MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:09:06 PM Last edit: May 14, 2011, 10:15:53 PM by MemoryDealers |
|
--------------------UPDATE---------------------- I just head that the thief logged in from IP address: 94.75.217.249 "Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1" -------------------------------------------------- Please help! I woke up this morning, logged into my deepbit account at 7:35AM PST on 5-14-2011 to see how things were going, and someone had transfered all my bitcoins to address: 15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT and set it continue to send to that address as soon as my account received even 0.01 additional bitcoins. My password was a combination of letters and numbers, and I assumed it was reasonably secure. (perhaps not) The only people who knew my password, were myself, and a couple of other employees at MemoryDealers, and all of them say they did not change anything. The following information comes up in that address in the block explorer: Address 15YaS8ux9u6YUrS6DmdTZa1NaLecNNNCKT Short link: http://blockexplorer.com/a/2tZky3pBUiFirst seen?: Block 123886 (2011-05-14 12:43:27) Received transactions: 3 Received BTC: 136.59 Sent transactions: 0 Sent BTC: 0 Hash160?: 31d94e8645d5e7f93ad8deeefe69a0a911bd9589 Public key?: Unknown (not seen yet) Ledger? Note: While the last "balance" is the accurate number of bitcoins available to this address, it is likely not the balance available to this person. Every time a transaction is sent, some bitcoins are usually sent back to yourself at a new address (not included in the Bitcoin UI), which makes the balance of a single address misleading. See the wiki for more info on transactions. Transaction? Block? Amount? Type? From/To? Balance? 766fbbe67c... Block 123886 (2011-05-14 12:43:27) 135.22 Received: Address 1BA6dEx8crnnRJUhvRVC9mcS2avedYhNxp 1Hfc2GazJs9Us4ra4GVzxqPHkoUiCV3hd1 13E7hWrF71Exyq9rPCaXXaUCnkeG7MbBiD 135.22 a63ccc1fa7... Block 123893 (2011-05-14 13:19:59) 0.56 Received: Address 1F6eBtUW6LKmyfiLuR8hLQqf3j2ZesRWdc 135.78 fdef32a895... Block 123910 (2011-05-14 14:35:03) 0.81 Received: Address 1CSDXowgDPh3thjVX1p1gZrqA6fV3AKaT 136.59 Does anyone know how I can try to track down who stole my bitcoins and where they went?!!!!! Any help/insight would be greatly appreciated! Roger Ver Memory Dealers.com, Inc. 3350 Scott Blvd. Building #32 Santa Clara, CA 95054 USA Phone:+1 408 486 5650 Fax: +1 408 486 5653 Email: roger@memorydealers.com Aim: rogerkver MSN: roger@memorydealers.comFor all yor networking needs visit: http://www.memorydealers.com
|
|
|
|
|
|
|
|
|
The trust scores you see are subjective; they will change depending on who you have in your trust list.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
kiba
Legendary
Offline
Activity: 980
Merit: 1014
|
|
May 14, 2011, 03:12:41 PM |
|
Beware of other people using your accounts.
|
|
|
|
Drifter
|
|
May 14, 2011, 03:15:22 PM |
|
The only people who knew my password, were myself, and a couple of other employees at MemoryDealers, and all of them say they did not change anything.
Well, that's a giant red flag. An employee realizing it would be very hard to track might have prompted the theft.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:17:14 PM |
|
Beware of other people using your accounts.
I agree, but they are both trusted long term employees 5+ years who I trust. I am guessing that deepbit maybe susceptible to a brute force password hacking attack. You seem to be able to try as many incorrect passwords on the site in a row as you want. I hope they put a delay after 3 failed log in attempts. Does anyone have the contact info for the admin at deepbit? I am hoping they have some kind of log for whoever logged into my account.
|
|
|
|
vuce
|
|
May 14, 2011, 03:17:41 PM |
|
I think this is a lost cause. I don't know what you were thinking leaving 130 coins on deepbit.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:19:53 PM |
|
I think this is a lost cause. I don't know what you were thinking leaving 130 coins on deepbit.
I was trying not to keep all my eggs in one basket.
|
|
|
|
edd
Donator
Legendary
Offline
Activity: 1414
Merit: 1001
|
|
May 14, 2011, 03:20:55 PM |
|
The only people who knew my password, were myself, and a couple of other employees at MemoryDealers, and all of them say they did not change anything.
Well, that's a giant red flag. An employee realizing it would be very hard to track might have prompted the theft. Even if they are all completely honest and trustworthy, the chance that someone isn't 100% vigilant in protecting the info rises exponentially with every person.
|
Still around.
|
|
|
BioMike
Legendary
Offline
Activity: 1658
Merit: 1001
|
|
May 14, 2011, 03:23:18 PM |
|
For all you know they wrote the password down, so they couldn't forget it and the cleaning lady found the note below the keyboard.
|
|
|
|
cartwright
Newbie
Offline
Activity: 6
Merit: 0
|
|
May 14, 2011, 03:23:27 PM |
|
I recommend using Eligius. They take no fees and you provide an address for payments when you start it and nobody can change the address without accessing your computer.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:25:15 PM |
|
I have since changed the password, and I am currently the only person on the planet who knows it.
Does deepbit have any sort of a log of what IP addresses log into each account? I think that might be my only chance of having any info at all as to who took my bitcoins. If the IP address is one in the same town as my business, I will know the theft was related to one of the employees who knew the password.
If the IP address is in some far off country, then I know it was just some random hacker.
Any other thoughts on how I can find additional information?
|
|
|
|
mewantsbitcoins
|
|
May 14, 2011, 03:26:39 PM |
|
All I have to say is look for somebody who had physical access to the computer where you logged onto deepbit(and no, when you close the web browser it does not log you out of deepbit) or someone who had the access to the computer from which the mining was done. Although it's trivial to get username/password for anyone on the network, I doubt anyone at random would be trying that stuff. It's someone from your circle
Any security cameras where the computers are?
|
|
|
|
bittersweet
|
|
May 14, 2011, 03:26:50 PM |
|
Ask Deepbit about IP of people who logged on your account.
|
My Bitcoin address: 1DjTsAYP3xR4ymcTUKNuFa5aHt42q2VgSg
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1129
|
|
May 14, 2011, 03:31:57 PM |
|
Lack of brute forcing protection might be it.
If anyone is setting up Bitcoin related services where hacking is a risk, I'd strongly recommend using Google or Facebook authentication instead of rolling your own. These companies have solved problems like brute forcing attacks a long time ago and are now also dealing with cases where your password is stolen. For example Google offers two-factor authentication, for free!
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:33:56 PM |
|
Ask Deepbit about IP of people who logged on your account.
This is exactly what I would like to do. Does anyone have their contact info? I don't see any on their website. Thanks!
|
|
|
|
SATOSHl
Newbie
Offline
Activity: 19
Merit: 0
|
|
May 14, 2011, 03:36:24 PM |
|
do u use the same password for any other website? that website could use it against u.
|
|
|
|
MemoryDealers (OP)
VIP
Legendary
Offline
Activity: 1052
Merit: 1105
|
|
May 14, 2011, 03:38:16 PM |
|
do u use the same password for any other website? that website could use it against u.
I was also concerned with that when I first set up deepbit, so I chose a password that was unique to only that website.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
May 14, 2011, 03:44:32 PM |
|
I was trying not to keep all my eggs in one basket.
Sorry to hear of this misfortune. For everyone's benefit, here is the safest, 100% hacker proof way to store Bitcoins, and a great basket to put them in. 1. Set up a computer that has no access to the Internet whatsoever. 2. Install and run Bitcoin on it (from removable media, e.g. USB flash memory stick). Copy the first auto-generated address you see into a blank Notepad text file, and save it on your USB stick. There is no need to wait for the block chain to download (which shouldn't be happening anyway if you're offline) 3. Back up the wallet.dat file it creates onto your USB stick. Better yet, do it onto two USB sticks. It's located at %APPDATA%\Bitcoin\wallet.dat. Keep both copies safe and secure. 4. Send all your Bitcoins to that address you generated and saved in step 2. Use Block Explorer to keep track of your balance. 5. Format the hard drive of the computer, or at least delete your wallet.dat from it, or never connect it to the internet. Main point: The software doesn't have to talk to the network for you to receive bitcoins. By providing no means for your private keys to be reached from the Internet, they cannot be remotely stolen by anyone.When ready to spend: 1. Go into a brand new installation of the Bitcoin software, and exit it completely (so it's not on your taskbar, etc.) 2. Go into the %APPDATA%\Bitcoin folder and delete all files with the extension .DAT. 3. Copy your prized wallet.dat into the folder 4. Restart Bitcoin and let it rebuild everything. Coins will appear when the block chain is downloaded (possibly hours). 5. Spend like normal.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
xf2_org
Member
Offline
Activity: 98
Merit: 13
|
|
May 14, 2011, 03:48:31 PM |
|
Ask Deepbit about IP of people who logged on your account.
+1 agreed Any decent site keeps a record of IP addresses accessing each account. And do not store bitcoins at a pool server, store them in your own, secure wallet!
|
|
|
|
mewantsbitcoins
|
|
May 14, 2011, 03:50:47 PM |
|
It would be funny if one of the trusted employees log into deepbit from their home Although I still think it's much simpler than this
|
|
|
|
jimbobway
Legendary
Offline
Activity: 1304
Merit: 1014
|
|
May 14, 2011, 03:52:21 PM |
|
do u use the same password for any other website? that website could use it against u.
I was also concerned with that when I first set up deepbit, so I chose a password that was unique to only that website. Also, if you are using 'MemoryDealers' as your user name or your email address that you display publicly then I suggest you use a non-well-known email address.
|
|
|
|
|