Bitcoin Forum
December 12, 2024, 02:38:33 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
Author Topic: I GOT HACKED AND LOST 1 MILLION  (Read 25041 times)
Xivibe
Jr. Member
*
Offline Offline

Activity: 89
Merit: 1


View Profile
December 25, 2018, 06:12:06 PM
 #81

Painful to read this.

And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2

https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection

Nice try...





Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
December 25, 2018, 07:17:16 PM
 #82


Yes - be careful with that one!! I checked it and it is the same malware as before.
Xivibe
Jr. Member
*
Offline Offline

Activity: 89
Merit: 1


View Profile
December 25, 2018, 07:44:28 PM
 #83


Yes - be careful with that one!! I checked it and it is the same malware as before.

Ouch..  Angry

Then the detection is pretty misleading...
rossjamie
Member
**
Offline Offline

Activity: 124
Merit: 10


View Profile
December 26, 2018, 03:01:26 PM
 #84

Is OP said that he hacked via RD Connection?.
Are you using Dynamic or Static IP?
When you look over your PC is your computer log out itself?
To get the password is easy especially you download Virus wallet and your PC connected to Microsoft account. I think mobile connectivity more secure than home cable because the IP always changed every certain time because sometimes the cellular connection lost the signal. And make sure your firewall not too open to all ports.

For note, I'm an ignorant person and too paranoid about my security. I'm just installing KIS and local antivirus (Sometimes local more dangerous). And install every wallet in one computer and always online.

Initscri
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 759


View Profile WWW
December 26, 2018, 07:10:27 PM
 #85


Yes - be careful with that one!! I checked it and it is the same malware as before.

Ouch..  Angry

Then the detection is pretty misleading...

Yea, I wouldn't 100% trust VirusTotal when it comes to checking these. They've been wrong in the past

The code within the software could be more or less unprecedented to the virus detection systems

----------------------------------
Web Developer. PM for details.
----------------------------------
evgenbogdan
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 27, 2018, 07:37:19 PM
 #86

Hello!

I´m very sorry to hear this bad News about your Coins.
I hope, you can find here some help! You will see three Link´s "To report Internet Fraud".

https://badbitcoin.org/index.htm

Good Luck Buddy!
Best regards,
Evgen Bogdan
stomachgrowls
Hero Member
*****
Offline Offline

Activity: 3080
Merit: 803



View Profile
December 28, 2018, 03:29:03 AM
 #87


Yes - be careful with that one!! I checked it and it is the same malware as before.

Ouch..  Angry

Then the detection is pretty misleading...

Yea, I wouldn't 100% trust VirusTotal when it comes to checking these. They've been wrong in the past

The code within the software could be more or less unprecedented to the virus detection systems
Once issues been experienced in the past is hard to entrust fully when relying to these services. Its pretty misleading indeed so its much better to be careful next time.
Sad to hear out on OP's loss. recovery would be impossible even you do know some information.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
lightfoot
Legendary
*
Offline Offline

Activity: 3220
Merit: 2334


I fix broken miners. And make holes in teeth :-)


View Profile
December 28, 2018, 04:59:50 AM
 #88

By the way if you're going to use a windows box forget using standard AV tools. Microsoft's Defender is useless, as is most of the normal AV tools. A bit of recompiling and a little salt and an executable with a full reverse command shell can be installed in no time.

Get a real EDR and AETD tool like SentinelOne, or Crowdstrike. They can usually spot fileless tricks in about 6-10 seconds, giving the attacker a pretty limited window to get a persistent session going. Granted they could loop but your system should scream about thousands of attacks being killed a minute, if you're not monitoring your system you're fucked.

Better option: 10 year old burner PC. Best option Kali type burner OS.
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
December 28, 2018, 12:58:34 PM
 #89

By the way if you're going to use a windows box forget using standard AV tools. Microsoft's Defender is useless, as is most of the normal AV tools. A bit of recompiling and a little salt and an executable with a full reverse command shell can be installed in no time.
true

Get a real EDR and AETD tool like SentinelOne, or Crowdstrike. They can usually spot fileless tricks in about 6-10 seconds, giving the attacker a pretty limited window to get a persistent session going. Granted they could loop but your system should scream about thousands of attacks being killed a minute, if you're not monitoring your system you're fucked.

Better option: 10 year old burner PC. Best option Kali type burner OS.
thanks - good hint
JollyGood
Legendary
*
Offline Offline

Activity: 2758
Merit: 1846


Top Crypto Casino


View Profile
December 28, 2018, 06:26:04 PM
 #90

I feel very sorry for you. That is a lot of crypto ($1 million) to be scammed.

http://whois.domaintools.com/electrumdiamond.org/

If the scammer thief used Namecheap servers to host his website and Namecheap to register the domain it means Namecheap.com could have valuable information.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
BitcSeo
Hero Member
*****
Offline Offline

Activity: 1054
Merit: 501


View Profile
December 29, 2018, 04:06:05 PM
 #91

OMG! That's enormous!, sorry for your loss, it would be of great help if you could elaborate where coins where held, is it a multi wallet(If Yes, which wallet ?) how it happen or what you could think have happened ? A malware installation, phishing site and or anything that is more specific.



@Valerian77  => @Harkorede,


i'm sorry about the loss. i wish you will be able to recover partial coin if, not full amount.

i'll suggest any discussion should be made via pm. Harkorede, pls use PM when asking such question(s) in so doing Valerian77, can also reply and post detail info's to you via pm.

*Otherwise, is not adviceable to post such info's on the public board where everyone including the person behind the act can easily access.

Regard's

S🌏larplaNET  Rome🗺 🗺
BitcSeo
Hero Member
*****
Offline Offline

Activity: 1054
Merit: 501


View Profile
December 29, 2018, 04:23:08 PM
 #92

A simple premium version of avast for less than 15 buck per year could have help block these hacker's from penetrating or gaining full access into your system.

well, now we all have to provide useful information(s), help or guideline(s) when necessary b/c the deed has been done.

S🌏larplaNET  Rome🗺 🗺
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
December 31, 2018, 01:37:33 AM
Last edit: December 31, 2018, 04:53:58 AM by Valerian77
 #93

A simple premium version of avast for less than 15 buck ...

Please Check the history of the thread. The critical file has been checked by virustotal and was marked ok. Avast and other virus checks wouldn't have helped. Basically that was the trap I was running in.

To make Windows more secure anti keylogger, anti screen recording software and constant port checks need to be done. With my experience I would not use a non dedicated computer for crypto anymore - too late. For anybody: Use hardware wallets or dedicated computers without automatic updates
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
December 31, 2018, 01:53:40 AM
 #94

OMG! That's enormous!, sorry for your loss, it would be of great help if you could elaborate where coins where held, is it a multi wallet(If Yes, which wallet ?) how it happen or what you could think have happened ? A malware installation, phishing site and or anything that is more specific.



@Valerian77  => @Harkorede,


i'm sorry about the loss. i wish you will be able to recover partial coin if, not full amount.

i'll suggest any discussion should be made via pm. Harkorede, pls use PM when asking such question(s) in so doing Valerian77, can also reply and post detail info's to you via pm.

*Otherwise, is not adviceable to post such info's on the public board where everyone including the person behind the act can easily access.


If the attacker reads this thread he will not get any information that he doesn't have already.

Regarding the method of hacking - it was a RAT attack in electrumdiamond. We understand the function of that malware pretty well now. From that and what was said before I recommend not to install anything whatsoever on your system what has not been electronically signed by a known entity. Virus and Malware check do not help to prevent such a scenario.
Xivibe
Jr. Member
*
Offline Offline

Activity: 89
Merit: 1


View Profile
January 01, 2019, 04:03:39 PM
 #95

A simple premium version of avast for less than 15 buck ...

Please Check the history of the thread. The critical file has been checked by virustotal and was marked ok. Avast and other virus checks wouldn't have helped. Basically that was the trap I was running in.

To make Windows more secure anti keylogger, anti screen recording software and constant port checks need to be done. With my experience I would not use a non dedicated computer for crypto anymore - too late. For anybody: Use hardware wallets or dedicated computers without automatic updates

'without automatic updates'

Why?  Huh
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
January 01, 2019, 05:00:29 PM
 #96

...
To make Windows more secure anti keylogger, anti screen recording software and constant port checks need to be done. With my experience I would not use a non dedicated computer for crypto anymore - too late. For anybody: Use hardware wallets or dedicated computers without automatic updates

'without automatic updates'

Why?  Huh
[/quote]

because 'automatic updates' deploy new code on the computer which is a risk on itself - even if the original software is from a trusted source the updates may contain malicious code
Artemis3
Legendary
*
Offline Offline

Activity: 2030
Merit: 1573


CLEAN non GPL infringing code made in Rust lang


View Profile WWW
January 01, 2019, 07:29:35 PM
Merited by vapourminer (1), bones261 (1), DaCryptoRaccoon (1)
 #97

Let this sad incident be a reminder to anyone that happens to come across this thread: When you handle bitcoins or any other decentralized crypto, YOU are THE BANK.

You simply cannot be lazy about it, the higher the amount, the more important it is. BUT, while you are starting with "low" sums, take the chance to train yourself and get in the habit to do things properly.

The OP thankfully admitted some mistakes, but to summarize:

  • Windows 10
  • Same password
  • Trying unknown software on the same PC

Seriously people, DON'T. Lets start with the beginning.

You should not use windows to handle these sums. Even if you see companies and large institutions using it, Microsoft has a long history of security faults. The OS might be OK for gaming and non essential stuff, but handling your money is something that should never occur to you. The solution is simple, use a different OS for serious tasks.

For example you can download a linux iso, put it in a thumbdrive and boot the computer from it to create and occasionally handle a cold wallet. You don't even need to install that OS in your computer if you don't want, just boot from it to do your banking and then shut it off. Someone mentioned kali, I don't recommend this. not only its very unfriendly to newcomers, but it logs as root by default. That is not a distro for protection, its for testing security, meaning: attacking (which you should never do without written permission).

How to make and handle a cold wallet:

Use newbie friendly distro like Linux Mint or Ubuntu to boot from usb, install a wallet like Electrum using the distro package manager; create a wallet and write down the seed words (1) in a piece of paper by hand (no printing, no photos). Once created don't bother with passwords, just print or photo your wallet addresses and turn off the PC.

From now on any money you send to those addresses are as safe as that paper with the written seed words is. It is offline (ie. cold), and no "hacker" can do anything about it.

But someday you may want to move those funds elsewhere:

Use newbie friendly distro like Linux Mint or Ubuntu to boot from usb, install a wallet like Electrum using the distro package manager; recover the wallet by using the seed words you wrote in that piece of paper by hand, do your transactions and turn off the PC.

Ideally you should keep a "cold" wallet for large sums, and a "hot" wallet (eg: in your smartphone) for daily needs.

By using an usb thumbdrive to boot a linux distro you are keeping separate your risky malware OS from your serious banking use. You could also install the "secure" OS permanently in another PC (old or not) to do your internet and online banking, and perhaps productivity safer, but keep using the boot from USB (livecd) method around when handling cold wallets, which you are not supposed to do very often. You can check any transactions going to your cold wallet by using any of the online blockchain explorers.

Now lets talk about passwords. Never EVER Re-use the same password anywhere, period. Use a password manager to generate a different random password for every site and service you use, and password protect that with a GOOD (2) password. If you have a password for your PC (which you should) make this also a good password different to the one in your password manager. Then every time you need to login to a site, use your password manager. This works better in a safer OS like Linux, BSD, etc; which is why permanently installing linux in another PC dedicated for such tasks is not such a bad idea (ie. your productivity separate from your gaming PC).

2fa is not panacea, but I'm not against you backing up the codes within the password manager, tho you could use a separate password file (with a different GOOD password) for that exclusive use, since you very rarely need the backups (only when your smartphone is lost); again much better to do this in a "secure" PC running a safer OS.


If this is too annoying and you'd rather trust your money to 3rd party institutions, fine go ahead and use a bank vault (maybe a good place to store a copy of your seed words). But remember when you are the bank, the responsibility lies almost entirely in you.

(1) Those seed words represent (are used to regenerate) your private key.
(2) A good password is something you can't find in a dictionary. You can easily scramble your passwords by mixing words and number together, preferably intermingled. Eg. say Table and 1988 could become T1a9b8l8e or tA19BL88E be creative and use your imagination for something only you can remember.

Good luck. Perhaps post a bounty in services for recovery?

██████
███████
███████
████████
BRAIINS OS+|AUTOTUNING
MINING FIRMWARE
|
Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Braiins Pool
encycrypto
Member
**
Offline Offline

Activity: 294
Merit: 53


View Profile
January 01, 2019, 09:16:55 PM
 #98

this is funny (or not)

Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.  Huh

Have you tried Namecheap's live chat yet? Tell them there to give priority to your ticket.
BitcSeo
Hero Member
*****
Offline Offline

Activity: 1054
Merit: 501


View Profile
January 01, 2019, 10:53:26 PM
 #99

For some reason namecheap will neither react nor reply to such email except if, opp, ask his legal adviceser to compose and file this msg on his behalf to namecheap.



S🌏larplaNET  Rome🗺 🗺
Valerian77 (OP)
Sr. Member
****
Offline Offline

Activity: 437
Merit: 255


View Profile
January 02, 2019, 08:41:33 AM
Last edit: January 04, 2019, 10:17:18 AM by Valerian77
 #100

Now lets talk about passwords. Never EVER Re-use the same password anywhere, period. Use a password manager to generate a different random password for every site and service you use, and password protect that with a GOOD (2) password. If you have a password for your PC (which you should) make this also a good password different to the one in your password manager. Then every time you need to login to a site, use your password manager. This works better in a safer OS like Linux, BSD, etc; which is why permanently installing linux in another PC dedicated for such tasks is not such a bad idea (ie. your productivity separate from your gaming PC).

Passwords may be as good as they can. When they are stored in the same password safe the single password of the safe unlocks all of them. A password safe does not provide real security. At most it helps to distribute your passwords over many devices.


2fa is not panacea, but I'm not against you backing up the codes within the password manager, tho you could use a separate password file (with a different GOOD password) for that exclusive use, since you very rarely need the backups (only when your smartphone is lost); again much better to do this in a "secure" PC running a safer OS.

do not put backup codes in any password safe. They are only safe on paper and that only if they are read from the screen on a safe system. 2FA means to have a second independent source for the authentication - that is not given anymore if the backup codes are stored on the same system as the password - that is even true if a different password manager is used.
Pages: « 1 2 3 4 [5] 6 7 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!