Pages:
Author

Topic: HELP, BITCOINS STOLEN - REWARD 600 Bitcoins or equivalent in Euro - page 4. (Read 10385 times)

full member
Activity: 196
Merit: 100
Another block in the wall
it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.

Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency


Have you ever thought,  maybe the Bitcoins were crying out for freedom, yearning to flow among exotic wallets, being one with the community.

I guess they got tired of being hoarded. The attacker will be seen as a liberator.

Stockholm Syndrome will take effect soon. At this point, it's hopeless dude.

sr. member
Activity: 271
Merit: 250
it was windows 7 operating system, i still dont know 100% how i got infected, but it was for sure some trojan horse with keylogger.

Thanks for the info. maybe I really have a chance to catch as soon as he tries to convert to FIAT currency
donator
Activity: 994
Merit: 1000
I suppose it was a windows operating system?

full member
Activity: 196
Merit: 100
Another block in the wall
Op still haven't told how he got infected.

Now I'm all paranoid.

Damn inconvenience of additional security.
newbie
Activity: 6
Merit: 0
[Deleted Information I provided]

Op I'm going to compile a list on everything I can find out this thief. Just give me time to filter all the relevant information.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
The attacker used IP address 178.176.96.4 for one of the exchanges he logged into.

He withdrew coins to this address: 15TDgQpCaNjxyBpi7Jp6EmZW1bHAEaxTxY
Unused, and the coins have not yet been moved.
legendary
Activity: 3472
Merit: 4794
I was hoping here is some expert that could connect hash information with IP data or personal data somehow.
Unfortunately for you in this instance (and fortunately for bitcoin as a currency system) there isn't any connection between hash information and the IP or personal identity of the person who creates a transaction.

If the thief isn't careful there might be some possibility that he will create a transaction that will move some of those coins he now owns (or give a receiving address associated with the stolen coins) to someone who can identify him , and with a huge amount of luck that person could end up being an honest person who is aware of the theft from this discussion.  This is highly unlikely, but from a blockchain standpoint there really aren't any better options.

Looking at the blockchain today, I can confirm at this point in time the thief seems to own the following addresses:
1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS
1PJHvJWKLH9qwaRKeyVS2rC5gfZMr344LB, 1BuXv589E9pqYrLfcMiUPnurgBZZS6sL12, 1EPwBwuxyfyQF9kwkwDLoqYw2vcxFCDSYa, 1MGpi8ChSTbDRTA7h3gHh89UGirvsXMCZ1, 1CoTHatdK7hEsZJvymuCNf7eQoApMCuJxo, 126ZVBxjad3BtATBXeeq3uZPcKn24zr4gf, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 15QUs9EGw283oisjzSF8XP28Kg4FVugveE, 14PnHT4YonpSzccX9GBpmkh4ohs8dDYDaN, 1BmSgffyC6WAJBBSJbXXodcvcw4cQsthW5

In addition the thief has received from or sent to the following addresses (many of which the thief may also own, but I am not able to confirm this yet).  If anyone happens to own any of these addresses (or know who does), then there is a good chance that they know who the thief is (or they also were stolen from):
1129ApiFKympPgHnzNnW8VNaDAYwgTEtMG, 126RfCopCdAS4qoZjTQPaufnvkDCmtsiwp, 12J8nM48ZNZMBaxFRBcyMbHhNkiPKCzQaY, 12Lt8DgTSwbDfQ5EKDkdoiX5czsJfSQcrK, 12r5PLeSPCcTFE78o1SbgaqUXoiY9LfWMV, 1322uvUdCME77yt8tQfkUAGpRtmRXf4EQp, 139TaFcXGJVuTDbR3TfpiGfiegt4jAFpiY, 13ja4sRDMG1uyAwxeAtV52dU4mtk8cHW73, 13XgASZP7N6pTMeyS5Sq8JeuCAkNzefnT7, 142qkA5L4sy1suDJRWfm6njmg3NPneqXmk, 14FSCmXntye2Hm9FGXnbBXiGiziKD41Zzb, 14KThQGAxVcqFLWF5QvESWPWoRqQ5L6i5z, 14oByZkGE9TxPMTeYZYzeNakJuSk7xWXa2, 1513U6VjSwhr3ZAAN3MnDnFHmcXY1HPWdF, 15bGw4QDZNqPPqFqV2kq3oAZB5r5dvUaER, 15GyGHvCUoG1KTPtycoVcqATGu4Ex4DVXo, 15kBvBLejU14VroJgdr863i1FqT6QkWB7U, 15UjaZJxjWdgB8jC6KivuuhbhbxoLuWwDm, 15yk8fiyuAXDTqGL8ekPCsNN7vX6dV6ALf, 163ZekxCzX7RKU49DUc4mda5knqNc3NF3z, 168NqBEoGjWbUwxhKXeCiALiGU8suxW1Ue, 16DnRquyKbsrGAPbp1Z8GxNctLia9t12Ee, 16mMWkKrERWVzAGWbnCxMFoAF9ghTB67MM, 17CLN16PvCdgTYzWKyuc3FjSu1nhGFtFEf, 17KJ3M8vBMNp7vBwwsGp33QN81jNXPa5u, 17m9n5uFTwK1Nfg9Py9STfGg3BNDvVwGyk, 17Vk6E3mNzfyTmZKpRWquKZGR51T7HEXiu, 18drKV9xUJNgKwWPQdpKYUspkKiHsob8xK, 18r9qqqMMtrx1i1xaH624uSFoRkQGqPK7x, 18vWaDD9djRFuZF672PfSzgN19Duvcivsj, 198hk8Qk8v7y2tRaxpE1iJU9fVkX6Tb7ph, 199Y5zwijtZbB6hE77MQxgG7vmDuD4Jv7Y, 19SQ9iFCGyKWeoxDktrVNczWkH6cQ3kmpV, 1A7SukLsFZDNezR2BX4LhJo73HJdBkH6Ua, 1AbY3D7VFRemePM2NgUTquQmAjXLKPg7XH, 1AFs9GrQyPQpN5W73RzizcEap1CQ7whPZT, 1Ah5hZVevKbDcFLJiwxUTJs2BaySe9S1sV, 1ApkrEjJ5ByihAQZrJxqeau5P19HF8wPSw, 1BDWwDLNAUwAiaqJHvNmMKUNo1U4gbiRHA, 1Bn7XjuwZqScjgT7eytm8mpU8PEpCxXdMN, 1Byx2Wt8phzcuHf5XDZwoFqQq5nErxqrt, 1Cig4FxUY59xVJYeUaF8YtEyfbxDsfVkYm, 1CLVnMWEwzuGVcQ6L2WBoUJQFj3B9XeVmx, 1CMpywEPKTBBsWxccWkTk5tzizteyRG1WZ, 1Dm9XuD28BGYDxi5Rxt38S66ehRSZ2ajtV, 1EcFFZ7eykZQjw6LnDKiXg8NfjSUvqHKZE, 1EedaVtSyVrmkbbAx7iJQpUfFr5beeNHbY, 1Ff3XukPtmVtk9JFr8JVyRZ7rWKoKEY5TV, 1EgQM7unQm59oPm4F87ZRD6JwX4a9WGdTz, 1FbaMihMDCANJ6Xgxc7BgNroKXF1yrEho9, 1FbASjLhfbmF5eKJKzK3Cb55rCN1REuXSY, 1FRb654gcqj38rx9UadziGjLEs1fMSeFjD, 1FuzUfqkWrNaac3j6c8CiWmjCjRMiWjjFZ, 1FyVmocPa9wWwY5WjKtzHwrU8r1NkFE8h9, 1FzVCGK5n9tmj6hPFFffWnC8mjnWZL7bCn, 1FZVJD95CaDAheHCP6R9PiA2Jb4ojVhBSx, 1GjrbSXP1mYCoZbUnGjp5JGvPH4cNK8epK, 1H9QXBc3a4qkRgsLdD1BVoaVKm9UP5PWfa, 1HJ2U8ckG24UADWF1M6DEfnuUmMgcsURot, 1HV2sYHjAZEueYe5fF14CBEwQJ9Fawnaqo, 1Jo3M8W6F9ACiLRaAiZs3LMSZfnniCStPz, 1JoTxrqZAhWXTDFPoChKFk7hqDfmkC6tUG, 1JuTf9JFpV4wDYLSCKQZHF4hBX6edxr4R6, 1KGxAeHHALMnJPzGbSb6A6BxRLyrmhmgkQ, 1KNpeXAxx4qLctNv2XKVVCPoMPt2BmbH6o, 1KPy4EJFV8ZRgMDoZQ9usZKRrdq1eKGgeK, 1KXNoekZ8VjZrkrchr6UUVPbBfyGsXcQcr, 1LEJa3uDvwpZJTH7ygbV6Fjskfc3AZ7ns9, 1Lgq3bdysYJYBAJrvjKCXWgiP3kC7tgusE, 1LNqumVxZLpMmk2YAZv94dcoZgyG5FnN3J, 1LUAZUR3zFBaf3kxmpmD18gXCU68tQnTnK, 1MmzRFGAg8HdDHnDJTKo1cKNsgxxiMYUtP, 1MUDnDKYbkMqZjDapcb69dct83xxwXkNp1, 1MZWEMTQAb1PPnNi2rFYLMakxHuGAkVK73, 1N2BPjxdD46AxYiWSLSvx1THG9xhzHNC2c, 1NePkjQCHgJ4u94qgS2WjQMqivTYrk2ZGA, 1NomJEEBXuUU2ioaqNdkYYY7PKqdwd3sUx, 1NTAA7itEJ9R8zgqCobi4JqJ4eC4ZtAr7c, 1P8edr8cDnnRxtU745V9w9am9DQbf287Cw, 1P9ZJaeAG6vY6XH29P1orTRk1JKm7TEaqf, 1Pkio2icGqKkghPHYREinMFFcuDN14s8A8, 1Pu6uF7A2DfuAsaxM637j3H1wtFKAGB2BV, 1q543G6muPvXJ6bXETJL3S7tuAthMtDkM, 1QAgtMUhna8dgM4HuhAuvtwSxXFMLMjgxq, 1y2PkvvtkkkV4uVZuePVuXmMUYHBWr4Zn

That being said, if a forensic team gains access to your hard drive their is probably a better chance of them finding useful information to track down the thief than the chance that the thief will engage in a transaction using one of these addresses with an honest person who happens to see this discussion.  (Both possibilities are so unlikely that you probably need to consider the coins gone).  I hope you get lucky though.
hero member
Activity: 714
Merit: 504
^SEM img of Si wafer edge, scanned 2012-3-12.
I am reporting a hack as well, by the same email. Most exchange accounts were protected by google authenticator, these seem okay. I've lost 100 Bitcoins on one account that didn't offer GA, and one got compromised but didn't suffer losses.

Still investigating method of attack.

Edit: My harddrive has not been erased.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
Using Armory front-end on two separate computers, one without network connection is the safest approach in my opinion.

Erased harddrive? The thief got his lulz in addition of 2600 BTC proft!
newbie
Activity: 37
Merit: 0
Dude, turn off your computer, go to police and tech-savvy private investigators.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Sorry to hear of your loss.

This never happens when you store your bitcoins on paper wallets.  Print yourself some paper wallets today from BitAddress.org

EASIEST WAY to redeem a paper wallet is at BlockChain.info - create a digital wallet, and use "Import Private Key" function.  You don't have to be a regular BlockChain.info user - just create a throwaway wallet if you wish.

PROTIP: Divide your stash into 10 equal parts, and put each part on its own paper wallet.  This way you never have to put more than 10% of your stash online at any given time unless you are spending more than that.
newbie
Activity: 28
Merit: 0
thanks for the tipps so far,


well, to be honest, i do not know how long the trojan was active before that. I only realized of course when the bitcoins were gone. Unfortunately he also erased my whole harddrive, so i could not even figure out which trojan it was.

Luckily i did not store all my coins there, i still have most of it at other places, also offline, but still this is a very bad thing...


Also, i do not think i would have a chance to get these coins back, but at least it would be good to get the identity of this guy. Mazbe he makes some mistake and there is a chance to catch him with the info from the blockchain.

I was hoping here is some expert that could connect hash information with IP data or personal data somehow.
I think you lose your bitcoins for ever



sr. member
Activity: 271
Merit: 250
thanks for the tipps so far,


well, to be honest, i do not know how long the trojan was active before that. I only realized of course when the bitcoins were gone. Unfortunately he also erased my whole harddrive, so i could not even figure out which trojan it was.

Luckily i did not store all my coins there, i still have most of it at other places, also offline, but still this is a very bad thing...


Also, i do not think i would have a chance to get these coins back, but at least it would be good to get the identity of this guy. Mazbe he makes some mistake and there is a chance to catch him with the info from the blockchain.

I was hoping here is some expert that could connect hash information with IP data or personal data somehow.



newbie
Activity: 6
Merit: 0
Probably a long shot however do you still have the binary of the trojan used to steal your wallet file. Majority of the wallet stealers originate from the same source which uploads the wallet.dat to an FTP server. With a little RE using some debug tools you may be able to find a little more info about the person by finding the ftp host name user and password.

If that does not help running the binary within a virtual machine and checking to see the outbound connection would possibly allow you to see the ip of the command and control server used for his trojan horse in which case you could use do a whois on it. However there could be a possibility that they may have used false credentials for their c&c.

Again a longshot, will post if anything more springs to mind.
hero member
Activity: 576
Merit: 514
Those previous transactions are most probably from other victims of the trojan.
With the exception of OP's coins and a 15btc tx all others are multiples of 50btc though.
I also looks like each of those 50btc transactions goes through 1CLVnMWEwzuGVcQ6L2WBoUJQFj3B9XeVmx or 1HeyN2fuKPurGPQsSSpt3S2Ruy7zc5rye9 if you just go back long enough.
Maybe it's a mixing pool?
legendary
Activity: 1512
Merit: 1049
Death to enemies!
Quote
With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)
I always told that wallet encryption is not good at protecting the coins, here is proof now!

Quote
i allowed some hacker to somehow install a trojan horse on my pc
You did not allow him to install, You installed the trojan yourself!

How You supposed to pay these 600 coins? From returned coins? Because I cannot imagine how to return the coins in this case. I have few ideas how to try to unmask the thief but it is private talk.

The police should not need to know what the bitcoins are. All they need to know that computer have trojan installed and they need to do their job and try to find who compromised the system. It may or may not be possible depending how the hacker realized the operational security.

2600 coins are 30 kilodollars!
legendary
Activity: 1092
Merit: 1016
760930
Dear all,

stupid as i am i allowed some hacker to somehow install a trojan horse on my pc where i stored some of my bitcoins. (around 2600), With keylogger he got all my passwords and, of course stole my local wallet file (encryption did not help)

The hacker sent the bitcoins to the address: 1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS

http://blockchain.info/address/1Q3KFL7Z1BTpUboDaU6Qj3t9xCXWpzNntS


Of course i will have the police investigate, but they do not even know what bitcoin is.....
Maybe some of you are expert enough to track the bitcoins so the hacker can loose anonymity by selling them on some platform or similar.


At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address [email protected] and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

If you have a hint that discovers the identity of this person so i can get the bitcions back, i offer a reward of 600 BTC or bitcoin equivalent.

Thanks




When exactly did you get the trojan? While installing what application or visiting what site? What is the trojan name? This would be very useful information to investigate upon.
legendary
Activity: 1092
Merit: 1016
760930
It's a bit strange that someone who successfully stole your wallet would use an already existing address to send the money to, instead of using a brand new one.

From the information on the blockchain, I would create a list of addresses which have sent to that one address in question, or recevied from it.

Then offer a bounty for anybody who owns one of these addresses; they should be able to tell you who they sent their coins to, or from who they received them.


Those previous transactions are most probably from other victims of the trojan.
hero member
Activity: 576
Merit: 514
It's a bit strange that someone who successfully stole your wallet would use an already existing address to send the money to, instead of using a brand new one.

From the information on the blockchain, I would create a list of addresses which have sent to that one address in question, or recevied from it.

Then offer a bounty for anybody who owns one of these addresses; they should be able to tell you who they sent their coins to, or from who they received them.
newbie
Activity: 56
Merit: 0
Are you just trying to figure out who the person is? That alone could be a daunting task. If you are actually trying to get your coins back you might be living in a dream world.

I haven't found anything with the most basic avenues, those were all things you could have tried yourself though and probably did. I think if you really want answers you are going to have to find people who do this for money. Make sure you get out of the Newbies section and put up some pay for information posts in the correct forums. You might find some hits that way.
Pages:
Jump to: