Topic: I GOT HACKED AND LOST 1 MILLION - page 4. (Read 25034 times)

@npole2000
that is the reason that security is very expensive for companies and anyone else

I use (multiple) hardware wallets.. or I would have lost everything.
I also use a dedicate PC to do my crypto stuff.
I'm also not 100% noob concerning the computers/IT stuff.

And considered all the above, howsoever, I still get robbed of something.
Analyzing the situation AFTER it happened, it's easy. There's like ten things that I could have done differently to avoid it (of course!), but the point is that a life is long a life... and sometime you can't be perfect every single day, otherwise we will live in the paranoid and fear.

- I should have paid much more attention to the wallet used, opinions on Reddit, guide on the web, an apparent legit website weren't enough.
- The fact that no AV/scans found anything wasn't sufficient to call the file safe.
- I could have used a VM to do this stuff (I have like 5 VM's installed on my machines, that are only a click away);
- I could have paid much more attention to how to use my trading platforms (leaving it open while not being at the PC is stupid if looked after..);
- And finally the luck (unluck): my daily hours (and dinner time) are normally different, that day I got delayed by other stuff, in 99% of others cases I would have been at the PC soon enough to block it before;

It's all about "imperfections" concatenate with each other and I consider myself very lucky to have adopted hardware wallets from the very begging and using 2FA on every exchanges, so while I learned a lesson for "cheap" (cheap if compared with your amount) I won't consider myself "completely stupid", I'm not perfect as every other human, maybe for the next months.. years.. I will pay much more attention than usual, but i'm sure that one I eventually forget to be extremely paranoid and I may do the same mistakes again.

My idea is: don't be a complete bloke (in example: don't leave your wallet full of money on a bench in a mall), but neither don't start to be paranoid (don't hide your money in a cave, under a rock, protected by lions), because if you start to be extremely paranoid you won't live anymore. so where you hide your hardware wallet seed? What if someone will find it? Did you split in 4 parts sending it 3 places around the world? do you remember all the 24 words by memory? What if your memory will not be good anymore? And stuff like this... you will always live with an "acceptable risk".

Did you download the suspicious wallet listed here, or are you just speaking generally?

If you have the real checksums they can be used to check the real executable. But what would prevent a scammer from creating new hashes for his malicious software? If the executable would be downloaded from his site then the hashes would also be from there.

Because of that I can just recommend anybody to use a dedicated device or hardware wallet for cryptocurrencies - do not expose your funds to thiefs and scammers. I wish I had taken these precautions myself in time.

Windows 10 is dosen't matter but your biggest mistake was you claiming BTCP and BCD i think because you kept holding 1m USD this is not a joke. 1 million is the massive amount in bearish market. You can set google 2 factor authentication for highest security. Lithuania is European country but IP is very complicated.

Couple days ago I dont know which day exactly somebody tried to hack my mobile phone with MMS.Somebody who know me very well but dont know who.Everybody here should be careful in your facebook friend list is probably at least 1 hacker.Never trust to nobody 

Going through the previous comments especially that of npole, I now understand that the attacker(s) used some really good obfuscation techniques to bypass detection systems.
I also believe that the attacker got a legit version of the Electrum BCD wallet and then modified it to contain his malicious payload.

I think a good prevention mechanism everyone should note is how to do data verification. In other words, I mean verification of MD5, SHA-1 and SHA-256 hashes. Its some cryptography stuffs!

So for an example, if Electrum releases a new version of software, they also release the checksum, which are random strings of text. Now, If I download that new release and I want to ensure file integrity, I run a hash function against that file and compare the result to what was shown on the official website; if they match, I then know that it is legit. If not, I know that it has been tampered with.

Its kind of what I think is best practice for critical systems such as where you store your financial data.

There's no way both the legit Electrum and modded Electrum's checksum can be the same except if you were MITM'ed whilst visiting a non-https site.

A way to do this on Windows:
Open up Powershell and use the command:
default is SHA-256

To specify the hashing algorithm, (based on the official site's specification)

and then compare the result to the hash the official site released.

Linux users: (Any of the three depending on which you want to view)

Stay safe, all.

And considering the amount, the case actually might stand a chance. It seems there are quite a few people who have been affected, a class action may be the best route of action.

they are not obliged to any law enforcement other than their local in a first glance. But if they provide knowingly a platform for scammers, criminals and maybe terrorists then they will see how quickly they will be involved in international criminal cases also in other countries and compensation requests.

if this link help you https://bravenewcoin.com/insights/csi-crypto-can-victims-recover-stolen-coin

npole2000 by what you wrote in your posts it seems that you possess fairly good knowledge regarding cryptocurrency and PC/online security. Unfortunately, you made just one mistake by downloading that fake wallet (if this is way how you get infected). In past such fake wallets only could steal seed or private keys, and now they become even greater threat. Because of that I only claim BCH via ElectronCash (https://electroncash.org/ is only legit site), and all other BTC forks have never been too important to me.


This is good move since you have that option, honestly I did not even know such option is existed in EU (for some reason only Denmark is excluded). By the answer Cherry Servers give to Valerian77 they are not obliged to disclose such information to anyone then "local law enforcement agencies in Lithuania".


I hope European Small Claims can be of assistance in such a situation, be sure to let us know how the situation develops.

Tnx. And yes, I spedicified: "Due to the low amount involved I can use the EU small claims...".
That's the amount they stolen from me, and that's the reason of why I'm proceeding against Cherry Servers. In the end I'm interested to have back my money, I don't care who will pay.

EU small claims is only for claims up to 5000 EUR. But sure I will give you the conversation with Cherry Servers.

I'm opening a legal complaint against Cherry Servers.
Due to the low amount involved I can use the EU small claims (no lawyer is needed and it's all electronic).
Instead of pursuing the hacker (I believe Valerian is doing it already), I will try to recover my money from Cherry Servers proving their negligence.
The evidence to support the thesis is about the fact that Valerian contacted them about the illegal activities running on their servers, giving enough information to identify the customer and while they didn't wanted to disclosure the customer identity (perfectly legal without a court/police mandate) they didn't reacted, neither they care to check the server, leaving it operative for several days, so leaving the criminals doing more damage (including to me).
I may have more chance to settle this due to their negligence, than try to find the "hacker", because it would cost me more money in lawyers than what they robbed.

The EU law exonerates the providers/host of the illegal activities conducted on their network/servers provided that they are unaware of it, while obliges them to react immediately as soon they became aware of the illegal conduct. The email sent by Valerian is clear evidence that they became aware of it, but not having reacted immediately, they became co-responsible of every subsequent damage. Hopefully it will make progress.

Honestly I will not investing much time in this, I mean I won't go in Lithuania to talk to them, and surely I won't spend another cent on this.

@Valerian: if you may provide to me in private the original conversation you had with Cherry Servers, it will greatly help!

I downloaded the fake BCD wallet, i think it was Electrum-BCD-3.1.2-portable.exe from electrumdiamond.org (that is now closed/suspended).
What fooled me was the guides on Reddit to claim your forks.
Of course I downloaded the malicious software, I'm a little surprised that the AV's didn't caught this as apparently it's pretty old, not 0-day stuff. However still my mistake, I shouldn't have used the PC where I trade.


I limit the firewall usage coz I'm behind a NAT, while you still exposed to the outgoing connections that can be exploited only by a malicious software running on the PC, that is the case. It's the first time that a file passed through my checks and scans. I would have probably authorized the wallet network traffic anyway ...maybe the firewall would have caught the RAT after the installation, but it's all assumptions here.

What I know is that even while knowing the infections, no scan have found it (I also give it a pass with malwarebytes), I had to trace it back "manually".

And it wasn't a traditional RAT, there was no "fake" app starting with my PC, and no port listening (it wouldn't have worked while behind a NAT without a proper port forwarding or uPNP). It was the app calling the remote server from my PC, and the app was a perfectly legit instance of notepad. I mean if it wasn't for the network activity, I would have never found it.

So they well obfuscated the code to not get caught, and used notepad as wrapper (proxy) to run the malicious code (you run the legit process as suspended, and they you gonna use the allocated space to run your own code).

Am sorry for this... Cases like this are not always palatable. I could remember a frirnd that lost his lofetime investment to hackers. I think the best security measures is to keep ones key offline in a place no body elses have an access to. I wish you a quick recovery from this.

ok - do not forget all the other scam wallet like fake BTCP etc. Nothing is safe before you are 100% sure about the source of an executable. And in case its possible that no virus protector shows an indication

Feel so  sorry for OP. A few days ago, i made an article of how Not all crypto apps in App stores are safe. I didn't give much on other wallets and apps in Github but reading through your story, this is even more serious than phishing attempts through fake apps. Am going to update my thread using this experience (i hope it's okay) with major focus on the app in question so that new users can know how grave this matter can be.
I wish you all the best in an attempt to try and net that/those culprit(s)

Oh there's no doubt they faked info. But an IP may correlate to one of the attacks.

Doing a quick WhoIS pulls up NameCheap as their registrar.
https://who.is/whois/electrumdiamond.org

I'd contact their abuse email as well to see if they can assist at all.
It seems the domain was registered more than a year ago: you may be able to find cached versions of their DNS.

http://research.domaintools.com/research/whois-history/search/?q=electrumdiamond.org