Pages:
Author

Topic: I GOT HACKED AND LOST 1 MILLION (Read 25047 times)

copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
May 23, 2019, 01:40:17 AM
Basically Namecheap should remove their account for   "electrumdiamond.org". But it seems to be difficult to contact the Namecheap support at all.
I did a follow up and I can now confirm that the scammer's domain is no longer active.
The new GitHub profile was also removed.
Code:
https://github.com/Electrums/

Thanks to whoever took their time to report both the domain and the GitHub profile for abuse.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 22, 2019, 11:29:27 AM
Basically Namecheap should remove their account for   "electrumdiamond.org". But it seems to be difficult to contact the Namecheap support at all.


If reported to the the law enforcement agencies why are the domain and Git still active?
Probably because they're too small of a fish to dedicate law enforcement resources to. This is unfortunately pretty common with internet crime. Don't expect the feds to do anything if you haven't lost significant amounts. (Although in this case, it does seem pretty significant)

It's really up to github to keep removing these projects really, which can be quite difficult if they just keep popping back up under new accounts.


If all parties played their part I have no doubt the scam numbers would fall all round.

People in the forum highlight them but then it is up to others (Github, domain registrar, web host etc) to ensure they do not get a chance to succeed in their scams.
legendary
Activity: 1946
Merit: 1427
March 22, 2019, 11:21:00 AM
Basically Namecheap should remove their account for   "electrumdiamond.org". But it seems to be difficult to contact the Namecheap support at all.


If reported to the the law enforcement agencies why are the domain and Git still active?
Probably because they're too small of a fish to dedicate law enforcement resources to. This is unfortunately pretty common with internet crime. Don't expect the feds to do anything if you haven't lost significant amounts. (Although in this case, it does seem pretty significant)

It's really up to github to keep removing these projects really, which can be quite difficult if they just keep popping back up under new accounts.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 22, 2019, 08:50:16 AM
Basically Namecheap should remove their account for   "electrumdiamond.org". But it seems to be difficult to contact the Namecheap support at all.


If reported to the the law enforcement agencies why are the domain and Git still active?
sr. member
Activity: 437
Merit: 255
March 22, 2019, 08:17:06 AM
Basically Namecheap should remove their account for   "electrumdiamond.org". But it seems to be difficult to contact the Namecheap support at all.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
March 22, 2019, 07:31:57 AM
The bastard(s) is(are) still online with a new profile on github called "electrums".
It was made 9 days ago





I hope no one has fallen for their malware so far. I am going to try to report their profile
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 21, 2019, 10:18:16 AM
Any more information on this scam?
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
January 19, 2019, 06:59:38 AM
and ... the hackers wallet is online again:       http://electrumdiamond.org/

I think Github has kicked them. They have renamed the executable to version 3.0.5.3 and put it into the file system download directory.

disgusting

You might wanna remove the URL. You never know some might download it, thinking its legit.
sr. member
Activity: 437
Merit: 255
January 19, 2019, 06:50:04 AM
and ... the hackers wallet is online again:       http://electrumdiamond.org/

I think Github has kicked them. They have renamed the executable to version 3.0.5.3 and put it into the file system download directory.

disgusting
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
January 15, 2019, 11:04:35 PM
BTC      Binance.com
BTC      Kraken.com
If this was accurate, you can contact these Exchanges (not customer service) for their cooperation. Kraken may be impossible but Binance might answer you.
An Email containing complete info on your ownership of the addresses' funds, Some personal info and/or Clearance together with a detailed explanation of your statement.

Why? Given that you have the Full Proof of ownership and you can proove that you're not the one who moved the funds,
Exchanges like Binance requires KYC policy to their users and they have the power to point you to any leads to the Culprit.
This can get you to a real person which can be questioned for more leads.
And even if it was withdrawn to a "Mixing" address (unless they tolerate crimes), you can also contact the service provider to provide the final address where the funds (2btc from Binance?) are being held.

But it's been quite long since the hacking incident, I can only assume that it was already laundered as "investments" to micro-earning sites or loans.
legendary
Activity: 2702
Merit: 1468
January 12, 2019, 10:17:25 AM
OMG! That's enormous!, sorry for your loss, it would be of great help if you could elaborate where coins where held, is it a multi wallet(If Yes, which wallet ?) how it happen or what you could think have happened ? A malware installation, phishing site and or anything that is more specific.

The coins were held in these locations (order corresponding to the list in my first posting):

Currency   Place
DASH      Qt-Wallet on Laptop
BCH      ElectronCash on Laptop
BTC      Binance.com
BTC      Kraken.com
NEM      Simplewallet on Laptop
BURST   Desktop wallet on Laptop
BTC      Exodus wallet on Laptop
OmiseGo   Exodus wallet on Laptop
LTC      Exodus wallet on Laptop
BCH      Exodus wallet on Laptop
DASH      Exodus wallet on Laptop

Basically it was a stupid combination of failures. I use Windows 10 and tried to claim BTCP and BCD. Both with the Electrum version for their blockchains.
I used the same long password for different things - especially my password safe had the same pw as the DASH QT wallet. So after I started the Electrum clients (which I tested before with Defender, SuperAntiSpyware and www.virustotal.com) I had to do a little thing in DASHQT - that was it - the one of the wallets, most likely BCD, spied my password through a keylogger and the hacker had access to everything.
(there is no need to discuss the stupidity of using Win10, same passwords many times, storing 2FA codes in password safes or testing new software on a vulnerable system)

I feel sorry for you.  It can happen to anyone.  Problem is you had too many altcoin wallets on your machine.  You should have only run bitcoin.org core offline wallet compiled from sources.  

You should have used a dedicated, clean machine to access your coins or online accounts. And never web browse or install anything on that machine.  QT Wallets should be encrypted and stored on removable USB drives, only connected when sending.  Blockchains should be updated with dummy wallets.  You should have run 'core' wallet apps, not use online or third party wallets.  The 2FA devices should be dedicated hardware (old phones) and not connected to any network.  Why in the world did you use password safes?  BCD?  Really?  I did not even know they existed, I would not bother with any bitcoin splits.  I recovered BTG/BCH but this was done on an old PC with BTC moved to another wallet after the fork and before the recovery attempt.  I would not trust any wallet other than bitcoin.org core wallet.  If you're really paranoid, inspect the sources, compile from sources on a dedicated dev machine.

This is everyone's worst nightmare.  

Spend some money on dedicated 'POS' equipment and never touch it unless you move coins or access exchange accounts.  And keep the wallet, blockchain backup on multiple devices in multiple physical locations.

This just shows you, bitcoin is still in an early adoption phase.  It is still not for everyone.

PS. Why would anyone keep all these altcoins is beyond me?  Store your money in BTC in bitcoin.org core wallet and forget all the BS coins.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
January 11, 2019, 01:52:12 AM
Well, the simplest change to make to more likely avoid such problems is to not use Windows.

Linux is not virus proof, but a much smaller and harder target for hackers.
Ubuntu is simple to install and easy to use.

Windows virus checkers do not detect 'viruses' they detect 'known viruses'
This case clearly shows that.
... and that is by design by McAfee years ago to ensure an ongoing income stream.

Botnets of 100's of 1000's of windows machines are not urban legends, they're fact.

If you wish to reduce you risk storing currency on a computer, use linux, but also understand how to do that safely.

Unfortunately most of us use Windows and are so familiar with it, that is has been part of our lives. I've used Linux before but eventually gave it up because Windows has everything I need (apps-wise).

One way to not get hacked besides not keeping 'em on exchanges is to use common sense.

No matter how advanced anti-viruses could be, simply being careless won't protect your system from being compromised.

You could have a super-strong password to any offline wallet(s) but if you managed to get phished, its game over.
full member
Activity: 165
Merit: 106
January 11, 2019, 01:49:38 AM
Guys, please:
-never tell that you owe crypto
-use VPN
-use Linux
-use cold storage (or at least 2fa without the recovery option)

Antivirus software is pretty much useless against modern keyloggers or virus.  Windows can be really dangrous especially if you use cracked software or single guys Cheesy
full member
Activity: 798
Merit: 109
https://bmy.guide
January 10, 2019, 11:16:37 PM
As what have OP said, it was so sad to have been lost on that huge amount. I've learned those replies too it is very informative to avoid us in being to hack. I also used a laptop and all web wallet and Apps wallet are here so I am now aware that it might be lead to hack or any possibilities to be hacked.
A good idea is maybe having a separate laptop which is specifically used for the purpose of wallet transactions only
maybe it could be an idea that you say but for some people it will add to the workload, which is still my mind why can it be easily hacked? I am also concerned about this incident, because this value is quite large.
Yes, that is good I dea. If we can't afford to buy hardware wallet, then, we separate our wallet to other device just like tablet.
full member
Activity: 2268
Merit: 121
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
January 10, 2019, 10:00:48 PM
A good idea is maybe having a separate laptop which is specifically used for the purpose of wallet transactions only
maybe it could be an idea that you say but for some people it will add to the workload, which is still my mind why can it be easily hacked? I am also concerned about this incident, because this value is quite large.
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
January 09, 2019, 08:51:31 PM
Well, the simplest change to make to more likely avoid such problems is to not use Windows.

Linux is not virus proof, but a much smaller and harder target for hackers.
Ubuntu is simple to install and easy to use.

Windows virus checkers do not detect 'viruses' they detect 'known viruses'
This case clearly shows that.
... and that is by design by McAfee years ago to ensure an ongoing income stream.

Botnets of 100's of 1000's of windows machines are not urban legends, they're fact.

If you wish to reduce you risk storing currency on a computer, use linux, but also understand how to do that safely.
hero member
Activity: 1988
Merit: 593
January 09, 2019, 04:19:50 AM
nothing will save you from a smart virus, it can even recover files from a cleaned recycle bin, so only cold storage is necessary

other people not touched yet, but this a large amount was
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
January 09, 2019, 04:15:56 AM
...
- Permanent use of a keyboard input encryptor : however I do not know it's real efficiency, your opinions are therefore welcome.
...

It is not 100% safe. A low level keylogger or kernel-based keylogger will be able to intercept your keyboard inputs before it gets encrypted.
this solution works better with touch screen inputs not with keyboard inputs.

The best is to combine it with typing some keys via visual keyboard. You can also trick the hacker by adding some random keytrokes (there are softwares that can generate it for you).

hero member
Activity: 1988
Merit: 593
January 09, 2019, 04:06:51 AM
It was necessary to use only cold storage that the network machine never saw your private keys http://docs.electrum.org/en/latest/coldstorage.html
But DASH masternodes not working at this mode

NEM can return, please contact the developers

sr. member
Activity: 437
Merit: 255
January 09, 2019, 03:54:59 AM
One million USD is such a big money. Someone is spying on you since you had a lot of portfolio in your system.
I am not the only victim of these criminals. And I think they did not spy directly on me but on people who downloaded and used their trap like BCD wallet malware.


I guess you can't recover your coins since it is already been taken away from you. I can only advice is to make a seperate wallets that you will put 2FA for more security.
yes - I should have known it before. Now the damage is there. For sure I will not make that mistake again. And I will not recover from it anytime soon. I worked for many years to get together what has been stolen now.


I'm so sorry for your lost. I hope you can recover your money / coins back.

Last year, me and lots of people were scammed by coinsmarkets exchange and we never get back our's.
Thread was locked ( I have never understand why it's locked ) but you can get some authorities' contact info and some advises. https://bitcointalk.org/index.php?topic=2185903.4060
honestly contacting the authorities is always a good step in this kind of situation. If it helps is another kind of question. I assume that most of these criminals make a failure former or later which directs them into prison. But does it help the victims? Most times not. Anyways it might help to keep some out of this criminal business - like this one:
Russian 'hacking genius' accused of $530 million 'dark web' fraud against Americans posed with tigers and crocodiles before his FBI-ordered arrest
Pages:
Jump to: