"Warning: Cryptocurrency Theft Involving Kaspersky Password Manager - My Story"

[ulitov43]

Dear colleagues,

I want to share a story with all of you that happened to me and may be of interest to everyone who uses cryptocurrencies and security technologies. My name is Igor, I am a resident of the city of Slavgorod in the Altai Krai, Russia.

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager, where 12 secret words were stored to access the wallet in the Trust Wallet application on my iPhone XS Max. Amazingly, my funds were transferred to another wallet, despite the fact that I did not receive any phishing or spam emails. Kaspersky suggested contacting the police to initiate an official investigation, which I did. A criminal case was opened, but, unfortunately, Kaspersky does not respond to police requests.

I am convinced that employees of Kaspersky are involved in this case, as I have a similar wallet on another iPhone with the same secret words in Trust Wallet, but without using Kaspersky Password Manager, and my funds remain intact on it.

It is very important to me that other users learn about this fraudulent scheme to avoid becoming its victims. The lost funds are of great value to me, so I appeal to you for support and advice. Perhaps someone among you has encountered a similar situation and can share their experience and advice.

Thank you for your attention and understanding.

Igor.
Transaction hash: 81cfe97cc16a49398d6986032ec8f6970ea80df5aa0990dcf0164de87136f5bf

[1714262435]

1714262435

[headingnorth]

Very sorry for your loss.

Many would say to never store such information online. But if you must store it online, use only software that is 100% open source.
There are some great open source password managers out there. Some are even free or very low cost.
Password managers hold the most critical and sensitive private data of our lives. So I would never trust one that is not verifiably open source, with well-known history and great reputation.

Again sorry for your loss.

[Wiwo]

Storing vital information online is high risk,  and no one with knowledge of that risk will ever advice the use of online storage both for password or storing other vital info,  any ways sorry for lost and thanks for bringing this up here I believe this will help other users of online strong managers to be careful and take action when need be.

I hard an ugly experience also some time ago where I lost my funds from phishing attack on my trust wallet,  can't clearly say how it did happen but I guess it will be something similar to this your own situation.

Since then,  I have become extremely careful and I try as much as possible to do manual storage instead of online,  because there is always a backend person watching you.

[_act_]

Sorry for your loss. But you have the most part to be blamed for.

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager, where 12 secret words were stored to access the wallet in the Trust Wallet application on my iPhone XS Max.

You store your seed phrase on a password manager. That is wrong. Having it stored on a paper is better. You can have like three copies of it stored in different locations. If you are afraid of those that can see it, then use passphrase with it.

Another thing is that you are using a close source wallet. Use open source wallet instead although this is not about what you are talking about but close source wallets should be avoided.

[joeperry]

Thank you for sharing your story and we are really sorry for your loss. It's really surprising that it is from a trusted company like Kaspersky, but they are not guilty until it was proven so it's really important not to save anywhere online your private key the writing method is way more better than saving it or you can save it online but in an encrypted container.

We really not sure how do they managed to get it and we are not sure whether your device is infected and they managed to go to your system without you noticing it. Now I was thinking that even though if you have hardware wallet, there's still risk if you have save your seeds online.

[Natsuu]

That's really tough, OP. It's frustrating when you've taken precautions and things still go south. It's indeed a reminder for everyone to be cautious and prioritize manual storage for sensitive information. Sharing these stories helps create awareness. Hoping for better crypto experiences for you in the future

[Supianto]

Damn, sorry for your loss. I've been keeping my seed phrase only on a piece of paper, and passwords in excel documents. I don't trust those passwords managers.

[lovesmayfamilis]

This is quite a bold accusation against a company that is engaged in catching scammers. But tell me, OP, if the doors in your house are simply closed but not locked, will someone be to blame for this? Storing your seed phrases in managers, on iPhones, or in places where viruses can penetrate is akin to walking on the edge of a knife.
Why are you sure that your iPhone is virus-free? Do you think Apple products are invulnerable? I see you have created a complaint on the Kaspersky forum, so we can see what the answers are.

https://forum.kasperskyclub.ru/topic/443489-preduprezhdenie-krazha-kriptovaljuty-s-prichastnostju-kaspersky-password-manager-moja-istorija/


But Kaspersky itself gives recommendations, and since you are a Russian speaker, I don’t think you need a translator.
https://www.kaspersky.com/about/press-releases/2023_doublefinger-on-the-trigger-a-multi-stage-malware-targeting-cryptowallets
https://vc.ru/crypto/727570-laboratoriya-kasperskogo-kriptokoshelki-podverglis-slozhnoy-mnogoetazhnoy-atake

[charrles]

Here is what you can do in this case. You can sue the company you think is responsible for this. Some people have done this in past like you can read in this article:

https://timesofindia.indiatimes.com/gadgets-news/lastpass-data-breach-someone-sued-password-manager-after-losing-bitcoin/articleshow/96769155.cms

Chances of getting the funds back or getting paid the compensation is very less but still you can take this route if you want.

This is not the first time such a case is happening. If you check online forums, you can find many other such similar cases like this one:

https://twitter.com/RMessitt/status/1723141037856596175?s=20

May be you can connect with such people and ask for what actions they took.

[Aanuoluwatofunmi]

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager

This is where the mistakes lies, you cannot manage to have your private keys stored on any centralized website or platform, its good to have your seeds backed up in two different means, but using a centralized means is a very bad idea, just as the case of OP using Kaspersky, we should even avoid the use of any password manager or google stores or cloud storages, as long as we are not the only one having access to these keys, anyone can tap into having access on them, but i will like to give some recommendations as alternatively to the ways we can safely secure our seeds without falling under risk.

storing seed phrase with washers
https://bitcointalk.org/index.php?topic=5389446.0

seeds backup tools
https://bitcointalk.org/index.php?topic=5263482.0

additional security to your seed phrase
https://bitcointalk.org/index.php?topic=5230920.0

[bolshojkush]

Dear colleagues,

I want to share a story with all of you that happened to me and may be of interest to everyone who uses cryptocurrencies and security technologies. My name is Igor, I am a resident of the city of Slavgorod in the Altai Krai, Russia.

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager, where 12 secret words were stored to access the wallet in the Trust Wallet application on my iPhone XS Max. Amazingly, my funds were transferred to another wallet, despite the fact that I did not receive any phishing or spam emails. Kaspersky suggested contacting the police to initiate an official investigation, which I did. A criminal case was opened, but, unfortunately, Kaspersky does not respond to police requests.

I am convinced that employees of Kaspersky are involved in this case, as I have a similar wallet on another iPhone with the same secret words in Trust Wallet, but without using Kaspersky Password Manager, and my funds remain intact on it.

It is very important to me that other users learn about this fraudulent scheme to avoid becoming its victims. The lost funds are of great value to me, so I appeal to you for support and advice. Perhaps someone among you has encountered a similar situation and can share their experience and advice.

Thank you for your attention and understanding.

Igor.
Transaction hash: 81cfe97cc16a49398d6986032ec8f6970ea80df5aa0990dcf0164de87136f5bf

The police won't help you in Russia, you know that yourself. Now, if you lived in America, it would be another matter, since bitcoin is accepted by them. And in Russia, bitcoin is nothing, and therefore nothing has been stolen from you...

[avikz]

Sorry to hear about your loss. But when you are using a password manager, it essentially means you are entrusting your secrets to a third party. Pretty much how you entrust banks with your money. Banks do take responsibility but such third party tools do not take responsibility.

Paper wallet is the safest wallet if you are living in your own house and no random persons are coming inside. But the moment you are using a third party tool to safeguard your password, your safety is already compromised. I am sorry that you had to learn it in a hard way.

[davis196]

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager, where 12 secret words were stored to access the wallet in the Trust Wallet application on my iPhone XS Max. Amazingly, my funds were transferred to another wallet, despite the fact that I did not receive any phishing or spam emails. Kaspersky suggested contacting the police to initiate an official investigation, which I did. A criminal case was opened, but, unfortunately, Kaspersky does not respond to police requests.

Sorry to hear about your loss. Unfortunately, I don't think that you will get back your Bitcoins.
I have never used a password manager in my entire life. I don't store important passwords even in my browser's password manager.
Why would you store your 12 word seed phrase in a centralized password manager? This is like giving your credit card details to a random stranger. Never trust anyone when it comes to your private keys/see phrase. Trust yourself and keep the private keys/see phrase in a piece of paper that is hidden in a good place. Maybe having several cold wallets and not keeping all eggs in on basket is another great advice, but I see that you already did this. I would totally freak out if I have all my BTC stored in only one cold wallet.

[sokani]

Thanks for sharing your story and I'm so sorry for your loss. I think you're at fault, you shouldn't have stored your seed phrase on a password manager. It doesn't matter how reputable the company is, as long as it's connected to the Internet, it's not safe. Since Kaspersky's didn't report any security breach at their end, it's very likely your device is compromised and an infostealer had stolen your seed phrase right from the password manager. I don't think you'll have any luck recovering your funds but I hope you learn your lessons and you use offline backup next time.

[Potato Chips]

I am convinced that employees of Kaspersky are involved in this case, as I have a similar wallet on another iPhone with the same secret words in Trust Wallet, but without using Kaspersky Password Manager, and my funds remain intact on it.

I can't comment on the kaspersky employee accusation as it's hard to come to such conclusion from this story alone plus it doesn't rule out the problem did not come from your end. It also doesn't help that you had a poor setup in safekeeping the B's.

I'm curious tho if you end up using a my kaspersky account for the password manager? from what I read, this enables cloud storage + data syncronization accross devices so as a start, try to request for a login session list from kaspersky and see if you find anything you don't recognize.

[Catenaccio]

You store your seed phrase on a password manager. That is wrong. Having it stored on a paper is better. You can have like three copies of it stored in different locations. If you are afraid of those that can see it, then use passphrase with it.

Another thing is that you are using a close source wallet. Use open source wallet instead although this is not about what you are talking about but close source wallets should be avoided.

Wallet seeds must be stored custodial and offline.

I don't know Kaspersky Password Manager will store user passwords on their database or on other third party databases. The practice to rely on a third party to back up a wallet seed is basically terrible.

How to back up a seed phrase? will help OP to have better pracitce on backing up a wallet seed.

[Negotiation]

In the present time password theft has increased in the world of internet. It's really sad that your story turned out so bad afterwards. The stolen item may not be recoverable and you can move forward by learning from now on without despair. It will increase your awareness and henceforth you must verify everything before sharing your personal information. Phishing attacks are one of the most common types in the crypto space and can cause significant financial losses to victims. Therefore, digital asset investors and users must be cautious and cautious when dealing in digital assets. Recent reports show an increase in the number of scams targeting the industry. That is why it is important that investors only use trusted exchanges and wallets.

[Kelward]

That's really tough, OP. It's frustrating when you've taken precautions and things still go south. It's indeed a reminder for everyone to be cautious and prioritize manual storage for sensitive information. Sharing these stories helps create awareness. Hoping for better crypto experiences for you in the future

It's really sad that in the process of trying to secure your sensitive information you end up losing the primary reason for securing it, being your Bitcoin, it can be really frustrating and I'm sorry for your lose. I learned in this forum that it's not safe to store your sensitive crypto information, like your seed phrase online, that it's far better to store them manually, write them down on papers and hide in different secured locations.

I don't think that it was necessary for the OP to share his name and the city where he lives, this is an anonymous forum and such information is not necessary here, just as Bitcoin is decentralized and promotes privacy, the forum also promotes privacy.

[NotATether]

Sorry for your loss. But you have the most part to be blamed for.

On July 12, 2023, I became a victim of cryptocurrency theft in the amount of 1.32605552 BTC. I had access to my wallet only on a paper medium, as well as through Kaspersky Password Manager, where 12 secret words were stored to access the wallet in the Trust Wallet application on my iPhone XS Max.

You store your seed phrase on a password manager. That is wrong. Having it stored on a paper is better. You can have like three copies of it stored in different locations. If you are afraid of those that can see it, then use passphrase with it.

Never store your seed phrase inside a password manager. The only exception would be if you encrypted the seed phrase with your own encryption, such as an RSA-2048 key and GPG, before uploading it to the password manager. But even that is risky if you don't password-protect your encryption private key as well.

It seems that you cannot trust the security of password managers, not even the well-known ones.

[Husires]

Kaspersky employees may not be involved as much as they do not encrypt passwords well or there are hackers who managed to find out the Kaspersky Password Manager password, taking into account that such data is stored in the cloud and there is a good possibility that third parties may You can access the encrypted version.
Encrypting seeds individually is considered a risk, let alone a third party. It is always better to store them cold and write the words on a piece of paper.