Miner hacker attack

[crittd3]

I have lost my bitcoins. I thought I  was careful but not careful enough. Just a simple user that knows very little about half of the Bitcoin world. I had bought 3 bitcoins when at 75 dollars. Didn't touch them for months. I decided to buy other alt coins on exchanges. Thats went fine. Then I decided to mine for the first time Maxcoin and then heavycoin. Here is what happened.. I opened my bitcoin-qt after adding my wallet backup to it. Nothing seemed strange. But after a few min. All of my account balance was sent to this address 19A1gdRfuBVUAcBP6XTgRBAzH8GvQLAfJv without me doing it. The other 4 addresses are mine. My balance stayed the same in the wallet. But anytime I try to send I get 0/6 conformations on any transactions. Well they took all I had so I'm done. Can't afford to get back in at this point. I just hope this helps others from getting taken like I did..

Just look at the image from my malware scan and you will find that the miners were taking it. God Bless and Good Luck..

Code:

Transaction View information about a bitcoin transaction
99ad62e1a568d3dcc50ddd1efe2bc70447967cf2bbe8de5cd394fb4a47c74db9
12YKH13CCLPWKknk8RuJeprwfzJXn76spL
1JFguyxnqPjwcjyuvMw8Xc3RbcuZvorKDe
18wFp2Q8Ad8V2AoLR9G9P884zTwJyqGePm
16uf54i5jbckoAMdxqgT5Q48QDcQz1bAyA
		19A1gdRfuBVUAcBP6XTgRBAzH8GvQLAfJv 1.4925574 BTC

Link to image:https://heavycoinforum.com/index.php?action=dlattach;topic=38.0;attach=4;image

[1715311823]

1715311823

[1715311823]

1715311823

[1715311823]

1715311823

[bitcoiner49er]

Yeah, that sux. Best to mine on a totally different rig than anything you use to access your wallets.

[joae1975]

Same thing happened to me.  18 btc lost.  My problem was I had a dumb brain wallet and a bot guessed it.  Literally 2 seconds after the btc hit my wallet they were gone.  I presume this may have been want happened to you.  Was your private key derived from a brain wallet.  Purchase a phrase guessable by a bot?

[gamefixer]

would this be able to happen to an encrypted wallet? That sucks.

[joae1975]

Unlikely, if created properly. 

[crittd3]

I had  24 character pass-phrase.. I really thought Bitcoin would be different than the current monetary system. But we have a new 1 to 5%  that can't have enough. It's much easier to take from those who are vulnerable to computer slang, coding, and have scraps. Society one day may change, but not any time soon. Looking forward to a cashless society. What would happen to crime greed. and envy in that place ? Hopefully die a long deserved death.. Long live TZM and the Venus project.  

[joae1975]

I had  24 character pass-phrase.. I really thought Bitcoin would be different than the current monetary system. But we have a new 1 to 5%  that can't have enough. It's much easier to take from those who are vulnerable to computer slang, coding, and have scraps. Society one day may change, but not any time soon. Looking forward to a cashless society. What would happen to crime greed. and envy in that place ? Hopefully die a long deserved death.. Long live TZM and the Venus project.  

These things go to show btc is not grandma easy and far from it.  I don't think it's very far fetched if there are a group of gov computer hackers stealing btc to give it a bad name.  If you had a good passphrase on your wallet there's no way anyone could get them unless they knew the passphrase.  Could anyone have gained access to it if you wrote it down or stored it on your computer somewhere? 

[crittd3]

I do agree that there are forces out there that would love to crush bitcoin. Regarding my pass phrase. I was told that it may be possible to get the pass phrase from the console or clipboard if I pasted it in and didn't clear it. And I have to say I have done that. No Idea if that is true or not.

[S4VV4S]

Keylogger.

I have nothing else to add.

[loewen.brad]

it's possible that you are a victim of the pony botnet. it contains a keylogger, wallet.dat stealer, and i believe a RAT all in one. make sure you run a full virus/malware scan and do a boot-sector scan as well as deep-field scans on all files and partitions on your machine. basically throw everything you can at it and you'll probably turn something up. look for virii, trojans, malwares, botnets, rootkits, odd registry entries, etc... (anything out of the ordinary or that you don't recognize, really)

[Remember remember the 5th of November]

Strange, another user said he had his Bitcoins gone when he mined maxcoin as well. Perhaps the maxcoin miner really had a wallet stealer embedded?

[BitOnyx]

Yeah work on your security and try to not keep all money in one place. I'm afraid you might lose you BTCs for good ether way...

[S4VV4S]

Strange, another user said he had his Bitcoins gone when he mined maxcoin as well. Perhaps the maxcoin miner really had a wallet stealer embedded?

This is true, I too saw another member claim he had lost his BTC after mining for Maxcoin.
This could however be a malicious attack by a third party not necessarily the developers of Maxcoin.

Only way to find out is to download the Maxcoin software and view the code.

Anyone up for it?

[gamefixer]

I suppose I've been lucky as I've never lost any BTC from my wallet or any online system (mt.gox). I even left my two GPU miners alone for over two years, completely un monitored other than virus updates during that time.

I hate that this happens. I loaned a guy 25BTC in November and he lost it in a few days thanks to an attack on the web site he had them on.

[cloverme]

It's a shame that the bitcoin wallet doesn't include some type of two factor authentication. Some services like Coinbase have it, but you have to trust your coins to them as well. 

For now, I think the best method to protect bitcoins employs a few measures:

-Encrypt wallets
-Don't run multi-wallets on the same system for alt currency
-Don't keep all your BTC in one place
-Keep at least 10% offline
-Run antivirus/antimalware on your computer
-Backup your wallet
-Employ disk encryption for your wallet
-Don't keep more than 10% of your BTC in an exchange

My hopes for the future:
-Wallet that supports 2 factor auth - Spend verified through phone app or thumbprint
-Stolen coin tagging in the blockchain - Fiat serial numbers can be tracked at federal reserves and banks, bitcoins should have similar tracking. Exploding dye packs ruin fiat currency when robbed from a bank.



 

[substratum]

My hopes for the future:
-Wallet that supports 2 factor auth - Spend verified through phone app or thumbprint
 

If the thief has malware on your PC they can bypass or hijack any authentication you can perform in order to authorize a different transaction. This has long been a problem for online banking systems that attempt to employ 2-factor. The thief can use malware to change what you see on your screen and change what's happening in memory so you end up authorizing a different transaction than what you intended.

What's really needed is end-to-end transaction integrity verification on a dedicated hardware device. Trezor gets us most of the way there but the transaction is not verified end-to-end, only workstation-to-Trezor. A system like the Cronto banking hardware device is needed for Bitcoin, where a PKI implementation similar to BIP70 could be used to verify the address of the payee all the way to the secure device of the payer.

[joae1975]

My hopes for the future:
-Wallet that supports 2 factor auth - Spend verified through phone app or thumbprint
 

If the thief has malware on your PC they can bypass or hijack any authentication you can perform in order to authorize a different transaction. This has long been a problem for online banking systems that attempt to employ 2-factor. The thief can use malware to change what you see on your screen and change what's happening in memory so you end up authorizing a different transaction than what you intended.

What's really needed is end-to-end transaction integrity verification on a dedicated hardware device. Trezor gets us most of the way there but the transaction is not verified end-to-end, only workstation-to-Trezor. A system like the Cronto banking hardware device is needed for Bitcoin, where a PKI implementation similar to BIP70 could be used to verify the address of the payee all the way to the secure device of the payer.

Yeah, what he said.  ^

[irnwlf]

Can you give me some advices about safety? I'm from B elorussia and our miners are so greedy, that it's a problem to get any answers....

[Trillium]

Perhaps look at using cold storage with armory or electrum in the future. Where you manually authorize a transaction with an offline computer.

[freddyfarnsworth]

here is what I learned,

Use multibit for BTC.

Make a new wallet, encrypt it.  oKD 3I5] -05 OKR349RI3*&^^())))))))+U%^%
like that, something you will never remember. Write it down on paper.

Never use the default wallet it started out with.

At least you will have done what you can, being real you will have to use it a lot online, so do not store in it, just do transactions in it.

Store offline.