Topic: I got hacked after downloading a file from https://multibitwallet.com (Read 255 times)

What's interesting is that you have been here for 8 years and still missed all the threads and discussions about Multibit being an obsolete piece of software. And I have often encountered users complaining of various problems they have had with this client for different reasons. I wish you had asked if that wallet from that particular source is safe to use before you did it, but it's too late now. Hopefully, that's your first and last big mistake because this wasn't just one, it was a series of multiple ones.

There is absolutely no need to disclose such information about your portfolio. It's no one's business what you have, how much of it, and where it's stored. You never know what other information you have accidently revealed about yourself somewhere or what could have leaked from a database that contained your personal information. You are helping in connecting some more dots.

Everybody could make mistakes but when mistakes happen under Windows operating system I always feel much more sorry than for other OS-es.Personally I have a hardware wallet that I keep most of my funds but I have also considerable amounts in Electrum and Exodus wallet running on my Linux machine,isolated from the local network and with every possible attack vector turned off like ssh remote login,ping disabled and every hardening done to that machine.I have here beside some Bitcoin,25.000.000 SHIBA INU,4000 RTM and about 10 ETHW which is not a great amount in dollars now but it could be in the future,I know chances are extremely low for me to get hacked so whenever I go to work or go out I go with peace of mind that nothing will happen.

Sorry for your most costly mistake but for me the most costly one is keeping your coins in a Windows machine.

Mistake could happen especially if we don't know what we are doing, maybe try to learn from this experience so that same issue will not happen to you in future. Also maybe next time try to avoid seeking links on any platform which we are not sure if this is safe or not. And always secure your device and have second thoughts on links which is unfamiliar to us.

Securing your coin is a habit if you cannot establish that habit you will end up like what OP experienced, the first investors should do is read and educate themselves and apply the best security, you are on your own, and it's your sole decision what will happen to your coins, scammers are lurking around and they are waiting for you to make a mistake and you are only one mistake away from losing all your coins, I'm sure OP will learn from this thanks for sharing your story of negligence it takes guts to do this, many will pick up your story and do what must be done to secure their coins.

Two mistakes that you did, sorry for the loss but before downloading a wallet, make sure that they're updated and still supported. I've watched a hacker that can remotely control your PC if you allow their app to get into you. It's just a matter of time until they find the right timing to access everything to your computer and you even helped them by leaving with your computer on and as well as all of those accounts that contains your assets unlocked. Sad to say, this is a lesson to you but cheer up.

Yeah that's true as long as there are careless people who ignored to secure their coins scammers will continue to exist, people should continue to read how people got scammed and what they did to lose their coins, we are our own in Cryptocurrency if we are careless to ourselves you cannot careless on your coins, it really hurt putting up money to invest then you lose it because of your carelessness

@qumatru, to begin with, edit the OP and remove the link so that it is not clickable (put it in code/quote).

---

His AV/Firewall probably did its job, the problem is that, despite the warnings, he allowed the program to be installed, and he didn't immediately disconnect from the Internet.

---

I would not agree with that statement, many people learn from other people's mistakes, and I see no reason why it could not be the same in your case. You looked for software that had been abandoned for years, you ignored the security warning of your security software and after all, instead of taking urgent action, you went to a party. You are every hacker's dream.

during the bullmarket i'd read every day about so many ways people fucked up and lost crypto or their nfts, but i was on top of my game then. during the bear market i caught up on a lot of real life stuff, and now i felt the wind of change and loaded up again, getting prepared for that bounce that i think is coming into next quarter. i guess the 6-9 months of barely any activity had got me off my game and i must of thought if i made it through that, i'm good. i wasn't. seems weird but i guess you really only truly learn when it hurts .

This is being careless with your coins you started by downloading a wallet where development is discontinued for 3 or more years there's bound to bug on this wallet, second after you downloaded it and have to uninstall it you delayed it and go to a party and third you left everything open, it's in your character that you are careless and with this kind of action you are bound to lose your coins in every other way.
Its a costly mistake and it can happen to anyone who is careless about how they secure their coins and their wallets but you have to move on with it and its good you share your story with those careless people out there who need to pay attention to the security of their wallet.

Well, it doesn't work for me maybe because of my browser protection.
And even it doesn't have any viruses when scanning with virustotal it doesn't mean it's not malware or doesn't contain any viruses the first thing that you can notice is they do asks for a seed phrase and then the password old Multibit wallet does not generate a seed phrase instead it generates anyname.wallet file. So it's obvious the owner of the site or the hacker doesn't know anything about multibit wallet.

Could help you on this: Personal Security Checklist (note: treat it as a guide, you don't need to do everything and double check first)

It gets easier once it becomes a habit (kinda like muscle memory.) You could also use what happened today as a motivation whenever you hit a roadblock.

Maybe he created a new wallet. The download starts if you register a new account, but the file itself does not give out a virus, although I only checked it through the https://www.virustotal.com/.

OP, Windows, the Firewall, and Avast do not guarantee you complete security. In addition, do not think that your text document did not get to the scammers; maybe you still have a long way to go.

Everything related to cryptocurrency should not be rushed. In a hurry, you are distracted by other things, not caring at all that your data may be subject to attacks. The lessons we get are very expensive, but it's good if you understand this.

I tried to access the link you provided but when I tried to download it redirect me to the restoration page where you can put a 12-word seed and password.
Why would multibit ask for a seed phrase and password?
I tried to put the seed phrase and password but when trying to click download nothings happen so how did you download the malware?

And look it's obvious it's fake because it asks for a seed phrase and password in an unsecured way.

yeah, i went out and just got a fresh ssd. i will keep the infected one in case at any point it would be needed in forensics or something like that. i've also contacted the cyber crime department in my country. i don't have any hope to recover but maybe they can get the website suspended and maybe at some point the guy fucks up and gets caught. i will do my best to keep up to date and get better at online security, but as i get older i find it harder and harder to keep up.

I'd do a fresh install of the OS as a lot of things are not picked up by AVs. (EDIT: I was talking about the aftermath here, when you have to get rid of the malware.)

Storing sensitive information in a notepad is also insecure. I suggest using a better authenticator app like aegis (https://getaegis.app/) which allows you to encrypt your tokens/backup files and an offline password manager that also has encryption like keepass (https://keepass.info/). They're open source and feature-packed, visit their websites to see a full list of features.

If is this a habit, then it is a risky habit if you are too lazy to lock or log out then just delete all your history and you will be totally logged out it will not take you a minute to log out or clean your history, once you become Cryptocurrency holders you should take all the precautions to safeguard your coins, you must establish the habit of locking, log out and clean your history


It is and it's very unfortunate you cannot afford to be careless because hackers are watching and they have so many traps online once carelessness hits you, you'll be in trouble.

Check the posted eth address which has $20k balance and had the same experience in the comments. Also, there's no need to be happy for what had happen just because he gave proofs of the hacked and it doesn't mean anyone will be exempted of any hack when he posted more proofs.
Avoiding scams and hacks had almost the same practice to be followed. DYOR always helps.

As for OP, yeah, making mistakes in this space is always be a costly mistake. So learning from this kind of mistake of mistake is very important.

Looks like you're not the first victim. There have been comments saying the owner has been doing this since 2020. I saw that he made some transactions related to other exchange addresses, might be worth trying contacting them and telling your story or reporting it to the police. Though I wouldn't be too hopeful about it.

Hopefully, you learn from this, try to check out the latest wallet software or ask here if you've been away for too long.

You just invited someone to take care of your wallet it's like you just let your purse open to the public and let them take whatever they can take. It would just take a couple of minutes or so to protect your wallet but you left it open to someone because of your family event and now it's a huge loss to you because you let it slide so easily.

This should be a reminder and a lesson to those who like to leave their account unattended with a money in it that we should protect and hide whatever assets we have even if this isn't connected to the internet.

You went away from your PC with all your wallets unlocked??   

Honestly, what did you expect to happen? Even a shoulder surfer could cause the same amount of damage to you as the malware did.

Wallets must be locked at all times when you're not using them.

The usual conclusion is: if you are not qualified enough to take care of your PC, or if you simply have some coins and want to make sure you don't lose them due to stupid mistakes, just buy a hardware wallet. And of course, don't ever put that wallet's seed anywhere online.

PS. Metamask alos has its fair share of scams too nowadays.

malware website: https://multibitwallet.com/
ok so here's the scoop, i wanted to get a light wallet for bitcoin cause my bitcoinqt was unsynced for years. i remembered back in the day i used multibit for this. i downloaded without paying attention to the website or the news that the project was discontinued in 2019 or so.

after installing and allowing it through my firewall, i figured out that i fucked up and deleted everything i could find. scanned pc, neither malware bytes nor avast picked up anything wrong, windows wouldn't allow access to the app(user acount control didn't let me even uninstall it). after which i proceded to a party and left my pc unlocked, metamask unlocked, bitmex unlocked and phantom unlocked and my bitcoin qt connected to the external drive where i had a text file somewhere with the keys to restore my google auth. if they found this file and added my key to google auth, they could possibly have made the withdrawals from bitmex this way, otherwise my phone may be compromised as well.
today i pulled up my bitmex that was still loged in and found zero balance and also zero balance in phantom and metamask, except for the nfts which we could all agree are not even worth stealing. so i proceded to panic and hyperventilate and very, very slowly changing the passwords and 2fas to everything hopefully in the right order. pc unplugged from internet now.

gutted not gonna lie, probably should have just unplugged my pc from the internet and wipe the drive clean, but i had to get to a family event and well, it is what it is.
hacker address is:0x130bfbfd5674466b3aaf4ecd6a2681808177e177 i don't have the bitcoin adress(where he sent the bitcoin from bitmex) but i will as soon as i restore access to my bitmex account.
stay safe out there, i'm trying my best to get over it but it's a tough one.
cheers,
qumatru

l.e. i got access to my bitmex account back. there is no bitcoin address, he sold my btc and sent everything to the ethereum address. this has probably been the most costly mistake of my life(so far) and boy let me tell you, learning hurts like a motherfucker.