BTC stolen from PC wallet

[JorgeStolfi]

Moving off-topic discussion from the Tezor thread:

yesterday was some BTC stollen from my wallet (PC). I dont know how or who or how did this happened. [ ... ]

Impossible to say, as you don't know how they were stolen. [ ... ]

All I can found that BTC was sent to 183u3xkUUqpVwJmmLqqt14cchS5Mu9CQk7 and then to 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43 .. but I had some secure things like firewall antispam .. .etc. on my computer .. but i looks it is not enough .. So I hope trezor will make it safe for next time.

Were you handling that wallet when the first transaction happened, or shortly before?

No, only incoming trancaction All i See is one transaction few hours befonr.

Do you use Dropbox or some other external storage?

No external (Inet) devices .. only my own NAS with firewall and restricted IPs

Was the wallet totally emptied, or only part of it?

tottlly empty after that attack

What software/hardware did you use to generate your private keys?

sorry but I dont understand this queston. Do you mean passwords? Or what type of keys?

I meant, what software do you use to handle your wallet.  How did you create the private keys of the accounts that were emptied.

[1713892345]

1713892345

[1713892345]

1713892345

[BurtW]

What wallet were you using?

[Slesh]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

[BurtW]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

Did you have it password protected?

If so was it a long, random password or a short common one?

[Slesh]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.

[BurtW]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.

Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

[Rannasha]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.

Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

[Slesh]

What wallet were you using?

I'm using Bitcoin Core 64 bit. (now v0.9.2.1 - QT ver. 5.2.0)

Did you have it password protected?

If so was it a long, random password or a short common one?

Protected with passwd. 8 characters (each different, some lettes, some digits...etc.).. that's why I dont know how this could happened.

Relatively weak and easy to crack assuming someone got your encrypted wallet.dat file and could set it up in a dedicated machine to brute force it.  Can you think of how anyone might have gotten your wallet.dat file?

(I use 32 character random passwords generated by LastPass).

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..

[JorgeStolfi]

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.

[Slesh]

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.

Yes .. I decide to do it like this. Change passwd to 24 letters. Move wallet do other location and connect to Inet only when I will want to use it.....this was a little bit expensive lesson.

[BurtW]

Or it was just a keylogger. This is typically the cause of these kinds of thefts.

Who knows. Do I have to delete this wallet and set new one? I am afraid setting new psswd is not enough. ..

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

A Trezor may be just as good, although you must be careful when updating its firmware.

Yes .. I decide to do it like this. Change passwd to 24 letters. Move wallet do other location and connect to Inet only when I will want to use it.....this was a little bit expensive lesson.

The Trezor is only $120.  I have several.  Great hardware wallet.  Safe from a lot of the "run of the mill" attacks.  Nothing is perfect but it is very safe and will be getting even safer as time goes on.

[JorgeStolfi]

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

Yes .. I decide to do it like this. [ ... ]Move wallet do other location and connect to Inet only when I will want to use it.....

That is still a bit dangerous.  The safest procedure is to never connect that computer to the internet, transfer the transaction data to it  by USB stick, and transfer the signed transaction back to the main computer in the same way. 

I don't think that there is a sufficiently safe way to carry several thousand dollars in bitcoin outside your home.  If you do not control the physical environment where you sign the transactions, there seem to be ways to steal your bitcoins, even of you use a Trezor.

[Slesh]

If it was a keylogger, that will not do.  As I understand, the safest is to use a separate computer, not connected to the internet, to store your wallet and sign transactions.

Yes .. I decide to do it like this. [ ... ]Move wallet do other location and connect to Inet only when I will want to use it.....

That is still a bit dangerous.  The safest procedure is to never connect that computer to the internet, transfer the transaction data to it  by USB stick, and transfer the signed transaction back to the main computer in the same way. 

I don't think that there is a sufficiently safe way to carry several thousand dollars in bitcoin outside your home.  If you do not control the physical environment where you sign the transactions, there seem to be ways to steal your bitcoins, even of you use a Trezor.

The computer and NAS isin my home, hidden on local network. No dat file outside.

Maybe i did not catch the idea of Trezor, but lets imagine that I will have one standalone computer with wallet. I need to connect to internet to get incoming tansactions. Or not?
Than what exactly tresor do? I thought that Tresor only sign the transaction. Because where is the 20 GB blockchain info?

Second thing is that I maybe should delete this wallet at all and start with new wallet on other computer, because maybe someone use the copy of it.
Is there any chance to find out that someone use copy od my wallet?

What will you do as the best secure solution?

[JorgeStolfi]

Maybe i did not catch the idea of Trezor, but lets imagine that I will have one standalone computer with wallet. I need to connect to internet to get incoming tansactions. Or not?  Than what exactly tresor do? I thought that Tresor only sign the transaction. Because where is the 20 GB blockchain info?

You will do most of your account management and processing on the computer that is connected to the internet.  Only when it is time to sign a transaction, you will transfer the transaction data to the other computer that has your wallet, sign the transaction there, transfer the signed transaction back to the first computer, and broadcast it from there.

The Trezor basically replaces that second computer.  It keeps your private keys, signs transaction that are passed to it by your primary computer through the USB port, and returns the signed transactions to the primary computer.
[/quote]

Is there any chance to find out that someone use copy od my wallet?  What will you do as the best secure solution?

I cannot help you there.  As it says in my signature, I do not own bitcoins -- mainly for other reasons, but for this reason too:  bitcoins are easy to steal, and once stolen there is nothing one can do, no none to help, and no hope of ever getting them back. 

There is no way of knowing whether someone has a copy of your wallet, but that is very likely. (The alternative is that a malicious software in your computer sent out the transaction on its own, without sending your wallet to the thief.)  Definitely, you should never use those addresses and private keys again.

[BurtW]

The basic idea of the Trezor is that the private keys never leave the device and cannot be read from the device.  So as stated above the trezor is your second "offline" computer.  It keeps your private keys very private and untouchable and it signs the transactions with those private keys. Another nice thing is that once you backup the Trezor seed (and keep it very, very safe) you never have to do another backup.

[ajas]

We all must be aware that some people try to get our bitcoins.

Recently somebody (not me) tried to change my password on a bitcoin echange site, but
fortunatly did not succeed.

I also got an email related to bitcoin with a .jar attachment. I dont know
what is inside as I didn't open it. But they know my email adress and
that I own bitcoins.

So: Use 2 factor authentification, offline wallets, Trezor, ...
Only keep small amounts of btc online.

[ForgottenPassword]

If your wallet has been hacked and it was only stored on your computer, you should assume the attacker has compromised your computer. You could have any kind of malware on your PC now. Generating a new wallet file will NOT be enough, you need to do a full OS reinstall and then generate a new wallet.

Did you install any software on your PC recently? anything bitcoin-related (price tickers, widgets, altcoins)? where did you download your wallet software from?

[Slesh]

If your wallet has been hacked and it was only stored on your computer, you should assume the attacker has compromised your computer. You could have any kind of malware on your PC now. Generating a new wallet file will NOT be enough, you need to do a full OS reinstall and then generate a new wallet.

Did you install any software on your PC recently? anything bitcoin-related (price tickers, widgets, altcoins)? where did you download your wallet software from?

I have lot of sw on my PC. So i take new laptop with new OS ane crate new wallet. This laptop is dedicated only to BTC. So i think this topic should be closed. I have no clue how this could happened.  No security alarm of any security SW.
I oly saw that adress 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43  belongs to some hackers/thieves beacuse I am not the only one who was robbed...
https://www.bitcoinregime.com/2014/07/07/stolen-bitcoins-and-releated-account/

[ForgottenPassword]

I have lot of sw on my PC. So i take new laptop with new OS ane crate new wallet. This laptop is dedicated only to BTC. So i think this topic should be closed. I have no clue how this could happened.  No security alarm of any security SW.
I oly saw that adress 17gH1u6VJwhVD9cWR59jfeinLMzag2GZ43  belongs to some hackers/thieves beacuse I am not the only one who was robbed...
https://www.bitcoinregime.com/2014/07/07/stolen-bitcoins-and-releated-account/

That address belongs to a mixing service. The hacker used it to make it harder to track the BTC.

Anti-virus software is easily defeated, that should be a "last resort". You could still have malware, so be careful.

Using a dedicated laptop is a good idea but I would recommend you use it as a offline wallet. Keep it offline at all times (physically take out the WiFi card and bluetooth if you can) and transfer signed transactions via USB stick to a computer connected to the internet.

Here are two clients that support offline wallets:
http://bitcoinarmory.com
Forum section for this client here: https://bitcointalk.org/index.php?board=97.0
This client does need a full copy of the blockchain plus its own database so uses up 50GB of space on your online PC.

http://electrum.org
Forum section: https://bitcointalk.org/index.php?board=98.0
This is an SPV wallet, doesn't need a copy of the blockchain but it tells your peers what addresses you own so it has weaker privacy than Armory.

[OhShei8e]

I have no clue how this could happened.  No security alarm of any security SW.

 
Do you use snakeoil?