Author

Topic: Guess I got hacked (Read 2505 times)

hero member
Activity: 560
Merit: 500
April 04, 2014, 08:22:15 AM
#23
Nail the F@cker!
 
I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?
full member
Activity: 148
Merit: 100
April 04, 2014, 06:21:01 AM
#22
I also got hacked by the same user and I know that he is french and has some french IPs (I found a lot of them with the help of some forums admins). I got some old IPs which are not using proxy and I'm preparing a police complaint in France to get the identity of this person.

I probably got a virus/trojan and he was able to open a teamviewer session with my computer and stole my wallets. Unfortunately, I forgot a backup wallet which was unencrypted so he was able to easily transfer my bitcoins.

I also have a few of its online identites and you can find him on http://jomgegar.com/ (which clearly is a hacker forum) with username tazbox. He uses username tazja on bitcointalk and some other ones on french forums.

If someone wants to participate or help, you're welcome. This kind of hack can lead to prison (5 years) here in France and I'm determined to send him there.

Has anyone directly contacted him ?
member
Activity: 98
Merit: 10
Wassup?
April 03, 2014, 06:19:43 AM
#21
Yeah you probly got hacked. You probly had a keylogger. Run a virus scan also
sr. member
Activity: 412
Merit: 287
April 03, 2014, 06:10:25 AM
#20
Both of you are miners? There's a coincidence! Have you contacted the other person funds were taken from?
legendary
Activity: 1120
Merit: 1000
April 03, 2014, 12:48:23 AM
#19
Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?

The interesting thing is he has lost the password, and it is not feasible to brute force it.
So, even if he agrees to pay you back, he can't.  Smiley

Thank you for answering me. If I know that I probably put 10 characters with a capital letter at the beginning and  2 number at the end without knowing what it was, I have a chance to find the password with a script?

1 capital letter == 26^1 == 26
2 digits == 10^2 == 100
7 mixed case == 52^7 == 1028071702528

26 * 100 * 1028071702528 == 2672986426572800

2672986426572800 passwords / 10 passwords per second == 8,470,364 years
newbie
Activity: 9
Merit: 0
April 02, 2014, 10:54:47 PM
#18
That is interesting.  I too got hacked with two transactions (Feb 25th)  to the same address (12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4) you listed.  I didn't notice until I cranked up the 0.8.6 version wallet a couple of days ago.  That is an address that user tazja claims to be his/her address.

You can see his reference to the address here in https://bitcointalksearch.org/topic/m.4145690

Perhaps we can talk to him to get our coin back and/or find out why his/her address would be the place to send coin in a hack attack?
hero member
Activity: 560
Merit: 500
March 31, 2014, 02:42:17 PM
#17
no, was is 17 characters.

Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalksearch.org/topic/m.4145690

Did you have a 10-char password, by any chance?
https://bitcointalksearch.org/topic/m.4392968
member
Activity: 64
Merit: 11
March 31, 2014, 02:29:42 PM
#16
Quick search for 12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4:
https://bitcointalksearch.org/topic/m.4145690

Did you have a 10-char password, by any chance?
https://bitcointalksearch.org/topic/m.4392968
hero member
Activity: 560
Merit: 500
March 31, 2014, 01:59:36 PM
#15
yes, sorry to hear about your loss!


 
Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! Cry
hero member
Activity: 732
Merit: 500
Nosce te Ipsum
March 31, 2014, 01:58:27 PM
#14
Damn, that sucks bro! I got ripped off last week of 2.2 Bitcoin from that damn Blockchain.info phishing site, it's a pretty shitty fucking feeling to say the least!!! Cry
zvs
legendary
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
March 31, 2014, 01:07:58 PM
#13
java is evil
hero member
Activity: 560
Merit: 500
March 30, 2014, 10:17:31 PM
#12
I don't gamble, and no faucets. it has to be a wallet stealer masked as another program.
I'm using MS Security Essentials and malwarebytes chameleon.

thx

 
Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or  faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!
hero member
Activity: 714
Merit: 500
NEED CRYPTO CODER? COIN DEVELOPER? PM US FOR HELP!
March 30, 2014, 10:11:43 PM
#11
Sorry about that man but that maybe because of a keylogger or a wallet stealer. Do of often go on gambling websites randomly or  faucets or anything that requires you to make a deposit like gambling websites???

Which anti virus are you using ??
I strongly recommend to scan ever downloaded file with virustotal and get a pro version of malwarebytes !!
hero member
Activity: 560
Merit: 500
March 30, 2014, 09:49:32 AM
#10
frustrating to have to admit that I got hacked with no idea how.

hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?
newbie
Activity: 21
Merit: 0
March 30, 2014, 05:17:35 AM
#9
hmmm i dont think it would be anything that advanced. Might be some form of injection through the browser level possibly?
hero member
Activity: 560
Merit: 500
March 29, 2014, 06:11:46 PM
#8
I run windows 7 on the machine in question.
I also just noticed that the hack is still ongoing.
I mine at elgius, so there was a pending payout due.
After discovering the hack I immediately changed my wallet passphrase, changed all my mining payout addresses,
Then, this morning another of my daily mining proceeds were again diverted again to the same address.
I have stopped my proceeds going to my address (this is MY address that was hacked 1M2yzo3YU5RDGtMnqWMANcSij7r7n9rbCL)
Payments are now going to another address that is working and un atached to thsi wallet.

I wish I could recover the funds - but more importantly figure out where I have been compromised. I'm thinking a very good keylogger attached to a windows service, or masked as a windows service (svchost.exe) or something. AV (malwarebytes chameleon comes up clean) MS antivirus clean as well.

upsetting to say the least.



I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?
sr. member
Activity: 412
Merit: 287
March 29, 2014, 05:53:06 PM
#7
I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....

I ran the transactions on your address through a script that check's for k-reuse in signatures, it doesn't look like that was the case here..

What OS do you run? Download any new but unverified bitcoin related software lately?
hero member
Activity: 560
Merit: 500
March 29, 2014, 08:32:50 AM
#6
I am using bitcoin qt, latest version. I'm stumped as to how they got my priv key. I have not had reason to use it in a few weeks. My wallet is encrypted, and strong passphrase.

Also,
The address above is not mine, that is where the funds were sent to. I'm stumped! I would say- if I was careless, I deserve it, but I'm not careless with my wallet....
hero member
Activity: 820
Merit: 1000
March 28, 2014, 12:23:01 PM
#5
synched up my wallet and found a transaction... that I never made. it emptied my wallet.

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

looks like a couple others got hacked as well.

trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...

backup wallet would be useless because the tx has already happened in the chain correct?

Which wallet are you using? bitcoin-qt?
It is a bit strange that the hacker didn't empty your wallet, and there is still 0.09 BTC on that address.

You should now send the remaining 0.09 BTC to a new wallet ASAP.
hero member
Activity: 560
Merit: 500
March 28, 2014, 08:20:02 AM
#4
thx,
ya, I'm surprised, I'm pretty good with being careful, obviously, I missed something.
damn. that was my mining efforts to pay back purchases of gear....



You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.
sr. member
Activity: 325
Merit: 250
March 28, 2014, 08:18:27 AM
#3

Maybe your register email was hacked.Check it!
full member
Activity: 180
Merit: 100
March 28, 2014, 08:14:23 AM
#2
You probably used your private key on a compromised device at some point. Going off the scant information you provide anyway. You should carefully check all your devices for programs you don't recognize.
hero member
Activity: 560
Merit: 500
March 28, 2014, 08:11:32 AM
#1
synched up my wallet and found a transaction... that I never made. it emptied my wallet.

12gEgguL2ciHqerypstKM5WYCMcxRKsnQ4

looks like a couple others got hacked as well.

trying to figure out how it happened. I encrypt my wallet and have a passphrase that is pretty strong...

backup wallet would be useless because the tx has already happened in the chain correct?
Jump to: