135 BTC Stolen from my Deepbit account!!!!!!!!

[MemoryDealers]

--------------------UPDATE----------------------

I just head that the thief logged in from IP address:
94.75.217.249
"Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1"

--------------------------------------------------

Please help!
I woke up this morning,  logged into my deepbit account at 7:35AM PST on 5-14-2011 to see how things were going,  and someone had transfered all my bitcoins to address:
15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT  and set it continue to send to that address as soon as my account received even 0.01 additional bitcoins.

My password was a combination of letters and numbers,  and I assumed it was reasonably secure.  (perhaps not)
The only people who knew my password,  were myself,  and a couple of other employees at MemoryDealers, and all of them say they did not change anything.

The following information comes up in that address in the block explorer:


Address 15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT

Short link: http://blockexplorer.com/a/2tZky3pBUi
First seen?: Block 123886 (2011-05-14 12:43:27)
Received transactions: 3
Received BTC: 136.59
Sent transactions: 0
Sent BTC: 0
Hash160?: 31d94e8645d5e7f93ad8deeefe69a0a911bd9589
Public key?:
Unknown (not seen yet)
Ledger?

Note: While the last "balance" is the accurate number of bitcoins available to this address, it is likely not the balance available to this person. Every time a transaction is sent, some bitcoins are usually sent back to yourself at a new address (not included in the Bitcoin UI), which makes the balance of a single address misleading. See the wiki for more info on transactions.

Transaction?   Block?   Amount?   Type?   From/To?   Balance?
766fbbe67c...   Block 123886 (2011-05-14 12:43:27)   135.22   Received: Address   
1BA6dEx8crnnRJUhvRVC9mcS2avedYhNxp
1Hfc2GazJs9Us4ra4GVzxqPHkoUiCV3hd1
13E7hWrF71Exyq9rPCaXXaUCnkeG7MbBiD
135.22
a63ccc1fa7...   Block 123893 (2011-05-14 13:19:59)   0.56   Received: Address   
1F6eBtUW6LKmyfiLuR8hLQqf3j2ZesRWdc
135.78
fdef32a895...   Block 123910 (2011-05-14 14:35:03)   0.81   Received: Address   
1CSDXowgDPh3thjVX1p1gZrqA6fV3AKaT
136.59

Does anyone know how I can try to track down who stole my bitcoins and where they went?!!!!!

Any help/insight would be greatly appreciated!


Roger Ver
Memory Dealers.com, Inc.
3350 Scott Blvd.
Building #32
Santa Clara, CA 95054
USA
 
Phone:+1 408 486 5650
Fax: +1 408 486 5653
Email: roger@memorydealers.com
Aim: rogerkver
MSN: roger@memorydealers.com

For all yor networking needs visit:
http://www.memorydealers.com

[1714092857]

1714092857

[kiba]

Beware of other people using your accounts.

[Drifter]

The only people who knew my password,  were myself,  and a couple of other employees at MemoryDealers, and all of them say they did not change anything.

Well, that's a giant red flag. An employee realizing it would be very hard to track might have prompted the theft.

[MemoryDealers]

Beware of other people using your accounts.

I agree,  but they are both trusted long term employees 5+ years who I trust.


I am guessing that deepbit maybe susceptible to a brute force password hacking attack.
You seem to be able to try as many incorrect passwords on the site in a row as you want.
I hope they put a delay after 3 failed log in attempts.

Does anyone have the contact info for the admin at deepbit?
I am hoping they have some kind of log for whoever logged into my account.

[vuce]

I think this is a lost cause. I don't know what you were thinking leaving 130 coins on deepbit.

[MemoryDealers]

I think this is a lost cause. I don't know what you were thinking leaving 130 coins on deepbit.

I was trying not to keep all my eggs in one basket.

[edd]

The only people who knew my password,  were myself,  and a couple of other employees at MemoryDealers, and all of them say they did not change anything.

Well, that's a giant red flag. An employee realizing it would be very hard to track might have prompted the theft.

Even if they are all completely honest and trustworthy, the chance that someone isn't 100% vigilant in protecting the info rises exponentially with every person.

[BioMike]

For all you know they wrote the password down, so they couldn't forget it and the cleaning lady found the note below the keyboard.

[cartwright]

I recommend using Eligius. They take no fees and you provide an address for payments when you start it and nobody can change the address without accessing your computer.

[MemoryDealers]

I have since changed the password,  and I am currently the only person on the planet who knows it.

Does deepbit have any sort of a log of what IP addresses log into each account?
I think that might be my only chance of having any info at all as to who took my bitcoins.
If the IP address is one in the same town as my business,  I will know the theft was related to one of the employees who knew the password.

If the IP address is in some far off country,  then I know it was just some random hacker.

Any other thoughts on how I can find additional information?

[mewantsbitcoins]

All I have to say is look for somebody who had physical access to the computer where you logged onto deepbit(and no, when you close the web browser it does not log you out of deepbit) or someone who had the access to the computer from which the mining was done.
Although it's trivial to get username/password for anyone on the network, I doubt anyone at random would be trying that stuff. It's someone from your circle

Any security cameras where the computers are?

[bittersweet]

Ask Deepbit about IP of people who logged on your account.

[Mike Hearn]

Lack of brute forcing protection might be it.

If anyone is setting up Bitcoin related services where hacking is a risk, I'd strongly recommend using Google or Facebook authentication instead of rolling your own. These companies have solved problems like brute forcing attacks a long time ago and are now also dealing with cases where your password is stolen. For example Google offers two-factor authentication, for free!

[MemoryDealers]

Ask Deepbit about IP of people who logged on your account.

This is exactly what I would like to do.
Does anyone have their contact info?   I don't see any on their website.

Thanks!

[SATOSHl]

do u use the same password for any other website? that website could use it against u.

[MemoryDealers]

do u use the same password for any other website? that website could use it against u.

I was also concerned with that when  I first set up deepbit,  so I chose a password that was unique to only that website.

[casascius]

I was trying not to keep all my eggs in one basket.

Sorry to hear of this misfortune.

For everyone's benefit, here is the safest, 100% hacker proof way to store Bitcoins, and a great basket to put them in.

1. Set up a computer that has no access to the Internet whatsoever.

2. Install and run Bitcoin on it (from removable media, e.g. USB flash memory stick).  Copy the first auto-generated address you see into a blank Notepad text file, and save it on your USB stick.  There is no need to wait for the block chain to download (which shouldn't be happening anyway if you're offline)

3. Back up the wallet.dat file it creates onto your USB stick.  Better yet, do it onto two USB sticks.  It's located at %APPDATA%\Bitcoin\wallet.dat.  Keep both copies safe and secure.

4. Send all your Bitcoins to that address you generated and saved in step 2.  Use Block Explorer to keep track of your balance.

5. Format the hard drive of the computer, or at least delete your wallet.dat from it, or never connect it to the internet.

Main point: The software doesn't have to talk to the network for you to receive bitcoins.  By providing no means for your private keys to be reached from the Internet, they cannot be remotely stolen by anyone.

When ready to spend:

1. Go into a brand new installation of the Bitcoin software, and exit it completely (so it's not on your taskbar, etc.)

2. Go into the %APPDATA%\Bitcoin folder and delete all files with the extension .DAT.

3. Copy your prized wallet.dat into the folder

4. Restart Bitcoin and let it rebuild everything.  Coins will appear when the block chain is downloaded (possibly hours).

5. Spend like normal.

[xf2_org]

Ask Deepbit about IP of people who logged on your account.

+1 agreed

Any decent site keeps a record of IP addresses accessing each account.


And do not store bitcoins at a pool server, store them in your own, secure wallet!

[mewantsbitcoins]

It would be funny if one of the trusted employees log into deepbit from their home   Although I still think it's much simpler than this

[jimbobway]

do u use the same password for any other website? that website could use it against u.

I was also concerned with that when  I first set up deepbit,  so I chose a password that was unique to only that website.

Also, if you are using 'MemoryDealers' as your user name or your email address that you display publicly then I suggest you use a non-well-known email address.