Bitcoin Forum
November 14, 2024, 08:42:29 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Add another to the list of stolen BTC addresses  (Read 1257 times)
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 12, 2012, 12:22:30 AM
 #1

Not sure how it happened yet, still investigating, but My wallet got stolen today in this transaction. If anyone has more info, it'd be appreciated. It was only 5 BTC so I'm not all that concerned, but if anyone else got ganked today you're not alone.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 12, 2012, 02:57:29 AM
 #2

If you aren't sure how it got stolen then you need to assume you are still compromised and that it could happen again.

Can you share any details?

e.g., operating system, wallet (e.g., local bitcoin client and version, or online e-wallet, etc)   If local, do you have wallet encryption?


Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


drakahn
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
April 12, 2012, 02:58:36 AM
 #3

It was a wallet on your pc?

Not sure, was the client open at the time? do you have it running as a server or daemon with a weak password? any possibility of malware?

14ga8dJ6NGpiwQkNTXg7KzwozasfaXNfEU
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 12, 2012, 03:47:21 AM
Last edit: April 12, 2012, 04:12:07 AM by enmaku
 #4

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, both of which have good up-to-date antivirus, malware etc. one of which is a corporate PC which I can guarantee hasn't been anywhere even remotely shady. Bitcoin Client was 0.5.31 win32 on Win7x64. Both were configured for RPC but had strong passwords and bindings, open ports on the router, etc. It was only a 5 BTC loss so I'm not that worried (that's the only reason I was so lax on security anyway) but I wanted to make sure folks knew what happened. The bulk of my coins are in paper or deterministic wallets, it was only my "spending cash" wallet that got nabbed. Suppose I'm just another cautionary tale now.

I also just confirmed that I have an old-as-hell unencrypted backup on dropbox, though it may still contain the necessary addresses to be responsible for that transaction (I'll have to verify).

In any case, I'm now considering every address in that wallet, my dropbox account and both PCs "burned" and won't be trusting them with funds until they've been wiped and re-built. Luckily I have VMs for just such a purpose Smiley
Foxpup
Legendary
*
Online Online

Activity: 4534
Merit: 3188


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 12, 2012, 04:39:27 AM
 #5

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, ... one of which is a corporate PC...

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 12, 2012, 04:51:28 AM
 #6

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

This is really a bigger issue than we are acknowledging.  Managed devices are just that -- systems that can be fully controlled by a remote.  And not just that -- with a typical windows system almost any app that is installed has the ability to read the bitcoin wallet.dat data file.

Won't it be just a matter of time before some contract employee of popular software package, for instance, puts in a rogue piece of wallet stealing code that doesn't execute until a certain date and time?  Fortunately, encrypting the wallet helps raise the bar (so that more than just physical read access to the wallet.dat file is necessary) but a determined attacker can counter that hurdle as well.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 12, 2012, 04:51:41 AM
 #7

It was probably my own stupidity. Unencrypted wallet only ever used on 2 PCs, ... one of which is a corporate PC...

Helpful hint: System administrators see everything. Don't put anything on a corporate PC that you don't want them to get their hands on. Such as unencrypted wallets. Wink

Hell they may not have even had to touch my wallet. I sit in the IT area and was on lunch when this went down, they could have done it with remote desktop alone. The list of people with RDP access to my computer is much longer than the list of people with full admin access to any computer. I'd hate to not be able to trust the folks sitting < 100 feet from me all day, but that might be an unfortunate reality Sad
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504
Merit: 502



View Profile
April 12, 2012, 10:13:20 AM
 #8

I also just confirmed that I have an old-as-hell unencrypted backup on dropbox, though it may still contain the necessary addresses to be responsible for that transaction (I'll have to verify).

My money is on this or malware.

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

However, there must be hundreds of dropbox admins, and it would surely be pretty easy for them to do a scan of their storage for any bitcoin wallet, then take a copy.  All it takes then is one dodgy dropbox employee.  That seems more likely than it being your particular network admin.

Old unencrypted wallets can easily contain addresses that are current thanks to bitcoin's address pre-generation system.

Similarly, one bitcoin-aware malware author can easily add a "copy wallet.dat" to their code and get large scale theft.


1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Foxpup
Legendary
*
Online Online

Activity: 4534
Merit: 3188


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
April 12, 2012, 10:42:08 AM
 #9

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

If the system administrator isn't aware of Bitcoin a strange program he's never seen before in his life which is sending and receiving unknown data across his network, then he obviously isn't doing his job. The first thing he'll do is find out what the Hell it is, find out that it's a form of untracable money, then realise that he can steal said money without being traced. Most people, although they claim to be honest, will steal any money they find without hesitation if they think nobody is watching.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
enmaku (OP)
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
April 12, 2012, 05:30:45 PM
 #10

Bitcoin has such low public awareness that the chance of your network admin being aware of bitcoin and dishonest enough to steal your wallet seem pretty low.

If the system administrator isn't aware of Bitcoin a strange program he's never seen before in his life which is sending and receiving unknown data across his network, then he obviously isn't doing his job. The first thing he'll do is find out what the Hell it is, find out that it's a form of untracable money, then realise that he can steal said money without being traced. Most people, although they claim to be honest, will steal any money they find without hesitation if they think nobody is watching.

Well, I *did* recently blow away my %appdata% folder and re-download the blockchain. That's probably enough traffic to catch the sysadmin's eye.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!