Pages:
Author

Topic: Hacker moved coins from my wallet (Read 632 times)

legendary
Activity: 2730
Merit: 7065
May 03, 2023, 12:52:13 PM
#47
Why anyone who deals in crypto would continue to trust pirated software is a mystery to me.  Especially just to get MS Office and Photoshop!  If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong.  Or just use LibreOffice and be done with it.  And for most of us GIMP is a decent enough replacement for Photoshop.  With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.
People like free stuff and not paying for software, that's why. Netflix isn't expensive, but even if it were $2, many wouldn't want to pay if they can download the show or movie they want as a torrent.

I don't know how good LibreOffice is, as I never tried it. I doubt GIMP can offer nearly the same that Photoshop can. Just use a separate device for less-safe software that is pirated or cracked if you must use it. Keep it off your computer where you work with crypto, private keys, financial data, and other personal stuff. 
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
May 03, 2023, 06:33:07 AM
#46
Why anyone who deals in crypto would continue to trust pirated software is a mystery to me.  Especially just to get MS Office and Photoshop!  If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong.  Or just use LibreOffice and be done with it.  And for most of us GIMP is a decent enough replacement for Photoshop.  With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.
Even better: that $100 gets you a hardware wallet, or a second hand laptop to dedicate to only crypto usage (after wiping it).
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
May 02, 2023, 02:09:34 PM
#45
I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.
If you use cracked software and key generators, the AV will from time to time detect it as malware, quarantine it, and ask what you want to do next. You then have the option to allow the file back on the device, delete it, or keep it quarantined. A perfect example of that are the cracks that come with Microsoft Office products that many people use. The same thing can happen with Photoshop.  

Why anyone who deals in crypto would continue to trust pirated software is a mystery to me.  Especially just to get MS Office and Photoshop!  If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong.  Or just use LibreOffice and be done with it.  And for most of us GIMP is a decent enough replacement for Photoshop.  With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.
legendary
Activity: 2730
Merit: 7065
May 02, 2023, 08:32:25 AM
#44
I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.
If you use cracked software and key generators, the AV will from time to time detect it as malware, quarantine it, and ask what you want to do next. You then have the option to allow the file back on the device, delete it, or keep it quarantined. A perfect example of that are the cracks that come with Microsoft Office products that many people use. The same thing can happen with Photoshop. 
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 02, 2023, 04:02:11 AM
#43
OP, electrum recently posted a new version of the product; if you are talking about two or three months, then your version was not fresh. I'm always paranoid about updates and try to keep everything fresh.
~snip~

I advise caution with the latest versions, because as I already wrote in the Electrum board, they messed something up with the Android version, and some users report that the combination of Electrum+Ledger does not work for them. In addition, they turn a very simple wallet into something too complicated, especially for new users.



Yeah lessons learned with some price but now I need to see what would be the best way to setup my system and my way of working around these things. I now really wished that I would have come down to my senses for once and would have used my hardware wallet but being casual along the way you just start to follow things like you have been doing and only come down to sense once the harm has been done.

You have a new OS and that's a good start, and from now on be much more thorough in every step and check everything at least three times, and if necessary five times for larger amounts. Although no HW is perfect and cannot protect you from everything, it will still provide you with a fairly high level of security if you use it correctly.
hero member
Activity: 2254
Merit: 680
Signature designer - start @$10 - PM me!
May 01, 2023, 08:37:29 PM
#42
I thought of a possible hack on this, considering the op address is a vanity address it's questionable what device it was generated with. Obviously it's impossible to generate through electrum, and needing to import privkey in a way that is actually vulnerable especially if the device has been infected with viruses from the start.
sr. member
Activity: 1078
Merit: 342
Sinbad Mixer: Mix Your BTC Quickly
May 01, 2023, 05:29:57 PM
#41
First of all, I'm sorry to hear about your loss Avirunes. However, I'm relieved to hear that the amount stolen wasn't a fortune given that I've seen instances of people losing large amounts of Bitcoin due to being hacked. This year, in particular, has been especially tumultuous, and it's likely due to people being careless with their wallet security
I've read nearly every post here, and I was curious about how you got hacked, but it seems that you're not sure about it. Given that your wallet is connected to the internet, it could have been any things happened. You mentioned a script running in the background on your OS which could be the problem here as Malwarebytes may not have detected it

Ensure that your fresh operating system is clean and avoid installing any suspicious software that you are unfamiliar with(any cracked or random software) It would be best to use Linux, as it is generally more secure than Windows, but prioritize securing your BTC wallet. Personally, I use both Linux and Windows, and if I need to test out suspicious software, I rely on the Windows sandbox feature, which acts exactly like a VM.
copper member
Activity: 2422
Merit: 1313
Playbet.io - Crypto Casino and Sportsbook
May 01, 2023, 04:33:14 PM
#40
I'm not saying VanitySearch is stealing private keys from you, but being a cracking tool, it is designed for speed, so there's absolutely no security in mind. It doesn't try to scrub memory regions with private keys or anything.

Though based on the post of the Op it seems that vanity search has not leaked or not stolen the fund. But I have still doubts about that. I think it might have happened to them. Someone or some site might not steal anything that doesn't mean they will not. In the same way, the same thing might not be happened by Vanitysearch but it may happen/happen this time.
legendary
Activity: 3094
Merit: 1472
May 01, 2023, 10:38:11 AM
#39
Unfortunately, there is no place to discuss these things right now. Around 3 months ago I made a request for a cybersecurity and privacy board, where discussion can at least go well-documented and all discussion added to that board would serve as a good knowledge resource, however it has not yet been addressed. For now people are just having their questions answered when asked or people are adding to topics after it's already too late Huh

I would also love to see that happen. My post would be kind of similar to what julerz wrote but there really should be board properly dedicated to this.


Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.

Yeah good point [+1]. I will set up a VM like this and work accordingly. Thanks really for pointing it out.


I assume you have the Premium version? Even then, you cannot be sure that it will detect every malicious software or attempt to compromise your operating system. When you look at the fact that hackers break into highly sophisticated systems and steal information, it should not be surprising that they bypass some trivial protections compared to such systems.

It's a shame that you stopped using the device that would have most likely protected you from what happened to you, but people learn best from their own mistakes. Surely you know that you can have multiple wallets on HW and protect each of them individually with a passphrase, so you can separate something that you keep long-term from what you will use in some way as a hot wallet.

Yeah lessons learned with some price but now I need to see what would be the best way to setup my system and my way of working around these things. I now really wished that I would have come down to my senses for once and would have used my hardware wallet but being casual along the way you just start to follow things like you have been doing and only come down to sense once the harm has been done.


In addition, if I understand correctly, on April 30, the hacker stole not only the OP but several other transfers worth more than $2,000. Please correct me.

It could be anything: It could be like as you said or if the hacker swept the wallet directly to exchange then its exchange sweeping the deposit address to another address of their own.



About the VanitySearch, I don't think its the reason but I am not gonna use it anymore. I have generated bc1qwerty address years ago and have been using it for long time. What @BenCodie said is also right , and @NotTether is also right but that will make it a different case as I was the one careless in the end for getting my device infected with malware.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
May 01, 2023, 09:57:00 AM
#38
OP, electrum recently posted a new version of the product; if you are talking about two or three months, then your version was not fresh. I'm always paranoid about updates and try to keep everything fresh.
In the same way, it is now important for you to find out, so as not to repeat what happened, if your Windows is really licensed with the latest updates. Winrar software is always recognized as very dangerous, as password-protected viruses are often put into it. In addition, the hacker can create a server for RDP remote access and hide it so that it is not detected in autoload and in the task manager. There are detailed instructions on the forums; the victim only needs to click on the link sent to hide the file and start surveillance.
In addition, if I understand correctly, on April 30, the hacker stole not only the OP but several other transfers worth more than $2,000. Please correct me.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
May 01, 2023, 07:48:54 AM
#37
I hear a lot about VM. How to have one and how much it costs. I will appreciate a link or article about it.
I use VirtualBox. It's free. Install it, and install your own OS inside or download an image.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
May 01, 2023, 07:08:35 AM
#36
What do you mean "only one in the wallet"?  Did you create the wallet with an imported private key?  So, you don't have a seed phrase?

This will serve as an answer to anduloika and you as well: The wallet address was created by VanitySearch and I trust this software but as a precaution I use it for only small amounts. Since its been so long , I started trusting for more balance. There were other addresses as well which also was created by VanitySearch as I like to generate some cool addresses and use it but none of them had any balance in it or were used in the forum except the one I use.

so @anduloika it wasn't a private key with recoverable security questions.

Bingo.

I'm not saying VanitySearch is stealing private keys from you, but being a cracking tool, it is designed for speed, so there's absolutely no security in mind. It doesn't try to scrub memory regions with private keys or anything.

That means if you used VanitySearch while connected to the internet or while there was a malware running, the private keys could've been captured that way, and it doesn't help that they usually don't provide checksums.

Also you have to be very careful where you download this kind of software from, these programs are the targets of malicious counterfeits that have backdoors in them for capturing the keys.

And PS. Antivirus software generally considers any software that deals with a "private key" to be a malware, so it would've went straight through it in that case.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 01, 2023, 06:02:19 AM
#35
As for Malwarebytes, I am bit surprised that it didn't alerted something running in background whenever I opened Electrum. I am bit paranoid about scripts running in background or autostartup so I had softwares to check those as well and delete/remove those things as well.

I assume you have the Premium version? Even then, you cannot be sure that it will detect every malicious software or attempt to compromise your operating system. When you look at the fact that hackers break into highly sophisticated systems and steal information, it should not be surprising that they bypass some trivial protections compared to such systems.

About hardware wallet, I still have a Ledger Nano which I have used in the past to hold big balances but right now I don't use it. So yeah I have the policy of big balances to hardware wallets but there are cases where I need to move coins fast I tend to loose up a little and move into wallets that I have in my easily accessible devices.

It's a shame that you stopped using the device that would have most likely protected you from what happened to you, but people learn best from their own mistakes. Surely you know that you can have multiple wallets on HW and protect each of them individually with a passphrase, so you can separate something that you keep long-term from what you will use in some way as a hot wallet.
member
Activity: 119
Merit: 38
Yo! Member
May 01, 2023, 05:51:44 AM
#34
Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?
Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.
Sorry it's off-topic.
I hear a lot about VM. How to have one and how much it costs. I will appreciate a link or article about it.

Thank you.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
May 01, 2023, 04:15:10 AM
#33
Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?
Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.
legendary
Activity: 1708
Merit: 1048
May 01, 2023, 03:55:57 AM
#32
Quote
he wallet address was created by VanitySearch
This is where it was compromised. In fact any hot wallet can not be trusted.

If Avirunes was using the open source VanitySearch by JeanLucPons then there is no reason why this would be the culprit, because it is software that you run locally and thus Avirunes should be the only one in control of the keys, you're not trusting someone else/another party with the keys as well. Technically, it should not be possible for VanitySearch to be the cause. Lets say that it was though, I am sure that the VanitySearch announcement thread would be flooded with similar complaints.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
May 01, 2023, 03:46:39 AM
#31
Amount Scammed: 0.015 BTC
Thankfully it was not a fortune. Sorry for your loss brother.

P.S: I hope the large amount which you consider as your asset are safe in a multi sig wallet or hardware wallet. If it's not yet then your first priority will be to send them to a safe wallet.
legendary
Activity: 1708
Merit: 1048
May 01, 2023, 03:22:38 AM
#30
You make it sound as if it finds and quarantines malware on a regular basis.

It was in past and not on this device but basically I was referring to first action that I took back then as my usual action there^^. In this device, I didn't had any alerts from the antimalware program.


-snip-

Interesting, I wasn't aware about that. I will give it a good read later and maybe you can give me link to a thread where these things can be properly discussed there.

Unfortunately, there is no place to discuss these things right now. Around 3 months ago I made a request for a cybersecurity and privacy board, where discussion can at least go well-documented and all discussion added to that board would serve as a good knowledge resource, however it has not yet been addressed. For now people are just having their questions answered when asked or people are adding to topics after it's already too late Huh
legendary
Activity: 3094
Merit: 1472
May 01, 2023, 03:09:52 AM
#29
You make it sound as if it finds and quarantines malware on a regular basis.

It was in past and not on this device but basically I was referring to first action that I took back then as my usual action there^^. In this device, I didn't had any alerts from the antimalware program.


-snip-

Interesting, I wasn't aware about that. I will give it a good read later and maybe you can give me link to a thread where these things can be properly discussed there.



Quote
Switch to Linux as soon as you can.

Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?
legendary
Activity: 1708
Merit: 1048
May 01, 2023, 02:20:50 AM
#28
-snip-
All it takes is to connect to a suspicious website to become vulnerable on windows. Read into Reverse shell attacks. They target by the thousands, and do not require downloading files or inbound connections to take advantage of your system. All it takes is for you to connect to a predatory website, as it thrives on your systems outbound connection to a predatory server/website. To be clear about how easy it is to be reverse shelled, all software (even what you least expect) conducts outbound connections and every website you connect to has at least one outbound connection (usually between 3 and 10, depending on how many resources are required to load the page). This attack is commonly aimed toward Windows since it's the most common operating system, where attackers can build easily and gain the most. Switch to Linux as soon as you can.

I'm not saying this is what you have suffered from however it is possible considering you don't recall directly downloading anything suspicious or recall anything that you may have obviously done to become vulnerable.
Pages:
Jump to: