pirate1 (OP)
Member
 Offline
Activity: 75
Merit: 10
|
 |
May 11, 2012, 02:38:31 AM |
|
I opened up my wallet to update it and catch up. When I went to check to see if it was done all my bitcoins had been sent out. It was only 10 but it was all I had. I've got pretty good anti-spyware, anti-virus, and firewalls on my computer. I can see the address but I don't figure that is any help at all. Should I delete everything and redownload and start from scratch or what? Nobody ever gets on my computer but me so it didn't happen from here but somehow through the Internet. Just how secure are the wallets and how often is this happening? I was under the impression that they were pretty secure against this kind of thing. Anyway, it seems like it will be hard to trust the one I have again. That is why I am thinking of deleting everything and starting over with new downloads. What does anyone think about that? Any suggestions?
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
|
|
|
|
|
|
|
|
|
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1014
Strength in numbers
|
|
May 11, 2012, 02:45:01 AM |
|
That sucks, sorry to hear.
What OS? Was your wallet encrypted? Did you ever back it up anywhere? Could a backup have leaked?
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone. |
|
|
|
Rothgar
|
|
May 11, 2012, 02:46:56 AM |
|
Do you see all the transactions in and there is a transaction out?
Shot in the dark: Do you use any other "virtual currency?"
|
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 02:54:02 AM |
|
No, I didn't have it encrypted. I have never had any problems before and never bothered. You can bet I will next time. No, I don't use any other alternative currencies. Yes, I can see the transaction out and the address though I don't see what good that will do me. How often is this happening? I think I am going to delete everything and start over. I've got a couple of Bit Force Singles coming and I don't want this to happen again. As it is 10 was about a month and a half of mining so that sucks but its not a real major hit. I just want to make sure it doesn't happen again. So if I delete everything and start over and next time I will encrypt my wallet what else should I do to make sure this doesn't happen? I would like to understand how it happened this time.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
organofcorti
Donator
Legendary
Offline
Activity: 2058
Merit: 1007
Poor impulse control.
|
|
May 11, 2012, 02:57:13 AM |
|
Install any bitcoin related software lately?
Visit a bitcoin related website you haven't been to before, with javasccript turned on in your browser?
|
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 03:14:02 AM |
|
No to both. I recently reloaded my guiminer since the last amd update seems to have killed my hashrate. One of my cards went from about 275 m/hash to 30 and the other went from 275 to about 230. I've been trying to get that figured out slowly for a week or so but I haven't visited anywhere new. Just went by my pool, Bitclockers, to check on what I had there, and thought I would update my wallet with the new blocks. I just ran my SuperAntiSpyware and it found a couple of things and a bunch of tracking cookies. The two serious ones it found might have been my problem but I don't know for sure. I am thinking the safest thing to do is to delete all my bitcoin stuff and start over though first I would like to understand exactly how this was done.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
May 11, 2012, 03:16:06 AM |
|
Common antivirus may not yet detect bitcoin related malware. If you are infected, redownloading bitcoin may not be enough. If the malware also has a keylogger, encryption won't help either. I would make a wallet on an airgapped Linux system if you want to store significant coinage. Personally, I would never trust a windows box with anything more than a few bitcents.
|
|
|
|
|
Rothgar
|
|
May 11, 2012, 03:17:57 AM |
|
notme beat me to it. I wrote:
You'll need to do more than re install the client. Your system must have been compromised somehow. If you install another client, encrypt your wallet and only use addresses after encrypting.
The fact is that there is a more serious issue. Somehow a malicious program was run. If you have a malicious program on the computer than you can't rule out that you have a keylogger which would compromise the encryption.
|
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 03:20:18 AM |
|
I think I'll put my next wallet on a flash drive and just plug it in for transfers. I am doing a pretty serious search now for any kind of spyware. Yeah, I am worried about some kind of keylogger or something so I am running several malware searches.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
May 11, 2012, 03:42:34 AM |
|
Or use Armory Offline Wallets to keep your Bitcoins off the internet completely. It's designed to protect against exactly this... I just made an Armory-plus-all-dependencies bundle that will work out of the box on Ubuntu 10.04 without ever touching the internet. Especially good if you have an old laptop laying around with 256 MB of RAM. Disable the wifi & bluetooth & ethernet in the BIOS, install Ubuntu 10.04 32-bit with all defaults, and then copy this file on there and run the "Install_All_Armory.sh" script. Create your wallet, and make a watching-only copy to put on your internet-connected computer. Of course, you need Armory on the online computer, too, but it's not a problem if it is Windows, even if the offline system is Linux. For more information, there's an Offline Wallet Tutorial on my website. </spam> |
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 03:54:19 AM |
|
This looks really interesting. I will be looking into it. I see a pretty high level of security in the Armory setup. I like that nothing can be sent without going to the offline computer and getting it signed. That would have saved my 10 BC tonight. I want to make sure I am secure when I start mining with a much higher hash rate.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1006
|
|
May 11, 2012, 08:35:07 AM |
|
Maybe you also want to disclose the transaction or address where the 10 BTC went to? It might be helpful in finding out if the thief has emptied other wallets too...
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
May 11, 2012, 09:18:21 AM |
|
Or instead of Malware was another case o0f someone with the RPC port open and accepting rpc commands from any IP in ther internet and a weak or non-existant password. Happened before...
|
|
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 04:15:05 PM |
|
Here is the address the coins went to; 1PVc7JCJp3L3LqjzjjUw5Mm1NQHGFTj1fP. I am not sure about the RPC port. I think I have access turned off to everyone but our home network. That is just my wife and I. I know how to go to services and close RPC ports but I don't know which ports to close. I can pull up a list of all my listening and established ports but am not sure where to go from there. I'll be looking into it and making sure that everything is closed. Any help would be apprecieated.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
May 11, 2012, 04:18:13 PM |
|
you just need to check on your bitcoin.conf file if you have rpc user and password set, and port also, if you don't have user and password set, nor IP restriction for rpc access, check if you have port 8333 open(or is it 8332?).
Check the wiki for the correct port.
|
|
|
|
|
organofcorti
Donator
Legendary
Offline
Activity: 2058
Merit: 1007
Poor impulse control.
|
|
May 11, 2012, 04:34:07 PM |
|
Your money seems to have ended up here: 18yFjBtEsf9CgzAnVJdvSdPJ2i3Fb2AXrYAnd there seems to be an additional 13 btc in mostly large bitdust from from other sources mixed with it. You might not be the only one affected. |
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
May 11, 2012, 04:35:47 PM |
|
Here is the address the coins went to; 1PVc7JCJp3L3LqjzjjUw5Mm1NQHGFTj1fP. I am not sure about the RPC port. I think I have access turned off to everyone but our home network. That is just my wife and I. Obviously your wife just robbed you. |
|
|
|
|
|
deus-ex-machina
|
|
May 11, 2012, 04:39:25 PM |
|
I have an idea that might prevent this. What about generating a paper wallet? I know a site that can do that and the wallets generated would basically be like paper money once loaded. When unloaded, the paper would be shredded.
|
|
|
|
|
pirate1 (OP)
Member
Offline
Activity: 75
Merit: 10
|
|
May 11, 2012, 06:53:34 PM |
|
Here is the transaction id;8dce4c12698bcd7588b82b84e2c325e63c336b3b1a1c30d4b19cda6e09fb05bd. I am trying to follow it through Block Explorer but have never used it before and it will take me a little bit to understand it. I am leaning toward just deleting my all my bitcoin software including the wallet then redownloading them. I am also thinking about the Armory offline wallet. The way that is set up looks pretty good and definitely secure. No one could send anything out without getting a signature from my offline computer. Does anyone know anything about Armory? Can tracking the transaction tell me anything useful? From what I see it goes to the receive address which has 31 transactions for a total of 24.3 bitcoins all of which were immediately transferred. My 10.33 is in there.
|
As long as I wake up breathing it's all a bonus. Sometimes not much of a bonus but still a bonus.
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
May 11, 2012, 07:07:50 PM
Last edit: May 11, 2012, 07:24:57 PM by etotheipi |
|
I am leaning toward just deleting my all my bitcoin software including the wallet then redownloading them. I am also thinking about the Armory offline wallet. The way that is set up looks pretty good and definitely secure. No one could send anything out without getting a signature from my offline computer. Does anyone know anything about Armory? Can tracking the transaction tell me anything useful? From what I see it goes to the receive address which has 31 transactions for a total of 24.3 bitcoins all of which were immediately transferred. My 10.33 is in there.
I would advise re-installing your operating system. Any "respectable" virus has embedded itself in your OS, and there's no way to know if it's truly been purged. Sure, some A/V can get rid of certain viruses... But in my experience, it's actually easier and much more secure to just wipe your whole hard-drive and reinstall the OS. But I'm slightly biased ... I have done this so many times (for a variety of reasons, not usually viruses) that I can be back up and running like before the reinstall in one evening. Either way, there's a lot of peace of mind knowing that no virus can survive an OS reinstallation... Feel free to PM me if you have any questions about Armory. I'll be happy to help you get setup with it, or answer any questions you have about security or usage. (or ask the questions here, if you don't mind derailing your own thread  ) P.S. -- Here's the official forum thread on Armory, though I haven't been updating this page much anymore. I've been trying to use the bitcoinarmory website more for such things... |
|
|
|
|
