Pages:
Author

Topic: I GOT HACKED AND LOST 1 MILLION - page 5. (Read 25047 times)

legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
December 11, 2018, 05:15:01 AM
#56
Just checking back, this story genuinely saddens me, like genuinely. OP again, I am so sorry for your loss.
sr. member
Activity: 1878
Merit: 389
December 11, 2018, 08:08:44 AM
#56

this is surprising - when I checked the wallet with virustotal it did not show me any backdoors or viruses. Since I deleted the files (in panic) I only have the download links now. But I think your check is accurate.

It leaves another company to contact for information. See https://github.com/contact/report-abuse

Github may be more willing to give more information regarding the wallet repo & the account it's under.

The hacker(s) probably provided fake info to Github when signed up, but perhaps IP addresses might be helpful.
newbie
Activity: 5
Merit: 3
December 11, 2018, 08:07:17 AM
#55
Yup, I got fooled by it as well. I have all my crypto in cold wallets but have "small" amounts for trading on exchanges.
I checked the wallet with several AV's and scans before trying anything and I also monitored the network activity while running it, I didn't found anything suspicious.
The next day I was trading on Kraken, went for the dinner (I left it open, coz I believed it was a fast one...!), they noticed my absence and used the session.
The same day I monetized most of the crypto in that account and transferred everything to the bank, I have been very lucky or I would have lost a much bigger amount, they still managed to get the equivalent of 1.7BTC before I returned.

- They couldn't steal them while I was offline (2FA);
- They were obviously monitoring my activity to figure when I went away (they started about 30 minutes after I left my PC);
- They did everything "using" my PC (RD), including accessing to the email to confirm the address and the withdrawn;
- They promptly deleted the above emails (or I would have figured it on my mobile), I found them later in my trash folder;

Then I started to investigate the vector. Whenever I was confident that it was the wallet.. I was almost sure after have read this thread, that I found by searching the IP address used for the hack.
I found the IP address by looking at the raw processes running on my PC, and I found a notepad instance (that was only apparently legit) with network activity to the IP address reported in this thread: 46.166.160.158
The odd part is: even by knowing that I had a backdoor on my PC, and knowing exactly where it was, all the scan tools I tested (to figure why the virus/trojan wasn't caught in the first instance) failed. For the AV's (AVG, Avira, etc.) everything was fine, Antimalware found nothing.
Even by looking at the compromised app (notepad) everything appeared legit (and signed by Microsoft).
It's still unknown to me what kind of exploit or obfuscation they used, neither I know which kind or RD app they used (however this isn't much relevant).

Again, I was very lucky to have moved the money away from it, they must have noticed me moving the funds away and "risked" their move being worried that I would have emptied the whole thing, after all 1.7BTC is better than nothing for a robber!
hero member
Activity: 1582
Merit: 759
December 11, 2018, 08:05:38 AM
#54

this is surprising - when I checked the wallet with virustotal it did not show me any backdoors or viruses. Since I deleted the files (in panic) I only have the download links now. But I think your check is accurate.

It leaves another company to contact for information. See https://github.com/contact/report-abuse

Github may be more willing to give more information regarding the wallet repo & the account it's under.
sr. member
Activity: 437
Merit: 255
December 10, 2018, 06:28:48 PM
#53
OMG! That's enormous!, sorry for your loss, it would be of great help if you could elaborate where coins where held, is it a multi wallet(If Yes, which wallet ?) how it happen or what you could think have happened ? A malware installation, phishing site and or anything that is more specific.

The coins were held in these locations (order corresponding to the list in my first posting):

Currency   Place
DASH      Qt-Wallet on Laptop
BCH      ElectronCash on Laptop
BTC      Binance.com
BTC      Kraken.com
NEM      Simplewallet on Laptop
BURST   Desktop wallet on Laptop
BTC      Exodus wallet on Laptop
OmiseGo   Exodus wallet on Laptop
LTC      Exodus wallet on Laptop
BCH      Exodus wallet on Laptop
DASH      Exodus wallet on Laptop

Basically it was a stupid combination of failures. I use Windows 10 and tried to claim BTCP and BCD. Both with the Electrum version for their blockchains.
I used the same long password for different things - especially my password safe had the same pw as the DASH QT wallet. So after I started the Electrum clients (which I tested before with Defender, SuperAntiSpyware and www.virustotal.com) I had to do a little thing in DASHQT - that was it - the one of the wallets, most likely BCD, spied my password through a keylogger and the hacker had access to everything.
(there is no need to discuss the stupidity of using Win10, same passwords many times, storing 2FA codes in password safes or testing new software on a vulnerable system)


Sad this is so bad news, but where you had this altcoins? on exchange? or which wallet?

Check the table above. Kraken, Binance are exchanges, DASHQt is a local full wallet, Exodus is a SPV wallet, ...
jr. member
Activity: 108
Merit: 1
December 11, 2018, 06:48:47 AM
#53

this is surprising - when I checked the wallet with virustotal it did not show me any backdoors or viruses. Since I deleted the files (in panic) I only have the download links now. But I think your check is accurate.

they must have obfuscated the code.. only after the hack their signature was added to virus total db and such.. the probablity that other people got hacked from this same wallet is high!

Hope you don't leave crypto after this.. as other member said, you are healthy and still can make money!
member
Activity: 490
Merit: 15
December 10, 2018, 06:03:27 PM
#52
OMG! That's enormous!, sorry for your loss, it would be of great help if you could elaborate where coins where held, is it a multi wallet(If Yes, which wallet ?) how it happen or what you could think have happened ? A malware installation, phishing site and or anything that is more specific.

The coins were held in these locations (order corresponding to the list in my first posting):

Currency   Place
DASH      Qt-Wallet on Laptop
BCH      ElectronCash on Laptop
BTC      Binance.com
BTC      Kraken.com
NEM      Simplewallet on Laptop
BURST   Desktop wallet on Laptop
BTC      Exodus wallet on Laptop
OmiseGo   Exodus wallet on Laptop
LTC      Exodus wallet on Laptop
BCH      Exodus wallet on Laptop
DASH      Exodus wallet on Laptop

Basically it was a stupid combination of failures. I use Windows 10 and tried to claim BTCP and BCD. Both with the Electrum version for their blockchains.
I used the same long password for different things - especially my password safe had the same pw as the DASH QT wallet. So after I started the Electrum clients (which I tested before with Defender, SuperAntiSpyware and www.virustotal.com) I had to do a little thing in DASHQT - that was it - the one of the wallets, most likely BCD, spied my password through a keylogger and the hacker had access to everything.
(there is no need to discuss the stupidity of using Win10, same passwords many times, storing 2FA codes in password safes or testing new software on a vulnerable system)


Sad this is so bad news, but where you had this altcoins? on exchange? or which wallet?
sr. member
Activity: 437
Merit: 255
December 11, 2018, 04:32:38 AM
#52

this is surprising - when I checked the wallet with virustotal it did not show me any backdoors or viruses. Since I deleted the files (in panic) I only have the download links now. But I think your check is accurate.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
December 09, 2018, 04:41:01 PM
#51
OP I feel for you, my heart goes out to you.

Please try & stay calm as possible, you have lost money but you’re still alive & healthy. You can make money again in other ways in the future. Don’t do anything stupid.







I’ve seen similar things happen to a few others, it’ll be from trying to claim those shitcoin’s. Guys, let this be a lesson to all of you, please do not risk your bitcoin’s chasing forks. If you have to then send all your bitcoin’s to another computer or a hardware wallet.

NEVER download weird wallets on the same system you keep your bitcoin’s on.
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
December 11, 2018, 02:54:07 AM
#51
Sorry about what happened to you. This really hurts so much even for me to see someone loose their hard earned money.
I tried to do some small digging as to what may have led to you loosing all you coins and the fact is that BTC D wallet you download was the malware:

According to the wallet name you said you found in your download folder (Electrum-BCD-3.1.2-portable.exe). You definitely downloaded a Fake Electrum BCD wallet.

Genuine BCD wallet App - Electrum-BCD-3.0.5.3-Windows-X86-64-portable.exe
Fake/Hacker's BCD Wallet App - Electrum-BCD-3.1.2-portable.exe

It's now clear that you downloaded the app from the hacker's website; https://www.electrumdiamond.org/ instead of downloading from the official website of Bitcoin Diamond; https://www.bitcoindiamond.org/ [http://btcd.io]
Fake Bitcoin diamond's Certificate has even expired since 12/6/2018

I also noted that the Github user ElectrumBTCD from whom you downloaded the wallet file joined Github only 22 days ago and has only one repository. This is a complete redflag



Finally i decided to scan the said wallet on virus total;
https://www.virustotal.com/#/file/2d91fc6e2102ff0464ba43a1a956ed7854cb45cac8a18c354a8346f71a68dd6d/detection



My conclusion is this is the malware that got you funds stolen, whoever is behind it has your funds. Am not so technical in tracing people using ip addresses so i will just leave these here in hope that the info might help someone who is able to track back to the evil hacker or hackers.
newbie
Activity: 19
Merit: 1
December 09, 2018, 12:22:22 PM
#50
I'm sorry to hear this OP.  Did you by chance download your BTCD wallet from electrumdiamond dot com?

In May of this year (2018), I too was hacked by this malware wallet.  :-(

DM, if you would like to discuss.
sr. member
Activity: 437
Merit: 255
December 09, 2018, 06:58:10 AM
#49
...

I think that police international investigation is the best chance for you, and no matter how well-hidden hacker traces are - if there is a will and determination the hackers can be found. At the present time even most careful hacker leave some digital footprint, so I'm therefore confident that something will be discovered.

Did you maybe try to get out to the public (except forums) with your story, maybe only to crypto-related media? Maybe someone has a similar experience which can help in the investigation, or you case may serve as a warning to others, in a way to prevent someone else from being the victim in the same way.

I understand regarding monitoring stolen coins, it is good that you give them in public - maybe someone find some trace.

there was another case in 2011:      https://bitcointalksearch.org/topic/i-just-got-hacked-any-help-is-welcome-25000-btc-stolen-16457

back then they were not able to identify the hacker. This time there are some more traces and at least one responsible company who hosted the computer which was used for the hack.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
December 09, 2018, 06:20:36 AM
#48
...
So it's your best chance to do something to report you case directly to Lithuania police, in a way to get some good lawyer maybe. Lithuania is also member of EU, so if you are also from EU there may be some legal mechanisms through which you could also take legal action.

Lithuania is also member country of Interpol, maybe they can do something to help you track hackers.

yes right - the case is now in the hands of the police. I trust in them that they use the international investigation methods that they have. Due to the amount of money it is likely that they really follow the traces. Let's see what they can do.

I'm interested did you trying to track stolen coins on block expolorers? In some cases they can be tracked to exchanges, and in some cases they can freeze such coins if there is any doubt about corrupt actions.

I put the addresses into the public because many different coins are stolen and I do not have the capacity to trace all of them. I am quite sure the hackers do not use them in a way that it can be traced easily.

I think that police international investigation is the best chance for you, and no matter how well-hidden hacker traces are - if there is a will and determination the hackers can be found. At the present time even most careful hacker leave some digital footprint, so I'm therefore confident that something will be discovered.

Did you maybe try to get out to the public (except forums) with your story, maybe only to crypto-related media? Maybe someone has a similar experience which can help in the investigation, or you case may serve as a warning to others, in a way to prevent someone else from being the victim in the same way.

I understand regarding monitoring stolen coins, it is good that you give them in public - maybe someone find some trace.

hero member
Activity: 1582
Merit: 759
December 08, 2018, 10:46:26 PM
#47
...
So it's your best chance to do something to report you case directly to Lithuania police, in a way to get some good lawyer maybe. Lithuania is also member of EU, so if you are also from EU there may be some legal mechanisms through which you could also take legal action.

Lithuania is also member country of Interpol, maybe they can do something to help you track hackers.

yes right - the case is now in the hands of the police. I trust in them that they use the international investigation methods that they have. Due to the amount of money it is likely that they really follow the traces. Let's see what they can do.

I'm interested did you trying to track stolen coins on block expolorers? In some cases they can be tracked to exchanges, and in some cases they can freeze such coins if there is any doubt about corrupt actions.

I put the addresses into the public because many different coins are stolen and I do not have the capacity to trace all of them. I am quite sure the hackers do not use them in a way that it can be traced easily.

Based on the amount of outputs, I wouldn't be surprised if they mixed them to be completely honest.

That's a hard road to follow, I'd say your best piece of information at this point would be the attempted Gmail access by far (ie: the ip address you have)
sr. member
Activity: 437
Merit: 255
December 08, 2018, 09:00:31 PM
#46
The IP was released by Ripe, have you tried emailing their Abuse email address: [email protected]

ok thanks - I will
sr. member
Activity: 437
Merit: 255
December 08, 2018, 08:49:31 PM
#45
...
So it's your best chance to do something to report you case directly to Lithuania police, in a way to get some good lawyer maybe. Lithuania is also member of EU, so if you are also from EU there may be some legal mechanisms through which you could also take legal action.

Lithuania is also member country of Interpol, maybe they can do something to help you track hackers.

yes right - the case is now in the hands of the police. I trust in them that they use the international investigation methods that they have. Due to the amount of money it is likely that they really follow the traces. Let's see what they can do.

I'm interested did you trying to track stolen coins on block expolorers? In some cases they can be tracked to exchanges, and in some cases they can freeze such coins if there is any doubt about corrupt actions.

I put the addresses into the public because many different coins are stolen and I do not have the capacity to trace all of them. I am quite sure the hackers do not use them in a way that it can be traced easily.
hero member
Activity: 1582
Merit: 759
December 08, 2018, 01:46:16 PM
#44
The IP was released by Ripe, have you tried emailing their Abuse email address: [email protected]
newbie
Activity: 112
Merit: 0
December 08, 2018, 12:56:09 PM
#43
I'm sorry for your loss.

The of dash was sent in a lot of addresses but the last tx in chain of 8,147.263 Dash  are in this address
Code:
Xus9DmMmcL5K6N2vQwuB7fHZms2XhAVvEC
https://chainz.cryptoid.info/dash/address.dws?Xus9DmMmcL5K6N2vQwuB7fHZms2XhAVvEC.htm

I will search for all coins later.  Maybe someone can contact exchange to ask if this address belongs to an exchange
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
December 08, 2018, 12:04:03 PM
#42
Please ask www.vpn.ac provider as they might own the range as its known that 46.166.161.227 is their VPN server in Siauliai. (and the hackers IP is 46.166.160.158)

I was thinking that surely someone couldn't be dumb enough to use their own IP for a hacking attempt. I know people are dumb but that'd be a new level...

It's likely it's owned by a vpn or someone providing a hidden service such as tor or open vpn also (less lists will be kept of these too).
full member
Activity: 484
Merit: 124
December 08, 2018, 10:02:41 AM
#41
Sorry to hear that but putting all crypto in one platform is not recommended.
Personally I have several wallet where I store the fund so I'm not experience too much loss if got hacked/loss
Pages:
Jump to: