cad_cdn (OP)
|
|
March 28, 2014, 01:11:32 PM Last edit: March 28, 2014, 01:21:16 PM by malevolent |
|
synched up my wallet and found a transaction... that I never made. it emptied my wallet.
12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4
looks like a couple others got hacked as well.
trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...
backup wallet would be useless because the tx has already happened in the chain correct?
|
|
|
|
Zeeks
|
|
March 28, 2014, 01:14:23 PM |
|
You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.
|
|
|
|
plasm
|
|
March 28, 2014, 01:18:27 PM |
|
Maybe your register email was hacked.Check it!
|
|
|
|
cad_cdn (OP)
|
|
March 28, 2014, 01:20:02 PM |
|
thx, ya, I'm surprised, I'm pretty good with being careful, obviously, I missed something. damn. that was my mining efforts to pay back purchases of gear.... You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.
|
|
|
|
Tammy Chan
|
|
March 28, 2014, 05:23:01 PM |
|
synched up my wallet and found a transaction... that I never made. it emptied my wallet.
12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4
looks like a couple others got hacked as well.
trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...
backup wallet would be useless because the tx has already happened in the chain correct?
Which wallet are you using? bitcoin-qt? It is a bit strange that the hacker didn't empty your wallet, and there is still 0.09 BTC on that address. You should now send the remaining 0.09 BTC to a new wallet ASAP.
|
|
|
|
cad_cdn (OP)
|
|
March 29, 2014, 01:32:50 PM |
|
I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.
Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....
|
|
|
|
fbueller
|
|
March 29, 2014, 10:53:06 PM |
|
I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.
Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....
I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here.. What OS do you run? Download any new but unverified bitcoin related software lately?
|
Bitwasp Developer.
|
|
|
cad_cdn (OP)
|
|
March 29, 2014, 11:11:46 PM |
|
I run windows 7 on the machine in question. I also just noticed that the hack is still ongoing. I mine at elgius, so there was a pending payout due. After discovering the hack I immediately changed my wallet passphrase, changed all my mining payout addresses, Then, this morning another of my daily mining proceeds were again diverted again to the same address. I have stopped my proceeds going to my address (this is MY address that was hacked 1M2yzo3YU5RDGtMnqWMANcSij7r7n9rbCL) Payments are now going to another address that is working and un atached to thsi wallet. I wish I could recover the funds - but more importantly figure out where I have been compromised. I'm thinking a very good keylogger attached to a windows service, or masked as a windows service (svchost.exe) or something. AV (malwarebytes chameleon comes up clean) MS antivirus clean as well. upsetting to say the least. I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.
Also, The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....
I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here.. What OS do you run? Download any new but unverified bitcoin related software lately?
|
|
|
|
BitcoinAwesomeMan
Newbie
Offline
Activity: 21
Merit: 0
|
|
March 30, 2014, 10:17:35 AM |
|
hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?
|
|
|
|
cad_cdn (OP)
|
|
March 30, 2014, 02:49:32 PM |
|
frustrating to have to admit that I got hacked with no idea how. hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?
|
|
|
|
E.exchanger
|
|
March 31, 2014, 03:11:43 AM |
|
Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites???
Which anti virus are you using ?? I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!
|
|
|
|
cad_cdn (OP)
|
|
March 31, 2014, 03:17:31 AM |
|
I don't gamble, and no faucets. it has to be a wallet stealer masked as another program. I'm using MS Security Essentials and malwarebytes chameleon. thx Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites???
Which anti virus are you using ?? I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!
|
|
|
|
zvs
Legendary
Offline
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
|
|
March 31, 2014, 06:07:58 PM |
|
java is evil
|
|
|
|
LouReed
|
|
March 31, 2014, 06:58:27 PM |
|
Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!!
|
|
|
|
cad_cdn (OP)
|
|
March 31, 2014, 06:59:36 PM |
|
yes, sorry to hear about your loss! Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!!
|
|
|
|
justme27
Member
Offline
Activity: 64
Merit: 11
|
|
March 31, 2014, 07:29:42 PM |
|
|
1NTLM3PfNgfBdRACPYFyrDJpzqt9QcocVZ
|
|
|
cad_cdn (OP)
|
|
March 31, 2014, 07:42:17 PM |
|
no, was is 17 characters.
|
|
|
|
BitDonkey
Newbie
Offline
Activity: 9
Merit: 0
|
|
April 03, 2014, 03:54:47 AM |
|
That is interesting. I too got hacked with two transactions (Feb 25th) to the same address (12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4) you listed. I didn't notice until I cranked up the 0.8.6 version wallet a couple of days ago. That is an address that user tazja claims to be his/her address. You can see his reference to the address here in https://bitcointalk.org/index.php?topic=259649.msg4145690#msg4145690Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?
|
|
|
|
Chemistry1988
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
April 03, 2014, 05:48:23 AM |
|
Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?
The interesting thing is he has lost the password, and it is not feasible to brute force it. So, even if he agrees to pay you back, he can't. Thank you for answering me. If I know that I probably put 10 characters with a capital letter at the beginning and 2 number at the end without knowing what it was, I have a chance to find the password with a script?
1 capital letter == 26^1 == 26 2 digits == 10^2 == 100 7 mixed case == 52^7 == 1028071702528 26 * 100 * 1028071702528 == 2672986426572800 2672986426572800 passwords / 10 passwords per second == 8,470,364 years
|
|
|
|
fbueller
|
|
April 03, 2014, 11:10:25 AM |
|
Both of you are miners? There's a coincidence! Have you contacted the other person funds were taken from?
|
Bitwasp Developer.
|
|
|
|