statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 28, 2014, 03:08:30 AM |
|
2fa was just email which does not appear to have been breached, but who knows. I did just find a keylogger on the PC. MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
|
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 28, 2014, 03:13:29 AM |
|
Also just remember that i got a mysterious login on btc-e. 25.11.14 03:33 94.242.246.24 Successful login
This may be the IP address of the hacker.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
|
|
November 28, 2014, 03:18:02 AM |
|
good luck catching the thief.
why didn't you use cold storage ?
|
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 28, 2014, 03:26:27 AM |
|
good luck catching the thief.
why didn't you use cold storage ?
I meant to. Honestly, I almost always use it. I would have certainly put them in cold storage within the next few days. I should have obviously done so MUCH sooner. Searching the suspicious IP address turns up a TOR server. The user of the server with a non-spam email address on that day http://www.stopforumspam.com/ipcheck/94.242.246.24Turns up " 11/24/2014 14:59 94.242.246.24 bletkorer nghfgdfd@gmail.com "
|
|
|
|
inBitweTrust
|
|
November 28, 2014, 03:26:50 AM |
|
Also just remember that i got a mysterious login on btc-e. 25.11.14 03:33 94.242.246.24 Successful login
This may be the IP address of the hacker.
lu lu l luxembourg 49.610001 6.124000 root sa Luxembourg LU not found not found 49.750000 6.166700 root SA LUXEMBOURG LU LUXEMBOURG STEINSEL 49.676941 6.123890 ROOT SA ASN 5577 Name ROOT Description root SA,LU # Peers 7 # IPv4 Origin Ranges 17 # IPv6 Origin Ranges 3 Registrar RIPE-NCC Allocation date May 15, 2009 Country Code LU Reverse orion.enn.lu. Reverse-verified Yes Country Code LU Country Luxembourg Region Europe Population 442972 Top-level Domain LU IPv4 Ranges 145 IPv6 Ranges 43 Currency Euro Currency Code EUR IP Range - Start 94.242.192.0 IP Range - End 94.242.255.255 Registrar RIPE-NCC Allocation date Oct 21, 2008
|
|
|
|
inBitweTrust
|
|
November 28, 2014, 03:30:07 AM |
|
why didn't you use cold storage ?
Humans in general suck at security from what I have seen. We all are constantly making mistakes and only realize and or acknowledge them after an attack has occurred. Everyone desperately needs to start using secure hardware wallets and multisig paperwallets - http://mycelium.com/entropy can help.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
November 28, 2014, 04:04:52 AM |
|
2fa was just email which does not appear to have been breached, but who knows. I did just find a keylogger on the PC. MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Well there is your problem. A keylogger.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
HYPERfuture
|
|
November 28, 2014, 04:18:15 AM |
|
2fa was just email which does not appear to have been breached, but who knows. I did just find a keylogger on the PC. MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Sorry to say your email was probably breached combined with keylogger. Email isn't true 2FA (unless your email itself has 2FA with google auth or something like that) as it is very easy for an email to become compromised. Even then you should also use other 2FA. Sorry for your loss again and good luck.
|
|
|
|
johnyj
Legendary
Offline
Activity: 1988
Merit: 1012
Beyond Imagination
|
|
November 28, 2014, 04:22:03 AM |
|
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
|
|
|
|
HYPERfuture
|
|
November 28, 2014, 04:27:21 AM |
|
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
I think Trezor is the easiest secure solution right now. Multiple 2FA (2FA emails, Yubikeys, google auth, etc) is the way if storing coins online.
|
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 28, 2014, 04:50:05 AM |
|
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
|
|
|
|
alani123
Legendary
Offline
Activity: 2408
Merit: 1436
Leading Crypto Sports Betting & Casino Platform
|
|
November 28, 2014, 04:57:35 AM |
|
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
What's the name of this software. Is it created by someone trusted? Let us know.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
rokkyroad
Legendary
Offline
Activity: 1090
Merit: 1000
|
|
November 28, 2014, 05:08:26 AM |
|
Why the hell doesn't blockchain info have sms verification for withdrawals? Does anyone? Seems it would save a lot of thievery.
Lots of apps for sms. Google phone number on another device should be pretty effective if one does not have a smart phone.
I cleared out my blockchain account a while back. Might keep a small amount there in the future if they revamp their security.
I would steer clear of Tor for anything sensitive like accessing your email or banking. Its ok for cruising piratebay and flashyourrack if you are at work.
Sorry for the OP's loss.
|
" If you have to spam and shout to justify your existence then you are a shit coin." TaunSew
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
November 28, 2014, 05:12:25 AM |
|
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
LOL, anti-virus do only so much, to truly know if software is safe or not, you need to learn reverse engineering and check out every software. But really, you likely got infected by a Java or Flash applet.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
freedomno1
Legendary
Offline
Activity: 1806
Merit: 1090
Learning the troll avoidance button :)
|
|
November 28, 2014, 05:16:56 AM |
|
sorry man...
Sorry as well, I hope your able to get it back
|
Believing in Bitcoins and it's ability to change the world
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
November 28, 2014, 05:25:47 AM |
|
What the fuck do you want us to do about it faggot? You dun goofed son.
This isn't reddit, we don't upvote faggots for being retards here.
this post does not represent the majority, security is a learning process, our time is finite
|
|
|
|
Business
Newbie
Offline
Activity: 37
Merit: 0
|
|
November 28, 2014, 05:31:45 AM |
|
2fa was just email which does not appear to have been breached, but who knows. I did just find a keylogger on the PC. MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Sorry about your lost. I recomend you to use Linux, i use linux and i know my bitcoins are safe this way. i will never found a trojan or a keylogger on my computer, i recomend you to give a chance to linux. You can keep tracing the transactions, maybe that whay you will find who did it. Good luck.
|
|
|
|
gogxmagog
Legendary
Offline
Activity: 1456
Merit: 1010
Ad maiora!
|
|
November 28, 2014, 05:35:09 AM |
|
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
|
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
November 28, 2014, 05:38:56 AM Last edit: November 28, 2014, 05:59:49 AM by BitCoinNutJob |
|
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
think this guy ended up doing a deal with the thief to split the coins http://www.reddit.com/r/Bitcoin/comments/2af2e1/500_btc_bounty_for_the_return_of_androklis/
|
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 28, 2014, 05:57:25 AM |
|
fact is, i treated my blockchain.info as a WEB wallet, trusting them it was SECURE with 2FA alone.
it was not.
All someone needs can be found by hacking your PC and installing a keylogger.
they need no 2FA whatsoever if they then have your password.
|
|
|
|
|