Author

Topic: Help recover stolen bitcoins?? How did it happen? (Read 1963 times)

brand new
Activity: 0
Merit: 0
My name is Tracy Foust
My email is [email protected]
Mobile phone 301-343-0449
office phone 410-990-9506


I was seeking help for my Bittrex account and called this number:

https://www.cryptocustomerreview.com/question/what-is-the-best-way-to-contact-bittrex-customer-support/

The person on the end of the phone line was supposed to assist me in improving my security and instead,
drained my account of all my crypto currency (about $3000.00).   This happened at about 4:00 PM Eastern Standard Time
If there is anything I can do to assist you in investigation this crime, please contact me.
I have been trying to tell as many people as possible.  I subsequently found out that if you search for the number
that I called (   1-888-411-8901   )   It comes up as a Customer Support Number foe many organizations.
Please pass the word about this scam.

Tracy
member
Activity: 110
Merit: 10
So somehow I fucked up and all my coins were send to this address
1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

Any way to track or reverse it?

https://blockchain.info/address/1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

Very sorry for your loss this exact same incident happend to me last moth in my poloniex account.
there are 2-3 possibility.
1.There are key loggers in your mc.
2.Some hacker have a remote session going on your computer.

In both of the case you need to reformat your computer as sooon as possible.
Blockchain transactions cannot be reversed.Hence i am afraind you have digest this loss.
Stay safe for future.
full member
Activity: 182
Merit: 100
Try to re-format your PC but turn off your internet connection before you installed and try to disable your LAN connection then proceed,it might someone is trying to hacked your entire system..
member
Activity: 70
Merit: 10
I might say that someone got an access with your device and got your private keys. I am always writing my private keys on a paper for security or transferring those sensitive information in USB. I might say that there is a low chance retrieving those coins. I would suggest watching videos at youtube for further information or contacting customer service assistance.

"contacting customer service assistance" ?
Smile !!

They cant be of help,not them and not anyone because bitcoin transaction is not reversible. The stolen bitcoin is as good as gone !
member
Activity: 197
Merit: 10
Also try a wallet with 2-factor authentication for added security. Use a dedicated cheap clean cellphone that's sole purpose is to generate the codes if you must. Don't let it connect to the internet often aside from syncing. It's not 100% secure as stated here https://sites.cns.utexas.edu/oit-blog/blog/can-two-factor-authentication-be-hacked , but it gives more protection for your wallet. If you don't plan on sending out bitcoins often then use a cold storage wallet.
HCP
legendary
Activity: 2086
Merit: 4361

How about a dedicated computer just for holding wallets? we are always upgrading parts, I can probably make a no-frills offline machine just to hold my wallets, and connect to the internet only to send and receive coins.
NO! This is not how to use a "two computer" setup... As soon as you connect that 2nd PC to a network you are potentially exposing it... You want to use the 2nd one completely offline and keep it "air gapped"... No Ethernet, no WiFi, no Bluetooth... Basically no networking functionality (after the OS has been installed).

This wiki entry is probably a little outdated, but explains the concept: https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
member
Activity: 239
Merit: 10
Scary stuff, I also vote for hardware wallets as the most secure.

How about a dedicated computer just for holding wallets? we are always upgrading parts, I can probably make a no-frills offline machine just to hold my wallets, and connect to the internet only to send and receive coins.


sr. member
Activity: 763
Merit: 252
if you didn't accidentally send on that address maybe have someone know your private key or maybe you login in net cafe that have a keyloggers...reminders to all netcafe user dont forget to clear your history and cache before leaving because some net cafe they install keylogger to copy your password...
full member
Activity: 302
Merit: 100

Hi sir,

To avoid this type of thing from occurring, you can purchase a hardware wallet. If offers much much greater protection than the method you are using, regardless if your computer is compromised or not. With a legitimate hardware wallet, you are very likely to put the breaks on hackers.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
In that case, it probably is not a virus.  It is probably malware.
Nowadays these are practically synonyms,

No, they aren't.
To add to this, a virus is a piece of malware but a piece of malware may not always be a virus. There are other categories such as trojans that cause issues with computers and enter them the same way viruses do.

that case, it probably is not a virus.  It is
and antiviruses detect both.

Anti-virus software may try to detect some malware, but it would be impossible for it to detect all malware.
Most wide-spread malware is protected by antivirus software. There are software that antivirus doesn't trust like some antiviruses don't trust the Bitcoin Core wallet for example.
Antiviruses measure familiarity with code and how widespread it is to determine its safety (signatures used to generate the code are also checked). Higher level languages are not checked as easily by AV software as lower level/intermediate languages are and therefore, getting a piece of software that is cleared by AV to run another piece of software/code that isn't can be a main producer of issues.

It is tough to know if your new wallet is compromised or not... you should completely refresh the entire system or reinstallation process.



That's a good suggestion, the disk needs the operating system completely uninstalling and anything else on the disk completely removed. Then the operating system can be reinstalled and tested with smaller amounts.


I would say @OP as this issue has happened to you once, if you stick with Bitcoin, try and change the way you surf the web or change how you store you coins.

The coins seem to have finished up in this address: 1Kefz6BcNjK6MhTrLnr2KAQq8KyPNCeMSS
Keep track of that OP and see if the coins move anywhere else after that (though that might take a while).
hero member
Activity: 3010
Merit: 794
In that case, it probably is not a virus.  It is probably malware.
Nowadays these are practically synonyms,

No, they aren't.

In that case, it probably is not a virus.  It is
and antiviruses detect both.

Anti-virus software may try to detect some malware, but it would be impossible for it to detect all malware.
This is why i dont really trust completely on anti-viruses which even if i do have AV i dont usually download random things online. Come to think off that they are just the online ones who do made viruses for the sake that they Anti-virus would sell off.(Just my own view). Regarding on op,that was a big loss 0.6 btc is already a big amount if you do see on current price of bitcoin and reversing the transaction isnt possible.Forget those coins and move on.
member
Activity: 69
Merit: 10
It is tough to know if your new wallet is compromised or not... you should completely refresh the entire system or reinstallation process.

legendary
Activity: 3472
Merit: 4801
In that case, it probably is not a virus.  It is probably malware.
Nowadays these are practically synonyms,

No, they aren't.

In that case, it probably is not a virus.  It is
and antiviruses detect both.

Anti-virus software may try to detect some malware, but it would be impossible for it to detect all malware.
member
Activity: 301
Merit: 74
What OS are you running?
Did you do stuff over WiFi recently?

There's a recent WiFi vulnerability. I don't know if it's related or what kind of information can leak, but have a look:
https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

In that case, it probably is not a virus.  It is probably malware.
Nowadays these are practically synonyms, and antiviruses detect both.
legendary
Activity: 1512
Merit: 1218
Change is in your hands
You cant do much, unless you know how to monitor your outgoing traffic, there are many softwares which can help you with this. Lookout for strange ips your computer is trying to communicate with, You may get lucky and find your attackers ip, if they are not using any sorts of proxies or vpns. That's your only chance of finding out who was behind the attack. Other than that you can't do much sadly.
legendary
Activity: 3472
Merit: 4801
the drive passed several anti virus scans...

In that case, it probably is not a virus.  It is probably malware.  At some point in the past, you may have installed a program that you thought was legitimate, and that program was probably designed to steal your bitcoins.

Have you ever installed any pirated software on your computer?
Have you installed wallets for any altcoins on your computer?

Both of those are very common ways to unknowingly install malware.

The other possibility is that you downloaded software from a phishing site without realizing it.  Some phishing sites can look exactly like the real site.  When was the last time that you downloaded some software from a website?

But HOW did they know my address? and access my comp? And find My private key?

I want these fucking thieves to burn a slow painful death

Malware on your computer can look for an installed wallet. It can then capture your password as you type it.  Once it has your wallet and your password, it can access your private keys and spend your bitcoins.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You should probably also scan your computer for viruses/malware.
That's not enough: It's always wise to assume your computer has been compromised, so backup and reinstall before making a new wallet.

Since the hack I deleted my hacked wallet.dat
Satoshi recommended to never delete a wallet, so just in case: keep your old wallet too, just don't send any coins to it ever again.

But HOW did they know my address? and access my comp? And find My prvate key?
Windows can run many virusses that are designed to steal your Bitcoins.

It sucks now, but for future use: create cold storage offline! Writing down a private key from a hot wallet on a piece of paper is much riskier than creating a paper wallet offline from a Linux LIVE CD.
full member
Activity: 294
Merit: 104
✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪
I did dump the private key planning to write it out on paper...

Since the hack I deleted my hacked wallet.dat
then restarted core to generate a new address and made a new passphrase.

My anti virus scan didn't catch anything

Is my NEW address also compromised?
Does it not generate a new private key?

I cannot possibly correct your Microsoft Windows Lifestyle. But allow me to remind you that "anti-virus" programs are a bunch of fraud. Never ever rely on a fraud. They are just windows with progress bars. Most probably your anti-virus is just a trojan. And most of you who uses Windows Operating System have this notion that antivirus programs are legit and you never suspect it. Antivirus program is not a god. Do not worship it. Shift to using Linux and this thing will never happen again. Study LINUX. You will never ever have this problem again. You will not need a stupid antivirus or anti-malware created by fraudsters. To steal your Bitcoins.
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
But HOW did they know my address? and access my comp? And find My prvate key?

I want these fucking thieves to burn a slow painful death
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
the drive passed several anti virus scans...

I'm wiping and formating and installing a clean fresh windows now on another comp

This drive is a clone so i must kill it also

legendary
Activity: 3052
Merit: 1273
I did dump the private key planning to write it out on paper...

Since the hack I deleted my hacked wallet.dat
then restarted core to generate a new address and made a new passphrase.

My anti virus scan didn't catch anything

Is my NEW address also compromised?
Does it not generate a new private key?

If your PC's server is hacked anyhow, then I guess nothing that is put on it should be considered as "SAFE" tbh.
Btw, as you received some more coins today over your address, I want to know that were they also sent by the hacker only or you sent them to some other address? As everyone asked, did you try to IMPORT/EXPORT your key to/from somewhere else? Because it makes your key prone to getting hacked as it's all online and if not, then possibly there's someone who had access to your PC either through the network or "by personally using it from your space" < (this looks less likely).

Your NEW address is not compromised unless it has a new PRIVATE KEY (yes, it is obvious that whenever you use a new address, it has its own identity or I must say: PRIVATE KEY). But when you know now that you have had been attacked like this, why don't you stop using these services from the same PC (if everything happened offline) and start using it from another PC (not a public computer).
full member
Activity: 378
Merit: 126
So your PC is compromised or hacked in any way.

Remove the drive from the computer, add it to another PC as secondary and scan it for viruses and malware with more than one antivirus
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
Fcuk they just got the latest payout to a new address and key !!!
HCP
legendary
Activity: 2086
Merit: 4361
Most likely dumping the private key out of the wallet and into either a text file or the screen has allowed someone to get access to your private key... It is the only logical explanation for why all your coins got moved without you transferring them.

It is hard to know if your new wallet is compromised or not... The only way to be completely sure is to completely wipe the entire system, reformat and reinstall your operating system...
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
I did dump the private key planning to write it out on paper...

Since the hack I deleted my hacked wallet.dat
then restarted core to generate a new address and made a new passphrase.

My anti virus scan didn't catch anything

Is my NEW address also compromised?
Does it not generate a new private key?
HCP
legendary
Activity: 2086
Merit: 4361
Passphrase and/or locked wallet ONLY affects the wallet.dat file... if the hacker had your private key, then all the passphrases in the world won't save you. Did you ever export the private key for the address: 1Q1PDnwmbFkNaYbpsiPVUBJe1pEM7m8zYH? Huh

As annmarie suggested, that entire wallet should be considered compromised and you should no longer receive ANY coins to it. I recommended moving any coins you have left to a new wallet immediately. I see that 1Q1PDnwmbFkNaYbpsiPVUBJe1pEM7m8zYH just received more coins today. You need to STOP using that address immediately and move those coins as soon as possible.  Shocked

You should probably also scan your computer for viruses/malware.
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
I recently tried adding  blockchain wallet and bitcoin.com wallet

One of these must have exposed me to the theft?
jr. member
Activity: 52
Merit: 10
If you didn't send it then someone has access to your private key. if you have any other wallets on your computer with bitcoin in them consider them compromised and move them to a clean computers wallet straight away.

there isnt a way you can reverse transactions.
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
I have no idea?

Status: 21 confirmations
Date: 10/18/2017 02:09
To: 1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2
Debit: -0.62667325 BTC
Transaction fee: -0.00028510 BTC
Net amount: -0.62695835 BTC
Transaction ID: a7b7a674334c2fb313de0861df79e45dc7e756b81f7d21025851dae86eccdb1b
Transaction total size: 5650 bytes
Output index: 0

I did NOT SEND THIS TX

My wallet is core and I had a passphrase and it was locked.
I changed my passphrase after the TX...
full member
Activity: 194
Merit: 100
CryptoPuzzle.com developer
So somehow I fucked up and all my coins were send to this address
1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

Any way to track or reverse it?

https://blockchain.info/address/1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2


It was a hack ? Or you did a accidental "swaping" between service ?
sr. member
Activity: 558
Merit: 295
Walter Russell's Cosmogony is RIGHT!
So somehow I fucked up and all my coins were send to this address
1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2

Any way to track or reverse it?

https://blockchain.info/address/1ARHwvB4nKVPhRRgvdJCctxXwogi1ePbu2
Jump to: