....snip....
First: thank you for the reply.
I'm not a computer security expert.
I will reinstall all my systems (2 Macs and a samsung SII).
I have been using google authenticator since the beginning and I haven't ever heard about such a log but I will check.
I did have downloaded bitcoin apps. Many of them. One in particular has been then prooved a malaware (the stealth address mac tool). But I removed that and the infected files that were found malicious afterwards.
I don't feel attacked and I know I had to expect everything but this has been overwhelming. I believe in bitcoin and keep the majority of my coins offline but I thought that 2FA, 20 characters unique password and confirmation email was enough for a week. I was wrong.
I only hope this to be useful to other because I have never read about such a thing
Reinstallation of systems is a tedious process. But that's the best option going forward. That will ensure you have a clean system state. Make sure you take backup of everything important you have before you do this.
In regards to logs with gogle authenticator, you might try to ask Mike Hearn - if he has the time to answer. He's on this forum. Profile:
https://bitcointalk.org/index.php?action=profile;u=2700He works for google afaik. He might not be able to give you any log data, but maybe he can point you in the right direction. Getting hold of google reps in general is quite hard..
If you're persistent you might go to police and have a police officer ask them, they might be better at answering then. But even if you get such info, it might be a dead end. But IF there's no log data at google's side - that indicates that the thief has bypassed 2FA and it's a theft done by Bitstamp or someone with high level access to their systems. If that's the case, then I think they would have to reimburse you. But I am not a lawyer, but I think that should hold up in court. It's a bit like a bank allowing your bank account to be emptied without you logging in. They would have to compensate you. But these are just my thoughts.
You had downloaded bitcoin apps, many of them... Be very careful with this in the future. If you download any bitcoin apps or programs, don't use it on the same phone/machine that you use for bitcoin activities. I know that's kind of silly as you most likely won't have 2 phones - but this is the reality if you want to stay secure. Rather access websites if you need bitcoin information on the phone than installing all kinds of apps. I assume you run android on your phone, and it's known for having security problems.
If you had malware installed, that's not good at all. Even if it was removed and all files are reported to be removed by any antivirus software, or done manually that is still not proof it is actually removed in full. Although antivirus programs are quite good, many malware authors constantly try to avoid detection from anti-virus programs, and if some kind of malware has not made it into the antivirus makers list, it might as well go undetected.
You're saying you don't feel attacked. If there's an attack on your devices, you will probably not notice anything visually, it will just happen.
you thought that 2FA, 20 characters unique password and confirmation email was enough for a week -> if your systems are compromised you will not be safe with this. Malware on your devices can do anything that you can do.
Going forward, and I hope you still will be into bitcoin, I would suggest creating a cold wallet and move any coins you want to store for a long term there.
Also, for using bitcoins, I would advise to have a single device for this, for instance a cheap notebok running linux.
Having some coins accessible from a phone wallet is ok, but not more than you can afford to lose. So for instance if you have 30 BTC, you could have 20 BTC in a cold wallet and 9 on the bitcoin notebook and 1 on a phone wallet, or just transfer from the notebok to the phone wallet whenever you need to have some coin available on your phone.
And don't do any websurfing at all or at least not on weird pages (clicking suspicious links on various forums and on reddit may not be too smart) or installation of strange apps on the bitcoin machine, just have a network connection
I sincerely hope you will not encounter anything more troubles in the future. Having a dedicated machine for linux might seem like overkill, but it is better than losing a lot of money! If you can't afford a dedicated machine, running a virtual machine with bitcoind might also be a solution, some malware would have a lot harder time to access bitcoins residing in a virtual machine.
