Pages:
Author

Topic: How to deal with hack - page 2. (Read 1880 times)

member
Activity: 103
Merit: 10
January 18, 2014, 03:34:22 AM
#14
You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.

You're right, I was actually planning on doing this soon, but time got the best of me and well I should've done it and many other things, i was just so busy with work and 2 side projects trying to hustle to pay bills, in the end this mistake was more expensive.
newbie
Activity: 26
Merit: 0
January 18, 2014, 03:34:18 AM
#13
I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S
How secure was your password (be honest with yourself)?  Never use the same password for multiple sites or purposes.  Consider ordering a yubikey as well.
newbie
Activity: 26
Merit: 0
January 18, 2014, 03:32:33 AM
#12
So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?



Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.
Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.

Which is why a full system wipe is recommended.
Agreed.
member
Activity: 103
Merit: 10
January 18, 2014, 03:32:02 AM
#11
I'm just trying to figure out how they got to my cavirtex account. They send an email whenever you connect from a different device, and I did get an email at a time when I didn't login and I changed my pass at that point, so how could they still have got in? So frustrating, I had just put my BTC there to cashout after all that hard work. Really people that do this stuff have black hearts and I really hope bad karma bites them back in the ass. Now i have to start back from scratch, and to think it was going to pay my debts off. Words just can't describe the disappointment. :S
newbie
Activity: 26
Merit: 0
January 18, 2014, 03:31:09 AM
#10
You should consider keeping your important (e.g. bitcoin/litecoin/namecoin/etc) wallets on one virtual machine, and running new/shady alts in another.  I'm actually surprised more people don't do this, as it would prevent 99% of the theft incidents I've seen.

Never use either of those virtual machines to browse the web or do anything else outside of working with those wallets.  Never install any software that you don't absolutely need on them.
sr. member
Activity: 280
Merit: 250
January 18, 2014, 03:30:50 AM
#9
So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?



Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.
Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.

Which is why a full system wipe is recommended.
sr. member
Activity: 280
Merit: 250
January 18, 2014, 03:29:18 AM
#8
Good lord! That is a list!

I found this thread, pretty informative.

https://bitcointalksearch.org/topic/m.4397425

A couple of these could be the culprit, especially if you didn't download from the source. There's a reference left on this link where you can check the wallets.

And if it turns out to be a compromised wallet, a simple uninstall still won't get rid of a Trojan. Please let us know what you find.

newbie
Activity: 26
Merit: 0
January 18, 2014, 03:28:48 AM
#7
So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?



Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.
Malwarebytes is decent, but as with everything else, won't catch everything, and unfortunately the shitbags who do stuff like this are always going to be slightly ahead of the game.
member
Activity: 103
Merit: 10
January 18, 2014, 03:12:06 AM
#6
Also here's a list of my wallets, are any of these known to be corrupt?

42coin
applecoin
baconbits
bosscoin
casinocoin
clockcoin
coinyecoin
cryptonium
datacoin
digibyte
digitalcoin
earthcoin
esportsmoney
fckbankscoin
gamecoin
globalcoin
goldcoin
inifnitecoin
noblecoin
nutcoin
nxt
onlinegamingcoin
philosopherstone
pxlcoin
stalwardbucks
unicoin
velocity

Its a big list I know, some i don't have balances on and will be deleting. Some that I have dleted that I remember, the fake keisercoin, but its long gone.
member
Activity: 103
Merit: 10
January 18, 2014, 03:08:30 AM
#5
Which wallets? Some are known to install the baddies...

Your AV software won't detect a keylogger. You might want to consult Google, but refrain from downloading anything that claims to be able to remove it unless you 100% can trust its validity.

I wish I could help you more, but that's as far as my knowledge goes. Hopefully someone else might be able to help. All else fail, wipe everything and install your OS. But before installing all those wallets, do a search on this forum to see if it's one of the ones installing shit on people's shit.

Also, don't use the same computer to change your passwords, use a tablet or something. Change all of your passwords. And 2F authentication is a must.

Keep us posted.

I may have a lead on an IP that points to Fast Serv Networks, LLC . Anyone know of any pools from there? I will verify the IP and give them a call.
sr. member
Activity: 280
Merit: 250
January 18, 2014, 02:59:51 AM
#4
Which wallets? Some are known to install the baddies...

Your AV software won't detect a keylogger. You might want to consult Google, but refrain from downloading anything that claims to be able to remove it unless you 100% can trust its validity.

I wish I could help you more, but that's as far as my knowledge goes. Hopefully someone else might be able to help. All else fail, wipe everything and install your OS. But before installing all those wallets, do a search on this forum to see if it's one of the ones installing shit on people's shit.

Also, don't use the same computer to change your passwords, use a tablet or something. Change all of your passwords. And 2F authentication is a must.

Keep us posted.
member
Activity: 103
Merit: 10
January 18, 2014, 02:50:34 AM
#3
So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?



Just other alt coins. How can I detect a keylogger? I have AVG Free and haven't had any warnings, is there better software I can use?

Thanks for the input.
sr. member
Activity: 280
Merit: 250
January 18, 2014, 02:20:47 AM
#2
So sorry for your loss. Sounds like you might have a keylogger... what have you been downloading?

member
Activity: 103
Merit: 10
January 18, 2014, 01:57:18 AM
#1
Hey guys, I just got hacked I'm guessing on Cryptsy and Cavirtex somehow. I'm assuming a password was received from pool operators and the hacking started from there. I sent a support ticket to Cryptsy and i'm guessing it 'll take a while before they get back to me and I will call cavirtex tomorrow. I noticed in cavirtex that I received email abuot a login and if I should accept that device as legit. I didn't click the link to allow the login then I went into my account and changed the password and my BTC was in the account and fine. I come home tonight and it was shown that someone took the BTC out and I"m feeling sick about it. I'm not sure what to do about it if anything can be done about it. This is really disheartening. I put 2-factor authentication everywhere and now I'm extremely paranoid.

What do I do now? I guess I need to stomach that the BTC is gone? this is horrible :S

Just to add, here are the perpetrators addresses that they sent to:

1KkVU1bzBEtGmmUzk1iwPbfDLqcayoMsWA
1GCJW8SQW6s5oQ1atBanawmZ67Tn9nPS8R

And here are some transactoin IDs. Anyway to track this douche down?
262e1f872a35c2c0fa5dc9b29a884808265ab5ba0a0c0df2649a6ec679f6141f
002690eebcd4976a39ffdf0528e3ac1460a55aa432dc7b082e657786c309cb87

Also let's say my email, cryptsy and virtex account were all hacked. By changing passes to all different long passes and adding 2 way authentication and adding my cell number in gmail, should I feel safe? If this guy still has sessions open can he still use my accounts? I can't believe it, i really can't.
Pages:
Jump to: