Bitcoin Forum
November 18, 2017, 04:48:24 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: All my BTC were stolen from QT desktop wallet by this individual  (Read 2444 times)
lostcoins69
Newbie
*
Offline Offline

Activity: 8


View Profile
June 08, 2014, 09:02:29 PM
 #1

Looks like coins went to this wallet 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

This guy " Tazja" admitted to controlling the address my coins went to in this post

Anyone know him?

https://bitcointalk.org/index.php?topic=259649.3240

Quote:

I use 2 adress,

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 (i receive 0.018 btc in this adress)

And

1FtRXz2KdjttgSY9ojcQB7mQ5SBmf2cXLz


Link to transaction occurred on 4/6/2014:

https://blockchain.info/tx/cf8c8247490f9cabd976fdd47c87eb8b19b30a20109685592802d53f05f6991d
I am still not sure how thief got access but suspect a key logger from Usenet. I was running virus checker but it was either AVG or K labs and did not trigger anything. Any and all help tracking these down would be appreciated
1510980504
Hero Member
*
Offline Offline

Posts: 1510980504

View Profile Personal Message (Offline)

Ignore
1510980504
Reply with quote  #2

1510980504
Report to moderator
1510980504
Hero Member
*
Offline Offline

Posts: 1510980504

View Profile Personal Message (Offline)

Ignore
1510980504
Reply with quote  #2

1510980504
Report to moderator
A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1510980504
Hero Member
*
Offline Offline

Posts: 1510980504

View Profile Personal Message (Offline)

Ignore
1510980504
Reply with quote  #2

1510980504
Report to moderator
1510980504
Hero Member
*
Offline Offline

Posts: 1510980504

View Profile Personal Message (Offline)

Ignore
1510980504
Reply with quote  #2

1510980504
Report to moderator
farlack
Legendary
*
Offline Offline

Activity: 882



View Profile
June 08, 2014, 09:13:39 PM
 #2

Looks like he gets payments from mining, contact the pools he uses maybe they have some info.

Or hes just getting small wallets, and fucked up by sending to his real.

minsch
Newbie
*
Offline Offline

Activity: 26


View Profile
June 08, 2014, 09:15:47 PM
 #3

big lose guy Cry
CEG5952
Hero Member
*****
Offline Offline

Activity: 658

Buy and sell bitcoins,


View Profile
June 08, 2014, 09:24:42 PM
 #4

Looks like coins went to this wallet 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

This guy " Tasja" admitted to controlling the address my coins went to in this post

Anyone know him?

https://bitcointalk.org/index.php?topic=259649.3240

Quote:

I use 2 adress,

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 (i receive 0.018 btc in this adress)

And

1FtRXz2KdjttgSY9ojcQB7mQ5SBmf2cXLz


Link to transaction occurred on 4/6/2014:

https://blockchain.info/tx/cf8c8247490f9cabd976fdd47c87eb8b19b30a20109685592802d53f05f6991d
I am still not sure how thief got access but suspect a key logger from Usenet. I was running virus checker but it was either AVG or K labs and did not trigger anything. Any and all help tracking these down would be appreciated


You mean "tazja" right? I am assuming from the link to that thread. https://bitcointalk.org/index.php?action=profile;u=109937

Wish I could help. That is truly unfortunate. If you offer a bounty, you may get some helping doxxing this guy.

acs267
Hero Member
*****
Offline Offline

Activity: 602



View Profile
June 08, 2014, 09:26:46 PM
 #5

Looks like coins went to this wallet 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

This guy " Tasja" admitted to controlling the address my coins went to in this post

Anyone know him?

https://bitcointalk.org/index.php?topic=259649.3240

Quote:

I use 2 adress,

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4 (i receive 0.018 btc in this adress)

And

1FtRXz2KdjttgSY9ojcQB7mQ5SBmf2cXLz


Link to transaction occurred on 4/6/2014:

https://blockchain.info/tx/cf8c8247490f9cabd976fdd47c87eb8b19b30a20109685592802d53f05f6991d
I am still not sure how thief got access but suspect a key logger from Usenet. I was running virus checker but it was either AVG or K labs and did not trigger anything. Any and all help tracking these down would be appreciated


You mean "tazja" right? I am assuming from the link to that thread. https://bitcointalk.org/index.php?action=profile;u=109937

Wish I could help. That is truly unfortunate. If you offer a bounty, you may get some helping doxxing this guy.

Yup, he's right. Offering a bounty in the Service section would be your best bet.
lostcoins69
Newbie
*
Offline Offline

Activity: 8


View Profile
June 08, 2014, 09:31:52 PM
 #6

Don't know the service section part, but I will send two BTC for the safe return of the stolen coins to the 1HUJt.... address

AdamWhite
Hero Member
*****
Offline Offline

Activity: 607



View Profile
June 08, 2014, 09:36:16 PM
 #7

Don't know the service section part, but I will send two BTC for the safe return of the stolen coins to the 1HUJt.... address



Why would you send the coins back to that address when you already know it's compromised
QuestionAuthority
Legendary
*
Offline Offline

Activity: 1694


You lead and I'll watch you walk away.


View Profile
June 08, 2014, 09:37:35 PM
 #8

Why don't you just contact your credit card company, report the fraud and have them reverse the transaction?

newIndia
Legendary
*
Offline Offline

Activity: 1330


View Profile
June 08, 2014, 09:37:54 PM
 #9

Don't know the service section part, but I will send two BTC for the safe return of the stolen coins to the 1HUJt.... address



Create a thread in this section offering your 2 BTC bounty => https://bitcointalk.org/index.php?board=52.0

Be clear about giving the thief's profile URL and the related thread link. You'll see the secret detectives of the forum are jumping in to help u out...

Ron~Popeil
Sr. Member
****
Offline Offline

Activity: 406



View Profile
June 09, 2014, 04:32:10 AM
 #10

That sucks man. I hope you get your coins back. Paper wallet time?

bitbaby
Hero Member
*****
Offline Offline

Activity: 812



View Profile WWW
June 09, 2014, 04:40:47 AM
 #11

Don't know the service section part, but I will send two BTC for the safe return of the stolen coins to the 1HUJt.... address



Create a thread in this section offering your 2 BTC bounty => https://bitcointalk.org/index.php?board=52.0

Be clear about giving the thief's profile URL and the related thread link. You'll see the secret detectives of the forum are jumping in to help u out...

Sorry for your loss OP.

May I ask what do these detectives do exactly, can they reverse the payment or do they just track who was responsible for this sort of stuff and provide their whereabouts? And when they do, what happens after that?

Aditya
Full Member
***
Offline Offline

Activity: 159

Selling Authentic Indonesian Products


View Profile WWW
June 09, 2014, 04:46:48 AM
 #12

Did you encrypt your wallet with password?

Next time don't use Windows. Use Mac OS X or GNU/Linux. If you store large amount of bitcoin, you may use cold storage / paper wallet.

Bitrated user: adit.
jeffersonairplane
Legendary
*
Offline Offline

Activity: 1372


www.bitkong.com


View Profile
June 09, 2014, 04:47:33 AM
 #13

How did you get your Bitcoins stolen? I would try to get a DOX of this guy.
stokecrypto
Full Member
***
Offline Offline

Activity: 154


View Profile
June 09, 2014, 05:46:53 AM
 #14

harsh man, to many hackers about you got be carefull.

how do these key loggers ect get past the router do they use upnp? or just go down a known open port like 80?
Dannie
Legendary
*
Offline Offline

Activity: 910


View Profile
June 09, 2014, 10:01:53 AM
 #15

Sorry to hear your loss.
I can see that you have already made a post in "service" to provide a bounty. Good luck.

lostcoins69
Newbie
*
Offline Offline

Activity: 8


View Profile
June 09, 2014, 10:26:46 PM
 #16

Did you encrypt your wallet with password?

Next time don't use Windows. Use Mac OS X or GNU/Linux. If you store large amount of bitcoin, you may use cold storage / paper wallet.

Was you using windows without an outbound firewall? (Windows firewall does not block Outbound connections and any undetected key-logger would send everything to the hacker without you even knowing)

the wallet had passphrase encryption.  Not sure about the firewall.  Kasperski and AVG were on and nether triggered.   ran Malwarebytes.org scan and it did flag a bunch of stuff that the AV programs missed.  Certainly learned a lesson about importance of paper wallets.   

this character has posted to this community in the past.  I am hopeful moderators can DOXX him and hopefully together we can shame/coerce the guy to return the coins.
QuestionAuthority
Legendary
*
Offline Offline

Activity: 1694


You lead and I'll watch you walk away.


View Profile
June 10, 2014, 06:56:14 AM
 #17

Did you encrypt your wallet with password?

Next time don't use Windows. Use Mac OS X or GNU/Linux. If you store large amount of bitcoin, you may use cold storage / paper wallet.

Was you using windows without an outbound firewall? (Windows firewall does not block Outbound connections and any undetected key-logger would send everything to the hacker without you even knowing)

the wallet had passphrase encryption.  Not sure about the firewall.  Kasperski and AVG were on and nether triggered.   ran Malwarebytes.org scan and it did flag a bunch of stuff that the AV programs missed.  Certainly learned a lesson about importance of paper wallets.   

this character has posted to this community in the past.  I am hopeful moderators can DOXX him and hopefully together we can shame/coerce the guy to return the coins.

Yeah, that's not gonna happen. When Bitcoins are gone they're gone. That's the greatest feature of Bitcoin - irreversible transactions and no fraud controls. Those stupid bankers would return your funds by crediting your debit card and prosecute the criminal.

Acidyo
Hero Member
*****
Offline Offline

Activity: 546


Will Bitcoin Rise Again to $1000?


View Profile
June 10, 2014, 07:19:57 AM
 #18

Why don't you just contact your credit card company, report the fraud and have them reverse the transaction?

hehe, funny guy.

Ghris
Sr. Member
****
Offline Offline

Activity: 341



View Profile
June 10, 2014, 03:32:59 PM
 #19

It's a bit of a stretch but here is what I came up with:

Tazja is known as tazbox on a hackers forum (http://jomgegar.com/)
16th post in this topic shows tazbox probably is up to no good/linked to bitcoin (http://jomgegar.com/topic/2801-question-about-bitcoin/?hl=tazbox)

Then if we look a bit further we find this topic about tazja being a hacker: https://bitcointalk.org/index.php?topic=543660.0
If you look at post 18, you see a post of bitdonkey. He stated he also got hacked by tazja.
If we look up bitdonkey's post we see this post about him purchasing a VPS host: https://bitcointalk.org/index.php?topic=342443.msg5598973#msg5598973

Domain is tazbox. As stated previously, that is the username of Tazja. So either bitdonkey is tazja, or he wanted to make a website dedicated to his own hacker?

The extension of the domainname is not stated, but let's assume it's .fr, as he is french. Then we come up with:
contact:     Dubas Julien
address:     18, place de la mairie
address:     07200 Aubenas
country:     FR
phone:       +33 7 53 76 03 40
e-mail:      taznact@gmail.com
Possible second email: taznact@yahoo.com

And what if we search for taznact? Then this comes up as first result:
Antivirus scan for ... - VirusTotal
https://www.virustotal.com/latest-report.html?resource...
SHA256: 6debde863fce2217b8e7e8a58dd948f00c441eb15d5cba30a5a7103d469e07b8. File name: Taznact.exe. Detection ratio: 24 / 47. Analysis date ...


So the domainname tazbox.fr is now linked to not only sha256, but also to a file with the name taznact.exe (same as his email) which most likely contains a virus.

And the virus made you lose your bitcoin.
By the way, he seems to spread his virus through NZB (download website).
Look at his uploaded files: http://www.nzbking.com/poster/Taznact@yahoo.com%20(Taznact)/

Hope this helps!

If you manage to get your btc back, this is my address for a donation:
btc:1AHkjqevi3DcebECujHFAbJjLad58Dqt6A

Silvercube146
Jr. Member
*
Offline Offline

Activity: 31


View Profile
June 10, 2014, 08:46:21 PM
 #20

Did you encrypt your wallet with password?

Next time don't use Windows. Use Mac OS X or GNU/Linux. If you store large amount of bitcoin, you may use cold storage / paper wallet.

Was you using windows without an outbound firewall? (Windows firewall does not block Outbound connections and any undetected key-logger would send everything to the hacker without you even knowing)

the wallet had passphrase encryption.  Not sure about the firewall.  Kasperski and AVG were on and nether triggered.   ran Malwarebytes.org scan and it did flag a bunch of stuff that the AV programs missed.  Certainly learned a lesson about importance of paper wallets.   

this character has posted to this community in the past.  I am hopeful moderators can DOXX him and hopefully together we can shame/coerce the guy to return the coins.

Sorry to hear about the lost coins.

Why are you running kaspersky and avg at the same time though? You shouldn't be running 2 antivirus's like that at the same time.

Often times they can negate each other. Then neither one is effective at catching anything. Just run kaspersky, make sure it is up to date and run a full scan.

You can also try running adwcleaner http://www.bleepingcomputer.com/download/adwcleaner/ and combofix http://www.bleepingcomputer.com/download/combofix/.

You should not be using the same wallet anymore until you figure out what happened on your machine(or at all really). At this point consider the machine that had the BTC stollen from compromised.

It may not be a bad idea to change passwords on any accounts you have as you may have a keylogger. Clean your computer first before changing the passwords as if you have a keylogger it will capture the new passwords too.

Hopefully you can get all of this figured out.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!