Bitcoin Forum
July 23, 2019, 11:12:09 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Poll
Question: What can i do
Y - 1 (100%)
N - 0 (0%)
Total Voters: 1

Pages: [1] 2 »  All
  Print  
Author Topic: I have been hacked... what now?  (Read 348 times)
Jaro13
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 19, 2018, 05:00:13 PM
 #1

Okay so long story short.

 

I donwloaded a program without AV because i thought Windows Defender was good enough.

 

This happened around 2 months ago: Downloaded the program, ran the setup installed it and ran it. All fine. In the next 2 hours, I have gone onto my emails to find out someone was in my yahoo mailbox and tried to get into my crypto online wallets which were empty. I bought bullguard antivirus straightaway and ran scan which found viruses. I changed my passwords, reinstalled windows and changed passwords again. I thought that was it. 300 dollars gone off my paypal account, and 15 dollars used to buy GTA V off my other paypal account.  I bought Ledger Nano S and stored 20 000 xrp on it, worth £10 000. Yesterday i woke up to find out that all my ripples from ledger have been moved to this adress which i suppose is the hackers address rUF5TKP4JNyXsHWjHYVWH7ugCB6FTabM8U.

 

Also the hacker who bought the gta has used a fake passport with my name on it to send to the game provider to prove "it was me" who bought it.

 

I probably wont be able to recover my life savings will I?

will be going to police station tomorrow also if they can help?

i had sensitive files on my pc, such as letters i wrote and pictures of my driving licence.

 

what can i do to make sure this does not happen ever again, and what else can the hackers do? Is my personal information for sale on dark web? Who knew 1 small application could ruin a life...

 

i am afraid they can take all my money from my bank accounts
1563923529
Hero Member
*
Offline Offline

Posts: 1563923529

View Profile Personal Message (Offline)

Ignore
1563923529
Reply with quote  #2

1563923529
Report to moderator
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563923529
Hero Member
*
Offline Offline

Posts: 1563923529

View Profile Personal Message (Offline)

Ignore
1563923529
Reply with quote  #2

1563923529
Report to moderator
1563923529
Hero Member
*
Offline Offline

Posts: 1563923529

View Profile Personal Message (Offline)

Ignore
1563923529
Reply with quote  #2

1563923529
Report to moderator
1563923529
Hero Member
*
Offline Offline

Posts: 1563923529

View Profile Personal Message (Offline)

Ignore
1563923529
Reply with quote  #2

1563923529
Report to moderator
BitMaxz
Legendary
*
Online Online

Activity: 1498
Merit: 1207


Beware on fake trezor website from google ads.


View Profile WWW
December 19, 2018, 05:16:29 PM
Last edit: December 19, 2018, 07:26:21 PM by BitMaxz
Merited by paxmao (2)
 #2

According to some reviews about the BullGuard AV it has a poor or low score on malware protection it means that your PC still infected even you are using antivirus with BullGuard.

I hope that you can use a better AV like Kaspersky I'm not promoting it but I  use it for how many years and save my PC for many malware and viruses.

For now, there is no way to recover your lost XRP the only way you can do now is to make sure your PC is clean or format your whole PC but you can't save your files from your PC as you need to install a Clean OS.

harizen
Legendary
*
Online Online

Activity: 1596
Merit: 1136


View Profile
December 19, 2018, 05:17:18 PM
Merited by paxmao (2)
 #3

Downloaded the program, ran the setup installed it and ran it

What program is that? Always take caution when downloading and installing any program. Even without anti-virus (of course it's a must have), as long as you know what you are doing, you will not be a victim of a fraud software.

I bought bullguard antivirus straightaway and ran scan which found viruses. I changed my passwords, reinstalled windows and changed passwords again. I thought that was it.

Can you show some logs here and let's check what are those. Can't draw out yet the real picture behind your case.

i am afraid they can take all my money from my bank accounts

The moment some shitty activity happened to you and you suspects that your bank accounts have chances to compromised, you can asked your bank to take some necessary actions if withdrawal is not the possible or you don't want to initiate.

Jaro13
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 19, 2018, 05:25:12 PM
 #4

I also did scan my pc with malwarebytes and eset both came out clean. will post previous bullguard logs when i come home. I did change my bank passwords, and setup 2fa when setting up new payments.

DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 560
Merit: 2471

There are lies, damned lies and statistics. MTwain


View Profile WWW
December 19, 2018, 05:36:08 PM
Last edit: December 19, 2018, 06:37:24 PM by DdmrDdmr
Merited by paxmao (2)
 #5

<…>
Out of all the fatalities, which I’m not sure they are tied together in the same sequence of events, I can’t see how your XRP can be moved if it was protected by Ledger Nano S device. I’ve seen what I presume is your thread on XRP Chat (https://www.xrpchat.com/topic/29510-xrp-fund-stolen-from-ledger-nano-s/), and as far as I can see, only one of two things could have happened:

-   You had your 24 word seed stored or scanned on your PC, along with those other documents you mention.

-   You state in your post on XRP Chat that you bough the Ledger Nano S on ebay, and not at the official site nor official reseller. The device could have been pre-seeded by the seller, but you do state that you resetted it before creating the pin an so on.

Recently I stumbled upon an official announcement from Trezor that stated that there were fake Trezor One’s on the market, visually undistinguishable, being the only slight alteration that of the holographic seal on the product’s original box. The fake devices could have a limited set of seeds, known to the people behind them, and the reset process may be an emulation and not result in a random created seed really.
Although that was Trezor, Ledger may have fake Nano S on the market (see Check if device is genuine to revise this).

BitMaxz
Legendary
*
Online Online

Activity: 1498
Merit: 1207


Beware on fake trezor website from google ads.


View Profile WWW
December 19, 2018, 05:55:57 PM
Last edit: December 19, 2018, 06:07:13 PM by BitMaxz
Merited by paxmao (2)
 #6

I also did scan my pc with malwarebytes and eset both came out clean. will post previous bullguard logs when i come home. I did change my bank passwords, and setup 2fa when setting up new payments.



If the hacker could make a fake document like a passport and could pretend as you there is a big chance that your bank account is in danger.

To be safe it is better to transfer your money to your new bank account because they can request on the bank and use your documents to take your saving out from the bank and do the same in your PayPal account.

You already have been infected on the first time before you use a paid antivirus which I think the hacker already retrieve all files from your computer so if you save your important files in your PC without updated antivirus there is a big chance that they already have the important documents that they can use it for verification or to prove that they own your bank or paypal account.

About your XRP like the above said your ledger nano might be pre-seeded and someone could recover it to other wallets and transfer it to a new wallet.

cameron_EMI
Copper Member
Jr. Member
*
Offline Offline

Activity: 43
Merit: 2


View Profile
December 19, 2018, 06:45:09 PM
 #7

Okay so long story short.

 

I donwloaded a program without AV because i thought Windows Defender was good enough.

 

This happened around 2 months ago: Downloaded the program, ran the setup installed it and ran it. All fine. In the next 2 hours, I have gone onto my emails to find out someone was in my yahoo mailbox and tried to get into my crypto online wallets which were empty. I bought bullguard antivirus straightaway and ran scan which found viruses. I changed my passwords, reinstalled windows and changed passwords again. I thought that was it. 300 dollars gone off my paypal account, and 15 dollars used to buy GTA V off my other paypal account.  I bought Ledger Nano S and stored 20 000 xrp on it, worth £10 000. Yesterday i woke up to find out that all my ripples from ledger have been moved to this adress which i suppose is the hackers address rUF5TKP4JNyXsHWjHYVWH7ugCB6FTabM8U.

 

Also the hacker who bought the gta has used a fake passport with my name on it to send to the game provider to prove "it was me" who bought it.

 

I probably wont be able to recover my life savings will I?

will be going to police station tomorrow also if they can help?

i had sensitive files on my pc, such as letters i wrote and pictures of my driving licence.

 

what can i do to make sure this does not happen ever again, and what else can the hackers do? Is my personal information for sale on dark web? Who knew 1 small application could ruin a life...

 

i am afraid they can take all my money from my bank accounts

1.) I'm very sorry to hear about your situation. You just made a bunch of rookie mistakes.

2.) If you are using a Windows computer, please download free editions of Anti-Virus, Spyware, and Malware. Here's what I have on my computer: Avast Anti-Virus, SUPERAntiSpyware, and Malwarebytes. Yes, I run on free editions.

3.) Please, please scan your computer with those programs almost daily if possible. Better than sorry!

4.) If you seek to purchase a hardware wallet to store your cryptos, never never buy an used one. Buy yours brand new directly from the manufacturer or trusted third parties.

5.) If you want to save your backup codes, seed words, etc. into text files, please save those in your encrypted flash usb and store it somewhere safely.

I hope it helps!

Adriano2010
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 512


CyberDice - Best Bitcoin Dice Game


View Profile WWW
December 19, 2018, 07:58:46 PM
 #8

What program you download and take virus? And something is strange, how they take your coins from ledger nano s? The private keys never go away from ledger nano s. You save your passphrase on email or on your PC connected to internet?

harizen
Legendary
*
Online Online

Activity: 1596
Merit: 1136


View Profile
December 19, 2018, 09:07:38 PM
 #9

~snipped~
What program is that? Always take caution when downloading and installing any program. Even without anti-virus (of course it's a must have), as long as you know what you are doing, you will not be a victim of a fraud software.
~snipped~
Can you show some logs here and let's check what are those. Can't draw out yet the real picture behind your case.
~snipped~
The moment some shitty activity happened to you and you suspects that your bank accounts have chances to compromised, you can asked your bank to take some necessary actions if withdrawal is not the possible or you don't want to initiate.
I also did scan my pc with malwarebytes and eset both came out clean. will post previous bullguard logs when i come home. I did change my bank passwords, and setup 2fa when setting up new payments.

Malwarebytes is a powerful tool compare to Bullguard so in case that they didn't detect any suspicious ones, it means that "maybe" your account/s got compromised on the other way around. Maybe a victim of phishing or something along those lines.

If you already changed your email passwords, setup2fa, bank passwords or any else then no need to be worried unless "someone" is targeting you intentionally.*

Well then will wait for Bullguard logs.

retprogramisto
Member
**
Offline Offline

Activity: 153
Merit: 34

💡 Websites, scripts for BTC web4crypto.xyz


View Profile WWW
December 19, 2018, 10:35:12 PM
Last edit: December 19, 2018, 10:59:01 PM by retprogramisto
 #10

Sorry to hear.

If your crypto is stolen you cant get it back, unless you locate the hacker and persuade him to return it. Thats why it is so important to control and protect your private keys.

In the future it is better to use Linux or Mac instead of Windows (less chance of viruses). If you really want to use Windows, get a new harddrive and reinstall fresh. Store your passwords in encrypted text files or better memorize them. Dont use autofill feature of your browser or store passwords in unencrypted text files/documents. Research software before you install it and use a trusted antivirus software (not needed for Linux but necessary for Windows).

Ledger should have been safe but it sounds like you had a remote access virus. If you continue to use Windows for daily tasks, make a read-only Linux USB to send crypto with your Ledger. This will give you a safe environment to make and broadcast transactions. You could also keep your private keys completely offline and only connect to internet to broadcast signed transactions but 1) ledger should be enough 2) if you already have a virus, even this doesnt help.

Possibly you could report the paypal and bank transfers as unauthorized but I am not a lawyer.

Edit: Read that there could be compromised fake/used Ledgers. In this case, get a new Ledger direct from the company website (https://www.ledger.com/products/ledger-nano-s).

➡️  💡  𝗪𝗲𝗯𝟰𝗖𝗿𝘆𝗽𝘁𝗼  💡  ⬅️
Websites, scripts, crypto integration for BTC
✔️ Free consultation at Web4Crypto.xyz
Jaro13
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
December 20, 2018, 06:49:22 PM
 #11

Okay,

I have located the hacker to own the facebook website called Geonomis, that talks about crypto mainly, what now? Passed the info onto the police but I dont think they will help, anyone know How I can contact Interpol?

Also the Log from malwarebytes:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 20/12/2018
Scan Time: 18:36
Log File: 259f95f8-0486-11e9-ac20-309c2360b97e.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8413
Licence: Trial

-System Information-
OS: Windows 10 (Build 17134.472)
CPU: x64
File System: NTFS
User: DESKTOP-BH2FIJ9\Jaro PC

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 313462
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)
(end)


BULLGUARD LOG SKIPPED FILES:

appdata\local\google\chrome\user data\default\cache\f_01218b
appdata\local\google\chrome\user data\default\cache\f_01218c
appdata\local\google\chrome\user data\default\cache\f_01218d
appdata\local\google\chrome\user data\default\cache\f_01218e


\appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{432e426d-c922-4e9e-985e-95806603debf}\
appdata\local\packages\microsoft.windows.cortana_cw5n1h2txyewy\localstate\constraintindex\apps_{bd9d1a26-0373-468c-96af-4f551010da35}\
c:\program files (x86)\microsoft visual studio\2017\enterprise\common7\ide\commonextensions\microsoft\nodejs\node_modules\node-gyp\node_modules\tar\test\cb-never-called-1.0.1.tgz
c:\programdata\bullguard\sentrytemp\googleupdate.exe.f01fd5f945645906a32d88d3f9cb6397
c:\programdata\bullguard\alertreports\alertmetadata2\71c66a0b1e714f8bfbf9e201cc5cfdac.7z
c:\windows\system32\wbem\performance\wmiaprpl_new.ini

Are these skipped files viruses?

Both returned scans as negative, no viruses found except the skipped files on bullguard

yuluxugi32132
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
January 01, 2019, 03:36:56 PM
 #12

I recommend you to use MacOS or Linux. Try to avoid from Windows operating systems as there are many viruses targeting windows users
vagrom
Member
**
Offline Offline

Activity: 462
Merit: 14


View Profile
January 02, 2019, 01:16:23 AM
 #13

This is a tragedy. I personally think that security should be a habit, not just relying on anti-virus software. My personal habit is to download new software. I will install it in the virtual machine first, confirm that there is no problem, and then install it on the physical machine. PS: I use the anti-virus software Defender that comes with Windows.

DarkPayCoin - [100% community governed and built]
[-] Website  [-] ANN Thread  [-] Discord  [-] Twitter  [-] Telegram
\ HIGH ROI, Low supply / - \ A privacy focused MN/PoS coin /
jossiel
Hero Member
*****
Offline Offline

Activity: 1232
Merit: 540



View Profile
January 02, 2019, 02:04:33 AM
 #14

What program you download and take virus? And something is strange, how they take your coins from ledger nano s? The private keys never go away from ledger nano s. You save your passphrase on email or on your PC connected to internet?
As DdmrDdmr mentioned it was probably saved to his computer which the hacker got it easily through his files. I feel sorry for the situation of OP, that's not a good incident to welcome the new year.

With the address given, I also see that "geonomis" through https://bithomp.com/explorer/

See the image:


.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
mjglqw
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 732


https://coinsources.io/bitcoin


View Profile WWW
January 02, 2019, 04:23:49 PM
 #15

Unfortunately, antiviruses can only do so much to protect you. Some of the security should be on your side, and not to fully rely on the antivirus. Looks like quite an expensive mistake. Also, I suggest that you do a re-install on your operating system instead, just to be 100% sure. We can't be 100% sure if any antivirus can remove the malware on your computer.

Here's where I'm quite confused; you didn't save your Ledger's recovery seed on your computer.. did you? Because if you did, that nullifies the point of having a hardware wallet in the first place.

Anyway, update us OP.

Pmalek
Legendary
*
Offline Offline

Activity: 1008
Merit: 1114



View Profile
January 02, 2019, 05:54:39 PM
 #16

I would suggest anyone who has malware related issues to register on the Malwarebytes forum and open a thread in the Windows Malware Removal Help & Support section. Post detailed information there and someone will surely help you out as they have a lot of experience with a lot of different malware and viruses.

https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/

Harlot
Hero Member
*****
Offline Offline

Activity: 1134
Merit: 599



View Profile
January 02, 2019, 08:01:39 PM
 #17

Okay,

I have located the hacker to own the facebook website called Geonomis, that talks about crypto mainly, what now? Passed the info onto the police but I dont think they will help, anyone know How I can contact Interpol?
I don't think that interpol will have jurisdiction with the case especially if you are the only known victim of that person, they cannot even extradite the hacker to your country for the charges you will be bringing up to them. The only thing you can do right now is to make sure that he won't flush out more money out from you, I still do recommend to clean out your computer even if you have done it right now. Also what others have said about you transferring your money to another bank account is a good idea.

r1s2g3
Sr. Member
****
Offline Offline

Activity: 602
Merit: 387


I am alive but in hibernation.


View Profile
January 03, 2019, 05:02:45 AM
 #18

Gone through the XRP chat and people there also look puzzled. There guess is the 24 word seed is get leaked to the hacker or since OP purchased device from the ebay so hacker already tampered the device.

.
Game that
pays for
Playing











A
blockchain
based game
Ask me anything
about the game
in Bitcointalk.











A game
that recognize
your ownership
Join the
exciting game
of splinterlands











              ▄▄▄▄▄▄██████▄▄▄▄▄▄
          ▄▄██████████████████████▄▄
        ███████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀███████
     ████████▌    ▄▄▄▄▄▄▄▄    ▐████████
   ▄██████████▌  █████ ▀ ▀███  ▐██████████▄
  ▐███████████▌ ████▄▄ ██ ▐███ ▐███████████▌
  ████████████▌▐█████     ████▌▐████████████
 █████████████▌ ███▄▄ ██ ▐████ ▐█████████████
 █████████████▌  ███    ▄████  ▐█████████████
██████████████▌    ▀▀▀▀▀▀▀▀    ▐██████████████
██████████████████████████████████████████████
▀████████████████████████████████████████████▀
   ▐██████████████████████████████████████▌
   ▐█████████████▀▀▀▀▀▀▀▀▀▀▀▀█████████████▌
    ▀▀██████▀▀                  ▀▀██████▀▀
Kakmakr
Legendary
*
Offline Offline

Activity: 1722
Merit: 1312

★ ChipMixer | Bitcoin mixing service ★


View Profile
January 03, 2019, 08:24:00 AM
 #19

I would not continue using a compromised Operating system and possibly backdoors that might be installed on that system. A lot of the legitimate software used to remote to systems are undetectable by AV software and this hacker might have configured this on your system already. <I suggest a re-installation of the OS>

The hacker could have even signed up with your account on other Dark websites that might get you into trouble in the future. The verification emails might be deleted, so you will not even know about it.  Roll Eyes

I suggest that you create another email account and slowly migrate your services linked to the old account to the new account that are not compromised.  Tongue  

UserU
Member
**
Offline Offline

Activity: 280
Merit: 26

Free Counter-Strike @ CSONLINE2.NET


View Profile WWW
January 03, 2019, 09:50:08 AM
 #20

Unfortunately there's nothing you could do since most probably the perpetrator is living in another country and its highly likely the coins are either cashed out or spent.

The best antivirus is yourself. Avoid sketchy files and when in doubt, run them in a sandbox.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!