Bitcoin Forum
December 15, 2017, 04:43:03 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Just got my LTC QT wallet hacked  (Read 954 times)
jubalix
Legendary
*
Offline Offline

Activity: 1680


View Profile
February 21, 2014, 03:47:55 PM
 #1

I just saw 1.99 LTC get taken out of my wallet.

I just upgraded to the latest LTC client, from the beta and made a transfer.

Walked back into my room to see 1.99 LTC being transferred

I have an encrypted wallet, which means they must have seen my password as I typed it....or something else

weird thing is I use coin control and I can see where this coin came from as I have all coins of particle addresses

no located the address

and the from address does not appear in my wallet that I can see?

It does appear to have decrimented my balance though

freaking out now...!

transaction

http://block-explorer.com/address/LPuJg4jQniASXs3ahknmDJutijtog35SAp

Admitted Practicing Lawyer::BTC/Crypto Specialist.
B.Engineering/B.Laws
1513356183
Hero Member
*
Offline Offline

Posts: 1513356183

View Profile Personal Message (Offline)

Ignore
1513356183
Reply with quote  #2

1513356183
Report to moderator
1513356183
Hero Member
*
Offline Offline

Posts: 1513356183

View Profile Personal Message (Offline)

Ignore
1513356183
Reply with quote  #2

1513356183
Report to moderator
1513356183
Hero Member
*
Offline Offline

Posts: 1513356183

View Profile Personal Message (Offline)

Ignore
1513356183
Reply with quote  #2

1513356183
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513356183
Hero Member
*
Offline Offline

Posts: 1513356183

View Profile Personal Message (Offline)

Ignore
1513356183
Reply with quote  #2

1513356183
Report to moderator
1513356183
Hero Member
*
Offline Offline

Posts: 1513356183

View Profile Personal Message (Offline)

Ignore
1513356183
Reply with quote  #2

1513356183
Report to moderator
ljudotina
Legendary
*
Offline Offline

Activity: 1036


View Profile
February 21, 2014, 03:49:33 PM
 #2

OR maybe it's just sync problem....
Lauda
Legendary
*
Offline Offline

Activity: 1694


GUNBOT Licenses -20% with ref. code 'GrumpyKitty'


View Profile WWW
February 21, 2014, 03:58:54 PM
 #3

Possible keylogger?


          ▄▄█████▌▐█████▄▄
       ▄█████████▌    ▀▀▀███▄
     ▄███████████▌  ▄▄▄▄   ▀██▄
   ▄█████████████▌  ▀▄▄▀     ▀██▄
  ▐██████████████▌  ▄▄▄▄       ▀█▌
 ▐███████████████▌             ▀█▌
 ████████████████▌  ▀▀▀█         ██
▐████████████████▌  ▄▄▄▄         ██▌
▐████████████████▌  ▀  ▀         ██▌
 ████████████████▌  █▀▀█         ██
 ▐███████████████▌  ▀▀▀▀        ▄█▌
  ▐██████████████▌  ▀▀▀▀       ▄█▌
   ▀█████████████▌  ▀▀█▀     ▄██▀
     ▀███████████▌  ▀▀▀▀   ▄██▀
       ▀█████████▌    ▄▄▄███▀
          ▀▀█████▌▐█████▀▀
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
      ▄▄▄
 ▄▄█████████▄▄
  ▀▀▀▀▀▀▀▀▀▀▀
   █▌▐█ █▌▐█
   █▌▐█ █▌▐█
 ▄███████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄






▄█████████████▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
███████████████
██▀▀█▀▀████████
▀█████████████▀
ArticMine
Legendary
*
Offline Offline

Activity: 2086


Monero Core Team


View Profile
February 21, 2014, 04:03:43 PM
 #4

Possible keylogger?

Let me guess. The operating system is Microsoft Windows.

Concerned that blockchain bloat will lead to centralization? Storing less than 4 GB of data once required the budget of a superpower and a warehouse full of punched cards. https://upload.wikimedia.org/wikipedia/commons/8/87/IBM_card_storage.NARA.jpg https://en.wikipedia.org/wiki/Punched_card
equinox9
Jr. Member
*
Offline Offline

Activity: 40


View Profile
February 21, 2014, 04:04:11 PM
 #5

I just saw 1.99 LTC get taken out of my wallet.

I just upgraded to the latest LTC client, from the beta and made a transfer.

Walked back into my room to see 1.99 LTC being transferred

I have an encrypted wallet, which means they must have seen my password as I typed it....or something else

weird thing is I use coin control and I can see where this coin came from as I have all coins of particle addresses

and the from address does not appear in my wallet that I can see?

I does appear to have decrimented my control though

freaking out now...!

Just consider this a lesson learnt. It could have been much worse - count your blessing you didnt have more stored on there. Always use paper wallets.
softbluelight
Newbie
*
Offline Offline

Activity: 18


View Profile
February 21, 2014, 04:04:54 PM
 #6

I just upgraded to the latest LTC client, from the beta and made a transfer.

is there an unconfirmed transaction that was sent without a transaction fee?
jubalix
Legendary
*
Offline Offline

Activity: 1680


View Profile
February 21, 2014, 04:05:45 PM
 #7

Possible keylogger?

Let me guess. The operating system is Microsoft Windows.

no its osx

it has to be a key logger

Admitted Practicing Lawyer::BTC/Crypto Specialist.
B.Engineering/B.Laws
Lauda
Legendary
*
Offline Offline

Activity: 1694


GUNBOT Licenses -20% with ref. code 'GrumpyKitty'


View Profile WWW
February 21, 2014, 04:14:51 PM
 #8

Possible keylogger?

Let me guess. The operating system is Microsoft Windows.
It is safe as long as you know how to correctly use it.


          ▄▄█████▌▐█████▄▄
       ▄█████████▌    ▀▀▀███▄
     ▄███████████▌  ▄▄▄▄   ▀██▄
   ▄█████████████▌  ▀▄▄▀     ▀██▄
  ▐██████████████▌  ▄▄▄▄       ▀█▌
 ▐███████████████▌             ▀█▌
 ████████████████▌  ▀▀▀█         ██
▐████████████████▌  ▄▄▄▄         ██▌
▐████████████████▌  ▀  ▀         ██▌
 ████████████████▌  █▀▀█         ██
 ▐███████████████▌  ▀▀▀▀        ▄█▌
  ▐██████████████▌  ▀▀▀▀       ▄█▌
   ▀█████████████▌  ▀▀█▀     ▄██▀
     ▀███████████▌  ▀▀▀▀   ▄██▀
       ▀█████████▌    ▄▄▄███▀
          ▀▀█████▌▐█████▀▀
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
      ▄▄▄
 ▄▄█████████▄▄
  ▀▀▀▀▀▀▀▀▀▀▀
   █▌▐█ █▌▐█
   █▌▐█ █▌▐█
 ▄███████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄






▄█████████████▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
███████████████
██▀▀█▀▀████████
▀█████████████▀
softbluelight
Newbie
*
Offline Offline

Activity: 18


View Profile
February 21, 2014, 04:24:03 PM
 #9

Possible keylogger?

Let me guess. The operating system is Microsoft Windows.

no its osx

it has to be a key logger


OSX and key logger... I hope that's not the case
substratum
Jr. Member
*
Offline Offline

Activity: 36


View Profile
February 21, 2014, 06:40:48 PM
 #10

OSX and key logger... I hope that's not the case

Cross-platform keyloggers are already out there, I've seen someone using Adwind RAT to steal wallet files in this forum already (thread got removed).

http://www.crowdstrike.com/blog/adwind-rat-rebranding/index.html
anonuser777
Full Member
***
Offline Offline

Activity: 140


View Profile
February 21, 2014, 08:18:17 PM
 #11

Pro tip for windows users (oxymoron?) - restrict access on your user accounts

http://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.html
PyroClasTix
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW
February 21, 2014, 08:46:43 PM
 #12

It's happened to my other account before. It's a possible RAT on your computer and keylogger.

Download "darkcomet rat remover tool" on the googles.
Scan your system.
Let me know.

keithers
Legendary
*
Offline Offline

Activity: 1358


This is the land of wolves now & you're not a wolf


View Profile
February 22, 2014, 02:13:25 AM
 #13

Has it completely synced? Seems like a hacker would wait until you have a larger balance than 1.99 LTC in your wallet before he stole it..
substratum
Jr. Member
*
Offline Offline

Activity: 36


View Profile
February 22, 2014, 01:07:59 PM
 #14

Pro tip for windows users (oxymoron?) - restrict access on your user accounts

http://www.tomsguide.com/us/standard-accounts-stop-malware,news-18326.html

It's certainly a good idea to run with the least privilege possible, but the article isn't quite accurate. The report in question was speaking about Microsoft software exploit attempts being mitigated, not people just running malware they find posted on a web forum. Most modern malware has moved beyond requiring admin rights. The trojans install themselves to user-owned folders and persist via user-writable registry keys.

For a wallet stealer, persistence isn't even required, and your wallet.dat file is lying right there in a user folder for the taking. It might need to persist if it uses a keylogger to capture your passphrase since it doesn't know when you will be typing/pasting that in, but as I mentioned, malware can persist post-reboot without needing admin rights.

So even though the advice is good for some cases, in the case of running random programs posted to Bitcointalk, it won't help you at all.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!