Bitcoin Forum
December 17, 2017, 04:56:21 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: Stolen bitcoins, help!  (Read 4347 times)
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:11:24 PM
 #1

I suppose this doesn't belong in this forum, but I need it to be seen quickly by a lot of people.  Feel free to move it to a better forum if necessary:

I just did a transaction with someone, (I was the sender) and the bitcoins were immediately transferred out of their wallet.

Does anyone recognize the address: 13CChHmYHDMCfFpVDjnpEPfsijUUjjcccc

Is there any chance of this being a white-hat hacker?

If we can get these 2.24422442 bitcoins back, it would really be appreciated.

-  Danny

1513486581
Hero Member
*
Offline Offline

Posts: 1513486581

View Profile Personal Message (Offline)

Ignore
1513486581
Reply with quote  #2

1513486581
Report to moderator
1513486581
Hero Member
*
Offline Offline

Posts: 1513486581

View Profile Personal Message (Offline)

Ignore
1513486581
Reply with quote  #2

1513486581
Report to moderator
1513486581
Hero Member
*
Offline Offline

Posts: 1513486581

View Profile Personal Message (Offline)

Ignore
1513486581
Reply with quote  #2

1513486581
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513486581
Hero Member
*
Offline Offline

Posts: 1513486581

View Profile Personal Message (Offline)

Ignore
1513486581
Reply with quote  #2

1513486581
Report to moderator
1513486581
Hero Member
*
Offline Offline

Posts: 1513486581

View Profile Personal Message (Offline)

Ignore
1513486581
Reply with quote  #2

1513486581
Report to moderator
escrow.ms
Legendary
*
Offline Offline

Activity: 1106

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 09, 2014, 06:17:50 PM
 #2

Do you know which wallet receiver was using? and if it was blockchain.info wallet it's possible that his account/privatekeys got compromised.

I found culprit
http://www.hackforums.net/showthread.php?tid=3973147&page=18

  He's using Java drive by's so it might be possible that your client's PC got compromised if he was using Java.

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:20:10 PM
 #3

Do you know which wallet receiver was using? and if it was blockchain.info wallet it's possible that his account/privatekeys got compromised.

Yes, he's using blockchain.info.

I'm pretty sure that his private keys are compromised.

I was hoping that just maybe it was compromised by a white-hat hacker, but I realize how unlikely that is.

He's in a bit of a panic, and I'm doing what I can to help him.

I understand how dire the situation is, but if there's any chance of getting these bitcoins back it would obviously be appreciated.

DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:21:15 PM
 #4

Note:

The address 13CChHmYHDMCfFpVDjnpEPfsijUUjjcccc is the thief's address that the bitcoins were moved to.  That's why I was hoping the address might be familiar to someone.

escrow.ms
Legendary
*
Offline Offline

Activity: 1106

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 09, 2014, 06:23:00 PM
 #5

His skype and email address: themad2403@live.com

I'll try to talk to him.

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1260


Core dev leaves me neg feedback #abuse #political


View Profile
May 09, 2014, 06:27:55 PM
 #6

man thats too bad... i hope the thief will have a change of heart and give back at least
some of those coins.

escrow.ms
Legendary
*
Offline Offline

Activity: 1106

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 09, 2014, 06:31:00 PM
 #7

Please ask your customer to scan his laptop/pc as soon as possible and he should change password of his accounts on a different pc which is safe.

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:35:21 PM
 #8

His skype and email address: themad2403@live.com

I'll try to talk to him.

Thanks.  I feel really bad for this guy.  He's sitting across the table from me in a bit of a panic, and I feel pretty helpless.

Polycoin
Sr. Member
****
Offline Offline

Activity: 294


View Profile
May 09, 2014, 06:36:16 PM
 #9

His skype and email address: themad2403@live.com

I'll try to talk to him.

Thanks.  I feel really bad for this guy.  He's sitting across the table from me in a bit of a panic, and I feel pretty helpless.

Is he physically sitting across the table from you?

No Trolling: There should be software to track down bitcoin addresses etc. *Heads up to software developers, make that software*

Polycoin Troopers, Assemble!
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:39:12 PM
 #10

Please ask your customer to scan his laptop/pc as soon as possible and he should change password of his accounts on a different pc which is safe.

I've already explained the importance of using a safer option (such as Armory, Electrum offline, or paper wallets created offline) for amounts that would be devastating to lose.

I've also already explained that he should avoid bitcoin completely until he is certain that he can keep them secure.

We looked through his laptop a bit, and didn't find much that would explain the theft.

The closest we could find was an IE addon called WebCake that neither of us knew what it was.


Polycoin
Sr. Member
****
Offline Offline

Activity: 294


View Profile
May 09, 2014, 06:41:14 PM
 #11

Please ask your customer to scan his laptop/pc as soon as possible and he should change password of his accounts on a different pc which is safe.

I've already explained the importance of using a safer option (such as Armory, Electrum offline, or paper wallets created offline) for amounts that would be devastating to lose.

I've also already explained that he should avoid bitcoin completely until he is certain that he can keep them secure.

We looked through his laptop a bit, and didn't find much that would explain the theft.

The closest we could find was an IE addon called WebCake that neither of us knew what it was.



No Trolling: Did he open up any emails or anything sent to him? It is possible and very easy to disguise Keyloggers in attachments such as documents and even pictures(only if you download them though, viewing on google drive is safe) He might have a hidden keylogger on his computer.

Have him go through past emails/anything he downloaded from them, or even from the internet.

Polycoin Troopers, Assemble!
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:41:43 PM
 #12

Is he physically sitting across the table from you?

Yes, literally physically.

We are sitting at a table together.  He is clearly in a bit of a panic over this.  This is quite clearly more bitcoins than he can afford to comfortably lose.  I'm doing what I can to help him, but its not a good situation.

He checked to make sure he had his bitcoins.  Then he handed me the cash.  Then he went to send the bitcoins from his blockchain.info wallet to some other address, and noticed that they were gone from his blockchain.info wallet.

DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:44:32 PM
 #13

He might have a hidden keylogger on his computer.

Yes, he might.  I'm not sure how to tell if he does or not.

He and I had a transaction about 3 weeks ago with no problem.  He claims he hasn't installed anything since, and that he ran a virus scan yesterday.

Regardless, it is clear that the bitcoins were taken.  Finding out how is secondary.  Finding out if we can get them back (or finding out who) is the primary goal.  If he can figure out who, he might just be angry enough to employ a rubber hose collection technique.

laughingbear
Deflationary champion
Hero Member
*****
Offline Offline

Activity: 631


www.cryptobetfair.com


View Profile WWW
May 09, 2014, 06:45:40 PM
 #14

https://bitiodine.net/cluster/13CChHmYHDMCfFpVDjnpEPfsijUUjjcccc

I hope this helps
shawshankinmate37927
Hero Member
*****
Offline Offline

Activity: 854


Bitcoin: The People's Bailout


View Profile
May 09, 2014, 06:47:09 PM
 #15

The closest we could find was an IE addon called WebCake that neither of us knew what it was.

Was he using IE to access blockchain.info?

"It is well enough that people of the nation do not understand our banking and monetary system, for if they did, I believe there would be a revolution before tomorrow morning."   - Henry Ford
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:48:07 PM
 #16

The closest we could find was an IE addon called WebCake that neither of us knew what it was.

Was he using IE to access blockchain.info?

Yes.  This was the first time he used IE to access his blockchain.info wallet.  In the past he has always used Chrome.

acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
May 09, 2014, 06:48:28 PM
 #17

This sucks. As great as Bitcoin is if people feel it's too complex to use securely they'll shy away from it.

I was contemplating starting a blog to help people secure their coins, answer questions etc. but haven't had the time. Multisignature wallet solutions should help this security problem tremendously. I feel like we're right in the transition from crazy wild west to more predictable, controllable user experience. People say this will be the year of multisig wallets and I expect that's true.

The closest we could find was an IE addon called WebCake that neither of us knew what it was.

It appears WebCake is malware: http://malwaretips.com/blogs/webcake-virus-removal/

Often people trying to gain access to some facet of a system can piggyback on some existing vulnerability, just as real world viruses can open up the immune system to other bugs. Either way if this person isn't savvy enough to keep his machine free from basic viruses then that explains why he is likely easy picking.
escrow.ms
Legendary
*
Offline Offline

Activity: 1106

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 09, 2014, 06:50:15 PM
 #18

I tried to talk but he blocked me on skype. I'll try to contact him on hackforums.

Ps: i forgot to tell you that since he's from hf he might be using FUD rat/trojan so it will not get detected by av easily and he might be using betabot which have rootkit etc.

Please ask your client to take help from malware removal experts.
http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
Stevenrm87
Sr. Member
****
Offline Offline

Activity: 403


View Profile
May 09, 2014, 06:50:32 PM
 #19

Tale the $1000 loss as a learning experience. Or pretend you went out and had fun last night.

Selling fully funded Titan BTC Physical Bitcoins, Gold and SIlver - BTC Physical Bitcoins BTC PM if interested.
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
May 09, 2014, 06:51:39 PM
 #20

This sucks. As great as Bitcoin is if people feel it's too complex to use securely they'll shy away from it.

I was contemplating starting a blog to help people secure their coins, answer questions etc. but haven't had the time. Multisignature wallet solutions should help this security problem tremendously. I feel like we're right in the transition from crazy wild west to more predictable, controllable user experience. People say this will be the year of multisig wallets and I expect that's true.

The closest we could find was an IE addon called WebCake that neither of us knew what it was.

It appears WebCake is malware: http://malwaretips.com/blogs/webcake-virus-removal/

Often people trying to gain access to some facet of a system can piggyback on some existing vulnerability, just as real world viruses can open up the immune system to other bugs. Either way if this person isn't savvy enough to keep his machine free from basic viruses then that explains why he is likely easy picking.

Yes, we all understand that this happened because he was unable to secure his computer against bitcoin threats.  He is VERY PAINFULLY aware of that himself right now.

I didn't open this thread to point out what he did wrong.  I was just hoping that the owner of 13CChHmYHDMCfFpVDjnpEPfsijUUjjcccc might *just maybe* be a white-hat hacker, or that the hacker was dumb enough to already be identified (like that Marcus guy on localbitcoins).

Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!