Guess I got hacked | Bitcointalksearch.org

cad_cdn

hero member

Activity: 560

Merit: 500

Nail the F@cker!

Quote from: Delivereath on April 04, 2014, 06:21:01 AM

I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?

Delivereath

full member

Activity: 148

Merit: 100

I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?

James222

member

Activity: 98

Merit: 10

Wassup?

Yeah you probly got hacked. You probly had a keylogger. Run a virus scan also

fbueller

sr. member

Activity: 412

Merit: 287

Both of you are miners? There's a coincidence! Have you contacted the other person funds were taken from?

Chemistry1988

legendary

Activity: 1120

Merit: 1000

Quote from: BitDonkey on April 02, 2014, 10:54:47 PM

Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?

The interesting thing is he has lost the password, and it is not feasible to brute force it.
So, even if he agrees to pay you back, he can't.

Quote from: Revalin on January 12, 2014, 04:14:14 AM

Quote from: tazja on January 12, 2014, 12:15:16 AM

Thank you for answering me. If I know that I probably put 10 characters with a capital letter at the beginning and 2 number at the end without knowing what it was, I have a chance to find the password with a script?

1 capital letter == 26^1 == 26
2 digits == 10^2 == 100
7 mixed case == 52^7 == 1028071702528

26 * 100 * 1028071702528 == 2672986426572800

2672986426572800 passwords / 10 passwords per second == 8,470,364 years

BitDonkey

newbie

Activity: 9

Merit: 0

That is interesting. I too got hacked with two transactions (Feb 25th) to the same address (12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4) you listed. I didn't notice until I cranked up the 0.8.6 version wallet a couple of days ago. That is an address that user tazja claims to be his/her address.

You can see his reference to the address here in https://bitcointalksearch.org/topic/m.4145690

Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?

cad_cdn

hero member

Activity: 560

Merit: 500

no, was is 17 characters.

Quote from: justme27 on March 31, 2014, 02:29:42 PM

Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalksearch.org/topic/m.4145690

Did you have a 10-char password, by any chance?
https://bitcointalksearch.org/topic/m.4392968

justme27

member

Activity: 64

Merit: 11

Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalksearch.org/topic/m.4145690

Did you have a 10-char password, by any chance?
https://bitcointalksearch.org/topic/m.4392968

cad_cdn

hero member

Activity: 560

Merit: 500

yes, sorry to hear about your loss!

Quote from: LouReed on March 31, 2014, 01:58:27 PM

Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! Cry

LouReed

hero member

Activity: 732

Merit: 500

Nosce te Ipsum

Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! Cry

zvs

legendary

Activity: 1680

Merit: 1000

https://web.archive.org/web/*/nogleg.com

java is evil

cad_cdn

hero member

Activity: 560

Merit: 500

I don't gamble, and no faucets. it has to be a wallet stealer masked as another program.
I'm using MS Security Essentials and malwarebytes chameleon.

thx

Quote from: E.exchanger on March 30, 2014, 10:11:43 PM

Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!

E.exchanger

hero member

Activity: 714

Merit: 500

NEED CRYPTO CODER? COIN DEVELOPER? PM US FOR HELP!

Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!

cad_cdn

hero member

Activity: 560

Merit: 500

frustrating to have to admit that I got hacked with no idea how.

Quote from: BitcoinAwesomeMan on March 30, 2014, 05:17:35 AM

hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?

BitcoinAwesomeMan

newbie

Activity: 21

Merit: 0

hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?

cad_cdn

hero member

Activity: 560

Merit: 500

I run windows 7 on the machine in question.
I also just noticed that the hack is still ongoing.
I mine at elgius, so there was a pending payout due.
After discovering the hack I immediately changed my wallet passphrase, changed all my mining payout addresses,
Then, this morning another of my daily mining proceeds were again diverted again to the same address.
I have stopped my proceeds going to my address (this is MY address that was hacked 1M2yzo3YU5RDGtMnqWMANcSij7r7n9rbCL)
Payments are now going to another address that is working and un atached to thsi wallet.

I wish I could recover the funds - but more importantly figure out where I have been compromised. I'm thinking a very good keylogger attached to a windows service, or masked as a windows service (svchost.exe) or something. AV (malwarebytes chameleon comes up clean) MS antivirus clean as well.

upsetting to say the least.

Quote from: fbueller on March 29, 2014, 05:53:06 PM

Quote from: cad_cdn on March 29, 2014, 08:32:50 AM

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?

fbueller

sr. member

Activity: 412

Merit: 287

Quote from: cad_cdn on March 29, 2014, 08:32:50 AM

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?

cad_cdn

hero member

Activity: 560

Merit: 500

I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

Tammy Chan

hero member

Activity: 820

Merit: 1000

Quote from: cad_cdn on March 28, 2014, 08:11:32 AM

synched up my wallet and found a transaction... that I never made. it emptied my wallet.

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

looks like a couple others got hacked as well.

trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...

backup wallet would be useless because the tx has already happened in the chain correct?

Which wallet are you using? bitcoin-qt?
It is a bit strange that the hacker didn't empty your wallet, and there is still 0.09 BTC on that address.

You should now send the remaining 0.09 BTC to a new wallet ASAP.

cad_cdn

hero member

Activity: 560

Merit: 500

thx,
ya, I'm surprised, I'm pretty good with being careful, obviously, I missed something.
damn. that was my mining efforts to pay back purchases of gear....

Quote from: Zeeks on March 28, 2014, 08:14:23 AM

You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.

Topic: Guess I got hacked (Read 2504 times)