Bitcoin Forum
October 03, 2024, 04:13:36 PM *
News: Latest Bitcoin Core release: 27.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: 1 2 [All]
  Print  
Author Topic: BTC stolen from PC wallet  (Read 3422 times)
JorgeStolfi (OP)
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
August 24, 2014, 01:56:30 PM
 #1

Moving off-topic discussion from the Tezor thread:

yesterday was some BTC stollen from my wallet (PC). I dont know how or who or how did this happened. [ ... ]
Impossible to say, as you don't know how they were stolen. [ ... ]

All I can found that BTC was sent to 183u3xkUUqpVwJmmLqqt14cchS5Mu9CQk7 and then to 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43 .. but I had some secure things like firewall antispam .. .etc. on my computer .. but i looks it is not enough .. So I hope trezor will make it safe for next time.

Were you handling that wallet when the first transaction happened, or shortly before?
No, only incoming trancaction All i See is one transaction few hours befonr.

Quote from: JorgeStolfi
Do you use Dropbox or some other external storage?
No external (Inet) devices .. only my own NAS with firewall and restricted IPs

Quote from: JorgeStolfi
Was the wallet totally emptied, or only part of it?
tottlly empty after that attack

Quote from: JorgeStolfi
What software/hardware did you use to generate your private keys?
sorry but I dont understand this queston. Do you mean passwords? Or what type of keys?

I meant, what software do you use to handle your wallet.  How did you create the private keys of the accounts that were emptied.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2014, 01:58:53 PM
 #2

What wallet were you using?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 24, 2014, 03:33:56 PM
 #3

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2014, 05:01:45 PM
 #4

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
Did you have it password protected?

If so was it a long, random password or a short common one?

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 24, 2014, 05:16:13 PM
 #5

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2014, 05:29:34 PM
 #6

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.
Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Rannasha
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


View Profile
August 24, 2014, 05:46:15 PM
 #7

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.
Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

Or it was just a keylogger. This is typically the cause of these kinds of thefts.
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 24, 2014, 05:55:01 PM
 #8

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)
Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.
Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..
JorgeStolfi (OP)
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
August 24, 2014, 06:14:27 PM
 #9

Or it was just a keylogger. This is typically the cause of these kinds of thefts.
Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..
If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 24, 2014, 06:42:45 PM
 #10

Or it was just a keylogger. This is typically the cause of these kinds of thefts.
Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..
If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.


Yes .. I decide to do it like this. Change passwd to 24 letters. Move wallet do other location and connect to Inet only when I will want to use it.....this was a little bit expensive lesson.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2014, 06:44:48 PM
 #11

Or it was just a keylogger. This is typically the cause of these kinds of thefts.
Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..
If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.


Yes .. I decide to do it like this. Change passwd to 24 letters. Move wallet do other location and connect to Inet only when I will want to use it.....this was a little bit expensive lesson.
The Trezor is only $120.  I have several.  Great hardware wallet.  Safe from a lot of the "run of the mill" attacks.  Nothing is perfect but it is very safe and will be getting even safer as time goes on.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
JorgeStolfi (OP)
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
August 24, 2014, 06:54:42 PM
 #12

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.
Yes .. I decide to do it like this. [ ... ]Move wallet do other location and connect to Inet only when I will want to use it.....
That is still a bit dangerous.  The safest procedure is to never connect that computer to the internet, transfer the transaction data to it  by USB stick, and transfer the signed transaction back to the main computer in the same way. 

I don't think that there is a sufficiently safe way to carry several thousand dollars in bitcoin outside your home.  If you do not control the physical environment where you sign the transactions, there seem to be ways to steal your bitcoins, even of you use a Trezor.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 24, 2014, 07:07:10 PM
 #13

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.
Yes .. I decide to do it like this. [ ... ]Move wallet do other location and connect to Inet only when I will want to use it.....
That is still a bit dangerous.  The safest procedure is to never connect that computer to the internet, transfer the transaction data to it  by USB stick, and transfer the signed transaction back to the main computer in the same way. 

I don't think that there is a sufficiently safe way to carry several thousand dollars in bitcoin outside your home.  If you do not control the physical environment where you sign the transactions, there seem to be ways to steal your bitcoins, even of you use a Trezor.

The computer and NAS isin my home, hidden on local network. No dat file outside.

Maybe i did not catch the idea of Trezor, but lets imagine that I will have one standalone computer with wallet. I need to connect to internet to get incoming tansactions. Or not?
Than what exactly tresor do? I thought that Tresor only sign the transaction. Because where is the 20 GB blockchain info?

Second thing is that I maybe should delete this wallet at all and start with new wallet on other computer, because maybe someone use the copy of it.
Is there any chance to find out that someone use copy od my wallet?

What will you do as the best secure solution?
JorgeStolfi (OP)
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
August 24, 2014, 08:29:17 PM
 #14

Maybe i did not catch the idea of Trezor, but lets imagine that I will have one standalone computer with wallet. I need to connect to internet to get incoming tansactions. Or not?  Than what exactly tresor do? I thought that Tresor only sign the transaction. Because where is the 20 GB blockchain info?
You will do most of your account management and processing on the computer that is connected to the internet.  Only when it is time to sign a transaction, you will transfer the transaction data to the other computer that has your wallet, sign the transaction there, transfer the signed transaction back to the first computer, and broadcast it from there.

The Trezor basically replaces that second computer.  It keeps your private keys, signs transaction that are passed to it by your primary computer through the USB port, and returns the signed transactions to the primary computer.
[/quote]

Is there any chance to find out that someone use copy od my wallet?  What will you do as the best secure solution?

I cannot help you there.  As it says in my signature, I do not own bitcoins -- mainly for other reasons, but for this reason too:  bitcoins are easy to steal, and once stolen there is nothing one can do, no none to help, and no hope of ever getting them back. 

There is no way of knowing whether someone has a copy of your wallet, but that is very likely. (The alternative is that a malicious software in your computer sent out the transaction on its own, without sending your wallet to the thief.)  Definitely, you should never use those addresses and private keys again.


Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
August 24, 2014, 08:34:59 PM
 #15

The basic idea of the Trezor is that the private keys never leave the device and cannot be read from the device.  So as stated above the trezor is your second "offline" computer.  It keeps your private keys very private and untouchable and it signs the transactions with those private keys. Another nice thing is that once you backup the Trezor seed (and keep it very, very safe) you never have to do another backup.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
ajas
Member
**
Offline Offline

Activity: 130
Merit: 58


View Profile
August 25, 2014, 09:09:17 PM
 #16


We all must be aware that some people try to get our bitcoins.

Recently somebody (not me) tried to change my password on a bitcoin echange site, but
fortunatly did not succeed.

I also got an email related to bitcoin with a .jar attachment. I dont know
what is inside as I didn't open it. But they know my email adress and
that I own bitcoins.

So: Use 2 factor authentification, offline wallets, Trezor, ...
Only keep small amounts of btc online.
ForgottenPassword
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
August 25, 2014, 09:13:02 PM
 #17

If your wallet has been hacked and it was only stored on your computer, you should assume the attacker has compromised your computer. You could have any kind of malware on your PC now. Generating a new wallet file will NOT be enough, you need to do a full OS reinstall and then generate a new wallet.

Did you install any software on your PC recently? anything bitcoin-related (price tickers, widgets, altcoins)? where did you download your wallet software from?

I have private messages disabled. Send me an email instead. My contact details can be found here.

Tip Address: 13Lwo1hK5smoBpFWxmqeKSL52EvN8U7asX
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 25, 2014, 09:27:51 PM
 #18

If your wallet has been hacked and it was only stored on your computer, you should assume the attacker has compromised your computer. You could have any kind of malware on your PC now. Generating a new wallet file will NOT be enough, you need to do a full OS reinstall and then generate a new wallet.

Did you install any software on your PC recently? anything bitcoin-related (price tickers, widgets, altcoins)? where did you download your wallet software from?

I have lot of sw on my PC. So i take new laptop with new OS ane crate new wallet. This laptop is dedicated only to BTC. So i think this topic should be closed. I have no clue how this could happened.  No security alarm of any security SW.
I oly saw that adress 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43  belongs to some hackers/thieves beacuse I am not the only one who was robbed...
https://www.bitcoinregime.com/2014/07/07/stolen-bitcoins-and-releated-account/

ForgottenPassword
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
August 25, 2014, 09:35:32 PM
 #19

I have lot of sw on my PC. So i take new laptop with new OS ane crate new wallet. This laptop is dedicated only to BTC. So i think this topic should be closed. I have no clue how this could happened.  No security alarm of any security SW.
I oly saw that adress 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43  belongs to some hackers/thieves beacuse I am not the only one who was robbed...
https://www.bitcoinregime.com/2014/07/07/stolen-bitcoins-and-releated-account/

That address belongs to a mixing service. The hacker used it to make it harder to track the BTC.

Anti-virus software is easily defeated, that should be a "last resort". You could still have malware, so be careful.

Using a dedicated laptop is a good idea but I would recommend you use it as a offline wallet. Keep it offline at all times (physically take out the WiFi card and bluetooth if you can) and transfer signed transactions via USB stick to a computer connected to the internet.

Here are two clients that support offline wallets:
http://bitcoinarmory.com
Forum section for this client here: https://bitcointalk.org/index.php?board=97.0
This client does need a full copy of the blockchain plus its own database so uses up 50GB of space on your online PC.

http://electrum.org
Forum section: https://bitcointalk.org/index.php?board=98.0
This is an SPV wallet, doesn't need a copy of the blockchain but it tells your peers what addresses you own so it has weaker privacy than Armory.

I have private messages disabled. Send me an email instead. My contact details can be found here.

Tip Address: 13Lwo1hK5smoBpFWxmqeKSL52EvN8U7asX
OhShei8e
Legendary
*
Offline Offline

Activity: 1792
Merit: 1059



View Profile
August 25, 2014, 09:44:25 PM
 #20

I have no clue how this could happened.  No security alarm of any security SW.

 Huh
Do you use snakeoil?
Slesh
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
August 25, 2014, 09:50:22 PM
 #21

I have no clue how this could happened.  No security alarm of any security SW.

 Huh
Do you use snakeoil?

?? what is it?

I mean SW like firewall (on router, NAS, PC) - there was no alarms logs
and antivir with antispam ..
honolululu
Member
**
Offline Offline

Activity: 103
Merit: 10



View Profile
August 26, 2014, 06:39:10 AM
 #22

I have no clue how this could happened.  No security alarm of any security SW.

 Huh
Do you use snakeoil?

?? what is it?

I mean SW like firewall (on router, NAS, PC) - there was no alarms logs
and antivir with antispam ..

I think they were trying to say that firewalls and antivirus can help once in a while, you need to control access to your wallet by unplugging from the internet completely.  It is kind of a hassle for sure, but so is losing coins.
Pages: 1 2 [All]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!