Guess I got hacked

[cad_cdn]

synched up my wallet and found a transaction... that I never made. it emptied my wallet.

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

looks like a couple others got hacked as well.

trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...

backup wallet would be useless because the tx has already happened in the chain correct?

[1714725292]

1714725292

[1714725292]

1714725292

[1714725292]

1714725292

[1714725292]

1714725292

[Zeeks]

You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.

[plasm]

Maybe your register email was hacked.Check it!

[cad_cdn]

thx,
ya, I'm surprised, I'm pretty good with being careful, obviously, I missed something.
damn. that was my mining efforts to pay back purchases of gear....

You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.

[Tammy Chan]

synched up my wallet and found a transaction... that I never made. it emptied my wallet.

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

looks like a couple others got hacked as well.

trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...

backup wallet would be useless because the tx has already happened in the chain correct?

Which wallet are you using? bitcoin-qt?
It is a bit strange that the hacker didn't empty your wallet, and there is still 0.09 BTC on that address.

You should now send the remaining 0.09 BTC to a new wallet ASAP.

[cad_cdn]

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

[fbueller]

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?

[cad_cdn]

I run windows 7 on the machine in question.
I also just noticed that the hack is still ongoing.
I mine at elgius, so there was a pending payout due.
After discovering the hack I immediately changed my wallet passphrase, changed all my mining payout addresses,
Then, this morning another of my daily mining proceeds were again diverted again to the same address.
I have stopped my proceeds going to my address (this is MY address that was hacked 1M2yzo3YU5RDGtMnqWMANcSij7r7n9rbCL)
Payments are now going to another address that is working and un atached to thsi wallet.

I wish I could recover the funds - but more importantly figure out where I have been compromised. I'm thinking a very good keylogger attached to a windows service, or masked as a windows service (svchost.exe) or something. AV (malwarebytes chameleon comes up clean) MS antivirus clean as well.

upsetting to say the least.

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?

[BitcoinAwesomeMan]

hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?

[cad_cdn]

frustrating to have to admit that I got hacked with no idea how.

hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?

[E.exchanger]

Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or  faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!

[cad_cdn]

I don't gamble, and no faucets. it has to be a wallet stealer masked as another program.
I'm using MS Security Essentials and malwarebytes chameleon.

thx

 

Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or  faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!

[zvs]

java is evil

[LouReed]

Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!!

[cad_cdn]

yes, sorry to hear about your loss!


 

Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!!

[justme27]

Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690

Did you have a 10-char password, by any chance?
https://bitcointalk.org/index.php?topic=85495.msg4392968#msg4392968

[cad_cdn]

no, was is 17 characters.

Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690

Did you have a 10-char password, by any chance?
https://bitcointalk.org/index.php?topic=85495.msg4392968#msg4392968

[BitDonkey]

That is interesting.  I too got hacked with two transactions (Feb 25th)  to the same address (12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4) you listed.  I didn't notice until I cranked up the 0.8.6 version wallet a couple of days ago.  That is an address that user tazja claims to be his/her address.

You can see his reference to the address here in https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690

Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?

[Chemistry1988]

Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?

The interesting thing is he has lost the password, and it is not feasible to brute force it.
So, even if he agrees to pay you back, he can't. 

Thank you for answering me. If I know that I probably put 10 characters with a capital letter at the beginning and  2 number at the end without knowing what it was, I have a chance to find the password with a script?

1 capital letter == 26^1 == 26
2 digits == 10^2 == 100
7 mixed case == 52^7 == 1028071702528

26 * 100 * 1028071702528 == 2672986426572800

2672986426572800 passwords / 10 passwords per second == 8,470,364 years

[fbueller]

Both of you are miners? There's a coincidence! Have you contacted the other person funds were taken from?

[James222]

Yeah you probly got hacked. You probly had a keylogger. Run a virus scan also

[Delivereath]

I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?

[cad_cdn]

Nail the F@cker!
 

I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?