Pages:
Author

Topic: HELP, BITCOINS STOLEN - REWARD 600 Bitcoins or equivalent in Euro (Read 10385 times)

sr. member
Activity: 271
Merit: 250
at that time is was not so much ;-) And yes it was stupid
hero member
Activity: 574
Merit: 500
freedomainradio.com
You have to be really stupid to store that much btc on the most unsafe operating system out there. Before you store btc on windows you should store them in online wallets, it's way safer.
member
Activity: 84
Merit: 10
hey let it go. everything happens for a reason.  Smiley
sr. member
Activity: 271
Merit: 250
well i actually have new evidence in this case.

The hacker had provably an account at http://www.tf2whx.com/ and used various addresses to launder other coins. the admin of the website however refuses to hand out the IP/email address of the hacker, so i am now pursuing the official way which might take another 3 years.....


The only information i received from the website admins was:

These are the withdrawals that go to 1Bu..."
 Also I am only able to do this because this person was not in fact a customer of ours at all, it seems they just laundered their coins here. Which is illegal. If they would have purchased even 1 credit I would only be able to give this to law enforcement, so GG whoever this guy is. Good luck.
 




5:29 AM
ok, give him this:
 
transaction ids



5:29 AM
83d2fd573e5ce47fca38bc3895356b8ed4a6b98a4c2b49c030dd0444a2ac506f
 6b341d138d598e0164bf47176a613364a7dc979df88bde43579cdece323bd42a
 76f312c30b4109136859b7e5b30c67b0aebcf0a05411183d0eecb7a751f76c7c
 9e05e5f6c61ee2e900fba73599dc8d01f4430f08d57f101bdc2d8cd7008f7bc2
 d90536ed805519c1563a5af9c44121a289f86e8bc9edbf896f149e7511e0217b
 a3c17c0bc7b4ea1572a750b83a1711710c716be3f51d81e5af9a5988605b30df
 bbb6a33fc4beda28887c413fc52f4bc2107d909113fb0ea46538ed2d2fc0cda1 0643e458b597f43712c5cbed82b93db54cb1ed029d3d9c7bc546002ba855baf3 1e5b1a537a99c86db2d903373d7606ecaaa8bb5b60139a848e27c9946c918883 51f8013ae8a9f4bd0c9182747c5731ee6cde36e6c5e7380f62f52244d7c784a8 fdf76f34d4fcb497acb96a46d33c5b2d234e92e897f86214c05cbeb6bc2257e3
 This is a list of all the bitcoin transactions that the user who controls the 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12 address has made through our system
 That should be all he needs in order to track down the comings and goings of the bitcoins.
 

5:35 AM
His deposit address in our system was: 1EcFFZ7eykZQjw6LnDKiXg8NfjSUvqHKZE



If this would help anyone to identify the hacker, the 600 btc are still open reward
sr. member
Activity: 406
Merit: 250
Sorry to tell you this. Well most likely you won't see those btc agan. How could he trick you into installing it. Try contacting mail.ru and tell them the situation, maybe they can help you. IP is proxy or VPN so it is a dead end.
member
Activity: 84
Merit: 10
Is this still on?  Grin

Quite sure both sides forgot about it Smiley
newbie
Activity: 42
Merit: 0
Is this still on?  Grin
legendary
Activity: 1148
Merit: 1018
that hacker is doing good indeed. +$2.5MM with a lousy trojan horse.
newbie
Activity: 1
Merit: 0
the bitcoins are still remaing on the theefs wallet - maybe the 600 btc reward are now more interesting
full member
Activity: 154
Merit: 100
Paper wallets!  This is how you protect your bitcoins.  Just for fun, send 0.01 BTC to a paper wallet right now and then import it back.  Seeing it work is a valuable learning experience.

Paper wallet work until you need to load coins back to hacked machine.

At least you'll only lose 1/10 of your coins, assuming you split them across 10 paper wallets, and that's assuming the hacker can redeem them faster than you.  If you are being actively keylogged while you redeem a paper wallet, and you click OK or hit enter before he has a chance to initiate the theft transaction, he still won't be able to steal.  The normal password trojan that logs keystrokes and sends logs periodically to the hacker is good for stealing passwords and credit card numbers but won't be of any use if the entered key becomes worthless moments after entry - he either has to be watching you in real time, or use more sophisticated malware adapted to detecting you entered a key and then preventing you from completing your transaction once you enter the key.

So paper wallet once used, it should be emptied and no longer consider cold wallet, right?
legendary
Activity: 3472
Merit: 4794
mralbi,

I've finished my program that scans the blockchain and uses the inputs from transactions to link addresses to a single entity that controls the list of addresses.  A person can keep addresses from being tied together by being careful to keep their bitcoins in separate wallets or using raw transactions for coin-control to avoid connecting addresses together in inputs, so the program will not be able to report those addresses that are carefully segregated.

Running the program, I find 901 addresses that can all be said to have been used in inputs by someone who has the private key to 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT.

I've emailed the list to you.
legendary
Activity: 3472
Merit: 4794
yes, some data from bitmarket.eu also show that the addresses are used at least by the same computer
If that's true, then there is probably a MUCH larger list of addresses controlled by the thief and addresses that engaged in a transaction with the thief.

I'll try to put together the list for you later this week.  If you PM your email address, I'll email you the list when I've got it complete.
sr. member
Activity: 271
Merit: 250
yes, some data from bitmarket.eu also show that the addresses are used at least by the same computer
newbie
Activity: 28
Merit: 0
how are we going to help you get it back..?
legendary
Activity: 3472
Merit: 4794
dear all,
i have received NEW important information in this issue . . .

I can see here that the thief who controls 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS also controls 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12
http://blockchain.info/tx/7e1455f12fdbb7119fe350edb1410f2e1cdff723c15b7e2d9acb8568124e1bb5

And I can see here that the thief who controls 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12 received bitcoins from someone who controls 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT
http://blockchain.info/tx/83d2fd573e5ce47fca38bc3895356b8ed4a6b98a4c2b49c030dd0444a2ac506f

But I'm not sure how you determined that the person who controls 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT is also the person who controls 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

It certainly is possible that Mr. Rankin is the thief and sent bitcoins to himself, but isn't it also possible that the thief is someone else and received bitcoins form Mr. Rankin (or stole bitcoins from Mr. Rankin)?

Huh
sr. member
Activity: 271
Merit: 250
dear all,
i have received NEW important information in this issue


the hacker also owns the key 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT and his "real" email address is [email protected]
he used IP address 97.106.160.84
on 2012-10-05 at 20:51:51

he used to mine on deepbit, but they do not hand out any info about their users and do not answer to my mails.


Maybe one of your guys are smart enough to get any useful information about this case


the 600 BTC reward are still available
legendary
Activity: 2352
Merit: 1064
Bitcoin is antisemitic
Shouldn't any virus running be visible as a process? (I use http://systemexplorer.net to check them, beyond AVG free)

newbie
Activity: 28
Merit: 0
Sorry but I think your bitcoins are good as gone.
member
Activity: 98
Merit: 10
So what happens if you do find out who it was?  Even if he gets prosecuted, those Bitcoins are locked away with a key that the thief only knows.  As for him paying any restitution, good luck when he'll never have a real job.
newbie
Activity: 28
Merit: 0
Yeah all it is, is either a RAT or IRC/HTTP bot which has downloaded and executed a open source wallet stealer which uploads the wallet to an FTP. If its a rat then the attacker would of just used remote file manager.

Either way nothing special, having the binary used however would allow us to find the point of origin. Especially if a RAT was used because they make connection to the attacker themselves and not a centralized command and control server.


I think OP you being infected and having your wallet stolen would of been in the time frame of 24 hours max. So thinking back to when your had you wallet stolen anything within a day of downloading some form of exe would help.

Not only would you wallet of been stolen but you would of probably fell victim to the attacker actually mining on your computer. This is something else that saddens me because people who do this do very little to hide the login and password to the Pool they are mining for .
 

I would try a simple dictionary attack on the mail.ru for the email however I do not posses and Russian based pass lists. Either way ill keep trying and see what I can find.

Why does this happen to other people and not me, I WANT to be infected by such malware .
Pages:
Jump to: