Shogen
Legendary
 Offline
Activity: 966
Merit: 1001
|
 |
July 21, 2014, 01:43:26 PM |
|
did he take the whole amount or just some?
From the blockchain.info link in OP, it seems the thief has stolen 0.145 btc and has left 0.00055266 BTC in the address.  |
|
|
|
ajareselde
Legendary
Offline
Activity: 1722
Merit: 1000
Satoshi is rolling in his grave. #bitcoin
|
|
July 21, 2014, 01:53:38 PM |
|
Hi guys, I used bitcoin-qt as my bitcoin wallet and I forgot to setup a password  So today I checked my wallet and a very small amount of bitcoins were stolen: https://blockchain.info/de/address/1CPEdjFu6TaZpPFGQ81zHaW7prtJ1pk8LVIs there any chance I get these BTC back? Or do I have to pay to learn the lesson? After that, I moved to multibit and saved it on several USB-Sticks with a strong password using KeyPass obfuscating. Is there anything else I have to take care of? Thx for your help! Regards You allready paid the lession, and no u cant get those bitcoins back. You probably picked up trojan, and your password was taken from built-in keylogger that comes with it. Best thing u can do now is make a clean install of OS, and make a new wallet, be advised that sending coins to that compromised address/wallet wil probably make you loose more bitcoins. cheers |
|
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 21, 2014, 03:21:28 PM |
|
First, the thief took all the BTC in my wallet. This was the transaction: https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecfI used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it. As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC: https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC. Thx for your advise and best regards |
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
July 21, 2014, 04:06:42 PM |
|
First, the thief took all the BTC in my wallet. This was the transaction: https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecfI used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it. As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC: https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC. Thx for your advise and best regards No, running bitcoin core does not make you vulnerable. No matter if your wallet is encrypted or not. Importing a compromised private key is a bad idea. Someone else also has that key, using it is not advised. Change the payout address on your pool. The compromised private key can not compromise any other keys in your new wallet. Finally: what do you consider "nothing special"? Some Altcoin wallets have trojans in them... |
Im not really here, its just your imagination.
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 21, 2014, 04:11:05 PM |
|
Hm, I just downloaded the the DOGE-Coin wallet and right after the BTC were stolen. But I downloaded it from the official site. Seems very strange to me.
I already changed my payout address on the pool and will delete it later when all the BTC arrived.
|
|
|
|
|
|
Minnlo
|
|
July 21, 2014, 04:36:17 PM |
|
First, the thief took all the BTC in my wallet. This was the transaction: https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecfI used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it. As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC: https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC. Thx for your advise and best regards Sorry to hear your loss. Have you clicked any suspicious links, downloaded email attachments, or received suspicious files through skype before your bitcoin get stolen? |
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 21, 2014, 04:44:51 PM |
|
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
|
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
July 21, 2014, 06:59:38 PM |
|
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are: #1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup). #2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing #3 data leak (e.g. shared the data via dropbox with your colleges) #4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something) #5 drive by infection #6 you use(d) WinXP or older |
Im not really here, its just your imagination.
|
|
|
burekzastonj
Newbie
Offline
Activity: 28
Merit: 0
|
|
July 21, 2014, 08:24:22 PM |
|
You figured it out by yourself: " Or do I have to pay to learn the lesson?" that's it, keep your BTC safe.
|
|
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 22, 2014, 07:58:05 AM |
|
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are: #1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup). #2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing #3 data leak (e.g. shared the data via dropbox with your colleges) #4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something) #5 drive by infection #6 you use(d) WinXP or older The OS is a legit copy, but after a complete scan of the system the antivir found three threats: #1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved" #2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved" #3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved" I think we found the colprits, but again, it seems very strange to me how they could infect the system. Inever opened any suspicious software nor I am using IE as my browser. I am on Win7 using a brand new Cisco X3500 router and it is the only cmputer in my appartment, but I have learned my lesson: be paranoid as possible, but I doubt that BTC ever arrive to the "normal" users since it is that easy to get stolen and it is to complicated to be on a save side, e.g., using linux, live cds etc. |
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
July 22, 2014, 09:58:17 AM |
|
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are: #1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup). #2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing #3 data leak (e.g. shared the data via dropbox with your colleges) #4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something) #5 drive by infection #6 you use(d) WinXP or older The OS is a legit copy, but after a complete scan of the system the antivir found three threats: #1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved" #2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved" #3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved" I think we found the colprits, but again, it seems very strange to me how they could infect the system. Inever opened any suspicious software nor I am using IE as my browser. I am on Win7 using a brand new Cisco X3500 router and it is the only cmputer in my appartment, but I have learned my lesson: be paranoid as possible, but I doubt that BTC ever arrive to the "normal" users since it is that easy to get stolen and it is to complicated to be on a save side, e.g., using linux, live cds etc. Are you sure you didn't visit some kind of website and got infected there? You probably used IE to download the other browser at first. During the process, you might have been infected. Also, did you use a security lock and a strong password on your router? |
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 22, 2014, 11:26:09 AM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
|
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
July 22, 2014, 11:40:01 AM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses |
|
|
|
|
johncarpe64
|
|
July 22, 2014, 11:44:27 AM |
|
Setting password on your wallet is a must....
|
|
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 22, 2014, 12:09:14 PM |
|
I think the main issue of the BTC stolen was not setting up a password in my wallet, because the software does not force you to do so. Atm I am just tired of all these security procedures in order to keep your wallet save. As I already said, I now use blockchain.info as my wallet and activated every security settings provided by the mentioned wallet. For me the effort is to high to keep your wallet save. I hope now it is^^
If ever again some BTC get stolen from my wallet, I will try a linux live cd or I quit the adventure.
In the latest Ct (a highly esteemed computer magazin from Germany) Microsoft Essentials was the best free virus protection on the market, before that I used AVG, but was not satisified at all.
|
|
|
|
|
|
InwardContour
|
|
July 22, 2014, 12:16:10 PM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses Why not? I've been using Microsoft Essentials since years and have never had any problem with it. Obviously I don't create cold storage wallets in this OS, but for trading small quantity of coin I think it's enough secure. |
|
|
|
|
ranochigo
Legendary
Offline
Activity: 2982
Merit: 4193
|
|
July 22, 2014, 12:52:30 PM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses Why not? I've been using Microsoft Essentials since years and have never had any problem with it. Obviously I don't create cold storage wallets in this OS, but for trading small quantity of coin I think it's enough secure. It can be a good antivirus but FUD viruses can easily get pass antiviruses. No prevention can 100% prevent malware from being installed. Relating to your claim, http://www.howtogeek.com/173291/goodbye-microsoft-security-essentials-microsoft-now-recommends-you-use-a-third-party-antivirus/. They scored pretty low in the recent years. |
|
|
|
arcanum
Newbie
Offline
Activity: 56
Merit: 0
|
|
July 22, 2014, 01:42:21 PM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses Whats the best av? Essentials used to get listed as a good av. |
|
|
|
|
|
eldinhadz
|
|
July 22, 2014, 02:24:32 PM |
|
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses Whats the best av? Essentials used to get listed as a good av. The best is Bitdefender, the best free is the 3rd best called 360 Internet Security |
|
|
|
|
DrRobotto (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
July 22, 2014, 04:14:23 PM |
|
I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.
|
|
|
|
|
|
