Hacker moved coins from my wallet | Bitcointalksearch.org

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: DireWolfM14 on May 02, 2023, 02:09:34 PM

Why anyone who deals in crypto would continue to trust pirated software is a mystery to me. Especially just to get MS Office and Photoshop! If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong. Or just use LibreOffice and be done with it. And for most of us GIMP is a decent enough replacement for Photoshop. With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.

People like free stuff and not paying for software, that's why. Netflix isn't expensive, but even if it were $2, many wouldn't want to pay if they can download the show or movie they want as a torrent.

I don't know how good LibreOffice is, as I never tried it. I doubt GIMP can offer nearly the same that Photoshop can. Just use a separate device for less-safe software that is pirated or cracked if you must use it. Keep it off your computer where you work with crypto, private keys, financial data, and other personal stuff.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: DireWolfM14 on May 02, 2023, 02:09:34 PM

Why anyone who deals in crypto would continue to trust pirated software is a mystery to me. Especially just to get MS Office and Photoshop! If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong. Or just use LibreOffice and be done with it. And for most of us GIMP is a decent enough replacement for Photoshop. With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.

Even better: that $100 gets you a hardware wallet, or a second hand laptop to dedicate to only crypto usage (after wiping it).

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Quote from: Pmalek on May 02, 2023, 08:32:25 AM

Quote from: LoyceV on May 01, 2023, 02:18:03 AM

I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.

If you use cracked software and key generators, the AV will from time to time detect it as malware, quarantine it, and ask what you want to do next. You then have the option to allow the file back on the device, delete it, or keep it quarantined. A perfect example of that are the cracks that come with Microsoft Office products that many people use. The same thing can happen with Photoshop.

Why anyone who deals in crypto would continue to trust pirated software is a mystery to me. Especially just to get MS Office and Photoshop! If you must have Office for business purposes and your business can't afford to fork out the $100 for an annual subscription, you're doing it wrong. Or just use LibreOffice and be done with it. And for most of us GIMP is a decent enough replacement for Photoshop. With all the open source free software available these days, there's only risk and very little reward in the use of pirated software.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: LoyceV on May 01, 2023, 02:18:03 AM

I haven't use Windows in a long time, so I have to ask: is this "normal"? I would expect to use antivirus software as an absolute last resort, and wipe the system the moment it finds something. You make it sound as if it finds and quarantines malware on a regular basis.

If you use cracked software and key generators, the AV will from time to time detect it as malware, quarantine it, and ask what you want to do next. You then have the option to allow the file back on the device, delete it, or keep it quarantined. A perfect example of that are the cracks that come with Microsoft Office products that many people use. The same thing can happen with Photoshop.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: lovesmayfamilis on May 01, 2023, 09:57:00 AM

OP, electrum recently posted a new version of the product; if you are talking about two or three months, then your version was not fresh. I'm always paranoid about updates and try to keep everything fresh.
~snip~

I advise caution with the latest versions, because as I already wrote in the Electrum board, they messed something up with the Android version, and some users report that the combination of Electrum+Ledger does not work for them. In addition, they turn a very simple wallet into something too complicated, especially for new users.

Quote from: Avirunes on May 01, 2023, 10:38:11 AM

Yeah lessons learned with some price but now I need to see what would be the best way to setup my system and my way of working around these things. I now really wished that I would have come down to my senses for once and would have used my hardware wallet but being casual along the way you just start to follow things like you have been doing and only come down to sense once the harm has been done.

You have a new OS and that's a good start, and from now on be much more thorough in every step and check everything at least three times, and if necessary five times for larger amounts. Although no HW is perfect and cannot protect you from everything, it will still provide you with a fairly high level of security if you use it correctly.

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

I thought of a possible hack on this, considering the op address is a vanity address it's questionable what device it was generated with. Obviously it's impossible to generate through electrum, and needing to import privkey in a way that is actually vulnerable especially if the device has been infected with viruses from the start.

Aikidoka

sr. member

Activity: 1078

Merit: 342

Sinbad Mixer: Mix Your BTC Quickly

First of all, I'm sorry to hear about your loss Avirunes. However, I'm relieved to hear that the amount stolen wasn't a fortune given that I've seen instances of people losing large amounts of Bitcoin due to being hacked. This year, in particular, has been especially tumultuous, and it's likely due to people being careless with their wallet security

I've read nearly every post here, and I was curious about how you got hacked, but it seems that you're not sure about it. Given that your wallet is connected to the internet, it could have been any things happened. You mentioned a script running in the background on your OS which could be the problem here as Malwarebytes may not have detected it

Ensure that your fresh operating system is clean and avoid installing any suspicious software that you are unfamiliar with(any cracked or random software) It would be best to use Linux, as it is generally more secure than Windows, but prioritize securing your BTC wallet. Personally, I use both Linux and Windows, and if I need to test out suspicious software, I rely on the Windows sandbox feature, which acts exactly like a VM.

shasan

copper member

Activity: 2380

Merit: 1302

Playbet.io - Crypto Casino and Sportsbook

Quote from: NotATether on May 01, 2023, 07:08:35 AM

I'm not saying VanitySearch is stealing private keys from you, but being a cracking tool, it is designed for speed, so there's absolutely no security in mind. It doesn't try to scrub memory regions with private keys or anything.

Though based on the post of the Op it seems that vanity search has not leaked or not stolen the fund. But I have still doubts about that. I think it might have happened to them. Someone or some site might not steal anything that doesn't mean they will not. In the same way, the same thing might not be happened by Vanitysearch but it may happen/happen this time.

Avirunes

legendary

Activity: 3094

Merit: 1472

Quote from: BenCodie on May 01, 2023, 03:22:38 AM

Unfortunately, there is no place to discuss these things right now. Around 3 months ago I made a request for a cybersecurity and privacy board, where discussion can at least go well-documented and all discussion added to that board would serve as a good knowledge resource, however it has not yet been addressed. For now people are just having their questions answered when asked or people are adding to topics after it's already too late Huh

I would also love to see that happen. My post would be kind of similar to what julerz wrote but there really should be board properly dedicated to this.

Quote from: LoyceV on May 01, 2023, 04:15:10 AM

Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.

Yeah good point [+1]. I will set up a VM like this and work accordingly. Thanks really for pointing it out.

Quote from: Lucius on May 01, 2023, 06:02:19 AM

I assume you have the Premium version? Even then, you cannot be sure that it will detect every malicious software or attempt to compromise your operating system. When you look at the fact that hackers break into highly sophisticated systems and steal information, it should not be surprising that they bypass some trivial protections compared to such systems.

It's a shame that you stopped using the device that would have most likely protected you from what happened to you, but people learn best from their own mistakes. Surely you know that you can have multiple wallets on HW and protect each of them individually with a passphrase, so you can separate something that you keep long-term from what you will use in some way as a hot wallet.

Yeah lessons learned with some price but now I need to see what would be the best way to setup my system and my way of working around these things. I now really wished that I would have come down to my senses for once and would have used my hardware wallet but being casual along the way you just start to follow things like you have been doing and only come down to sense once the harm has been done.

Quote from: lovesmayfamilis on May 01, 2023, 09:57:00 AM

In addition, if I understand correctly, on April 30, the hacker stole not only the OP but several other transfers worth more than $2,000. Please correct me.

It could be anything: It could be like as you said or if the hacker swept the wallet directly to exchange then its exchange sweeping the deposit address to another address of their own.

About the VanitySearch, I don't think its the reason but I am not gonna use it anymore. I have generated bc1qwerty address years ago and have been using it for long time. What @BenCodie said is also right , and @NotTether is also right but that will make it a different case as I was the one careless in the end for getting my device infected with malware.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

OP, electrum recently posted a new version of the product; if you are talking about two or three months, then your version was not fresh. I'm always paranoid about updates and try to keep everything fresh.
In the same way, it is now important for you to find out, so as not to repeat what happened, if your Windows is really licensed with the latest updates. Winrar software is always recognized as very dangerous, as password-protected viruses are often put into it. In addition, the hacker can create a server for RDP remote access and hide it so that it is not detected in autoload and in the task manager. There are detailed instructions on the forums; the victim only needs to click on the link sent to hide the file and start surveillance.
In addition, if I understand correctly, on April 30, the hacker stole not only the OP but several other transfers worth more than $2,000. Please correct me.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: T3PR00T on May 01, 2023, 05:51:44 AM

I hear a lot about VM. How to have one and how much it costs. I will appreciate a link or article about it.

I use VirtualBox. It's free. Install it, and install your own OS inside or download an image.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Avirunes on May 01, 2023, 12:35:31 AM

Quote from: DireWolfM14 on April 30, 2023, 12:56:36 PM

What do you mean "only one in the wallet"? Did you create the wallet with an imported private key? So, you don't have a seed phrase?

This will serve as an answer to anduloika and you as well: The wallet address was created by VanitySearch and I trust this software but as a precaution I use it for only small amounts. Since its been so long , I started trusting for more balance. There were other addresses as well which also was created by VanitySearch as I like to generate some cool addresses and use it but none of them had any balance in it or were used in the forum except the one I use.

so @anduloika it wasn't a private key with recoverable security questions.

Bingo.

I'm not saying VanitySearch is stealing private keys from you, but being a cracking tool, it is designed for speed, so there's absolutely no security in mind. It doesn't try to scrub memory regions with private keys or anything.

That means if you used VanitySearch while connected to the internet or while there was a malware running, the private keys could've been captured that way, and it doesn't help that they usually don't provide checksums.

Also you have to be very careful where you download this kind of software from, these programs are the targets of malicious counterfeits that have backdoors in them for capturing the keys.

And PS. Antivirus software generally considers any software that deals with a "private key" to be a malware, so it would've went straight through it in that case.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Avirunes on May 01, 2023, 12:35:31 AM

As for Malwarebytes, I am bit surprised that it didn't alerted something running in background whenever I opened Electrum. I am bit paranoid about scripts running in background or autostartup so I had softwares to check those as well and delete/remove those things as well.

I assume you have the Premium version? Even then, you cannot be sure that it will detect every malicious software or attempt to compromise your operating system. When you look at the fact that hackers break into highly sophisticated systems and steal information, it should not be surprising that they bypass some trivial protections compared to such systems.

Quote from: Avirunes on May 01, 2023, 12:35:31 AM

About hardware wallet, I still have a Ledger Nano which I have used in the past to hold big balances but right now I don't use it. So yeah I have the policy of big balances to hardware wallets but there are cases where I need to move coins fast I tend to loose up a little and move into wallets that I have in my easily accessible devices.

It's a shame that you stopped using the device that would have most likely protected you from what happened to you, but people learn best from their own mistakes. Surely you know that you can have multiple wallets on HW and protect each of them individually with a passphrase, so you can separate something that you keep long-term from what you will use in some way as a hot wallet.

T3PR00T

member

Activity: 119

Merit: 38

Yo! Member

Quote from: LoyceV on May 01, 2023, 04:15:10 AM

Quote from: Avirunes on May 01, 2023, 03:09:52 AM

Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?

Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.

Sorry it's off-topic.
I hear a lot about VM. How to have one and how much it costs. I will appreciate a link or article about it.

Thank you.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Avirunes on May 01, 2023, 03:09:52 AM

Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?

Your guest OS is only as secure as your host OS. It's better to do it the other way around: on a trusted OS, use a VM to run untrusted software without risking your host OS.

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: BitcoinGirl.Club on May 01, 2023, 03:46:39 AM

Quote

he wallet address was created by VanitySearch

This is where it was compromised. In fact any hot wallet can not be trusted.

If Avirunes was using the open source VanitySearch by JeanLucPons then there is no reason why this would be the culprit, because it is software that you run locally and thus Avirunes should be the only one in control of the keys, you're not trusting someone else/another party with the keys as well. Technically, it should not be possible for VanitySearch to be the cause. Lets say that it was though, I am sure that the VanitySearch announcement thread would be flooded with similar complaints.

BitcoinGirl.Club

legendary

Activity: 2800

Merit: 2736

Farewell LEO: o_e_l_e_o

Quote from: Avirunes on April 30, 2023, 07:31:19 AM

Amount Scammed: 0.015 BTC

Thankfully it was not a fortune. Sorry for your loss brother.

P.S: I hope the large amount which you consider as your asset are safe in a multi sig wallet or hardware wallet. If it's not yet then your first priority will be to send them to a safe wallet.

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: Avirunes on May 01, 2023, 03:09:52 AM

Quote from: LoyceV on May 01, 2023, 02:18:03 AM

You make it sound as if it finds and quarantines malware on a regular basis.

It was in past and not on this device but basically I was referring to first action that I took back then as my usual action there^^. In this device, I didn't had any alerts from the antimalware program.

Quote from: BenCodie on May 01, 2023, 02:20:50 AM

-snip-

Interesting, I wasn't aware about that. I will give it a good read later and maybe you can give me link to a thread where these things can be properly discussed there.

Unfortunately, there is no place to discuss these things right now. Around 3 months ago I made a request for a cybersecurity and privacy board, where discussion can at least go well-documented and all discussion added to that board would serve as a good knowledge resource, however it has not yet been addressed. For now people are just having their questions answered when asked or people are adding to topics after it's already too late Huh

Avirunes

legendary

Activity: 3094

Merit: 1472

Quote from: LoyceV on May 01, 2023, 02:18:03 AM

You make it sound as if it finds and quarantines malware on a regular basis.

It was in past and not on this device but basically I was referring to first action that I took back then as my usual action there^^. In this device, I didn't had any alerts from the antimalware program.

Quote from: BenCodie on May 01, 2023, 02:20:50 AM

-snip-

Interesting, I wasn't aware about that. I will give it a good read later and maybe you can give me link to a thread where these things can be properly discussed there.

Quote

Switch to Linux as soon as you can.

Regarding this, I am using Linux inside virtual software like VMware and so for operating wallets. What do you guys think about this? or there is still some vulnerability?

BenCodie

legendary

Activity: 1666

Merit: 1037

Quote from: Avirunes on May 01, 2023, 12:35:31 AM

-snip-

All it takes is to connect to a suspicious website to become vulnerable on windows. Read into Reverse shell attacks. They target by the thousands, and do not require downloading files or inbound connections to take advantage of your system. All it takes is for you to connect to a predatory website, as it thrives on your systems outbound connection to a predatory server/website. To be clear about how easy it is to be reverse shelled, all software (even what you least expect) conducts outbound connections and every website you connect to has at least one outbound connection (usually between 3 and 10, depending on how many resources are required to load the page). This attack is commonly aimed toward Windows since it's the most common operating system, where attackers can build easily and gain the most. Switch to Linux as soon as you can.

I'm not saying this is what you have suffered from however it is possible considering you don't recall directly downloading anything suspicious or recall anything that you may have obviously done to become vulnerable.

Topic: Hacker moved coins from my wallet (Read 612 times)