Bitcoin Forum
December 09, 2016, 03:54:36 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Add another to the list of stolen BTC addresses  (Read 1047 times)
enmaku
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
April 12, 2012, 12:22:30 AM
 #1

Not sure how it happened yet, still investigating, but My wallet got stolen today in this transaction. If anyone has more info, it'd be appreciated. It was only 5 BTC so I'm not all that concerned, but if anyone else got ganked today you're not alone.

1481255676
Hero Member
*
Offline Offline

Posts: 1481255676

View Profile Personal Message (Offline)

Ignore
1481255676
Reply with quote  #2

1481255676
Report to moderator
1481255676
Hero Member
*
Offline Offline

Posts: 1481255676

View Profile Personal Message (Offline)

Ignore
1481255676
Reply with quote  #2

1481255676
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481255676
Hero Member
*
Offline Offline

Posts: 1481255676

View Profile Personal Message (Offline)

Ignore
1481255676
Reply with quote  #2

1481255676
Report to moderator
1481255676
Hero Member
*
Offline Offline

Posts: 1481255676

View Profile Personal Message (Offline)

Ignore
1481255676
Reply with quote  #2

1481255676
Report to moderator
1481255676
Hero Member
*
Offline Offline

Posts: 1481255676

View Profile Personal Message (Offline)

Ignore
1481255676
Reply with quote  #2

1481255676
Report to moderator
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 12, 2012, 02:57:29 AM
 #2

If you aren't sure how it got stolen then you need to assume you are still compromised and that it could happen again.

Can you share any details?

e.g., operating system, wallet (e.g., local bitcoin client and version, or online e-wallet, etc)   If local, do you have wallet encryption?


drakahn
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 12, 2012, 02:58:36 AM
 #3

It was a wallet on your pc?

Not sure, was the client open at the time? do you have it running as a server or daemon with a weak password? any possibility of malware?

14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
enmaku
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
April 12, 2012, 03:47:21 AM
 #4

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, both of which have good up-to-date antivirus, malware etc. one of which is a corporate PC which I can guarantee hasn't been anywhere even remotely shady. Bitcoin Client was 0.5.31 win32 on Win7x64. Both were configured for RPC but had strong passwords and bindings, open ports on the router, etc. It was only a 5 BTC loss so I'm not that worried (that's the only reason I was so lax on security anyway) but I wanted to make sure folks knew what happened. The bulk of my coins are in paper or deterministic wallets, it was only my "spending cash" wallet that got nabbed. Suppose I'm just another cautionary tale now.

I also just confirmed that I have an old-as-hell unencrypted backup on dropbox, though it may still contain the necessary addresses to be responsible for that transaction (I'll have to verify).

In any case, I'm now considering every address in that wallet, my dropbox account and both PCs "burned" and won't be trusting them with funds until they've been wiped and re-built. Luckily I have VMs for just such a purpose Smiley

Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 12, 2012, 04:39:27 AM
 #5

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, ... one of which is a corporate PC...

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 12, 2012, 04:51:28 AM
 #6

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

This is really a bigger issue than we are acknowledging.  Managed devices are just that -- systems that can be fully controlled by a remote.  And not just that -- with a typical windows system almost any app that is installed has the ability to read the bitcoin wallet.dat data file.

Won't it be just a matter of time before some contract employee of popular software package, for instance, puts in a rogue piece of wallet stealing code that doesn't execute until a certain date and time?  Fortunately, encrypting the wallet helps raise the bar (so that more than just physical read access to the wallet.dat file is necessary) but a determined attacker can counter that hurdle as well.

enmaku
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
April 12, 2012, 04:51:41 AM
 #7

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, ... one of which is a corporate PC...

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

Hell they may not have even had to touch my wallet. I sit in the IT area and was on lunch when this went down, they could have done it with remote desktop alone. The list of people with RDP access to my computer is much longer than the list of people with full admin access to any computer. I'd hate to not be able to trust the folks sitting < 100 feet from me all day, but that might be an unfortunate reality Sad

realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 12, 2012, 10:13:20 AM
 #8

I also just confirmed that I have an old-as-hell unencrypted backup on dropbox, though it may still contain the necessary addresses to be responsible for that transaction (I'll have to verify).

My money is on this or malware.

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

However, there must be hundreds of dropbox admins, and it would surely be pretty easy for them to do a scan of their storage for any bitcoin wallet, then take a copy.  All it takes then is one dodgy dropbox employee.  That seems more likely than it being your particular network admin.

Old unencrypted wallets can easily contain addresses that are current thanks to bitcoin's address pre-generation system.

Similarly, one bitcoin-aware malware author can easily add a "copy wallet.dat" to their code and get large scale theft.


1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
April 12, 2012, 10:42:08 AM
 #9

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

If the system administrator isn't aware of Bitcoin a strange program he's never seen before in his life which is sending and receiving unknown data across his network, then he obviously isn't doing his job. The first thing he'll do is find out what the Hell it is, find out that it's a form of untracable money, then realise that he can steal said money without being traced. Most people, although they claim to be honest, will steal any money they find without hesitation if they think nobody is watching.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
enmaku
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
April 12, 2012, 05:30:45 PM
 #10

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

If the system administrator isn't aware of Bitcoin a strange program he's never seen before in his life which is sending and receiving unknown data across his network, then he obviously isn't doing his job. The first thing he'll do is find out what the Hell it is, find out that it's a form of untracable money, then realise that he can steal said money without being traced. Most people, although they claim to be honest, will steal any money they find without hesitation if they think nobody is watching.

Well, I *did* recently blow away my %appdata% folder and re-download the blockchain. That's probably enough traffic to catch the sysadmin's eye.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!