Bitcoin Recovery stolen from Bitcoin Core wallet

[Krokus82]

Good day to ALL.

Appreciate if somebody give advice how to return Bitcoins stolen from my Bitcoin Core Wallet.

The Wallet was kept on separate HD not connected to PC and synchronized with blockchain regularly.

After planned synchronization I found that ballance became ZERO. All BTCs were transfered to another wallet.

Can't understand how it's possible and how to recover if possible at all.

Can somebody comment on it?

[YuginKadoya]

Good day to ALL.

Appreciate if somebody give advice how to return Bitcoins stolen from my Bitcoin Core Wallet.

The Wallet was kept on separate HD not connected to PC and synchronized with blockchain regularly.

After planned synchronization I found that ballance became ZERO. All BTCs were transfered to another wallet.

Can't understand how it's possible and how to recover if possible at all.

Can somebody comment on it?

When a transaction is made it is irreversible so your stolen Bitcoin can't be retrieved at all,

Sorry about your lost but once a transaction is done as I have said you can not get it back, this should become a lesson for you in making tenfold efforts in protecting your wallet and securing your connections to the internet,

[Pffrt]

If your BTC is not in your wallet and the address where BTC was sent to is not in your control, there's no chance left for you to recover. Have you checked the address where your BTC was sent to? May be someone had the access of your private key or may be they had access to your wallet file.

[mk4]

Bitcoin transactions are final, unfortunately. There's really nothing you can do now.

As for how you lost the funds, chances are, you messed up somewhere. We can't really have a solid idea on what happened because well, it's your device not ours. Can you check if your device is infected? I'd personally start there. If you use Windows10, use the default antivirus installed(Defender) and probably also do a scan using MalwareBytes.

Next time you plan on buying bitcoin, it probably might be a great idea to purchase a hardware wallet to significantly decrease the chances of your wallet's keys being leaked.

[Krokus82]

Thank you for commenting and tips!

Indeed security is essential.

That's why I've chosen Bitcoin Core as a cold wallet. I was sure and still sure that this is the most secure way to store BTC.

There might be a gap somewhere. HD was checked and no infections found.

I'm still looking for a reason.

Meanwhile my PC is well proected by antivirus and vpn and only 2 men on Erth know where HD is being stored.

There also might be a hack via WI FI as I'm using home network. But again it's protected.

I'll most probably ruin my brain before the real reason is found.

It's important to learn on our mistakes.

[Krokus82]

If your BTC is not in your wallet and the address where BTC was sent to is not in your control, there's no chance left for you to recover. Have you checked the address where your BTC was sent to? May be someone had the access of your private key or may be they had access to your wallet file.

Yes. I've checked that address but it tells me nothing. Also tried to find in Google any relations with that address. No luck. However BTCs are still there and there was only one transaction on that wallet to transfer stolen BTCs. It seems it was created only for that.

I'm realy disapointed that that I don't have possibility to hack it to return stolen assets.

[rdluffy]

Oh it's so sad to hear that

Can you provide more details for us? We can try to help you at least understand how the BTC was stolen, people here have a lot of knowledge and there's a lot of threads where users helped to understand how the hack happens

How did you generate your wallet?
Did you put this HD in your PC sometimes to synchronize?

Did you save the private key / password in your pc, in a file?

[BitMaxz]

Thank you for commenting and tips!

Indeed security is essential.

That's why I've chosen Bitcoin Core as a cold wallet. I was sure and still sure that this is the most secure way to store BTC.

There might be a gap somewhere. HD was checked and no infections found.

I'm still looking for a reason.

Meanwhile my PC is well proected by antivirus and vpn and only 2 men on Erth know where HD is being stored.

There also might be a hack via WI FI as I'm using home network. But again it's protected.

I'll most probably ruin my brain before the real reason is found.

It's important to learn on our mistakes.

If it is a cold wallet it should be completely offline it means you shouldn't sync it regularly you want it to be an offline or cold wallet.

If it's connected to the internet we can't call it a cold wallet.

Have you tried to check your wallet address to the blockchain if your BTC is transferred to another wallet?
So, that we know if your BTC still there or it's totally gone.

If the result from blockchain explorer shows that your BTC still there we can get your BTC by exporting the private key and use other wallets to import and get the BTC from your old wallet.

Yes. I've checked that address but it tells me nothing. Also tried to find in Google any relations with that address. No luck. However BTCs are still there and there was only one transaction on that wallet to transfer stolen BTCs. It seems it was created only for that.

I'm realy disapointed that that I don't have possibility to hack it to return stolen assets.

How did you check the BTC address? What tool did you use to check the address?

[mk4]

That's why I've chosen Bitcoin Core as a cold wallet. I was sure and still sure that this is the most secure way to store BTC.

Using Bitcoin Core is a great option especially for privacy reasons, if you know what you're doing. I'd personally never suggest using Bitcoin Core to someone who is not that knowledgeable in terms of security. Hardware wallets are still the best for the masses in my opinion.

Anyway, update us on what you suspect happened. I'm really curious on what caused you to lose your funds. What OS are you using anyway?

[Krokus82]

Thank you for getting involved.

I'll reply to all questions in one message.

1. How did you generate your wallet?
    The wallet was generated by BitcoinCore software when it had been installed.
 
2. Did you put this HD in your PC sometimes to synchronize?
    Yes. It was normal HD and it was connected to PC once in a while (normally every 3 months or when transaction was required).

3. Did you save the private key / password in your pc, in a file?
    No. Neither key nor password. Unfortunately I didn't use password thinking that keeping HD away from PC and in secure place would be enough. No
    of course I will. Expensive lesson indeed:)

4. Have you tried to check your wallet address to the blockchain if your BTC is transferred to another wallet?
    Yes. Transaction is registered in blockchain. My wallet address shows empty balance. The wallet address BTCs were stolen to shows stolen amount.
    So surely transaction was real and complete. By the way the date of transaction is 30.12.2019. Hapy New Year!)

5. How did you check the BTC address? What tool did you use to check the address?
    https://sochain.com

6. What OS are you using anyway?
    Windows 7 Home Premium SP1

The think is that I also stored full blockchain on another HD which was in the home network. It was done on purpose for backup in order not to waste time if I need to synchronise wallet from the beginning. Normally it was only blockchain folder. No wallet.dat file.
However this time I realized that by mistake I transfered full wallet including wallet.dat in to the home network HD. However the network and network HD was protected by password and build in security feature. Thought it might have been stolen from there but how? It's not an easy job to hack protected network drive. And it should be done on purpose by prepared men knowing that there is something to steel. However this might have been a reason. But I'm not sure yet.

[NeuroticFish]

   Yes. It was normal HD and it was connected to PC once in a while (normally every 3 months or when transaction was required).

Unfortunately I didn't use password thinking that keeping HD away from PC and in secure place would be enough. No
    of course I will. Expensive lesson indeed:)

So you had an unprotected wallet getting online from time to time.. and you are wondering what happened?
Quite sad story. You should have read more about cold wallet and try to understand the "never comes online" part (especially the "never").

1. That system is probably infected.
2. Since you are not good at making your homework, you should consider using hardware wallet for your future coins.

[mk4]

Yea.. Chances are, your device is infected. How? Only you know. A contributing factor probably you using an operating system with outdated security updates. And to add to that, no password.. Definitely a lesson that you need to take as much safety precautions as possible. There's literally no space to be lazy when talking about securing your money. Hopefully you didn't lose a life changing amount.

[BitMaxz]

The think is that I also stored full blockchain on another HD which was in the home network. It was done on purpose for backup in order not to waste time if I need to synchronise wallet from the beginning. Normally it was only blockchain folder. No wallet.dat file.
However this time I realized that by mistake I transfered full wallet including wallet.dat in to the home network HD. However the network and network HD was protected by password and build in security feature. Thought it might have been stolen from there but how? It's not an easy job to hack protected network drive. And it should be done on purpose by prepared men knowing that there is something to steel. However this might have been a reason. But I'm not sure yet.

Well, sometimes adding a password is not enough to protect the wallet or any important file from HD if your PC is infected with keylogger in the first place.

But as you said you've completely protected with AV and VPN so if you using a secured antivirus it shouldn't happen unless if your PC is infected in the first place as what I said above. If the PC is infected in the first place even you installed any Antivirus protection the malware or virus will still running on the background without AV alert.

So, If you installed a Windows 7(pirated/modified version with keylogger/backdoor) which is free from some blog sites you have a big risk that your PC is infected.

VPN also have a chance to monitor your activity and remotely access your PC if you are not using dedicated IP from VPN well, maybe someone got your IP and port and send some commands to retrieve your wallet through RPC calls (since they monitor your activity it can happen if your wallet has an open port).

Here's how it works
- Keylogger ---> IP with open port(VPN on shared IP`) ---> send RPC commands ---> use the collected data from keylogger ---> once they got the correct passphrase ---> they are going to send RPC calls to retrieve private keys.  

[Krokus82]

Well, since the reason is most probably in security gap I've decided to format and reinstate full PC and HDs including passwords.

Hopefully increased security measures will help to protect assets in the future.

Thank you for comments. It realy helped to realize importance of simple security aspects.