Author

Topic: I got hacked, I need your help.... (Read 561 times)

newbie
Activity: 75
Merit: 0
December 17, 2020, 01:56:29 PM
#23
same thing happened with me in Nov 13 2017 and hacker was same .He controlled my pc too .

it was my transaction https://www.blockchain.com/btc/tx/cc2823f5f260d4dabe6c795071c4c1273203c5078a1d33a40b7ffa0d6a20b3a6
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
September 22, 2019, 03:02:28 PM
#22
Honestly feeling really bad to hear something like this. Its always unexpected to face this kinda situation. I will suggest you to clean your PC as soon as possible and obviously you should increase its security before using any kinda crypto wallet again. If you still continue with your old device security system then obviously hacker will try to get access again.

Your device security is the priority now and after then you should increase your current wallet security to get rid off this kinda hacking attempt in the future.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
September 22, 2019, 07:50:29 AM
#21
The evidence is all over the place.
Can't you see? He didn't know how that app was installed and the 2nd screenshot displayed that it has been used or still active.

You are right, didn't see the OP screenshots...
legendary
Activity: 2170
Merit: 1427
September 22, 2019, 05:37:01 AM
#20
1Referee, I would not say that only reason why people keep their coins in desktop/mobile wallets is because of money which needs to be invested in a hardware wallet, but also because most of them are not even aware that such security solutions exist at all.

On the other side, we have ignorance with a completely wrong premise about what is cryptocurrency. As a result of that, many crypto users do not realize how challenging it is to be their own bank.

Fair points. Ignorance is a big factor indeed, which comes to show how not ready we are to onboard the average joes of this world. In that regard, it also makes sense for centralized entities such as Coinbase and Bakkt to offer custodial services, because the gap between a clueless crypto enthusiast and someone who knows how to be his own bank in a secure way is massive.

I know Bitcoiners don't like them, and that for a good reason overall, but these wouldn't exist if the demand wasn't going through the roof, hence these entities holdings billions on behalf of all sorts of holders.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
September 22, 2019, 04:44:00 AM
#19
I don't think the hacker had full access to OP's computer, being hacked by a trojan or something like that is unlikely IMO.
Yes it is.
Check the link in my previous reply.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
September 22, 2019, 04:32:20 AM
#18
1. Hacked SEED: Because even with remote access, the hacker can't still decrypt your wallet.
Where did you keep your electrum SEED? in your email, cloud disk or local disk?

I don't think the hacker had full access to OP's computer, being hacked by a trojan or something like that is unlikely IMO.

It is so much easier to just get the user SEED on a gmail draft or something like that.Most people do not hand the seed with proper care.
THe hacker could have got access to the seed long ago and he was waiting the wallet to be funded....

Anyway, I wouldn't be so sure about that remote access from the hacker, unless if there is some evidence of that.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
September 22, 2019, 03:00:14 AM
#17
They answered that this isn't their address...
At last, you replied.
First: "Remote Utility - Host" is a legit application, it was just installed by the hacker/malware/virus to view and control to your PC using the client.
The main malware/virus must be something else, installed though other means like browsing/download.

Your case was exactly the same as this one: forums.malwarebytes.com.
But the case was closed without an answer.

I use electrum which was password protected and I used these coins every day but last week or so I wasnt using them. I rus some exchanges and needed whole amount, that's way i didn't put on ladger.
There are two possible scenarios:
1. Hacked SEED: Because even with remote access, the hacker can't still decrypt your wallet.
Where did you keep your electrum SEED? in your email, cloud disk or local disk?
2. Keylogger and manual operation: When you're AFK and the PC's idle, the hacker installed keylogger using remote access, disconnect then wait for you to use your wallet;
Waited for another AFK cue, then he controlled your PC to manually send the transaction since he already have your passphrase.

Seriously, "needing the whole amount" isn't an excuse to not-to-use you ledger.
It's not a hassle to plug the device to sign a transaction, it's safe as long as you review the addresses of the transaction that you're signing.
legendary
Activity: 3808
Merit: 1723
September 21, 2019, 04:05:30 PM
#16
This is why I stopped using Windows 10. Its full of bugs and backdoors. And even if it isn't then your browser most likely might not be fully secure and you can get some malware installed that way.

Its good that you are using a hardware wallet but for the coins you need to temporarily store on a hot computer, try using a different OS and maybe a different computer that you don't browse random websites with that might install something behind your back.

You seems to have a good knowledge of security and computers so the thief must of been pretty clever to get away with this. Its good that you used 2FA on your exchanges or most likely he would of stolen those coins also.
member
Activity: 91
Merit: 11
I'm here for BTC trade and solving tx problems.
September 21, 2019, 03:14:18 PM
#15
Quote
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

They answered that this isn't their address...


I use electrum which was password protected and I used these coins every day but last week or so I wasnt using them. I rus some exchanges and needed whole amount, that's way i didn't put on ladger.

Where I collected and installed his "tool" I really don't know but I know that he hacked my email which I only use for random stuff and when I wanted to login on some site it showed him on my email that someone with that IP wants to login and it was obviously my IP and he easily connected to remote...

Non of my antiviruses did go off or anything was alerted, but when I realized my email was hacked I immediately changed my IP. How he logged in on my electrum I really don't know. PC is now secured and everything is under my control.
BTC are gone, lesson learned, this was expensive one.  Angry



That was remote tool

This was log from that tool


legendary
Activity: 3052
Merit: 1273
September 21, 2019, 09:02:35 AM
#14
What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I don't think that's much of a problem if you for example use a hardware wallet where you physically have to confirm or reject value movements. In that regard, my question would be why OP didn't use a hardware wallet.

People quite often look at the initial purchasing cost and think they can avoid dealing with that by simply using a desktop/mobile client, but that's never a good idea as we can see from the many examples of how people lost their coins. The $100ish they try to save by not purchasing a hardware wallet leads to a loss of thousands of dollars worth of crypto. Pretty sad.

All in all, this looks to me as a lesson learnt. I don't know how many times users such as OP will be suffering from such issues as there's always a new type of scam taking place every single day trying to drag away your money out of your hands. Some people also don't have money to buy that much maybe because they could be from a third world country and/or not too much interested in crypto or have very less (not even $50 worth of BTC or alts) held in their bags for which they don't prefer to go for any hardware wallets.



..... As a result of that, many crypto users do not realize how challenging it is to be their own bank.

That's true, the sort of security we need to take care of is very high in front of what people believe it is. This platform is new and so, chances of getting hacked and scammed are reaching newer peaks every single day with more and more adoption as it's all about getting exposure of these unknown buddies (those who don't know about anything technical) to these highly professional hackers who know how to get into somebody's wallet and get the coins. When we say we are our own bank by using crypto, we really do understand the level risks it possesses and when we put a step in, it's better to be cautious than hell in order to save our everything that's kept in our PC.

Quote
Best thing you can do now is to format disk, your OS is completely compromised.

Don't forget to ask him not to save his old Windows.dat (old data) of the previous OS.

@OP, What I didn't get is - when you clicked that suspicious link, wasn't there any Antivirus in your PC that may have stopped or warned you for not visiting there?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
September 21, 2019, 07:49:40 AM
#13
1Referee, I would not say that only reason why people keep their coins in desktop/mobile wallets is because of money which needs to be invested in a hardware wallet, but also because most of them are not even aware that such security solutions exist at all.

On the other side, we have ignorance with a completely wrong premise about what is cryptocurrency. As a result of that, many crypto users do not realize how challenging it is to be their own bank.



Short story is that he installed somehow backdoor on my PC and he hacked one of my contacts so he can send link which when I was using give him my IP address. He remotely connected to my PC and empty my wallet. How he entered my wallet is a mystery to me...

Hacker did just what you let him to do, and the real question is at what point you click/download something bad on your PC. You are very likely infected with remote access trojan (RAT), and with that hacker is get full control over your PC.

Best thing you can do now is to format disk, your OS is completely compromised.
legendary
Activity: 2170
Merit: 1427
September 21, 2019, 04:02:00 AM
#12
What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I don't think that's much of a problem if you for example use a hardware wallet where you physically have to confirm or reject value movements. In that regard, my question would be why OP didn't use a hardware wallet.

People quite often look at the initial purchasing cost and think they can avoid dealing with that by simply using a desktop/mobile client, but that's never a good idea as we can see from the many examples of how people lost their coins. The $100ish they try to save by not purchasing a hardware wallet leads to a loss of thousands of dollars worth of crypto. Pretty sad.
legendary
Activity: 3052
Merit: 1273
September 20, 2019, 05:40:58 PM
#11
What made you keep all your coins in the same wallet is the first question that strikes my mind badly.

I believe this address was also involved in some HYIP investment activities like BitRegal (and maybe the admin was the guy himself who stole OP's funds)

Whole story below, please search for this address on that page: 12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
https://x-invest.net/forum/thread-bitregal-10-daily-btc-only-13254?pid=184427&mode=linear

I've checked walletexplorer too and it's very strange that it is just a single address and no more addresses are in that wallet which made me believe it couldn't be of an exchange (maybe).
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
September 20, 2019, 04:50:23 PM
#10
At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.

No harm done, but they still need to move quickly to get a police report because third parties don't have the authority to freeze funds indefinitely. This is Binance's policy for these situations:
Quote
The victim must provide a police report within 24 hours of filing the support request.  From there, Binance will work directly with law enforcement to handle processing of the funds.

That's neat, I wasn't aware that some exchanges already have publicly available policies about such cases.


Bitcoin payments are supposed to be irreversible. What do you describe could be compared to a 'chargeback'. In terms of abuse like merchands are abused with PP.
OMG if companies start to accept to do such practices then, it will be exactly like Paypal.
You buy something, wait for the item to be shipped, and then contact the platform to say "hello, I've been hacked here is a signed message!"

That's why the endgame is getting rid of exchanges altogether Wink Either way Binance's 24 hours until a police report has been provided still beats PayPal's 180 days based on nothing. How coinpayments will handle the situation is a different matter however.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
September 20, 2019, 04:50:09 PM
#9
It seems the owner of that address scammed many people.

That address is also mentioned from this link below.
- https://www.complaintsboard.com/complaints/orbest-investments-pm-u7777777-c754714.html

It seems it's connected to "ORBEST INVESTMENTS LTD" there are many people scammed according to the link above most of them telling that their perfectmoney account was hacked and transfer to many different addresses including the address mention above.

It seems that the hacker is an expert on hacking.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
September 20, 2019, 04:33:35 PM
#8
this is the transaction he made from my wallet:
https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4
this is his address
12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

Bitcoin payments are supposed to be irreversible. What do you describe could be compared to a 'chargeback'. In terms of abuse like merchands are abused with PP.
OMG if companies start to accept to do such practices then, it will be exactly like Paypal.
You buy something, wait for the item to be shipped, and then contact the platform to say "hello, I've been hacked here is a signed message!"
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
September 20, 2019, 03:59:22 PM
#7
At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.

No harm done, but they still need to move quickly to get a police report because third parties don't have the authority to freeze funds indefinitely. This is Binance's policy for these situations:
Quote
The victim must provide a police report within 24 hours of filing the support request.  From there, Binance will work directly with law enforcement to handle processing of the funds.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
September 20, 2019, 03:45:44 PM
#6
But IMO you should find out exactly how your computer was compromised and how to secure your computer rather than track a hacker where you can't sue him or get your Bitcoin back.

I agree. Those bitcoins are out of your reach, as the are already in another country exchange, so it is going to be hard to get them back

I would format my computer and buy a hardware wallet, such as ledger nano or Trezor


How do you know it's a Coinpayments wallet? I don't see it labelled anywhere.

I looked at many websites and couldn't find any relation to coinpayments as well.

I only found this website from bitshares telegram, where this address in mentioned in a conversation in  2018

http://bitshares-telegram.blogspot.com/2018/11/1541800808.html
Quote
Exchange16:07:26 - 07 Nov 2018 [UTC]
1) Blockchain https://www.blockchain.com/ [email protected] 8e397053-91a3-4465-838c-a66579276b80 Protect_Dolphin.1976!!@ Secundary Password: 19802503 Bitcoin: 12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ Ethereum: 0xf00bc43cDe17F04ca9C78f1025bfFa72b99B5ef8 ------------------------------------------------------- 2) Perfect Money https://perfectmoney.is/ [email protected] 3578346 Protect_Dolphin.1976!!@ U5532137 ---------------------------- 3) Payeer https://payeer.com/en/ [email protected] P74479156 JOPd90f-p32joip&(pk[324t7879709)&jih324t7656 Master Key 526 P74479156 ----------------------------------------- =========================================== Webamil http://webmail.obmen-om.com/ [email protected] Protect_Dolphin.1976!!@ cPanel2fa Recovery Key - UWCS7OQXK5N3XIF ----------------------------------- Tutanota Mail https://app.tutanota.com/#login [email protected] Oldpass ================================================
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
September 20, 2019, 03:44:58 PM
#5
At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence.

For getting back their coins most likely. But if coinpayments is indeed the exchange that received the coins there's no harm done in contacting their support and triggering an investigation. Best case the account containing the stolen coins gets frozen until matters have been clarified.


But IMO you should find out exactly how your computer was compromised and how to secure your computer rather than track a hacker where you can't sue him or get your Bitcoin back.

OP should also wipe their computer and reinstall or factory reset their operating system. Otherwise it's quite likely that the attacker has yet another surprise in store. It would also be smart if OP changed passwords afterwards.
legendary
Activity: 2758
Merit: 6830
September 20, 2019, 03:43:03 PM
#4
Which wallet are you using?

The address has been mentioned here aswell: https://www.reddit.com/r/Bitcoin/comments/bgrius/daily_discussion_april_24_2019/elp0ojx/ (talking about some Blockchain.info scam).

Do you use Blockchain.info's wallet?
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
September 20, 2019, 03:37:23 PM
#3
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .

How do you know it's a Coinpayments wallet? I don't see it labelled anywhere.

At the very least, Coinpayments -- or any third party service -- will require a police report. That's hurdle #1 for the OP, and time is of the essence. Recovery is unlikely and Coinpayments isn't known for responsiveness.


Did all the inputs in that transaction belong to your wallet? Or is it possible he imported your private keys into another wallet?
hero member
Activity: 2814
Merit: 911
Have Fun )@@( Stay Safe
September 20, 2019, 03:28:19 PM
#2
this is the transaction he made from my wallet:
https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4
this is his address
12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
Looks like the coins are sent to a coinpayments wallet, you can contact them and explain your case and they might block the account or if you are lucky enough and if you could provide evidence they might help you in recovering the coins. I have seen coins being recovered after the hackers sending to exchanges in the past, the faster you contact their customer support and state your case the better .
member
Activity: 91
Merit: 11
I'm here for BTC trade and solving tx problems.
September 20, 2019, 02:44:41 PM
#1
Few days ago my PC was hacked and I can't do shit about it... Guy who did it was skilled and he know what to do and when and how...
Short story is that he installed somehow backdoor on my PC and he hacked one of my contacts so he can send link which when I was using give him my IP address. He remotely connected to my PC and empty my wallet. How he entered my wallet is a mystery to me...

Now I need for you to help me out with tracing this wallet address, seems to me this is some kind of exchange or something. Take a look maybe some one can help...
I know there isn't much to do but maybe someone is familiar with this address.

tnx for your time.

this is the transaction he made from my wallet:

https://www.blockchain.com/btc/tx/b42c2c5096f0003a88a700cb7c9dd246f1f2b79d6bd53f88f08fa24ed3b053d4


this is his address

12HfRnx47gQnnYn9Q3Zpiuzzv6yzXTKMEJ
Jump to: