Bitcoin Forum
November 13, 2024, 02:16:35 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: paper wallet was stolen  (Read 1254 times)
jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 09, 2019, 06:23:59 PM
Merited by pooya87 (1), LoyceV (1), ABCbits (1)
 #1

Hello everyone!

More than a Week  ago my single btc from offline paper wallet was stolen

it was created in 12.2018 and never used since that time

I am totally frustrated not only because of loss but also becasue i cant get what do i did wrong!

Also i want to mention that the adress it was moved on, is still untouched and have got just a single transaction(my btc)

u can supervise it here

https://www.blockchain.com/btc/address/1CtmmUkxEbQ8nsa2XFSKy7bo5XmBxYFP5n

what can it be?why it is still untouched? why it happened just in 6 month?
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17667


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 09, 2019, 06:33:26 PM
Merited by pooya87 (1)
 #2

Some questions:
How did you create the paper wallet? What software did you use?
Did you create it on an offline airgapped system? Did you wipe the computer, or did it go online again afterwards?
Do you still have the paper wallet? Could someone have accessed it?

Could this be the cause: Disclosure: Key generation vulnerability found on WalletGenerator.net—potentially malicious.?

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 09, 2019, 06:44:16 PM
 #3

Some questions:
How did you create the paper wallet? What software did you use?
Did you create it on an offline airgapped system? Did you wipe the computer, or did it go online again afterwards?
Do you still have the paper wallet? Could someone have accessed it?

Could this be the cause: Disclosure: Key generation vulnerability found on WalletGenerator.net—potentially malicious.?

yes i used WalletGenerator.net, exactly as you described : wipe the computer, and go online again afterwards
no i dont have, it was a single one
jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 09, 2019, 06:52:20 PM
 #4

Most likely :
1. You create your paper wallet with malicious software/service
2. You create your paper wallet with online website on insecure device/connection
3. Someone found your paper wallet & decide to stole it

But those are educated guess, do you mind tell us how do you create your paper wallet & how do you store it?
1)probably
2)probably
3)absolutely not

well i created it offline, and stored it on a <<paper>>
jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 09, 2019, 07:01:15 PM
 #5

but why its still unspent?
do you think its possible to write to every single crypto market to report this adress ?will it work out?
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17667


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 09, 2019, 07:05:03 PM
 #6

but why its still unspent?
"Unspent" means nothing more than "the funds are on that address". It's like having $1000 in the attacker's wallet, it's unspent until he spends it.

Quote
do you think its possible to write to every single crypto market to report this adress ?will it work out?
No. See much longer answer.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 09, 2019, 07:10:23 PM
 #7

but why its still unspent?
"Unspent" means nothing more than "the funds are on that address". It's like having $1000 in the attacker's wallet, it's unspent until he spends it.

Quote
do you think its possible to write to every single crypto market to report this adress ?will it work out?
No. See much longer answer.

thank you for your attention!
seems like its 100% lost. good lesson. expensive one.
magdaniewczas
Newbie
*
Offline Offline

Activity: 8
Merit: 2


View Profile
July 10, 2019, 02:45:32 PM
 #8

Hello everyone!

More than a Week  ago my single btc from offline paper wallet was stolen

it was created in 12.2018 and never used since that time

I am totally frustrated not only because of loss but also becasue i cant get what do i did wrong!

Also i want to mention that the adress it was moved on, is still untouched and have got just a single transaction(my btc)

u can supervise it here

https://www.blockchain.com/btc/address/1CtmmUkxEbQ8nsa2XFSKy7bo5XmBxYFP5n

what can it be?why it is still untouched? why it happened just in 6 month?

You should contact the police
bitmover
Legendary
*
Offline Offline

Activity: 2478
Merit: 6318


bitcoindata.science


View Profile WWW
July 10, 2019, 05:16:45 PM
 #9

yes i used WalletGenerator.net, exactly as you described : wipe the computer, and go online again afterwards
no i dont have, it was a single one

Sorry for your loss.

This is a common subject here often these days (like this https://bitcointalk.org/index.php?topic=5161786.0), about paper wallet security.
Most of people think it is easy and simple to make a paper wallet, but it is not.

Generating a paper wallet is risky. You shouldn't have put your computer back online afterwards... In my opinion, the best is to invest in a hardware wallet, which is safer BECAUSE it is easier to use.

I believe the attacker got your private keys few days after you put your computer back online. He was probably monitoring your address, waiting for you to put more money there.

LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17667


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 10, 2019, 05:29:18 PM
Merited by Chris! (2)
 #10

I believe the attacker got your private keys few days after you put your computer back online. He was probably monitoring your address, waiting for you to put more money there.
OP wiped his computer, that should be enough to remove all traces of private keys. I still prefer a Linux LIVE DVD though, running from memory to ensure nothing ever ends up on a hard drive.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
nc50lc
Legendary
*
Offline Offline

Activity: 2590
Merit: 6372


Self-proclaimed Genius


View Profile
July 13, 2019, 03:57:04 AM
 #11

I believe the attacker got your private keys few days after you put your computer back online. He was probably monitoring your address, waiting for you to put more money there.
OP wiped his computer, that should be enough to remove all traces of private keys. I still prefer a Linux LIVE DVD though, running from memory to ensure nothing ever ends up on a hard drive.
..And less hassle of zero-fill~ing the disk for paranoids Cheesy (+ reinstalling OS and drivers takes time).

He must have browsed to the webpage then cut down the connection.
His supposedly randomly generated private key wasn't random at all but pre-generated key from an image file and can be reproduced by the culprit.
So even if he's offline the whole time (after loading the page), they can regenerate the possible key based from the malicious page's provided image.

This wont happen if he used the original code from Github.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6149


Crypto Swap Exchange🈺


View Profile WWW
July 13, 2019, 12:13:37 PM
 #12

jorro-ts, I'm sorry for your loss, it is big amount of money and I think you should report to police and to every crypto exchange to make this hacker life a little more difficult. Most victims do nothing, and hackers count on that - it is easy money for them.

People blindy trust to paper wallets, but they are not aware how important it is to secure a safe environment for making such wallets. If you ever again decide to invest in bitcoin, maybe you should need to consider hardware wallet - it cost some $70, but it can save you from such risks.


█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Chris!
Legendary
*
Offline Offline

Activity: 1382
Merit: 1123



View Profile
July 13, 2019, 07:34:38 PM
 #13

@OP I can teach you how to properly secure your funds. We can do it here or if you'd like you can PM me.

Paper wallets can be the absolute best option for long term storage if you do it right. Hardware wallets, however, constantly have vulnerabilities found out. Don't believe me. Go ahead and Google "hardware wallet vulnerability". You'll notice that the vulnerabilities have come out over many years and fresh ones have just been found out. They're obviously not properly tested, other than of course the general public buying them and reporting vulnerabilities.

Don't blindly trust third parties (hardware wallet manufacturers) because of this mishap. Learn from it, change your method accordingly and sleep easy knowing you'll never have to worry about your funds being stolen again.
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6149


Crypto Swap Exchange🈺


View Profile WWW
July 14, 2019, 10:58:08 AM
Merited by bitmover (1)
 #14

@OP I can teach you how to properly secure your funds. We can do it here or if you'd like you can PM me.

Paper wallets can be the absolute best option for long term storage if you do it right. Hardware wallets, however, constantly have vulnerabilities found out. Don't believe me. Go ahead and Google "hardware wallet vulnerability". You'll notice that the vulnerabilities have come out over many years and fresh ones have just been found out. They're obviously not properly tested, other than of course the general public buying them and reporting vulnerabilities.

Don't blindly trust third parties (hardware wallet manufacturers) because of this mishap. Learn from it, change your method accordingly and sleep easy knowing you'll never have to worry about your funds being stolen again.

Show me one example where the user lost funds due to any detected vulnerability in any hardware wallet? Most of these vulnerabilities required physical access to user device and a superior level of technical knowledge.

For some reason you are against hardware wallets, but if OP is using one we would not have this thread and he would still have 1 BTC. Your ideas about insecurity of HW are not groundless, they are not 100% safe - but most of vulnerabilities you are talking about are fixed before they became known to the public.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dende93
Member
**
Offline Offline

Activity: 168
Merit: 86


View Profile
July 19, 2019, 08:30:27 AM
 #15

Really sorry for your loss. Just one question for you, have you encrypted it with bip38?
Would he have avoided theft by doing so?

“War is Mass Murder, Conscription is Slavery, Taxation is Robbery.” Murray N. Rothbard
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17667


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 19, 2019, 08:33:08 AM
 #16

Would he have avoided theft by doing so?
Encryption doesn't help if the thief knows the private key already.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
dende93
Member
**
Offline Offline

Activity: 168
Merit: 86


View Profile
July 19, 2019, 09:00:51 AM
 #17

Would he have avoided theft by doing so?
Encryption doesn't help if the thief knows the private key already.

yeah that's what I thought, it's obvious. I made some paper wallet too but not on walletgenerator.net, with the intention of keeping them 10 years. I would not bear such a loss easily.
Perhaps it would be useful to set a time lock to prevent someone from spending your coins before you want. Could the attacker come to know it and get around this obstacle?

“War is Mass Murder, Conscription is Slavery, Taxation is Robbery.” Murray N. Rothbard
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1946
Merit: 1427


View Profile
July 19, 2019, 10:22:35 AM
 #18

Perhaps it would be useful to set a time lock to prevent someone from spending your coins before you want. Could the attacker come to know it and get around this obstacle?
If he has the private key, he can simply sign another transaction without locktime and broadcast that one instead.. ?

I don't know of any wallets that lock "adresses" or private keys rather, from spending funds, as that's just not possible, AFAIK.
(Since the attacker could simply export the private key into his own wallet & broadcast.)


bitmover
Legendary
*
Offline Offline

Activity: 2478
Merit: 6318


bitcoindata.science


View Profile WWW
July 19, 2019, 02:10:34 PM
 #19

For some reason you are against hardware wallets, but if OP is using one we would not have this thread and he would still have 1 BTC.

In the end, that is all that matters.
Ledger nano S costs now about 60 USD, or 0,006 btc (can't see the price in USD, only in my local fiat, but the conversion is close to that). A very small investment for some peace of mind.

I see no problem in paying trusted professionals to deal with security of my private keys (while I am the only one who holds them). I am not a pro and I am more likely to make a mistake than ledger professionals.

jorro-ts (OP)
Newbie
*
Offline Offline

Activity: 11
Merit: 3


View Profile
July 19, 2019, 10:08:52 PM
 #20

well, the wallet is still untouched. Just a single transaction. Why do they not withdrawed it so far?Maybe thief has died?lol
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!