I was hacked (1170btc stolen) - 500btc max BOUNTY

[juju]

Electrum password alone isn't sufficient (assuming the attacker got it through your dropbox plain text file), he'd also need a copy of the electrum wallet file. Any idea how that was accessed?

If I understand the OP correctly, both the wallet file and a plaintext txt with the password were on a dropbox volume.

I don't use electrum but the way I understand it is the wallet is constructed from the 12 word seed.

That's why I asked Klee for kleerification... (*snort* sorry)

There's a password that secures your wallet file, and there's the master seed. With the seed, you're able to access the funds all by itself, but with the electrum password alone, you still need the wallet.

They had both..

EDIT: Apologies for not replying but I am trying to manage a mess here (format the computers, contacts with authorities, phone/skype calls etc)..

Doesn't dropbox use 2-factor?

Yes but you need to turn this on, and its not on by default so the likelyhood that it was on is slim. Additionally if anyone is reading this on top of the 2 factor, you can manage which machines/devices have access to your files so you can see what machines are actively syncing.

My sincerest condolences to the OP, Storing the seed needed to take the wallet on dropbox seems unsafe but probably worked well enough for him for quite sometime. I am sure many people have already suggested it but you should build a machine that does not have a network card or network drivers then generate an Offline Wallet. This is really only a good solution if you intend to rarely ever use the coins because preforming the offline transactions takes a tiny bit of extra time and requires two computers and a fully updated blockchain.

[AliceWonder]

I have no idea how to help you but I'm sorry it happened and I hope the thief is caught and prosecuted with you getting as much of it back as possible.

[RocketSingh]

Electrum password alone isn't sufficient (assuming the attacker got it through your dropbox plain text file), he'd also need a copy of the electrum wallet file. Any idea how that was accessed?

If I understand the OP correctly, both the wallet file and a plaintext txt with the password were on a dropbox volume.

I don't use electrum but the way I understand it is the wallet is constructed from the 12 word seed.

That's why I asked Klee for kleerification... (*snort* sorry)

There's a password that secures your wallet file, and there's the master seed. With the seed, you're able to access the funds all by itself, but with the electrum password alone, you still need the wallet.

They had both..

EDIT: Apologies for not replying but I am trying to manage a mess here (format the computers, contacts with authorities, phone/skype calls etc)..

Heyyyyyyy ...DONT format. Keep the evidence !!!

[dlowings]

The stolen BTC are still in the

14DZ3Yjb39sDTMwKd19Ly4PK15BKZfLXWZ
1CEQCaXZuKx3bPRySUFvCpXthWAnExukFb

Shame there is no way in the protocol to reject transaction from these ID's

Really? And how would that work in practice? Should we have a world Bitcoin court that decides which ID's were blacklisted and which transactions should be rejected?

Surely, someone posting that they were hacked on a Bitcoin message board would not be enough to blacklist coins, would it?

I don't think people think through the details when they propose such silly ideas.

I'm sorry for your loss, OP.

Spot on.

You will also note that Klee himself never asked for such a short sighted thing. It does however help that he's a well respected member of the community (BTC and NXT), donated some of his holdings, etc. It looks like the community has his back. Whether that's enough to recover the coins is another matter of course.

I hope he gets it back… but the problem is this…. should only the people with the most bitcoin be the only ones who get their bitcoin back from criminals ? does the little guy get equal support when he don't have the resources to offer the same type of bounty ? who is it that is , "short sighted" ?

[dekodoge]

So who performed this transaction?

https://blockchain.info/tx/866441fc64a288458a0ecaaef365e0089e8a33b508d2aaa22f36ec8a6d392fc0

[Meuh6879]

Heyyyyyyy ...DONT format. Keep the evidence !!!

Why ? ... police can help ?
No ... because is not money ...  

[BawsyBoss]

Wow, it hurt me just looking at this. The tricky part is going to be tracking it beyond a mixer.

[Sindelar1938]

Holy crap!
All the best bagging the mofo who robbed you though I guess the odds are low

[KimNam]

that's huge money
so sorry for OP loss
there will be epic if someone can trace and catch the hacker

[musician]

Heyyyyyyy ...DONT format. Keep the evidence !!!

Why ? ... police can help ?
No ... because is not money ...  

Cars, TVs, computers are not money either and police can help.

[haploid23]

My goodness that's a huge amount of BTC stolen. Storing plain text access to your wallet, ONLINE... but I guess it's too late for the lecture.

Make an image of your hard drive/ssd before you do anything else. There is a slim chance that the leftover evidence could lead to the capture. The more you use that same machine, the more the data gets overwritten.

[leezay]

Electrum password alone isn't sufficient (assuming the attacker got it through your dropbox plain text file), he'd also need a copy of the electrum wallet file. Any idea how that was accessed?

If I understand the OP correctly, both the wallet file and a plaintext txt with the password were on a dropbox volume.

I don't use electrum but the way I understand it is the wallet is constructed from the 12 word seed.

That's why I asked Klee for kleerification... (*snort* sorry)

There's a password that secures your wallet file, and there's the master seed. With the seed, you're able to access the funds all by itself, but with the electrum password alone, you still need the wallet.

They had both..

EDIT: Apologies for not replying but I am trying to manage a mess here (format the computers, contacts with authorities, phone/skype calls etc)..

Doesn't dropbox use 2-factor?

2-factor is useless against inside job.

[ibminer]

Well this is an awful story. No point in lecturing, you should be aware of the mistakes you made based on the former posts.

I would not format the machine, but it might not be a bad idea to take it offline if you have any other sensitive information on it but it sounds like this all took place on dropbox.

Do you access dropbox from work or through any corporate/company firewall or anything where others could watch your traffic and/or remotely access your machine?

[Dread Pirate Roberts]

make sure check what you download anything or click anything when you download it ?
like fake application . fake ebook . or fake Pdf of ebook or sync youre email to another website ?
if you do it please pm me what the application you download . i can tracking who's created the application or ebook or the website and contact to the real they ISP (internet service provider) and contact IT of country case of million money and tell them the case .

glad to see this thread . i know what you feel now .

[BurtW]

Attempted a BTC tag.

You owe me $2 so far  

[o48o]

When i grow up i want to be an internet detective.

[joshraban76]

 I can't even imagine what that feels like. I wish you luck man.

[keithers]

That is crazy money to lose

I am really sorry...I hope you can somehow manage to figure it out...  IMO it seems like it could have been someone that knows you (if you took the standard pre-cautionary measures)

[kokojie]

How did the thief get your encrypted wallet? did you also backup your wallet on the same dropbox account where you stored password in plaintext?

[RocketSingh]

Heyyyyyyy ...DONT format. Keep the evidence !!!

Why ? ... police can help ?
No ... because is not money ...  

It is required to keep so that he may take help of some cyber expert to find out the IP trace of the attacker. Probably the anti-virus software running on his machine already has it.