Bitcoin Forum
October 18, 2019, 03:45:13 PM *
News: 10th anniversary art contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: I got hacked, I need your help....  (Read 354 times)
carnage88
Member
**
Offline Offline

Activity: 81
Merit: 11

I'm here for BTC trade and solving tx problems.


View Profile
September 20, 2019, 07:44:41 PM
Merited by LoyceV (1)
 #1

Few days ago my PC was hacked and I can't do shit about it... Guy who did it was skilled and he know what to do and when and how...
Short story is that he installed somehow backdoor on my PC and he hacked one of my contacts so he can send link which when I was using give him my IP address. He remotely connected to my PC and empty my wallet. How he entered my wallet is a mystery to me...

Now I need for you to help me out with tracing this wallet address, seems to me this is some kind of exchange or something. Take a look maybe some one can help...
I know there isn't much to do but maybe someone is familiar with this address.

tnx for your time.

this is the transaction he made from my wallet:

https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4


this is his address

12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ

Click Link if you have transaction problems.
1571413513
Hero Member
*
Offline Offline

Posts: 1571413513

View Profile Personal Message (Offline)

Ignore
1571413513
Reply with quote  #2

1571413513
Report to moderator
1571413513
Hero Member
*
Offline Offline

Posts: 1571413513

View Profile Personal Message (Offline)

Ignore
1571413513
Reply with quote  #2

1571413513
Report to moderator
1571413513
Hero Member
*
Offline Offline

Posts: 1571413513

View Profile Personal Message (Offline)

Ignore
1571413513
Reply with quote  #2

1571413513
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571413513
Hero Member
*
Offline Offline

Posts: 1571413513

View Profile Personal Message (Offline)

Ignore
1571413513
Reply with quote  #2

1571413513
Report to moderator
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2053

Use SegWit and enjoy lower fees.


View Profile WWW
September 20, 2019, 07:49:47 PM
 #2

You could use https://www.walletexplorer.com/ to see if the Bitcoin was sent to known address of exchange.

But IMO you should find out exactly how your computer was compromised and how to secure your computer rather than track a hacker where you can't sue him or get your Bitcoin back.

eaLiTy
Hero Member
*****
Online Online

Activity: 1260
Merit: 543


WOLF.BET - Provably Fair Dice Game


View Profile
September 20, 2019, 08:28:19 PM
 #3

this is the transaction he made from my wallet:
https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4
this is his address
12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

.WOLF.BET.
▀  ▀▀▀▀▀▀
  ▀ ▀▀▀
 ▄ ▄▄▄ 
  ▄ ▄▄▄
▄  ▄▄▄▄▄▄
        ▄▄▄▀▀▀▀▄▄▄
    ▄███▌        ▀▀▄
  ▄▀   ▐█████████▄  ▀▄
 ▄▀  ▄█████████████▄  █
 ▌  █████████████████  █
▐  ████████████████ ▄█
█  █████████████████████▌
▐  ██████████████████ ▀█▌
 ▌ ▐█████████████████▌ ▐▀
 █  ██████████████▀ ▄▀
  █   ███████████▀  ▄▀
   ▀▄▄██ ▀▀▀▀▀▀▀  ▄▄▀
     ▀██▄▄▄▄▄▄▄▄▀▀▀
▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██
      ▄█▄         ▄█▄
 ▄██ ███ ███████ ███ ██▄
▐███▄ ▀ ▄███████▄ ▀ ▄███▌
▐█▌▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▐█▌
▐█▌   ▄▄▄▄▄▄▄▄        ▐█▌
▐█▌   ████████        ▐█▌
▐█▌       ███     ▄▄▀▀▀██▄
▐█▌      ███    ██▀      ▀█
▐█▌     ███    ███         █
▐█▌    ███     ███          █
 ██▄           ███▄         █
  ▀█████████████████▄     ▄█
                  ▀▀█████▀▀

████
██
██
██
██
██
██
██
██
██
██
████


.AFFILIATE PROGRAM.
   ...FREE FAUCET........
..CHAT RAIN.............
squatter
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 930


STOP SNITCHIN'


View Profile
September 20, 2019, 08:37:23 PM
 #4

Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

How do you know it's a Coinpayments wallet? I don't see it labelled anywhere.

At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence. Recovery is unlikely and Coinpayments isn't known for responsiveness.


Did all the inputs in that transaction belong to your wallet? Or is it possible he imported your private keys into another wallet?

TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1564



View Profile
September 20, 2019, 08:43:03 PM
 #5

Which wallet are you using?

The address has been mentioned here aswell: https://www.reddit.com/r/Bitcoin/comments/bgrius/daily_discussion_april_24_2019/elp0ojx/ (talking about some Blockchain.info scam).

Do you use Blockchain.info's wallet?

HeRetiK
Legendary
*
Offline Offline

Activity: 1260
Merit: 1128


the forkings will continue until morale improves


View Profile
September 20, 2019, 08:44:58 PM
 #6

At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.


But IMO you should find out exactly how your computer was compromised and how to secure your computer rather than track a hacker where you can't sue him or get your Bitcoin back.

OP should also wipe their computer and reinstall or factory reset their operating system. Otherwise it's quite likely that the attacker has yet another surprise in store. It would also be smart if OP changed passwords afterwards.

bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1067



View Profile
September 20, 2019, 08:45:44 PM
Last edit: September 20, 2019, 08:57:52 PM by bitmover
 #7

But IMO you should find out exactly how your computer was compromised and how to secure your computer rather than track a hacker where you can't sue him or get your Bitcoin back.

I agree. Those bitcoins are out of your reach, as the are already in another country exchange, so it is going to be hard to get them back

I would format my computer and buy a hardware wallet, such as ledger nano or Trezor


How do you know it's a Coinpayments wallet? I don't see it labelled anywhere.

I looked at many websites and couldn't find any relation to coinpayments as well.

I only found this website from bitshares telegram, where this address in mentioned in a conversation in  2018

http://bitshares-telegram.blogspot.com/2018/11/1541800808.html
Quote
Exchange16:07:26 - 07 Nov 2018 [UTC]
1) Blockchain https://www.blockchain.com/ finance@obmen-om.com 8e397053-91a3-4465-838c-a66579276b80 Protect_Dolphin.1976!!@ Secundary Password: 19802503 Bitcoin: 12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ Ethereum: 0xf00bc43cDe17F04ca9C78f1025bfFa72b99B5ef8 ------------------------------------------------------- 2) Perfect Money https://perfectmoney.is/ finance@obmen-om.com 3578346 Protect_Dolphin.1976!!@ U5532137 ---------------------------- 3) Payeer https://payeer.com/en/ btccash1@tuta.io P74479156 JOPd90f-p32joip&(pk[324t7879709)&jih324t7656 Master Key 526 P74479156 ----------------------------------------- =========================================== Webamil http://webmail.obmen-om.com/ finance@obmen-om.com Protect_Dolphin.1976!!@ cPanel2fa Recovery Key - UWCS7OQXK5N3XIF ----------------------------------- Tutanota Mail https://app.tutanota.com/#login btccash1@tuta.io Oldpass ================================================

squatter
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 930


STOP SNITCHIN'


View Profile
September 20, 2019, 08:59:22 PM
 #8

At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.

No harm done, but they still need to move quickly to get a police report because third parties don't have the authority to freeze funds indefinitely. This is Binance's policy for these situations:
Quote
The victim must provide a police report within 24 hours of filing the support request.  From there, Binance will work directly with law enforcement to handle processing of the funds.

LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 1218
Merit: 1191

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
September 20, 2019, 09:33:35 PM
 #9

this is the transaction he made from my wallet:
https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4
this is his address
12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

Bitcoin payments are supposed to be irreversible. What do you describe could be compared to a 'chargeback'. In terms of abuse like merchands are abused with PP.
OMG if companies start to accept to do such practices then, it will be exactly like Paypal.
You buy something, wait for the item to be shipped, and then contact the platform to say "hello, I've been hacked here is a signed message!"

BitMaxz
Legendary
*
Offline Offline

Activity: 1582
Merit: 1252


Beware on fake ledger nano, trezor and electrum.


View Profile WWW
September 20, 2019, 09:50:09 PM
 #10

It seems the owner of that address scammed many people.

That address is also mentioned from this link below.
- https://www.complaintsboard.com/complaints/orbest-investments-pm-u7777777-c754714.html

It seems it's connected to "ORBEST INVESTMENTS LTD" there are many people scammed according to the link above most of them telling that their perfectmoney account was hacked and transfer to many different addresses including the address mention above.

It seems that the hacker is an expert on hacking.

HeRetiK
Legendary
*
Offline Offline

Activity: 1260
Merit: 1128


the forkings will continue until morale improves


View Profile
September 20, 2019, 09:50:23 PM
 #11

At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.

No harm done, but they still need to move quickly to get a police report because third parties don't have the authority to freeze funds indefinitely. This is Binance's policy for these situations:
Quote
The victim must provide a police report within 24 hours of filing the support request.  From there, Binance will work directly with law enforcement to handle processing of the funds.

That's neat, I wasn't aware that some exchanges already have publicly available policies about such cases.


Bitcoin payments are supposed to be irreversible. What do you describe could be compared to a 'chargeback'. In terms of abuse like merchands are abused with PP.
OMG if companies start to accept to do such practices then, it will be exactly like Paypal.
You buy something, wait for the item to be shipped, and then contact the platform to say "hello, I've been hacked here is a signed message!"

That's why the endgame is getting rid of exchanges altogether Wink Either way Binance's 24 hours until a police report has been provided still beats PayPal's 180 days based on nothing. How coinpayments will handle the situation is a different matter however.

Stedsm
Legendary
*
Offline Offline

Activity: 1820
Merit: 1136


Piiiii Kaaaaaa Chuuuuuuu


View Profile
September 20, 2019, 10:40:58 PM
 #12

What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I believe this address was also involved in some HYIP investment activities like BitRegal (and maybe the admin was the guy himself who stole OP's funds)

Whole story below, please search for this address on that page: 12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
https://x-invest.net/forum/thread-bitregal-10-daily-btc-only-13254?pid=184427&mode=linear

I've checked walletexplorer too and it's very strange that it is just a single address and no more addresses are in that wallet which made me believe it couldn't be of an exchange (maybe).

1Referee
Legendary
*
Offline Offline

Activity: 2030
Merit: 1362

Segwit please.


View Profile
September 21, 2019, 09:02:00 AM
 #13

What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I don't think that's much of a problem if you for example use a hardware wallet where you physically have to confirm or reject value movements. In that regard, my question would be why OP didn't use a hardware wallet.

People quite often look at the initial purchasing cost and think they can avoid dealing with that by simply using a desktop/mobile client, but that's never a good idea as we can see from the many examples of how people lost their coins. The $100ish they try to save by not purchasing a hardware wallet leads to a loss of thousands of dollars worth of crypto. Pretty sad.

Lucius
Legendary
*
Offline Offline

Activity: 1568
Merit: 1354


Fortis Fortuna Adiuvat


View Profile WWW
September 21, 2019, 12:49:40 PM
Merited by Stedsm (2)
 #14

1Referee, I would not say that only reason why people keep their coins in desktop/mobile wallets is because of money which needs to be invested in a hardware wallet, but also because most of them are not even aware that such security solutions exist at all.

On the other side, we have ignorance with a completely wrong premise about what is cryptocurrency. As a result of that, many crypto users do not realize how challenging it is to be their own bank.



Short story is that he installed somehow backdoor on my PC and he hacked one of my contacts so he can send link which when I was using give him my IP address. He remotely connected to my PC and empty my wallet. How he entered my wallet is a mystery to me...

Hacker did just what you let him to do, and the real question is at what point you click/download something bad on your PC. You are very likely infected with remote access trojan (RAT), and with that hacker is get full control over your PC.

Best thing you can do now is to format disk, your OS is completely compromised.

Stedsm
Legendary
*
Offline Offline

Activity: 1820
Merit: 1136


Piiiii Kaaaaaa Chuuuuuuu


View Profile
September 21, 2019, 02:02:35 PM
 #15

What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I don't think that's much of a problem if you for example use a hardware wallet where you physically have to confirm or reject value movements. In that regard, my question would be why OP didn't use a hardware wallet.

People quite often look at the initial purchasing cost and think they can avoid dealing with that by simply using a desktop/mobile client, but that's never a good idea as we can see from the many examples of how people lost their coins. The $100ish they try to save by not purchasing a hardware wallet leads to a loss of thousands of dollars worth of crypto. Pretty sad.

All in all, this looks to me as a lesson learnt. I don't know how many times users such as OP will be suffering from such issues as there's always a new type of scam taking place every single day trying to drag away your money out of your hands. Some people also don't have money to buy that much maybe because they could be from a third world country and/or not too much interested in crypto or have very less (not even $50 worth of BTC or alts) held in their bags for which they don't prefer to go for any hardware wallets.



..... As a result of that, many crypto users do not realize how challenging it is to be their own bank.

That's true, the sort of security we need to take care of is very high in front of what people believe it is. This platform is new and so, chances of getting hacked and scammed are reaching newer peaks every single day with more and more adoption as it's all about getting exposure of these unknown buddies (those who don't know about anything technical) to these highly professional hackers who know how to get into somebody's wallet and get the coins. When we say we are our own bank by using crypto, we really do understand the level risks it possesses and when we put a step in, it's better to be cautious than hell in order to save our everything that's kept in our PC.

Quote
Best thing you can do now is to format disk, your OS is completely compromised.

Don't forget to ask him not to save his old Windows.dat (old data) of the previous OS.

@OP, What I didn't get is - when you clicked that suspicious link, wasn't there any Antivirus in your PC that may have stopped or warned you for not visiting there?

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2053

Use SegWit and enjoy lower fees.


View Profile WWW
September 21, 2019, 07:26:46 PM
 #16

1Referee, I would not say that only reason why people keep their coins in desktop/mobile wallets is because of money which needs to be invested in a hardware wallet, but also because most of them are not even aware that such security solutions exist at all.

Don't forget extra cost if there's no official HW seller/reseller in your country, you either must risks buying from unofficial seller or import it directly and pay import fees (which could get complicated/expensive).

Quote
Best thing you can do now is to format disk, your OS is completely compromised.

Don't forget to ask him not to save his old Windows.dat (old data) of the previous OS.

Folder windows.old only kept if you don't format the storage

carnage88
Member
**
Offline Offline

Activity: 81
Merit: 11

I'm here for BTC trade and solving tx problems.


View Profile
September 21, 2019, 08:14:18 PM
Last edit: September 21, 2019, 09:41:01 PM by carnage88
 #17

Quote
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

They answered that this isn't their address...


I use electrum which was password protected and I used these coins every day but last week or so I wasnt using them. I rus some exchanges and needed whole amount, that's way i didn't put on ladger.

Where I collected and installed his "tool" I really don't know but I know that he hacked my email which I only use for random stuff and when I wanted to login on some site it showed him on my email that someone with that IP wants to login and it was obviously my IP and he easily connected to remote...

Non of my antiviruses did go off or anything was alerted, but when I realized my email was hacked I immediately changed my IP. How he logged in on my electrum I really don't know. PC is now secured and everything is under my control.
BTC are gone, lesson learned, this was expensive one.  Angry



That was remote tool

This was log from that tool



Click Link if you have transaction problems.
adaseb
Legendary
*
Offline Offline

Activity: 2114
Merit: 1150



View Profile
September 21, 2019, 09:05:30 PM
 #18

This is why I stopped using Windows 10. Its full of bugs and backdoors. And even if it isn't then your browser most likely might not be fully secure and you can get some malware installed that way.

Its good that you are using a hardware wallet but for the coins you need to temporarily store on a hot computer, try using a different OS and maybe a different computer that you don't browse random websites with that might install something behind your back.

You seems to have a good knowledge of security and computers so the thief must of been pretty clever to get away with this. Its good that you used 2FA on your exchanges or most likely he would of stolen those coins also.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
nc50lc
Hero Member
*****
Offline Offline

Activity: 742
Merit: 636


Self-proclaimed Genius ㊙️


View Profile WWW
September 22, 2019, 08:00:14 AM
Merited by suchmoon (4)
 #19

They answered that this isn't their address...
At last, you replied.
First: "Remote Utility - Host" is a legit application, it was just installed by the hacker/malware/virus to view and control to your PC using the client.
The main malware/virus must be something else, installed though other means like browsing/download.

Your case was exactly the same as this one: forums.malwarebytes.com.
But the case was closed without an answer.

I use electrum which was password protected and I used these coins every day but last week or so I wasnt using them. I rus some exchanges and needed whole amount, that's way i didn't put on ladger.
There are two possible scenarios:
1. Hacked SEED: Because even with remote access, the hacker can't still decrypt your wallet.
Where did you keep your electrum SEED? in your email, cloud disk or local disk?
2. Keylogger and manual operation: When you're AFK and the PC's idle, the hacker installed keylogger using remote access, disconnect then wait for you to use your wallet;
Waited for another AFK cue, then he controlled your PC to manually send the transaction since he already have your passphrase.

Seriously, "needing the whole amount" isn't an excuse to not-to-use you ledger.
It's not a hassle to plug the device to sign a transaction, it's safe as long as you review the addresses of the transaction that you're signing.

bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1067



View Profile
September 22, 2019, 09:32:20 AM
 #20

1. Hacked SEED: Because even with remote access, the hacker can't still decrypt your wallet.
Where did you keep your electrum SEED? in your email, cloud disk or local disk?

I don't think the hacker had full access to OP's computer, being hacked by a trojan or something like that is unlikely IMO.

It is so much easier to just get the user SEED on a gmail draft or something like that.Most people do not hand the seed with proper care.
THe hacker could have got access to the seed long ago and he was waiting the wallet to be funded....

Anyway, I wouldn't be so sure about that remote access from the hacker, unless if there is some evidence of that.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!