Topic: Bitcoin thief techniques - page 2. (Read 2972 times)
I though the brute force do not work if the password is long enough.
#2~ if that's your "short but unique" then everything is clear
And then dictionary attack became a thing...
4 random english words aren't very strong as password.
#2~ if that's your "short but unique" then everything is clear
UPD: also this
UPD: also this
Care to share the password? Hopefully you are not using it anywhere else, you should assume the attacker knows it.
Or at least tell us the number of characters and the type of characters (upper / lower case letters, numbers) you used. Interested in this as well.
To decrypt an encrypted wallet.dat two possibilities:
a) keylogger
or
b) you claim short but unique. Short = worthless password. If it was short enough it may have simply been brute forced. If it had been long and unique that would have been more interesting. Care to share the password? Hopefully you are not using it anywhere else, you should assume the attacker knows it.
a) keylogger
or
b) you claim short but unique. Short = worthless password. If it was short enough it may have simply been brute forced. If it had been long and unique that would have been more interesting. Care to share the password? Hopefully you are not using it anywhere else, you should assume the attacker knows it.
I cleaned up pretty good after the TraderCoin debacle. I just rescanned and checked for rootkits, nothing exciting came out. My old, unused, miningware downloads did have various junk in them (a lot of Crypt-OSW) but nothing active. I'm OK, I just would like to know how these things are perpetrated and especially why the .00006 payment?
You should download Malwarebytes and do a scan, I bet you'll be surprised by all the things picked up that your current AV client hasn't detected. Given your risky download habits, it's not a stretch to predict that you have been infected by multiple trojans and keyloggers.
I just had a minor theft (0.11BTC, I'll live) and while I understand ways I can positively prevent this (offline wallet, etc), I'm quite curious how the thief did this.
I'm just running the client 0.82/Win7 with my wallet encrypted with a short but unusual password. I have not opened the client for about two weeks, but I did today just to check the balance. As soon as I opened it, the balance was .10996851, but after it downloaded the blockchain, it was 0.00000000000000, nada, zilch. There were two transactions:
First, 11/3/2013, from address 1NpovwBu8RdXYZUHHd4ZWEEnGNgAu3QfWy, tx # 95054f44018eda3be92f3274cc31d56dc7e84c8a6d0f5919da09a8b9e01aadd2 , there is a .00006BTC payment to my address.
Then, 11/6/2013, to address 1NTcSTt3MEW4Mw8SRy9xXmMstk8Pimcjqn, tx # 7c348e83cb9bbabfb567770e322384b37712fcaf704bb17b09e4ca6c3232b71b, my BTC goes out the door--.11BTC to the thief, then 2851 satoshis as a tx fee.
The 1Npov address was used for a number of these .00006 payments, and a lot (but not all) of the addresses that received these payments got cleaned out at about the same time I did. Some of the payments were substantial. THe 1NTcS address was used to clean out a few accounts, but other addresses were used as well. One guy got cleaned out of over 300BTC, here is his link from the explorer.
https://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
So if anyone can tell me, how is this done? My computer is not particularly secure--Windows firewall, Avast antivirus, but I've downloaded and tried a pile of miners, altminers, etc, including the now infamous "tradercoin" that had a built in keylogger. I'd be surprised if that one worked, as I caught it and the keylog files didn't have any relevant info. If you had my whole computer and were smart, you might guess my wallet.dat encryption password. I'm especially curious about this--what is the significance of the .00006 BTC payment three days prior.
Any insight appreciated.
I'm just running the client 0.82/Win7 with my wallet encrypted with a short but unusual password. I have not opened the client for about two weeks, but I did today just to check the balance. As soon as I opened it, the balance was .10996851, but after it downloaded the blockchain, it was 0.00000000000000, nada, zilch. There were two transactions:
First, 11/3/2013, from address 1NpovwBu8RdXYZUHHd4ZWEEnGNgAu3QfWy, tx # 95054f44018eda3be92f3274cc31d56dc7e84c8a6d0f5919da09a8b9e01aadd2 , there is a .00006BTC payment to my address.
Then, 11/6/2013, to address 1NTcSTt3MEW4Mw8SRy9xXmMstk8Pimcjqn, tx # 7c348e83cb9bbabfb567770e322384b37712fcaf704bb17b09e4ca6c3232b71b, my BTC goes out the door--.11BTC to the thief, then 2851 satoshis as a tx fee.
The 1Npov address was used for a number of these .00006 payments, and a lot (but not all) of the addresses that received these payments got cleaned out at about the same time I did. Some of the payments were substantial. THe 1NTcS address was used to clean out a few accounts, but other addresses were used as well. One guy got cleaned out of over 300BTC, here is his link from the explorer.
https://blockchain.info/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
So if anyone can tell me, how is this done? My computer is not particularly secure--Windows firewall, Avast antivirus, but I've downloaded and tried a pile of miners, altminers, etc, including the now infamous "tradercoin" that had a built in keylogger. I'd be surprised if that one worked, as I caught it and the keylog files didn't have any relevant info. If you had my whole computer and were smart, you might guess my wallet.dat encryption password. I'm especially curious about this--what is the significance of the .00006 BTC payment three days prior.
Any insight appreciated.
Jump to: