Bitcoin Forum
November 07, 2024, 02:51:19 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Just was robbed  (Read 272 times)
Mastahh (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
March 01, 2021, 10:34:35 PM
Last edit: May 12, 2021, 08:23:17 AM by Mastahh
 #1

Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.
Ultegra134
Hero Member
*****
Offline Offline

Activity: 1736
Merit: 873



View Profile
March 01, 2021, 10:37:47 PM
 #2

Hi,

I'm was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.


Oleg
I'm so sorry for your loss. When do you notice that your coins were missing? What wallet were you using? Also, have you signed up or accessed any sketchy website lately? There's a tool to check for any database leaks that you might have signed up, check it out. https://haveibeenpwned.com/

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
Mastahh (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
March 01, 2021, 10:41:36 PM
 #3

I was using Bitcoin Core(non password protected) and MyCrypto was password protected.
Bitcoin_Arena
Copper Member
Legendary
*
Offline Offline

Activity: 2128
Merit: 1814


฿itcoin for all, All for ฿itcoin.


View Profile
March 01, 2021, 10:47:42 PM
 #4

How did you store your back-up phrase or seeds? (There can be a possibility they were leaked to a hacker if you kept them online)
Was your computer full of random apps (some apps can be malware and can easily steal your account credentials or seeds, others can be controlled remotely to access your device when you don't know, they are known as Remote Access Trojans)

When creating a new wallet, did you first reinstall a fresh OS?

odolvlobo
Legendary
*
Offline Offline

Activity: 4494
Merit: 3402



View Profile
March 01, 2021, 10:52:08 PM
 #5

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?

It's easy to trace where they went. The destination is in the transaction. The hard part is identifying the persons controlling the destination address. That's close to impossible unless it is an exchange.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4816



View Profile
March 01, 2021, 11:16:00 PM
 #6

Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.


Oleg

It seems very odd that they sent your bitcoins to 2 different addresses.  Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?

Also, it seems surprising that you didn't notice for a whole week?
sheenshane
Legendary
*
Offline Offline

Activity: 2492
Merit: 1232



View Profile WWW
March 01, 2021, 11:48:03 PM
 #7

It seems very odd that they sent your bitcoins to 2 different addresses.  Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?
Lol, it's 4 days old, and look at the Ethereum TXID, it was landed on the exchange WhiteBIT.  It might be OP forgot that he made a transaction at that time.

Then, if your story is true.
Don't use the previous device that you have used where your crypto-assets that has been lost.  It might now be unprotected and presumably infected a malware virus that the hacker can able to access your wallet's credentials.

We should always find how to safeguard our crypto assets and treat them as one of your valuable stuff.  Our responsibility and diligence to keep them safe at all costs.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
March 02, 2021, 12:04:16 AM
 #8

I was using Bitcoin Core(non password protected) and MyCrypto was password protected.
Then all they required was a copy of your wallet.dat file to get access to your Bitcoins... Without a password on it, anyone with a copy of your wallet.dat would be able to access the private keys and create transactions sending the bitcoins wherever they wanted.

Do you store a backup of your wallet.dat on a cloud-based backup server like OneDrive, Google Drive, DropBox etc? Huh Or perhaps you sent yourself a copy of your wallet.dat to your email as a backup? Huh


Interestingly... the BTC address (12P5MtCHoyTJdJitAWSDkeb5fYHSQj7X3X) that the bulk of your coins got sent to, is tweeted by a "Bens Bitcoin Consulting LLC"... seems they also had funds stolen from them that went to the same address (but from Exodus wallet):
https://twitter.com/ben92994350/status/1288107762048577538


I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.
If you never stored your wallet.dat backup online, then my guess would be malware of some description that has leaked your wallet.dat and/or your MyCrypto login credentials. I would consider the entire machine compromised... I would not be surprised if the thieves already have the details for your new wallets.

I would recommend that you format the PC and reinstall the OS.

If you stored your wallet.dat on a cloud server of some sort, then it's likely that your account on the cloud server was compromised. You'll need to change ALL your passwords.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Mastahh (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
March 02, 2021, 06:02:17 AM
 #9

My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No it is 100% no me, because I'm using Bitcoin Core and it stores info about my transactions.


And yes my fail that wallet.dat wasn't protected and eth wallet also had shitty password.

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7368


Top Crypto Casino


View Profile WWW
March 02, 2021, 06:23:33 AM
 #10

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Mastahh (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
March 02, 2021, 09:37:30 AM
Last edit: March 02, 2021, 10:00:07 AM by Mastahh
 #11

Yes it was Trojan, I found traces of it dated 21.02 Sad

Trojan was configured to this address
https://i.itdenther.ru/SystemNetNameInfoFlagsC
KingZee
Sr. Member
****
Offline Offline

Activity: 952
Merit: 452


Check your coin privilege


View Profile
March 02, 2021, 10:08:05 AM
 #12

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.

Binance most definitely will help him.



Open a ticket with binance or speak to live chat (it takes a while to queue for live chat). Best case scenario is this thief was KYC'd, worst case scenario he used binance to "mix" the money, and they only know his e-mail and IP (potentially behind a VPN). It doesn't harm to try though.

Beep boop beep boop
Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6147


Crypto Swap Exchange🈺


View Profile WWW
March 02, 2021, 11:03:46 AM
 #13

I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.

The emphasis should always be on proactive protection, in other words the virus/malware should be prevented from infiltrating the system. Did you have any of that protection?

So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.

Definitely the wrong step that cost you in the end, of course combined with the fact that your wallet/s was not adequately protected - but even if that was the case, you may have downloaded a keylogger that would deliver your passwords to the attacker sooner or later. My advice to you in the future is to try to have one computer just for crypto and one for fun - it may sound paranoid, but with such a high price that BTC has, every kid is looking for a way to hack some crypto wallet.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Theb
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 655


View Profile
March 02, 2021, 05:55:22 PM
 #14

My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No your wallets are not offline even if your cryptocurrencies is stored in desktop wallet as long as your computer is connected to the internet or is used for other purposes online then your wallet is still counted as an online wallet. This is one of the bad things on having a crypto stored on a multi-purpose computer as the risk will always be there as long as you are connected to the internet. Maybe the next time you will open an executable file scan it first to see if it is clean as you will never know if you are downloading a file that is vulnerable or a fake one. Also a lot of mining programs are having false positives when it comes to detections on anti-viruses so there is a chance it is not one of those files but from other downloaded files you have.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17642


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
March 02, 2021, 06:40:10 PM
 #15

I was robbed 21.02 and 22.02 not sure how it was happened
It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5668



View Profile
March 02, 2021, 09:03:20 PM
 #16

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?
Most probably, OP (or the robber) didn't notice those extra inputs and moved all UTXOs in a single transaction.

Those 3 UTXOs had come from following transactions.

Transaction 1
Transaction 2
Transaction 3

They seem to be dust attacks for chain analysis and linking some used addresses together.
The OP (or the robber) did exactly what the attacker expected.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Mastahh (OP)
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
March 02, 2021, 10:37:55 PM
 #17

I was robbed 21.02 and 22.02 not sure how it was happened
It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?
It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4361

<insert witty quote here>


View Profile
March 02, 2021, 10:44:40 PM
 #18

It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.
Bitcoin Core is an HD wallet... it uses new addresses for each "receive" and whenever it generates change from a send transaction etc.

Most modern wallets are like this.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!