Pages:
Author

Topic: 149.34 BTC and 7397 LTC stolen, assistance appreciated/rewarded (Read 8489 times)

sr. member
Activity: 462
Merit: 250
Hello everyone, after finding a way we have destroyed 60% of the premined as promised. We did it in a simple way, deleted permanently a newly generated wallet and video is uploaded to Youtube.
Program used: Rylstim Screen Recorder.
You can watch it here:


Now we will not keep the 40% left, that is around 50,000 coins , as you have seen this coins is very difficult to mine, there are currently only around 100k in circulation, so we will bring the opportunity to investors who dint mine it, or people who cant mine it due to the currently high difficulty.

We will make a mini IPO so deliver those coins to people who want to invest in this project.

The IPO will last 24 hours, and will consist on two phases of maximum 200 shares in total each one, they will represent 25,000 coins each one.

There is no minimum, so if only half of the shares are sold in one batch, the total coins will be divided into those shares sold.
Each share has cost of 0.01 BTC.

First batch of 200 maximum shares have a guaranteed amount of 12,000 coins/btc. This means, each share will deliver a minimum of 120 coins.

Once first batch is sold, Second batch of 200 will have a guaranteed amount of 8,000 coins/btc. Share minimum of 90 coins each one.

BTC Unique Address for first batch

18joTFGDMdGjQDX6UBJyDChk1e7WKWPd24

BTC Unique Address for second batch

1NX3jidJRR3M9ZMy54LztVxYLzRMnHWoyS


Don't use online wallets or exchange wallets to send the funds, with the exception of blockchain, this will be required later to send you the TLC.
After sending the funds, send me a PM with the shares purchased , tx id, and TLC address.

The ipo will last 24 hours on August 30 8:00pm Forum time, you can easily see if some batch is fully sold by checking each blockchain address, if it has more than 2 BTC the batch is sold, dont send more funds, funds sent over the 200 shares limit will be returned to user.

The funds will be used to continue the development of the coin as well as our current project: The last shop.

The Last Shop

This shop will be an online marketplace to buy and sell goods between users in the same style as bitmit.net was.
We started to developing it and the ETA is around 1 month, the online shop will only use Bitcoin and TLC.


Best, TLC team


full member
Activity: 168
Merit: 100
whyyou bothering your self? Keep logs go to the police, they work with interpol to dedect hacker.
I doubt interpol would get involved in a relatively small theft.
newbie
Activity: 46
Merit: 0
well, this is an old thread, but it looks like the coins never moved after they were transfered:

https://blockchain.info/address/1Jzfd4LXB4i8Txm8F457QaHDmHxZJAJYjv

I wonder why anyone would perform a live-hack and then forget about the coins?

obv hodling lol

even hackers like the get value for their money and wait for the price to go up!
full member
Activity: 196
Merit: 100
probably just moved it straight into a cold storage acct.
they might have 10000 wallets with same amounts of bitcoins Sad
plus the longer you wait less chance of anyone noticing when they finally do move.
so so so many exchanges these days. be hard to trace!
legendary
Activity: 914
Merit: 1001
well, this is an old thread, but it looks like the coins never moved after they were transfered:

https://blockchain.info/address/1Jzfd4LXB4i8Txm8F457QaHDmHxZJAJYjv

I wonder why anyone would perform a live-hack and then forget about the coins?
legendary
Activity: 868
Merit: 1000
Cryptotalk.org - Get paid for every post!
, because it's just a computer at home. It's behind all the appropriate firewalls and rules, but there was another circumstance that ended up leaving the ElasticSearch API open to the Internet, which is where the breach took place.


What was the operating system on the computer?

Anyway,  I got hacked back in July 2013.  Hacker somehow got access to an unencrypted backup of the wallet.  Not sure how he got into my macbook pro.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Sorry to hear that.  Make sure you contact elastic search and ask them to disable this back door.
newbie
Activity: 11
Merit: 0
Well, the coins are on the move again. They sat idle for the last 10 days, but were just (some of them, anyway) deposited into BTC-e. I've contacted BTC-e and they seem to be working with me on tracking them down, which is nice.
full member
Activity: 196
Merit: 100
ah well, doesn't really matter now they are gone.  You could of had it encrypted and someone used a keylogger, either way, same result.
You are just in for a few weeks of sleepless nights, well, depending on your finances.
newbie
Activity: 11
Merit: 0
ah ok so you have some older backups without encryption and the hacker some how go access to those files ??
Is that what you are saying ?

I thought originally you meant you had encryption and the hacker made a backup which didnt have encryption, but then i read  your post again.

The encrypted wallet on that box was a recent adjustment after some private key consolidation, backups were made shortly before the encryption in case it broke. I just hadn't made it to my next set of steps to verify everything was fine, forgot about it for a little while due to other events in life, and when I went back to finish it off, it had all disappeared hours earlier.
full member
Activity: 196
Merit: 100
ah ok so you have some older backups without encryption and the hacker some how go access to those files ??
Is that what you are saying ?

I thought originally you meant you had encryption and the hacker made a backup which didnt have encryption, but then i read  your post again.

Hope you manage to track down the thief. I was on IRC a few weeks ago and people were talking about using 'getpeerinfo' to see who else is mining (and other methods) and then port scanning them so i'm sure alot of people are doing that.
newbie
Activity: 11
Merit: 0
I'm still confused  about the wallet password.
It either had one or it didn't ?

It sounds like their is more to this story.

I get the impression bitcoin-qt was open and  running without a password on wallet.

Feel sorry for you for the loss Sad

For the earlier posts, yes, the development stuff was on the same computer, because it's just a computer at home. It's behind all the appropriate firewalls and rules, but there was another circumstance that ended up leaving the ElasticSearch API open to the Internet, which is where the breach took place.

The bitcoind was running, it was then stopped, a backup wallet was moved into place, bitcoind restarted, and all the coins were stolen. The backup copy didn't have encryption on it, but the backups hadn't been deleted (because, well, they were backups) on another system.

As I pick through the pieces, it's pretty clear what could have been done to prevent any of this, but I'm still trying to track down where the thief originally discovered this specific system and setup (and timing) to take advantage of it.
full member
Activity: 196
Merit: 100
I'm still confused  about the wallet password.
It either had one or it didn't ?

It sounds like their is more to this story.

I get the impression bitcoin-qt was open and  running without a password on wallet.

Feel sorry for you for the loss Sad
newbie
Activity: 11
Merit: 0
So let me get this straight... You just had a wallet sitting on a dev server running test code with $100k on it?

There is no possible way you could be that stupid. Why on EARTH would you EVER store you wallet on there? Thats just beyond dumb..... You also kept unencrypted backups? I just cant comprehend this. I have very few bitcoin all stored in offline computers. It just makes no sense.

Maybe he/they were developing an app that used and transacted bitcoins, and that was their hot wallet.
newbie
Activity: 37
Merit: 0
So let me get this straight... You just had a wallet sitting on a dev server running test code with $100k on it?

There is no possible way you could be that stupid. Why on EARTH would you EVER store you wallet on there? Thats just beyond dumb..... You also kept unencrypted backups? I just cant comprehend this. I have very few bitcoin all stored in offline computers. It just makes no sense.
newbie
Activity: 11
Merit: 0
This convince me again that cold storage is really important when dealing with important stash of BTC

Good luck to find the thief, try everything you can; do you have any left somewhere else?

Buy back some BTC if you don't

Cold storage was my plan for those, it just hadn't happened yet. The only coins I have left are elsewhere, but it isn't a very large sum compared to what they took. A total of about $7 worth of BTC and LTC was returned to my wallet a change on the transactions.

The problem with replacing them is the size of them is a bit more than I could ever afford again. I started working with Bitcoin and Litecoin years ago, and a short gap of insecurity cost me them all. Part of what's difficult to deal with is that I can't afford to keep pastebin.ca and filebin.ca and such running without the Bitcoins I had (they used to run on ads, but those haven't paid their way in a long time), so after a decade I'll be shutting those down, I imagine. It's been a bit of a rough week, reworking the future.

Hopefully, the attacker will reconsider their actions and return some or all of them to me.
legendary
Activity: 1918
Merit: 1018
This convince me again that cold storage is really important when dealing with important stash of BTC

Good luck to find the thief, try everything you can; do you have any left somewhere else?

Buy back some BTC if you don't
legendary
Activity: 2212
Merit: 1199
Wait you had 100 BTC on a server with public access and you didn't even know if the wallet was encrypted or not?

It isn't and wasn't a public server, but as part of development of an application, ElasticSearch was open to the Internet for a time. Apparently just long enough. The wallet was encrypted, but it looks like there may have been unencrypted backups used. The bitcoin/litecoin daemons were restarted and the debug logs wiped.

Smiley keeping Bitcoin backups without a password is like setting pin number in your credit card to null Tongue
newbie
Activity: 11
Merit: 0
Wait you had 100 BTC on a server with public access and you didn't even know if the wallet was encrypted or not?

It isn't and wasn't a public server, but as part of development of an application, ElasticSearch was open to the Internet for a time. Apparently just long enough. The wallet was encrypted, but it looks like there may have been unencrypted backups used. The bitcoin/litecoin daemons were restarted and the debug logs wiped.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Were the wallets password protected?

They were supposed to be, but judging by the lack of difficulty the attacker had (total attack time was about two hours from first connections to last), I'd guess not.

Wait you had 100 BTC on a server with public access and you didn't even know if the wallet was encrypted or not?
Pages:
Jump to: