03:49:10 AM
 #132

I feel like all these stories require further investigation. As much as we all like to talk about backdoors and keyloggers, I have yet to hear ANYONE losing their accounts to keyloggers.

I agree with this.

Post Snowden, It's seems plausible that there are backdoors keylogger in hardware, eg intel and amd. Aso probally widows software.

I mean why wouldn't there be? The Gov just leans on them to do it.

I'm not sure how easy this is to check in the circuitry of an intel chip, though I think some one would have noticed by now....maybe.

Using a linux o/s offline that signs transactions seems the only safe way.

This is one of the driving reasons I wrote my coinwatcher software. I can load a html web page, and see all my addresses with no login, no private keys, no wallet, no sign in or anything and I can conveniently see what is in my addresses. Though I would use behind TOR so block chains that it queries do not get wise to where your IP.


Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
serenitys
Full Member
***
Offline Offline

Activity: 126
Merit: 101

Be Here Now


View Profile
May 14, 2014, 05:13:11 AM
 #133

With all due respect, yall sound absolutely paranoid as all get out.

User error is likely the first main cause of anyone, n00b or seasoned, losing bitcoin or anything else.

I am curious why it's all focused on hackery though. I recognize malware being what it is but it seems logical to me that for anyone to lose 90btc to theft, (what's that again 38 grand?) they were specifically targeted, which doesn't seem like malware which is more random. Malware might scan for it but it has to have a root somewhere to even know TO scan for it. So would a hacker. I could have 90btc right now (I don't, wish like hell I did though!) and who'd know it? How would a hacker have any idea what I have or where I have it or THAT I have anything at all? Seems like random scans are a serious waste of processing power for x number of computers whose users don't even have a clue what bitcoin even is.

That's why it seems like the person was targeted by someone who did know and did know where it was stored and did know what was being used for security. It wasn't a random, wild lucky guess oh hey, this guy has bitcoin, let's take it!

How common is it people get keyloggers - realistically speaking? How do you know if you have one/more? Even the suggestions on the one hand to run all sorts of anti virus/malware scans get opposed by others saying well, you can have them and they're undetectable til it's too late. What the hell are people doing where they end up getting keyloggers?

The exchange the last couple of pages with the one person just digging up every possible FUD gloom scenario is all spooky but how realistic is it the average person will ever encounter all that without some "hacker thief" on the other end expending an ENORMOUS amount of energy, time, and attention to doing all that convoluted shit when he'd make more money just hacking into a regular bank account and swiping it the old fashioned way, or hacking gift cards.

If they're going to this trouble, isn't it more reasonable it'd been a focused specific act of theft?

Can it be positively proven any of these stories of theft are actually theft and not legit transactions - such as the scenario Joe Blow sees "A" transaction of 50btc made and pretends they were "his" all along and tries to get it sent to him instead?

Can any of these tales of theft be proven? Most everything the government and media say about bitcoin is how unsecure it is. If it was THAT risky nobody would be sinking millions of dollars into it. They have way more to lose than some random btc enthusiast with a few bitcoin. Why would any hacker thief in his/her right mind waste a shred of a second going after 90btc when they could go after the people holding hundreds of btc?

Add to that, all these stories (aside from on this forum) all seem to be that hackers hacked the exchange and made off with bitcoin.

Really?

Correct me if I'm mistaken here but exchanges trade fiat currency that is easily spent here and now with digital cryptocurrency that's hardly accepted anywhere. And you mean to tell me a hacker is that much of a screaming dumbass he'd steal virtual currency whose value could be $1 three hours after he steals it instead of fiat he could cash out in a hurry?

These exchanges that popped up - omg we got hacked, *boom* shut down. New one pops up...omg we got hacked too! *boom* shut down. That's the pattern, these new exchanges jump up, claim hackery and bankruptcy and vanish. Sounds to me like someone's full of shit - hackers didn't hack anything, the ones running the exchanges were the real thieves and made off with people's money.

In real life, without being specifically targeted, how common - realistically speaking - is it for bitcoin owners to end up with keyloggers and trojans and malware  specifically programmed to sniff out and steal bitcoin without the user going somewhere specific or downloading something specifically related TO btc in the first place - which would seem rather easy enough to root out.

Sincere questions and observation.

You say "anti government" like that's a bad thing...

Unfortunate times will bring out the best in good people and the worst in bad people
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
May 14, 2014, 06:07:19 AM
 #134

In real life, without being specifically targeted, how common - realistically speaking - is it for bitcoin owners to end up with keyloggers and trojans and malware  specifically programmed to sniff out and steal bitcoin without the user going somewhere specific or downloading something specifically related TO btc in the first place - which would seem rather easy enough to root out.

Sincere questions and observation.

Don't have numbers, but I suspect machine take-over tools may now scan for Bitcoin wallets "just in case". Bitcoin for the first time, allows you to instantly transfer value in an irreversible way: over the Internet. Most online banking involves reversible transactions; and are not nearly as lucrative.

There is also the long-term possibility that trusted giants like Apple, Google, and Microsoft may start installing key loggers for one reason or another (rogue employee, 3-4 letter agency request). The only way to guard against that is to keep the bulk of your funds off-line.

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Satosh¡ Slot
Full Member
***
Offline Offline

Activity: 164
Merit: 100


Indie Developer


View Profile WWW
May 14, 2014, 06:07:54 AM
 #135

Correct me if I'm mistaken here but exchanges trade fiat currency that is easily spent here and now with digital cryptocurrency that's hardly accepted anywhere. And you mean to tell me a hacker is that much of a screaming dumbass he'd steal virtual currency whose value could be $1 three hours after he steals it instead of fiat he could cash out in a hurry?
It's not exactly easy to get away with wire transfers as they are processed hours or days later. Bitcoin is probably more convenient to steal.

These exchanges that popped up - omg we got hacked, *boom* shut down. New one pops up...omg we got hacked too! *boom* shut down. That's the pattern, these new exchanges jump up, claim hackery and bankruptcy and vanish. Sounds to me like someone's full of shit - hackers didn't hack anything, the ones running the exchanges were the real thieves and made off with people's money.

Agreed.

solimi
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
May 14, 2014, 06:13:20 AM
 #136

You should run an antivirus program on your computer to see if there are trojans or malware.
Satosh¡ Slot
Full Member
***
Offline Offline

Activity: 164
Merit: 100


Indie Developer


View Profile WWW
May 14, 2014, 06:13:46 AM
 #137

Now I just want to know how the wallet summary can show a double-direction arrow and a n/a address?

I didn't see anyone answer. I'm pretty sure I have understood this properly:

  • The double arrow is shown when a transaction is made that has inputs other than are in the wallet of the QT you are running. It was created by another client that has your privkey and other privkeys that you don't have.
  • The n/a address is shown when there are more than one output that is not a change address in your own wallet. In the transaction you are mentioning, none of the outputs are likely a change address, so QT can't know which one to show.

This means that if your wallet file was stolen, the thief imported other addresses before they sent, or they are creating transactions with different software that they importet you privkey and other privkeys to.

-OR-

This kind of transaction is actually most likely to be caused by the real owner after he/she has been exporting and importing addresses and been playing around with wallet files. In this case the coins weren't stolen but just transferred by mistake to another address you own. Coins might not be lost after all!

I take the freedom to quote myself because the thread was actually about this question mentioned above. The guy has 2 Bitcoin QT wallets and I think I have solved the puzzle... no hacking invlolved. philipzhai, did you ever find out exactly what happened?

phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
May 14, 2014, 06:22:17 AM
 #138

You should run an antivirus program on your computer to see if there are trojans or malware.

Does not work if your anti-virus provider is pushing the malware updates (or looking the other way).

/tinfoil hat

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
sgk
Legendary
*
Offline Offline

Activity: 1470
Merit: 1002


!! HODL !!


View Profile
May 14, 2014, 06:30:59 AM
 #139

I thought a double-direction arrow and "n/a" in the transaction field in Bitcoin-Qt represented a transaction between addresses within the same wallet?

^^ THIS
omegaflare
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
May 14, 2014, 06:39:30 AM
 #140

Armory 0.91.2 will def. solve this problem because they have cold-storage wallet. You should scan for viruses daily if you have that much BTC.

Where did you store your 90 BTC? Bitcoin cloud service?

Pages: « 1 2 3 4 5 6 [7] 8 9 10 11 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!