Author

Topic: Bitcoin Wallet Empty, no transactions, no nothing (Read 4278 times)

legendary
Activity: 2590
Merit: 1022
Leading Crypto Sports Betting & Casino Platform
does the zipcoin client was installed in a separate machine or in the one with your money? i want to know if the virus moved from one pc to another
newbie
Activity: 14
Merit: 0
Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?

Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks
becarefull someone hack your device and monitorng your activity and takes money from you
make sure you have backup
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
In the future, don't run windoze!  Or, if you have to run windows for your day-to-day life, at least put your bitcoin wallet into a usb linux that you boot into and keep that clean.  99.9999999999999999999% of the viruses and keyloggers out there are targeting windows, if you just move to GNU/Linux (even if it's only for your bitcoins) you'll avoid the vast, vast majority of attacks.
newbie
Activity: 14
Merit: 0
Do you have any AV??
Check all downloaded files recently

Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up

agree some people easy to move money in backup in other wallet . maybe you get infected in your pc . check it now.
sr. member
Activity: 280
Merit: 250
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.

Agree with everything you've written.

Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.

Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.

Good lawd! I guess that's why it's advisable not to install a GUI on a linux server. I'm guilty... totally guilty.
sr. member
Activity: 280
Merit: 250
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.

Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe.

Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that.

On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is.

Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault.

A fully patched and properly configured Windows installation running software built from known good sources is safe.

Evidently you misunderstood what I wrote - I said SAFER, not that it is SAFE. Any system that connects to the www is no way safe. Just to clarify... there were two reasons I opted for Linux over Win8 (although I love the interface), but primarily because of the wallet files that I'd be forced to download - for windows they are exe... and like I said, I know what can hide in them.
newbie
Activity: 13
Merit: 0
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.

Agree with everything you've written.

Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.

Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.

yea  thats hacker activity to steal and infect device and controll our activity and steal all in keylogger and monitong . thats why before unfamiliar website i never touch anything .
full member
Activity: 154
Merit: 100
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.

Agree with everything you've written.

Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.

Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.
full member
Activity: 154
Merit: 100
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.

Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe.

Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that.

On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is.

Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault.

A fully patched and properly configured Windows installation running software built from known good sources is safe.
hero member
Activity: 742
Merit: 502
Circa 2010
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.

Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.
sr. member
Activity: 280
Merit: 250
Reading that thread there are many people accusing the developer of putting viruses in the coin.

Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.

This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.
sr. member
Activity: 252
Merit: 250
Do you have any AV??
Check all downloaded files recently

Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up
sr. member
Activity: 252
Merit: 250
Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.

Files located in that directory are ztor.exe and zipcoin-qt.exe

Lesson learnt about this crypto game. Certainly wont happen a second time.

That stinks. I'm at least glad you found the source...

Thanks for the help mate Cool Goes to show to have the right security in place for everything. I have now ordered a trezor BTC wallet and encrypted EVERYTHING on my PC's. Lesson learnt.
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.

Files located in that directory are ztor.exe and zipcoin-qt.exe

Lesson learnt about this crypto game. Certainly wont happen a second time.

That stinks. I'm at least glad you found the source...
legendary
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
Im using the Windows Bitcoin core wallet.

Bingo! That's the core problem too. Linux man.
sr. member
Activity: 252
Merit: 250
Installing a fresh copy of windows now. I have also ran scans on all of my mining rigs to make sure they are not infected either and all seems to be ok for now
sr. member
Activity: 252
Merit: 250
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1

Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least

Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory!

Looks this isn't the first virus accusation against this coin: Sad

https://bitcointalksearch.org/topic/m.8190098

Did you install the binary (.exe, .msi) or did you compile it from source?

Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.

Files located in that directory are ztor.exe and zipcoin-qt.exe

Lesson learnt about this crypto game. Certainly wont happen a second time.
full member
Activity: 154
Merit: 100
Reading that thread there are many people accusing the developer of putting viruses in the coin.

Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.

Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.

You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.

Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.

Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.

So if you downloaded that original windows wallet you need to check that  C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.

Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.

Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.

I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.

You should not just delete the directory like this guy recommends. You should do a fresh Windows install. This is the only way to be sure you've removed it.
full member
Activity: 154
Merit: 100
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1

Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least

Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory!

Looks this isn't the first virus accusation against this coin: Sad

https://bitcointalksearch.org/topic/m.8190098

Did you install the binary (.exe, .msi) or did you compile it from source?

Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/
sr. member
Activity: 252
Merit: 250
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1

Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
sr. member
Activity: 252
Merit: 250
Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?

Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks

There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry...

Do you have a link to this malware and how they could get access to my system?
Thanks
legendary
Activity: 938
Merit: 1000
BTC | LTC | XLM | VEN | ARDR
Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?

Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks

There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry...
sr. member
Activity: 252
Merit: 250
Does anyone have any tips for how I can trace the hack and how they did it so it doesn't happen in the future?
sr. member
Activity: 252
Merit: 250
Downloaded a sgminer lately?  Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc).  Probably wiped the wallet after upload and the software created a new empty one.  This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools.  The software did not actually mine, just opened with a brief error message, stole wallets and closed.


This PC didn't have any sgminers on it. All my altcoin rigs do have a few different versions of it though and they are all connected with teamviewer. Most of them were downloaded from crypto-mining-blog
sr. member
Activity: 252
Merit: 250
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.

Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.

Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though.

That means the wallet.dat file is gone.

Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet.

Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. Smiley

So be sure to have 3 copies of any other wallets you generate.

Thanks for the advice and thanks for the help really appreciate it.
full member
Activity: 126
Merit: 100
Which wallet was it?
sr. member
Activity: 336
Merit: 250
Downloaded a sgminer lately?  Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc).  Probably wiped the wallet after upload and the software created a new empty one.  This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools.  The software did not actually mine, just opened with a brief error message, stole wallets and closed.
full member
Activity: 154
Merit: 100
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.

Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.

Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though.

That means the wallet.dat file is gone.

Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet.

Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. Smiley

So be sure to have 3 copies of any other wallets you generate.
sr. member
Activity: 280
Merit: 250
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.

Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.

Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though.

That means the wallet.dat file is gone.
sr. member
Activity: 252
Merit: 250
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.

Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.

Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though.
sr. member
Activity: 280
Merit: 250
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.

Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
sr. member
Activity: 252
Merit: 250
Seems teamviewer only allow tracking of logins when you sign up for the business service. Unfortunately I had only the free service
sr. member
Activity: 252
Merit: 250
When I get access to a computer that isnt linked to the teamviewer account ill check it

I cant see anything in the Bitcoin wallet, its completely blank, recent addresses, transactions, BTC. When I first opened the wallet its like it created a new wallet.dat file, the blockchain only needed to sync like 100 blocks. Here is the key dump, you can see the addresses were only created this morning when I opened the wallet

Code:
# Wallet dump created by Bitcoin v0.9.1.0-g026a939-beta (Tue, 8 Apr 2014 12:04:06 +0200)
# * Created on 2014-08-04T22:38:29Z
# * Best block at time of backup was 314000 (000000000000000008ae6cb20997f3c4aacc50ee2f0d08a0c3691907fe7357a3),
#   mined on 2014-08-04T22:32:26Z

KxaieCjTCoKtdh3dD4jov7ixXAtEsd2SXNgqrHMdbhZZ23DJ8KDc 2014-08-04T20:35:42Z reserve=1 # addr=1F9t79KhoSDbETpGKYkgd9FRBUCJXx7zAm
KyVvyZmtM1Jf661VMcrCpHpMnp5kbWYyi6TBg35oJJ1Lz8nmdDFY 2014-08-04T20:35:42Z label= # addr=19S85o6HnMMyjxzw39EGG93ynU3Eh1y4mK
L4XDzspZZiQTFnxmRXQZ2z9squezxDcmyFyprXCm3mfnDyYLnMDY 2014-08-04T20:35:42Z reserve=1 # addr=1LUPBFFyjXTKyhJCQZKNBhxjiLSkG4MHiF
L3tEij7RiN9f1AkAt2RwrhgSCgi8kEVCQvXutZDD33WE842Q2Kz9 2014-08-04T20:35:42Z reserve=1 # addr=1F81h2iTK74wWUEUyvWKFCPYxGQxDNYV46
KxRMenRahawSsvV4XvLYgqEityfX7zY6R8TwM5eHhhAvZkGgBaKX 2014-08-04T20:35:42Z reserve=1 # addr=1Lgq3WjX8hrVxUJESf4ieVhXevGADRjckx
L483N91Pqx2bk9hHYJhkibEufm7qc6XHEszTfu5hfvBGM4d6XHN7 2014-08-04T20:35:42Z reserve=1 # addr=1M5cYUMdmZewHgJGwNcr8G6MGvwWHSzCEF
L4sxdso5j3zMxCcPKoCReoH5v36mLhWYEJfUAUCrUEfzYEnKEqi3 2014-08-04T20:35:42Z reserve=1 # addr=1A9GRponqt5HKZnFkaUy5qtFx4gHyrMLuP
Kyd6XfysgoRrtTUoTd2ieYDkPt5dvNcosJZVENk7suBMNTdbERdu 2014-08-04T20:35:42Z reserve=1 # addr=18gZpPYpi3PaEjjKBcJp6567nHhnJXJZAE
L1Hd9kK9kdXJHMTJwN9yKRXWmL1nyBJQUQKaM4uySVM7KJRLwpVW 2014-08-04T20:35:43Z reserve=1 # addr=1BJgbbUMiffyjCYsY2grKCm5P5Jq5UhW4F
L27xbuyozmKKt2XULK4Sm77GQZMaaskSkheHtEMrxMPF2kxBpT45 2014-08-04T20:35:43Z reserve=1 # addr=1HKpoi7GZ2z4aHWmKFhWkpUqVRjqAbV7T3
KwdtaXMqVHBoecMvKkajgJn6LwQ8yoRdAR7sddduuRHVtyzsp5Xt 2014-08-04T20:35:43Z reserve=1 # addr=18R3LNNoZNrp3uvDxPAwXp31PrhVTKRXy1
L4pGDCb2k8wNFSkU2q6nMNAhYGhE3SkTQHwyb1fp3DGsSdB6mvFS 2014-08-04T20:35:43Z reserve=1 # addr=1LScEbmj3SUed9g6wcYnwU6JkPutf9VS7H
L5i6V9DSN3oV231MfmULrVxyRToLCLp7M9znLYAqx5ijoKn8YCGh 2014-08-04T20:35:43Z reserve=1 # addr=1PHqgi7VfHz9uxEv8teVtwVvS929iS3ayZ
KzCRGk1LyBR4TPw8ZK6MsoUjwLB7qovA9DMDrYNpUdSbr1mBAzTv 2014-08-04T20:35:43Z reserve=1 # addr=1EjviNzrrYpRfr4Ze4MWHntzsheky8sAhC
L5N716UGErqykBv9yRJqFpMKXYjZBxmJTnsRPV1Be8Qq68wFg6CG 2014-08-04T20:35:43Z reserve=1 # addr=1PgikMkhNGtk9yT4bN69eUwhY5XnWaqmE9
L3AaViBnPsTjF5EShpNfCPCrDgd9y1Xag49ccDGvGEHrV9qzvGWo 2014-08-04T20:35:43Z reserve=1 # addr=1vNRhKHiShtsPH5txGYHvsFMn6NdLiQvV
L57nt41125EHbAV5GgnRcNjs81fSCR1mHgMYyr9JxnqBuhDKGG2f 2014-08-04T20:35:43Z reserve=1 # addr=1G8xwh5e1pnD3NvtRud84DboVyuaWQBohU
L1rFa91NzWASDU8256kL2vR92GzBk6EcTLFRoRqGTpaAoGBv3XBx 2014-08-04T20:35:43Z reserve=1 # addr=1LUzMq8ddcz1VGj7xmLXiEngp4BxGgb5wi
L3bv3DdnFR3MMkNWR6e87xQmCjFHKHb3T86GiTHcqkZjZnCXw17s 2014-08-04T20:35:43Z reserve=1 # addr=15ZpCNHHPWBW56YyequGg4Lpr279PH7tLa
KwXHYfqT1FWZzZNiioroNvcgNk3VGUxohkaskffFtXMGuCd8VyXC 2014-08-04T20:35:43Z reserve=1 # addr=16a4CaDkA8x97ziApvxzAfULP2ixJ8yYK5
L5R4rd69p3x6gueKJvob4a399ngaocC1A5XggHrdQjhptaEJWiin 2014-08-04T20:35:43Z reserve=1 # addr=1MfHBZdTPdbycmJKN5vF7WAKgYAh9nuRDZ
KyxRvnb1GKyFk1GjuzdUXZF8BqttREMKPgsRQ9bNeFc1TsEvq7zu 2014-08-04T20:35:43Z reserve=1 # addr=1J1C8wTkFo2zsqNWbmuUwFC12ZjJ8CRjqB
Kx4CqkvtHnMA8W6bMyP4R7FGyQccgkpPaSvopevZxyXnCqBVVepL 2014-08-04T20:35:43Z reserve=1 # addr=14R7VbAXNYUwL5xSdqxs327oW7tUWKH6c8
L3NDrE87E1xGyzQJbYrGDGNvaXyGMvpjHgmn5xMUNXs3B7FQQAxA 2014-08-04T20:35:43Z reserve=1 # addr=18tC1kPhV6nCX2vznktrXApKKcXSXZmDf1
L2MqGhbhQkCpXHgwDYWcS1d6qwg8qLZur59TEWVUXcCsQLwSgjJQ 2014-08-04T20:35:43Z reserve=1 # addr=15BP4pBns6KRLwGXem9APZR6dpHG9mQ4Kv
L24y5hWSEYUzEpcfXqUGm1vSRr4F6ufg8WCm2PRTTkHYpoQSkfka 2014-08-04T20:35:43Z reserve=1 # addr=15Qh2vzhqeAD3J84ogBTHGnfAdwwRt43fR
KzJoERZVNcJKCyFyS8NVUAmUcJ4qLAmkquqVApV92RkhrUyUWzsB 2014-08-04T20:35:43Z reserve=1 # addr=12jo2z789dLBaXVy1QYVCoGgg5E23X9tGu
KxzNgH1FwopDipvkegGYB7T3QGLjPkLQacZtXVuXFfH1V5FkR981 2014-08-04T20:35:43Z reserve=1 # addr=1EFMLQQZQRUPDrHdWyMnA91cBLrqqCBHqo
L1tvv3XFA9yoLS6jvojwPz96HKX92RJT3TVo6XS2KbJQuPvVQ8gB 2014-08-04T20:35:43Z reserve=1 # addr=1AoTg1UWH7RDtJx5rmzL64boqZeApkJyVm
L1UJm89HXUr1XP8wXdBHD8FXnJL8r5RUhWJxguh2sabK2RTSwBTX 2014-08-04T20:35:43Z reserve=1 # addr=1MS2VS7Ljwj2HjAURyF95MGSW8hzQp9iGL
KycTbQhLG2vgnHuQF9amb7idJaZx41Q4KB9DNnVATdfjRAsZVkWM 2014-08-04T20:35:43Z reserve=1 # addr=1MLQckDLMbQ4Vrqkuc2PymDfYEedTAGQh8
KzVbst75BdSgLsYQusBDpThRz1wDW9efgtAVV4tZwzRK8M5Z7k7J 2014-08-04T20:35:43Z reserve=1 # addr=1CW2Pubr4wRJzThvQaGvbQLxPBuU63JojR
Ky4XHgspUCqoHSRFoemnpGt6yZGJRz8GV3QtnyCytEfpJFezRXDH 2014-08-04T20:35:43Z reserve=1 # addr=1C4XiEheiQPLb7GWrHHPwp33Q1PKC5LWJC
L1pKsDpFtNvrFj7LmZguaNrzbyfRm7RoH4BmYNRn1kUY6F6xkvyU 2014-08-04T20:35:43Z reserve=1 # addr=1N6UzxpMGHvuYWK6BzYors8T5YPwv8R8P5
KxyZ71fHWbGHj6WJ3LDpY287hN6thgjbYxVhT1bq9KgsxEkXi8Ht 2014-08-04T20:35:43Z reserve=1 # addr=1L8zq2NWB77pZyuyDJ7epAB7PQBErLop4S
L5m4cAkaAbtbomQvqMzCTWFmZ2r43eeh8UNqVJwnbsT3mi6TBvLM 2014-08-04T20:35:43Z reserve=1 # addr=15Ti5pAtAE1fCzM64R7Bz1sgtp27UkkNHA
L3WE5FLoGcZyRFcNLtJ5FFP8UWvoyFnDuZ4DWiDPYqTuojeNuMPj 2014-08-04T20:35:43Z reserve=1 # addr=12U3YZeVritzrkyfgLJ6acxkBLMCMsTFJP
L4uwaTVVL6r5yWsxiQxnUVjSeXzaqikA2332VGh2RyeXTreACwga 2014-08-04T20:35:43Z reserve=1 # addr=1ELvS2y6c5EiHs25TUGZ4HB8vdds6HGM3o
KxsAJYW7GF5dqqdeLaSk1taAkLQvVUHExmQAdHgMcaNnV9kUDxfb 2014-08-04T20:35:43Z reserve=1 # addr=1EwBtbBWv7pqFXohXSMcbUQXmj5bJLpJCT
KyKS7VCtqGqPKwPT1FDyB2izXyEQXZC5BpbaDUaECNHoLGkpYiAk 2014-08-04T20:35:43Z reserve=1 # addr=1FTTAigyog6S9bKd9VftYYVCVZMVpg4ySg
KxzHi2SyHBRcYU4ZC8jkJ9Tb6J95S6ckACrB1PkTG965KDsDTftN 2014-08-04T20:35:43Z reserve=1 # addr=1EqvCBE53yU2z9Vpzvsw68BXwzkW4zKJ3e
L45Hd4DdsFe9PDnPBHQiFZ3YV6uKC8JJDNJaA3aEFnD26H8fTnia 2014-08-04T20:35:43Z reserve=1 # addr=1AzB3mXq6Auwqq3GcBQoSHyroVyPKpZx9G
L16o1TBj5wdLm9QCeo7u4F8LwXxo1GEHDEEJR559CKAFqXFje7PV 2014-08-04T20:35:43Z reserve=1 # addr=1CVM3siqPmQetqSgPqz1Tx9Hf4g1Z2pLAT
L1KyXQhMhJaGrRTcTvQWmGmQErSL2Xn4a4iPtTGWPJcVrjLmBGdb 2014-08-04T20:35:43Z reserve=1 # addr=18i7j96yFso1njh7jNTu8Vkgwbb4ErjJLq
L4LXvVtefd1ajSEpUxwnUKrpfNYhCtQDrkNamMvURThSidpUSCzt 2014-08-04T20:35:43Z reserve=1 # addr=1BTJNMeLWuyzpZDGHH79LEVkMjFcgWdgE5
KxPGZ4EivbL2cXBaxtAm3HFADbJhbkdp5NiZgfWXHXhm2pM96P73 2014-08-04T20:35:43Z reserve=1 # addr=1JR8smGHaZhRKiU138LagXzg1cWPM18Tmr
L3z5L81gott89cNqXXNrcRUYQaZP7sfhYZJTKypso9N4mQwRafnQ 2014-08-04T20:35:43Z reserve=1 # addr=1NcAXcM8puXQRQt42LuhjuNxrj2DHTRtqE
L4mPcxn6ob9FUByJmH563RbcESGA4R6puBhNfFj4pr38kdVo31a1 2014-08-04T20:35:43Z reserve=1 # addr=1LYENuKSTDmedycQVTXePfUAxnZTrKokAP
KwKu9rTUUyXZ8jtc9puK3Rtx84ynFXk3zurQGAauphUEd1AR3UfE 2014-08-04T20:35:43Z reserve=1 # addr=17ragB6tSaa8RvY7gjrbDYo48GwuzJUs2U
Kzuw8q9Encp8dSyPfGDchLD2TavwYHjeAEYQ8QM5PgVyehsfCd9B 2014-08-04T20:35:43Z reserve=1 # addr=1QBdjNHK7Yszoqymq8FGVQpyDE97pnWBdo
Kyt7Hw8UPCEc1MPSTs6Vn5NGT3SREEvRfYf5izGhRSg1WzKBdc4W 2014-08-04T20:35:43Z reserve=1 # addr=165ihx4d79Vbo3fJ6RmyBcr71gKZM8NUT6
KxaA8jFTM5HobHjuaoKGTDEp9WHPjynRipXkJPS1f6XJqaQ1rrVa 2014-08-04T20:35:43Z reserve=1 # addr=1G12ctkNbrHC6mVkoKkJZE9EhMjiwQtSFY
Kwkeqvj4V5nPoF1ZEQZXXjvR6gXZjYck5CcHNDWqr24TTEbaiWyH 2014-08-04T20:35:43Z reserve=1 # addr=1HPgp75n7DpviEF3PpzVXGRLnJdQH5acT8
L2A4KwJ4jzz7ritoiTAZKAFnVoPGvcVMAZrEGq8Gm47wV99nSnSy 2014-08-04T20:35:43Z reserve=1 # addr=1EWjJt5czJ1sJuNMjkfVvvnF3XczAhq4fs
L5jBcUJejzLpMNWacopQmb1C8ryVbiVSQws7fcpforjXFCSsnrjw 2014-08-04T20:35:43Z reserve=1 # addr=1HeyagkiZ9H4dJGjRh94dv9EtdziHoMS7
L2j8VjBC6gG3ge1aopdgmKYa1YGfKVZiAJECEkP1PpyFgcSRL1PQ 2014-08-04T20:35:43Z reserve=1 # addr=15N3QKNMJUkfs3tPfTGSBVadERLvqcSHKZ
L1bnokninFQpQeoGYC5XL14JVM6tCVQK1zvAXdbh9Wq12BHY7w15 2014-08-04T20:35:43Z reserve=1 # addr=1LbyPhoDGecGh5Akfq8AYa7bheDo1WDdhQ
KxvHwjd5bq8R3J8cHiqmrpJJwnYtM7HE1o3JYrzZg5bsvCLYU5Fo 2014-08-04T20:35:43Z reserve=1 # addr=1757YTFxaPoKLwggaabkN9KCngyNCDZy4A
Kwv1q3LUPiRpdpayvExLAcx7cs6eicc4gCYmUDSJNqehgAZxLZnh 2014-08-04T20:35:43Z reserve=1 # addr=15hsJNr5GGcHWHegodqzdHm1fqc9eYmQVw
L1KDfpDSBQahySPaszR82S8K6AAYtLWk9a6nMSeeXcruEY8PfEKN 2014-08-04T20:35:43Z reserve=1 # addr=18k6sR4rGAqwkHfLmUM98n2w2HgZo7tKJT
KzLyi6bcRw1p4NpFV7cnANX1ZsHvYWsNfNRq3yiJj3BUThaEiFmF 2014-08-04T20:35:43Z reserve=1 # addr=1N28c8bWiMoXFvhsvX67SCKKoQfcCKvJVZ
Kxnsxu63ePG54Zf5tW64gzrwGXYZB6mFfDwkYsNxyaVY6eH9EMds 2014-08-04T20:35:43Z reserve=1 # addr=1NRfFWqU6Fso2dxirJVwg3ft8JjAPhHPKp
KxCarShgNZhj1ExcrPqX8eRBHUZWnnHDiG6TwywyJYu1BeQTQQGk 2014-08-04T20:35:43Z reserve=1 # addr=1Du6oULiTNNgKpN3guPXNvEojhMBGzVtf1
L1oeoWu36p539EsCLVbKVjGFKYMcBwoMojfCGbJgF1daURKHBFBT 2014-08-04T20:35:43Z reserve=1 # addr=1LmpBXKqi4p99H7PY6PzrEEn2QPWm7Gsht
L2mTf5aikUSSPRowC9QGPc4C76tn3NJBvBq7gxiVpJKGRfVGVrQZ 2014-08-04T20:35:43Z reserve=1 # addr=1AQQYH5Ku2iVeRsTPU81Qg34PGKdk8s1sz
KyYTHfXVQdKpahj3W3AsjDTSzfjVFha3TcnhLAH1onHmX6NyE46U 2014-08-04T20:35:43Z reserve=1 # addr=14Nzm4FwdWbmEi1MsFAaFsc6YRZmJb5EX7
L54V11EhjEKv8gB4Cuqaov78x3G7fLnHVnkH6bf6nvMJ6hUq4Srv 2014-08-04T20:35:43Z reserve=1 # addr=1MXVrBnbyZMiTeSoAexiFkMh2Z8GuM94iF
KxuBUHsuPLMfq1psYKdB7L93eKtnuJcUTJCPtTNFGpScRtHHAaqi 2014-08-04T20:35:43Z reserve=1 # addr=16FRbWufEBN7XevoimXW6RZK544jfUduvN
L35WbuemT26jxM3PcbnvbyuwPHZeJiHBuNPVek6cnNQSgkMV2dRV 2014-08-04T20:35:43Z reserve=1 # addr=1KgifkksLCp4vzvSqWuJXiUNGJ5rDsfPoW
KzJHYjABzn4z35iioAvaQYZYuwgdR6FJsx5MLzVYNUNeppXvykEB 2014-08-04T20:35:43Z reserve=1 # addr=18fyzsBxwEZupbNSEepFPXBFaRdcK62Dnt
KxN59E7wZCNpjZ5fMmgo6MVhNvhsPYByMeLL4Zp9LCtDzPiheKUE 2014-08-04T20:35:43Z reserve=1 # addr=1LEET13aMn4JAEDXb7CZvmwgHfMywBZDJN
KzSE7DUWuRR8VssR5HeBFLXMtNuwxkd6HizAUi37LRLmAFNnZWyg 2014-08-04T20:35:43Z reserve=1 # addr=1Bzbmiacrk1bwbt74XQ7pDGBnoVuZdCyzR
KxizVqDUcwLeKjNNEgxfuvtKT2jrGyWuFdd6jYj4tN7NW5UUAYM1 2014-08-04T20:35:43Z reserve=1 # addr=1ED88REDNH8kuXaZVZRKcCxGipjnmcDVSR
KwsN3CB83ay7nYR4S6BE9jzz91x3mkvmivwAX6HZ7KRdgLGedVHJ 2014-08-04T20:35:43Z reserve=1 # addr=1NxAP8JAS6ENcxPdG25yXvCmiQ2LDhB58
KxrqR3zJM8BYTyyApZy7Yzgp2XUNPbioVTG8p5fsYmKckD631YMP 2014-08-04T20:35:43Z reserve=1 # addr=18U5Ea3w31FZpj6TsEQRUVUtFfY47WYbP1
L3t9q2dsLfi9cHSL2Qj2Jvk1AgCbHxU8Fr91vkUzQH9vdW4taZv8 2014-08-04T20:35:43Z reserve=1 # addr=13MqYRtEd9oepAKYpERxgZWGMwt8mHW5Qp
KxGkdPFXeQjmyhB9NwMa9SLMFi6cn3ZET5Ek7U3GF3okwj6RfrE8 2014-08-04T20:35:43Z reserve=1 # addr=191EQH4rt4fkX7BV9tnApUg2vdsfmZnQ2u
L5DLX7di5bVbNLsKdnx48u7ihRp5kwLaZozaz3uxRg2uP1E2YrSM 2014-08-04T20:35:43Z reserve=1 # addr=19LY4GwmJHt26j2yN8ZnVHfWkns7ZAzrLt
KxKKuKbM1ShQCU7NiThJKjVMc9j8HtrvXu2zwtPKjCkV4fAN5Wdw 2014-08-04T20:35:44Z reserve=1 # addr=1L6itAE6oR1Lds1taSFAUgAeUwXAxzxzFT
L4gpdQiRbCX1UE1vZ2YeZJWZePmdpVyt8WdaQG3A5ZvQn8W7pGjm 2014-08-04T20:35:44Z reserve=1 # addr=1A6SFpfu8xkjjoqhvpn9TTa2xcCRNSth9J
KxgkQW3kt5uSMaqcpB8V2qoydtxPi5uNEVmoQgreW3A1ckyATvVU 2014-08-04T20:35:44Z reserve=1 # addr=15jErFsAHU8ThLegSj5mCgoGmVEsByryA6
L5axEH3NE5dxKbzuzFQz557CVTLsCCgYxwawxpp2HEQv319BHVJq 2014-08-04T20:35:44Z reserve=1 # addr=1Hto5bAstfAwanTkemowKcJLGvXHd4Gyn6
L4nCvfSQcP1b5CgS3XKXSRzPgomdJGVrsvpD9T2aqYGUvSCcyARo 2014-08-04T20:35:44Z reserve=1 # addr=1JhgHYYKkhFxhXjyJTSvR89hezqYBb2Dv
L3Ft1jRotZH1BEndYzDsx5khk9Nk6U4mHUMeEXF2VwbwroD2s2vN 2014-08-04T20:35:44Z reserve=1 # addr=1CdwMaFvt5r1kyz9vWmtbBsoTsdPYaU654
KxcxEUqVWGNwDnvdaMjeqEQAXsABQsDYCjtVqx4Yqzw5WyM9k7ox 2014-08-04T20:35:44Z reserve=1 # addr=1C5knyp9ygxvdpEYnzsAHEhnCYrfmmKCNL
L2Agepe3CuTH36i7MP9auwhrDmf48BD6pG1PHoj3YeMhHQTSGiXG 2014-08-04T20:35:44Z reserve=1 # addr=16qw6YQLaV6dBUjinUEEpkZGt58n8RRnkW
KyGTffGr6muJ5HoK74s6cLaLxcsbc4L9EoZyC5vvo4sAJiAxZ4Zu 2014-08-04T20:35:44Z reserve=1 # addr=148p9HVDBUdxMKWLpodw6giJ3kahVdb3FD
L2Y9K4cpwxwFzK1UbJ6iGWavWHCyiAyaNCQ79cKBRkS2bhqRK7SS 2014-08-04T20:35:44Z reserve=1 # addr=13TXkMArxbMbEEtCXwXJfoo7bEC3FcDTZ8
KxQAa7wZaqi2bcmeUpVt1SbAakd4epGHLV1WwDjvD9VWsMk24HA9 2014-08-04T20:35:44Z reserve=1 # addr=15GJ9jKxVnjA47RNiFeaVh6UZiHg7Wt7vo
KxLdD9kYJEUNYrebAJ6iwJi8sZ7FWFPMA1TQz6gtpvdA5xTiBXZo 2014-08-04T20:35:44Z reserve=1 # addr=15g7w8315iUe32Vnh6yRYNqFBNmcyXWcqg
L5WNVD8UGafSTy4t9MvYMG9bJH5r8ToN75RN6xAsjvbtZpuv8Lkg 2014-08-04T20:35:44Z reserve=1 # addr=12PyQp5ddNm85LKwGL9RRFfuq1NXdRz9Xs
KxDF6xQ9GXbW2xDwaiw5W5LXxH2HdwEu3FL3u9e89wVqwGNM8Qvp 2014-08-04T20:35:44Z reserve=1 # addr=1Aq4GjcyZxm98LYCshuH3Bgs25coSYENDx
L5YtNedkJ67w3NAhvsAaojwnyA1XupnpKoVbdCm9VgqWz81SEtWR 2014-08-04T20:35:44Z reserve=1 # addr=1LAN1xhopjERBrtqAoVdgkRT3zTLwDzxwV
KxVyDyt6CDWJVVB75zmrez5LTRnd7hP1wm1PkhaV6ruB5eDiKqov 2014-08-04T20:35:44Z reserve=1 # addr=1GW48vR2BvaC2JWPc6NwEskk6Ry4fUEoJr
Kz2wmvvyBCR5oVYFxutjFjbz7gChcrJgzVMXPAbgo2tV24pfLxT1 2014-08-04T20:35:44Z reserve=1 # addr=1BW6hBjxbTW4QUF3sn1Ww4rPLCq5K54Pwb
L3r4h7P7QJ7tr6p2UhU3wpHtNDzLuLLXQw5fdrx4LNESu1gTrJjV 2014-08-04T20:35:44Z reserve=1 # addr=13CVYWNZeofeFHYCjmNS4maAAxC2q39wPq
L4Fy8KD8swyGtwh9Tz2UnXFfcCmcn8WqCBVx6vNrhquJhCRQebSy 2014-08-04T20:35:44Z reserve=1 # addr=1NJpqDsKkVcVzif6Sh1WZJs4mmDnJEBbWQ
L3VttvWGNAuyzinLwGmLgJ41X3eayx7VaG3CT9zbbCQWes3h6Uum 2014-08-04T20:35:44Z reserve=1 # addr=17i51TPKbkDs69KE667753pBWTVWyXTBeQ
L2sJRxP5mBta1qSjo8qHUMVzLNSqXmqpPP7Hr917B42Sh3o11Ns4 2014-08-04T20:35:44Z reserve=1 # addr=1Nt4Byf5PZ14GiKD3qCvtXHj5RijVn6t13
KwoftLoFxN18bR9c94CsMTMqaA2PBM7FR4KYRVMPks4rm8C7x2pZ 2014-08-04T20:35:44Z reserve=1 # addr=1HCvUwXab1thMaPfX1YPingemutn4dbNGK
L5nzf9koYwmtR6TUGciUnBRz6enMYezy9zYJGkE694iFMSEwWR4Q 2014-08-04T20:35:44Z reserve=1 # addr=17f2onV41VCjD11nq42Z6mi4toZfMMJnyR

# End of dump


And the only other Alts I really use regulary are Minerals. A bunch of those were taken too. Here is one of my addresses I sent MInerals too: ME7eBbAepDXziXyGodWx42a2PDTDLciG1b
Block explorer for Minerals is here: http://explorer.minerals.pro/

Checking through the other alts wallets I have are Karmacoin, Fitcoin, TheBotCoin and Sync coin
full member
Activity: 154
Merit: 100
Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were.
The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont Sad and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though)
Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new but it seems these transactions were before this wallet was installed.

The link to the Minerals coin thread is https://bitcointalksearch.org/topic/annmin-minerals-pos-developing-own-anon-solution-641057

Thanks for the help

Anti-virus will only find malware that it knows about. If the malware is only installed on a small amount of PC's then it will not detect it.

You should check your Teamviewer account when you get a chance. There must be a way to see if someone recently logged in. Teamviewer is very bad at keeping out hackers, if they have your account password they can login to your PC, Teamviewer do not check for suspicious logins (what I've been told).

You say you can't see any transactions. Can you see any "receiving addresses"? maybe the hacker deleted your wallet.dat file after he copied it and replaced it with a blank one.

Some of your BTC appear to have gone through a mixer. I'm still looking. Do you use any other altcoins BTW? shady altcoin developers have put viruses in their clients before.
sr. member
Activity: 252
Merit: 250
Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were.
The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont Sad and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though)
Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new

The link to the Minerals coin thread is https://bitcointalksearch.org/topic/annmin-minerals-pos-developing-own-anon-solution-641057

Thanks for the help
newbie
Activity: 16
Merit: 0
never save your money in your computer if you think you have not full security to save your money .
just aware your device in infected of hacker.
full member
Activity: 154
Merit: 100
Yes that is the address. So they would have to have access to the wallet.dat file then send them from my address, is that right?

It looks like they somehow got your wallet.dat file and dumped the private keys out and imported them to blockchain.info/wallet to spend. Likely because they don't have/want to sync the blockchain.

So it sounds like you've actually been hacked and it's not a technical bug.

These are all your addresss to?
http://blockchain.info/address/1Kniun52uhJjEdKJhW2QFzNNjBmtvJetWU
http://blockchain.info/address/1FEgzCSiXmBe966UDZnNUpwrziDv28P5dv
http://blockchain.info/address/1HGQ4J7VPDsF88RsjXSZXchJRenfevtHR2
http://blockchain.info/address/1MYvWmES69U2qP2kdHNwm9Gr4orp4K694R

It would be a good idea to post a list of every address in that wallet that had funds stolen when you get a chance. I'll take a look and see if we can find out anything about the hack from it if I have free time.

I would also NOT use the PC the wallet was on AT ALL.
Have a tech-savvy friend make backups of important files, and securely reinstall it before using it for anything important. However if you have another PC to use it may be a good idea not to do that right away as you'll want to figure out how you were hacked first to prevent others from being hacked the same way.

Did you keep backups of your wallet anywhere? was your wallet encrypted? if you use the password anywhere else CHANGE IT IMMEDIATELY from a secure PC, and change any passwords of other accounts you logged into recently on that PC. If you have any remaining bitcoin generate a new wallet on a secure PC and move them immediately.

What OS were you using? Do you have any remote control software like Teamviewer installed? Did you install anything Bitcoin or cryptocurrency related recently? what version of bitcoin-core were you running?

Whats the link to the minerals altcoin thread?
sr. member
Activity: 252
Merit: 250
Yes that is the address. So they would have to have access to the wallet.dat file then send them from my address, is that right?
full member
Activity: 154
Merit: 100
Do you use blockchain.info?

Is this your address? 18bSCvHxrLgUGP8vuWTQeyaNREjEaqkKrJ

If so, it looks like the hacker imported your addresses into blockchain.info to spend them as the last TX is reported as being originating from there:

http://blockchain.info/tx/3598f3e57f922f157120beae7461a396fb7a8efc44177d90014d59dfc1838f14

That may not be 100% accurate however.
sr. member
Activity: 252
Merit: 250
No it wasnt  lot thankfully, just over 1 BTC, but im more bummed about the Minerals Wallet, had a lot more in that one. If someone with a but more knowledge on tracking the blockchain can check that tx ID i sent from a exchange to my wallet can check I am looking at this properly?
hero member
Activity: 924
Merit: 1000
Every time i hear something like this my stomach cramps.. I get paranoid about the coins that I have. I have stopped downloading anything to my computer that Im not 100 percent sure it safe. I hope it wasn't too much of a loss.
sr. member
Activity: 252
Merit: 250
By the way, are you sure that it doesn't look like a normal change transaction (not normal/a stealing tx would be a whole bunch of inputs and just one output). If you're not sure, please post the transaction id up...

Im not 100% sure, here is a tx id from transferring a little from a exchange

e998ecedfe1dcbaaa33c585ceb75eca3a2ef325743654436e80cc48ae14f5f6b
sr. member
Activity: 252
Merit: 250
did you get an error saying your wallet.dat was corrupt?

if so did you say 'yes' re-download entire blockchain?

same thing happened to me - I used process explorer (or task manager if you must) to kill the bitcoind process. Fire it back up and after a while - hey presto...

Nope, didnt get any error messages, just opened the client and downloaded the last few hundred blocks and nothing was in there
hero member
Activity: 574
Merit: 500
did you get an error saying your wallet.dat was corrupt?

if so did you say 'yes' re-download entire blockchain?

same thing happened to me - I used process explorer (or task manager if you must) to kill the bitcoind process. Fire it back up and after a while - hey presto...
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
By the way, are you sure that it doesn't look like a normal change transaction (not normal/a stealing tx would be a whole bunch of inputs and just one output). If you're not sure, please post the transaction id up...
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
Yer just as we suspected, the keys were created only a couple of hours ago when i opened the wallet. This sucks. So the hacker just removed the wallet.dat file completely and when i opened the client it created new keys? Is this what happened?
Thanks for the help btw

Probably, Bitcoin will create 100 new addresses if wallet.dat is missing, and given that they got two different wallets, it sure doesn't sound like a technical glitch.

I'm sure you don't want to hear this, but to be safest you should probably reinstall everything from scratch at this point. Sad

If your wallets were encrypted, it's very likely you have a keylogger on your system. This means: (1) don't log into anything, and (2) after your system is reinstalled (or better yet, from a different system), change all your important passwords, especially financial ones, cause it's a good bet someone else could have them now...
sr. member
Activity: 252
Merit: 250
Yer just as we suspected, the keys were created only a couple of hours ago when i opened the wallet. This sucks. So the hacker just removed the wallet.dat file completely and when i opened the client it created new keys? Is this what happened?
Thanks for the help btw
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
I couldnt find a bunch of reserve requests in the log file. Im not much of a techie but how do i use the the dumpwallet in the debug console? I typed dumpwallet into the console but it is asking for a string?

I'm not sure it'll help you much, but here it is anyways (with the quotes, assuming you're on Windows):

Code:
dumpwallet "c:\walletdump.txt"

Then you can double-click it (the file), and it will display the creation time of all of the reserve addresses (I think in the UTC time zone).
sr. member
Activity: 252
Merit: 250
I couldnt find a bunch of reserve requests in the log file. Im not much of a techie but how do i use the the dumpwallet in the debug console? I typed dumpwallet into the console but it is asking for a string?
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
Thanks for the reply.

It seems I may have been hacked. I checked the address I have sent bitcoins to from an exchange and the blockchain says my balance is zero and a transaction was made yesterday emptying the wallet. MY Minerals Coin address has also been emptied too Sad
Will there be a trace of this transaction in the debug file? I have run a virus scan and all seems clean. Does anyone have any ideas how they got in?

That really stinks, I was optimistic it may have just been a technical glitch, so sorry if I got your hopes up. Sad

Is there any chance the transaction you're looking at was something you initiated, and you're just confusing a full-out transfer with a change address, or was there only one output?

Regarding the log file: maybe. Most hacker victims just have their wallets or keys stolen, and then the hacker transfers the Bitcoin out later. If the hacker actually used your PC to transfer the coin out, then it would be in the logs. Also in the logs will be a bunch of "reserve" address creation messages around the time your wallet.dat was recreated.

Did you have your wallet encrypted? Did you have RPC enabled?

Have you installed or upgrading any software on your PC recently (especially from this or another Bit/Altcoin forum)?
sr. member
Activity: 252
Merit: 250
Not that I know of, seems the Minerals wallet was emptied on he 2nd of this month and the Bitcoin wallet yesterday. So the malware could have been sitting there for a while.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
Did you download anything fishy lately?
legendary
Activity: 1722
Merit: 1217
https://www.buytrezor.com/ Then at least nothing like this will ever happen again.
sr. member
Activity: 252
Merit: 250
Thanks for the reply.

It seems I may have been hacked. I checked the address I have sent bitcoins to from an exchange and the blockchain says my balance is zero and a transaction was made yesterday emptying the wallet. MY Minerals Coin address has also been emptied too Sad
Will there be a trace of this transaction in the debug file? I have run a virus scan and all seems clean. Does anyone have any ideas how they got in?
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
If all the saved addresses are gone, I'd guess that either the wallet.dat file moved or was deleted (by accident? technical glitch? a hacker? hard to say...), or the place where Bitcoin Core is looking for the wallet.dat file changed/got reconfigured.

Usually hackers don't matter deleting the wallet.dat as far as I'm aware (they usually just transfer the Bitcoin out leaving you with a 0 balance but the same keys), so maybe that's a good sign....

Have you installed or upgrading any software on your PC recently? Do you have a backup of the wallet.dat? Did you ever intentionally choose an alternate datadir?

How much was in there (don't have to tell me, I just mean ask yourself)? If it was a lot and you have no backups, and if you're a techie yourself or if you're willing to enlist the aid of one (a friend or paid), you should probably assume a technical glitch (it's the best case) and do something drastic, like shut down your PC right now, and boot off of a rescue CD with some data recovery tools.

Otherwise, I guess I'd start by searching the whole HD for any wallet.dat file, including the Trash/Recycle Bin, in the hopes it was just an accident/technical glitch. If you do a dumpwallet via the debug console / RPC, it would be interesting to see the creation dates of all of the keys. I'm guessing they were all created just now when you opened your wallet, which means the original wallet.dat file wasn't where it was expected and it got recreated.

That's all I can think of for now...
sr. member
Activity: 252
Merit: 250
Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?

Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks
Jump to: