By the way if you're going to use a windows box forget using standard AV tools. Microsoft's Defender is useless, as is most of the normal AV tools. A bit of recompiling and a little salt and an executable with a full reverse command shell can be installed in no time.
Get a real EDR and AETD tool like SentinelOne, or Crowdstrike. They can usually spot fileless tricks in about 6-10 seconds, giving the attacker a pretty limited window to get a persistent session going. Granted they could loop but your system should scream about thousands of attacks being killed a minute, if you're not monitoring your system you're fucked.
Better option: 10 year old burner PC. Best option Kali type burner OS.
Topic: I GOT HACKED AND LOST 1 MILLION - page 3. (Read 25034 times)
Painful to read this.
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
Yes - be careful with that one!! I checked it and it is the same malware as before.
Ouch..
Then the detection is pretty misleading...
Yea, I wouldn't 100% trust VirusTotal when it comes to checking these. They've been wrong in the past
The code within the software could be more or less unprecedented to the virus detection systems
Sad to hear out on OP's loss. recovery would be impossible even you do know some information.
sorry for your loss.
Have you consider using a VPN?
(I guess it would have helped in this situation but can anybody tell me if it wouldn't?)
that's why it is a must to have different passwords not stored online for the wallets.
Really hope you can make the money back
Have you consider using a VPN?
(I guess it would have helped in this situation but can anybody tell me if it wouldn't?)
that's why it is a must to have different passwords not stored online for the wallets.
Really hope you can make the money back
Hello!
I´m very sorry to hear this bad News about your Coins.
I hope, you can find here some help! You will see three Link´s "To report Internet Fraud".
https://badbitcoin.org/index.htm
Good Luck Buddy!
Best regards,
Evgen Bogdan
I´m very sorry to hear this bad News about your Coins.
I hope, you can find here some help! You will see three Link´s "To report Internet Fraud".
https://badbitcoin.org/index.htm
Good Luck Buddy!
Best regards,
Evgen Bogdan
Painful to read this.
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
Yes - be careful with that one!! I checked it and it is the same malware as before.
Ouch..
Then the detection is pretty misleading...
Yea, I wouldn't 100% trust VirusTotal when it comes to checking these. They've been wrong in the past
The code within the software could be more or less unprecedented to the virus detection systems
Is OP said that he hacked via RD Connection?.
Are you using Dynamic or Static IP?
When you look over your PC is your computer log out itself?
To get the password is easy especially you download Virus wallet and your PC connected to Microsoft account. I think mobile connectivity more secure than home cable because the IP always changed every certain time because sometimes the cellular connection lost the signal. And make sure your firewall not too open to all ports.
For note, I'm an ignorant person and too paranoid about my security. I'm just installing KIS and local antivirus (Sometimes local more dangerous). And install every wallet in one computer and always online.
Are you using Dynamic or Static IP?
When you look over your PC is your computer log out itself?
To get the password is easy especially you download Virus wallet and your PC connected to Microsoft account. I think mobile connectivity more secure than home cable because the IP always changed every certain time because sometimes the cellular connection lost the signal. And make sure your firewall not too open to all ports.
For note, I'm an ignorant person and too paranoid about my security. I'm just installing KIS and local antivirus (Sometimes local more dangerous). And install every wallet in one computer and always online.
Painful to read this.
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
Yes - be careful with that one!! I checked it and it is the same malware as before.
Ouch..
Then the detection is pretty misleading...
Painful to read this.
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
Yes - be careful with that one!! I checked it and it is the same malware as before.
Painful to read this.
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
And now they've tried to clean up the mess by uploading another (clean) wallet?
https://github.com/ElectrumBTCDiamond/electrum/releases/tag/v3.1.2
https://www.virustotal.com/#/url/d6101b23974af1329c77ccf70e31e845884a8a8f91e49adccfc6476aea48d81b/detection
Nice try...
this is funny (or not)
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
I think that for some people holidays have started a little earlier, at this time of year support may be slower than usual. Have you followed Namecheap rules regarding the abuse reporting? Maybe they consider your case as Fraud scheme and they will not assist you if report is not made to https://complaint.ic3.gov .
I have to admit it's strange that GitHub is reacted in that way, maybe they remove them, but they find a way to get back. Only thing we can do is to report them again.
Is there any progress in the investigation of your case?
yes there is - I will post the progress when it will not affect the investigation anymore 
this is funny (or not)
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
I think that for some people holidays have started a little earlier, at this time of year support may be slower than usual. Have you followed Namecheap rules regarding the abuse reporting? Maybe they consider your case as Fraud scheme and they will not assist you if report is not made to https://complaint.ic3.gov .
I have to admit it's strange that GitHub is reacted in that way, maybe they remove them, but they find a way to get back. Only thing we can do is to report them again.
Is there any progress in the investigation of your case?
this is funny (or not)
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
Namecheap never reacted to the ticket. GitHub seamed to have taken down the repository for some days. But now its up and running again.
And the scammer is online again:
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
It seems that cryptocurrency is not at the top of their list of priorities for now. If we consider how much total crypto market worth today, it is clear that they have some other priorities which generate much larger sums of money in terms of criminal activities. In addition, there is also the problem of education - to fight these threats we need educated people in the right places. One of the benefits of the Internet is anonymity, and we can see some bad people use that - they just switch form one hosting/country to another.
I report this site to : https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Let's shut them down as soon as possible
And the scammer is online again:
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
Yup I also see it... am also wondering how this continues to happen.http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
Also, I was just thinking, If we took the complaint to the GitHub team, is there a chance that they could take down the malware hosted on their website alongside with the criminal's account?
Not only that, but their registrar NameCheap & GoDaddy may be able to provide more information (https://who.is/whois/btcd.io)
Namecheap Abuse: https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how-and-where-can-i-file-abuse-complaints
GoDaddy Abuse: https://godaddy.com/help/reporting-abuse-27154
Github Abuse: https://github.com/contact/report-abuse
GH at the very least will remove the repo.
And the scammer is online again:
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
Yup I also see it... am also wondering how this continues to happen.http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
Also, I was just thinking, If we took the complaint to the GitHub team, is there a chance that they could take down the malware hosted on their website alongside with the criminal's account?
And the scammer is online again:
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
http://www.electrumdiamond.org/
I just want to know how domain registry services and international police can allow these criminals to go on with their activities.
Thanks for sharing the guide... This is new to me and I am glad I learned it from here. Better to take some time figuring out how to be secure than being sorry.
Yesterday I just did a google search on how people claim forks especially the recent Bitcoin Cash Forks and realized how so many people are vulnerable to getting hacked.
Incidents have been there where fake websites claiming to be official sites while offering fake wallets for download pop up out of nowhere. sometimes someone claiming to give a guide of how o claim the coins give a link to a fake wallet/fake website. Hopefully, will people get sensitized about such dirty tricks.
Yesterday I just did a google search on how people claim forks especially the recent Bitcoin Cash Forks and realized how so many people are vulnerable to getting hacked.
Incidents have been there where fake websites claiming to be official sites while offering fake wallets for download pop up out of nowhere. sometimes someone claiming to give a guide of how o claim the coins give a link to a fake wallet/fake website. Hopefully, will people get sensitized about such dirty tricks.
I am glad that you learnt something new. I do understand that some security measures may seem painstaking and one might be tempted to think that he/she is hack-proof as I normally think of myself sometimes
but i don't know what lies ahead so its better I take the pains for something than lose all my gains for nothing.
Sorry for your loss OP. I hope your doing well. 
Thanks for sharing the guide... This is new to me and I am glad I learned it from here. Better to take some time figuring out how to be secure than being sorry.
Yesterday I just did a google search on how people claim forks especially the recent Bitcoin Cash Forks and realized how so many people are vulnerable to getting hacked.
Incidents have been there where fake websites claiming to be official sites while offering fake wallets for download pop up out of nowhere. sometimes someone claiming to give a guide of how o claim the coins give a link to a fake wallet/fake website. Hopefully, will people get sensitized about such dirty tricks.
Jump to: