Pages:
Author

Topic: ~$10,000 in cryptos stolen off my desktop from an encrypted folder, how, why? (Read 5401 times)

legendary
Activity: 2282
Merit: 1050
Monero Core Team
Yep, like I said in in a previous post. The one factor in all of these cases is the use of windows. Let me make this clear for all those who can't hear:

WINDOWS IS NOT, HAS NEVER AND NEVER WILL BE SAFE FOR ANY CRYPTOCURRENCY. JUST DON'T USE WINDOWS. PERIOD.

Anyone who is still windows and has any substantial amount of bitcoin stored on there should move them to a TRUE cold-wallet address asap. Be warned.

I have to agree with this having been involved with Bitcoin since 2011. By the way in these years I have not lost any cryptocurrency to malware not even one satoshi's worth.

Microsoft Windows is by design extremely friendly to malware since it goes out of its way to prevent end users from controlling what installed software does on their computers. This goes back all the way to the design of the Windows registry in the early 1990's. The main motivation for this is DRM (or attempting to prevent software piracy). Take something as simple as attempting to enforce a software trail, against the simple re installation of the software after trail has ended. In GNU/Linux this information would be stored in a configuration file. Deleting the file would defeat the software trail. In Windows on the other hand the same information is scattered over endless keys in the Windows registry. The software publisher knows where they are but the end used does not. The end user is treated as the adversary in Windows, with the operating system protecting the software publisher against the end user.  

Now one has to place oneself in the position of the malware writer in an adversarial relationship with the end user. What would you prefer:
1) An operating system, Microsoft Windows, that treats the end user as the adversary and goes out of its way to protect you the malware writer,
2) An operating system, GNU / Linux, that treats you, the malware writer, as the adversary, and goes out of its way to protect the end user.

Here is my rule. Any operating system that supports DRM at the operating system level, including Microsoft Windows, IS NOT, HAS NEVER AND NEVER WILL BE SAFE FOR ANY CRYPTOCURRENCY. Note: Andorid in order to be made safe must first be rooted, this breaks the DRM and turns control back to the end user where it belongs. After Andorid is rooted it can then be properly secured by the end user who has now become the master of the device.

A computer or device, just like an individual, cannot have two masters. It can either protect your cryptocurrency or attempt to protect the claims of big copyright, but not both.  

Edit: Replaced "preventing" with "attempting to prevent", since DRM does not prevent piracy of copyrighted content. In many cases DRM actually encourages piracy.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
The one factor in all of these cases is the use of windows.
WINDOWS IS NOT, HAS NEVER AND NEVER WILL BE SAFE FOR ANY CRYPTOCURRENCY. JUST DON'T USE WINDOWS. PERIOD.
Anyone who is still windows ...
It's not the OS. It's all the other stuff on it. Sure, Linux and Mac OS have less stuff attacking those platforms, but it's not the OS.

I regularly use Windows (as well as Linux and Mac OS and their mobile counterparts), I don't get "hacked" or "infected". Sure, they are Windows Servers with VMs running under Hyper-V ...

... as someone else says, it's all the other crap you find in the interwebs.
newbie
Activity: 4
Merit: 0
Yep, like I said in in a previous post. The one factor in all of these cases is the use of windows. Let me make this clear for all those who can't hear:

WINDOWS IS NOT, HAS NEVER AND NEVER WILL BE SAFE FOR ANY CRYPTOCURRENCY. JUST DON'T USE WINDOWS. PERIOD.

Anyone who is still windows and has any substantial amount of bitcoin stored on there should move them to a TRUE cold-wallet address asap. Be warned.
legendary
Activity: 2786
Merit: 1031
You are the second person in the last couple weeks that has had btc/crypto hacked out of a desktop wallet.  How can this happen to an encrypted wallet?
does this prove that desktop wallet is not too secure to save a lot of bitcoin? whereas a lot of people already say that the desktop is already very secure wallet for storing bitcoin
then why are there some people who lost their desktop bitcoin wallet ?

It's as secure as you can keep your computer secure, if you use Windows and install all kind of crap you find around the interwebs you gonna have a bad time...
hero member
Activity: 658
Merit: 500
You are the second person in the last couple weeks that has had btc/crypto hacked out of a desktop wallet.  How can this happen to an encrypted wallet?
does this prove that desktop wallet is not too secure to save a lot of bitcoin? whereas a lot of people already say that the desktop is already very secure wallet for storing bitcoin
then why are there some people who lost their desktop bitcoin wallet ?
legendary
Activity: 1652
Merit: 1088
CryptoTalk.Org - Get Paid for every Post!
AVG would have stopped it

AVG is pretty hopeless - all it does is use up massive system resources to find minor stuff.

I think the moral of this story is that you need to keep your coins on a separate clean computer that is off-line and is used for nothing but storing coins. Do all your other stuff on a computer that doesn't have anything in it that can be stolen.
sr. member
Activity: 322
Merit: 250
That is not a good thing to hear because that is quiet allot of money. I think that someone new about your money and probably hacked you or something.
It is pretty weird for them to vanish out of no where.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
hero member
Activity: 493
Merit: 500
There are many valid opinions on exactly what constitutes "Cold Storage."  None of them include "Computer that is connected to the Internet, and from which I download and run files from .torrent sites."

Real computer security is nontrivial and requires diligence.  It is best to recognize when that level of effort (to understand and to implement) is beyond what you're willing to expend.  Half measures are no more valid than no measures, and what you've described is not even close to a half measure.  

This is not a rebuke. Your computer usage is in no way the exception, but the general rule. Instead, I have a suggestion.  www.bitcointrezor.com.
newbie
Activity: 5
Merit: 0
So I have spent half my day now trying to catch up all these posts I've resorted to just copy pasting a response. i have my deepest sympathy for this guy and I'm trying to help out the best i can. my response is as follows:

So this was an interesting morning checking my mails to find all of this. I'd read just about as much as I could find on the matter and would like everyone to take a second to read this.

I'm not the guy, this is a case of a little misunderstood information leading everyone in the wrong direction.

The user has been infected with a Remote Admin Tool, a legal bit of software that has been used for malicious purposes so the attacker has been able to access the crypto funds.

The person who analysed the malware has seen a call to one of my domains, this is correct I was hosting some files for the developer of the remote admin tool (see more below). This has been incorrectly described as the "attack server" Today I have removed those files in order to slow down the attacker, though all he needs to to is upload a copy somewhere else. The files themselves are pertain to password recovery and are again totally legal.

The person who analysed the malware has seen a call to bnaf12[dot]no-ip[dot]biz This is the control server of the attacker. He is using a dynamic DNS service so he can change the location of his control server quickly. The last update to that domain points to an IP in Palestine.
OP mentions is places he has seen me "bragging" about the hack. This is not true and again misunderstood information. I have a keen interest in network security and a part of my job is ensuring servers a secure. Following the rule of keep your enemies closer I crafted a few identities that hang around the blackhat world in order to keep my finger on the pulse. The "bragging" in question is all smoke used to gain trust in these communities, I'll also mention that none of my identities concern themselves with financial fraud and there is no "bragging" anywhere close that subject matter. Simply a few posts claiming my user has "got a load of installs"

Some of you may wonder why I was hosting the files in the first place, this is simple. The developer was looking for a place to host them and asked if I would do it. I saw this as a great way to get an insight in how popular the tool was and collect some usage data. No information from an infected machine would be sent to me this all goes to the control server configured by the admin using the tool (or the attacker when used for malicious purposes)

The OP has contacted me via email and as of now I am awaiting his reply. I've offered to help him in any way I can to get his funds recovered.
legendary
Activity: 1946
Merit: 1137
   I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
I don't know what was your password, but with only 12 characters there are very high chances it was weak enough to be brute forced.

I suggest you read some guides on how to choose a strong password: http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

And downloading from torrents is not the problem (assuming your system does not have exploitable holes), the problem is what programs you run after downloading them. Depending what you download, there is a very high chance it is bundled with malicious stuff.

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.
Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol
If you encrypt your file appropriately (strong password, algorithm) before uploading then it is not only pretty safe, it is also recommended. I recommend GnuPG, or AES Crypt.

Because keeping your backup in only 1 place is actually a bad idea, what would happen if a natural disaster wipes your house, or you get robbed?! Your data will be simply lost, that is when online backups are very useful and should always be considered, especially when the data is crucial.

This is not true.  Torrents are likely as secure and no more than a website.  (They depend on the originator link)  However, if you went to The Pirate Bay, searched for bitcoin, you might very well find a backdoor client being seeded. Maybe this is what you mean and I'm sure you understand this, but I just saw this and thought it needed clarification.

exactly this. websites like PB are like a community (forum or whatever they are called) which means if a torrent on their site contains anything malicious they will be removed fast enough because of the reports. so you will never see any bad code being seeded for long.

also i don't see OP is replying to any of the comments even after a full month so i assume he doesn't even know what a cold wallet is because he is using the encrypted rar on an online computer with keylogger!
sr. member
Activity: 405
Merit: 250
  I kept 500 Ether, 1,000 Litecoin and 500 PPC in a cold wallet in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.

   I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
I don't know what was your password, but with only 12 characters there are very high chances it was weak enough to be brute forced.

I suggest you read some guides on how to choose a strong password: http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

And downloading from torrents is not the problem (assuming your system does not have exploitable holes), the problem is what programs you run after downloading them. Depending what you download, there is a very high chance it is bundled with malicious stuff.

I know how it feels to lost even files due to malware but you have lost a lot of money and i am sorry about your loss. But these days i find online storage like google drive more secure place to store files.
Are you implying that it's safer to store files in online cloud storage than on your own computer?! lol
If you encrypt your file appropriately (strong password, algorithm) before uploading then it is not only pretty safe, it is also recommended. I recommend GnuPG, or AES Crypt.

Because keeping your backup in only 1 place is actually a bad idea, what would happen if a natural disaster wipes your house, or you get robbed?! Your data will be simply lost, that is when online backups are very useful and should always be considered, especially when the data is crucial.

This is not true.  Torrents are likely as secure and no more than a website.  (They depend on the originator link)  However, if you went to The Pirate Bay, searched for bitcoin, you might very well find a backdoor client being seeded. Maybe this is what you mean and I'm sure you understand this, but I just saw this and thought it needed clarification.
sr. member
Activity: 446
Merit: 251
Did you use truecrypt or veracrypt? Those applications are flawed.

How are they flawed?

To date, no one has cracked any TrueCrypt volume even if the devs just disappeared. Version 7.1a still works. DiskCryptor works. VeraCrypt probably works as it's based on TC and actively developed.

The developer issued a statement in which he explained that Using TrueCrypt is not secure as it may contain unfixed security issues.
Althought, it is true that many people still use TrueCrypt, anyway, OP made the mistake of believing that a 'cold wallet' sitting in a computer was safe, a wallet is COLD when it's on paper or in a physical object, outside of a computer.
sr. member
Activity: 364
Merit: 250
If this is true, paper wallets are not such when kept on a PC. Did you ever open the RAR file at any point as password could have been lifted then? Truecrypt/ciphershed is a much safer option for something like  this. Or better yet, a HW wallet like Ledger or Trezor which does transaction signing inside the device. These also work for litecoin.

http://www.lockdown.co.uk/?pg=combi

will tell you how long it would have  taken to crack such a password like he had.

But also id never store ALL my coins in a single wallet. Plus, were these paper wallets generated properly? As in generated offline?

There have been cases of addresses from vanity websites or other websites being stolen.

Sorry for your loss!

I recently got infected and the use of 2FA on sites like exchanges, a multisig vault like coinbase, and HW wallets stopped me loosing pretty much all my savings.

I had Kaspersky and they still got past, the first time I ever witnessed anything get past Kaspersky.
full member
Activity: 238
Merit: 100
AVG would have stopped it
From a hacker keylogging his computer and stealing files from his computer where he probably had a text file with the private keys on  Roll Eyes
I don't think so.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Did you use truecrypt or veracrypt? Those applications are flawed.

How are they flawed?

To date, no one has cracked any TrueCrypt volume even if the devs just disappeared. Version 7.1a still works. DiskCryptor works. VeraCrypt probably works as it's based on TC and actively developed.
newbie
Activity: 39
Merit: 0
I too would recommend to use GNU/Linux not only for BTC but for everything else as well. While GNU/Linux might be even unsafer especially when used by a newbie its smaller userbase makes it currently a less attractive target for malware. When you use Windows you use a Blackbox and have to trust MS and all those providing Applications for Windows blindly. My main PC is a Box with Debian Linux and I never had a problem in years (I started using Linux back in 1995). I also have to use Windows for work everyday but I can't say I never had an issue with it.
legendary
Activity: 2058
Merit: 1030
I'm looking for free spin.
I am sorry to hear that.. and i think most of the virus and hacking is in torrent so beware if you are using torrent because all strong viruses are there. .i am also victim of ransomeware virus which is i get in torrent.. but i found a solution to threat it.. using kaspersky total security and decryption of kaspersky i removed all of virus trojan and ransome and worms... i am happy that my laptop now is clean..
legendary
Activity: 1358
Merit: 1000
newbie
Activity: 46
Merit: 0
Fun update: The wheels of justice turn slowly, but grind exceedingly fine...
With a ton of help from the community I have been tracking almost $10,000 is stolen crypto funds, and we have a good lead! It seems an "Ethical Hacker" (https://bazaarbay.org/b26788279ce73de5b53de7a32c4b74114c932e81/listing/5fd045457e0ff9596d43203c5ff831d1cc5421b0) named Paul Golding (https://bitcointalksearch.org/user/pauliegolding-838056) has my funds! I have filed a local and British police report and have written to the dozen or so e-mail address he has all over the internet, (no response yet).
Roll Eyes
Pages:
Jump to: