Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 14. (Read 381641 times)

Do you still have that PM. I'd like to know the link to that site. Can you PM it to me?

You are correct.

I compared the bitcoin executable to the same version number that was posted on sourceforge. 
But then again, your question needs a blind trust in me (or some other auditor), unless you are willing to audit yourself.  In addition, this whole system is based on open source software that should be audited by a trusted auditor.  I didn't audit the source of Bitcoin, and don't personally know and trust anybody who did.  Did you?

The risk is that LinuxCoin ISO is spitting out "predictable" wallet ID's.  You can create your own wallet file manually if you want.

LinuxCoin was created by some people in the Bitcoin community with reputations.  I don't personally know drgr33n, gnukix, Davidonpda, or Xenland.  So don't trust my recommendation. Use your own judgment.  I'm not making paid endorsements, I'm just suggesting what looks like a reasonable path.

Your described method need a blind trust on LinuxCoin ISO.
Did anybody audit it ?

1. Download LinuxCoin ISO.
2. Put LinuxCoin ISO on a CD or USB device
3. Turn off PC  (hard for you guys, I know!!!)
4. UNPLUG PC from Network, and turn off any wireless open access points
5. Boot from the LinuxCoin CD or USB device
6. Run Bitcoin Client - a random wallet is created
7. Record the Bitcoin Address (public key) that is displayed in the client.  You can write it down, or store it on a CD or USB drive that is "ok to contaminate".
8. Exit the Bitcoin Client
9. Store the wallet.dat file on multiple CD's and a USB device.  heck, print it if you want.  Virgin wallet files are small enough.  These are "NOT ok to contaminate".  Never let these touch a PC connected to the internet.
10. Power off your PC.  The wallet file Never touched your hard drive (since LinuxCoin is all RAM based).  
11. Remove all your media that is "NOT ok to contaminate"
12. Power up your PC as you normally would.


At this point you have a "savings account wallet".  Any time you want to put away money for a rainy day, send BTC to the address that you recorded in Step 7.  You can verify your account balance or see all transfers via BlockExplorer.

Take your CDs and USB devices and paper, and store them in several safe places far apart from each other.  Include instructions for your next-of-kin.

If you are super paranoid, feel free to encrypt your wallet (between steps 8 and 9) , but as others have said, this is risky in that you may forget your pass phrase.  My recommendation is that if you encrypt it, you store with it some clues to your pass phrase that only you would know.  For instance "My pass phrase is the one I used in 2011.  It has 8 words.  It has to do with my favorite song and that wench girl who dumped me in 5th grade" (or whatever)


Option 2:  If you trust me, contact me, and I'll create for you 2 virgin wallets, each with 2 CDs, a USB device, and a paper printout, using the above technique.  One is for you to practice with (maybe with .5 BTC, to make sure you can recover later), the other is your permanent Savings Vault.  I'll delete any copies I have, and so if you lose it, you're on your own (i.e. you're screwed).  The benefit is, you don't have to worry about the security of my copies.  You can randomly select one of the two as practice, to make sure that withdrawal from your "savings account" will be straight forward.

I'll do this service for anyone, for 2.5 BTC (while 1 BTC is in the $20 range), including shipping.  If you receive the package un-tampered, you should be safe.  Contact me if you are interested.

oh.... that is so....  did you mine these 25.000?

Yeah maybe there should be a default encryption on the wallet....
For everyone wanting to encrypt your wallet, I wrote a little script to mount the truecrypt volume conveniently: http://rn0.ru/show/jrfH6yLK84YQvC7jx0wK/

Where is this posted?

The thief is probably reading this thread, too. I have to say that it is the lamest thing ever to rub someones 25k btcs. I hope all bad things he ever did are coming back to him and he never will be lucky until he sends the money back. It would be gentleman like to do this or at least >75% I think allinvain would give him a suitable finder's reward and both can sleep well again.. .

@allinvain, some days ago I got a PM from a spammer that asked me what is the best miner. it included a link to a website that hosted all recent miners and the official client - but probably infected because even the official client was hosted on this space. You have never downloaded something from such a site !?

btw: this thing is on the top at Germans biggest it-magazine/site, http://www.heise.de/newsticker/meldung/Bitcoin-Diebstahl-Eine-halbe-Million-US-Dollar-weg-1261046.html

That's what I eventually will do - use a brand new usb stick on a machine that I feel reasonably sure that it's clean - maybe even from within a vmware image running on that clean machine.

Funny you should say cause a lot of people are saying that physically printing the keys and storing them in a safe is a super secure method of protecting your balance. I worry about what if someone steals or breaks into the safe. I'd think an encrypted USB stick would be better - unless the encryption can be broken via brute force.

Are you serious? Maybe use some kind of file storage device to move Bitcoin onto the computer's hard-drive? Or you could download it and then turn off the internet forever.

Printing keys would make them as insecure as cash. It's close to the worst idea.

Thus far it looks like I was hacked by the Anonymous group?

Actually, i meant VNCing to the VM from a laptop.
VNCing from the same comp would have no sense as the keyloggers/screen capture/mouse movements capture would kill it.

But VNCing to the bottom layer from outside should be safe enough.


Well, i didn't say this is the most secure way, i just said it is more secure than having single layer protection on a single computer.

The "separate minimal machine for Bitcoin only" is of course superior to everything.

That's a very good idea. It should be a bit cheaper than a dedicated custom build device, but I still think later on down the line we will see such "bitcoin wallets" appear on the scene.

Hacker "th3j35t3r" gets $500K Twitter twit thief to expose himself

Interesting thing

Or just buy a used Android phone off of Ebay, and install your custom client with the cell radios turned off.  whenever you needed to update the blockchain or otherwise access the p2p network, then turn on the wifi radio and connect temporarily.  The truly paranoid could open up the phone and de-solder the radios other than the wifi.  Or the really paranoid could de-solder them all and only use a usb cable to connect to the p2p network.

If bitcoin becomes the future currency of the world you can bet retina scanners will become more common. That and you'll see a lot more people with eye patches. Ok, I am just joking around.

I face a dillemma here. How do I get the bitcoin client into a non internet connected machine? This is assuming that you can never 100% trust the computer you're using to download the client. Along each step in the process of securing your bitcoins there is a small but every so slightly possible risk. Heck the client itself could be compromised. A hacker could break into the sourceforge servers and cleverly attach a payload into the official client. Guess how many people would not notice until it was too late.

I think the safest and most paranoid idea I've head so far is to physically print your private keys. I am even tempted to print them on a freaking gold plate!

What I thought of is an actual bitcoin wallet device. It would run a minimalistic version of the bitcoin client in firmware (naturally encrypted and password protected). All inputs would be via touch screen via the use of one of those secure keyboard apps. This device could be connected to the internet but only via a physical connection. And further it could only connect to the bitcoin network and have no other tcp/ip capabilities. The device should also be physically hardened. Also a "wallet backup" feature should be available and a simple usb port should be there as well.

Honestly I don't care about that. I would've had to pay taxes anyway if I cashed out. Which at the time I was stubborn and did not. Now that I think about it I should've just sold nearly all of them. Me and my big bitcoin business dreams..pff...

Well every "average joe" that I know has a retina scanner! 

All you need for a practically foolproof secure wallet is a computer that never touches the internet and a little effort on the users part.

A savings account that can be accessed if needed. Like buying a safe or renting a safe deposit box.

Put fewer Bitcoins on a spending account that is less secure. Like carrying cash around daily.

But that's still putting all this money into a single basket, bitcoins. It does not matter if it's stored in different wallets, it's the same currency. If the exchange rate collapses or something happens to the currency, you have 25,000 BTC valued at $0.

I invest all of the $ salary that I don't spend, I invest into other areas half of the $ earnings I get from trading, it's a common sense security against something going wrong. Even if you lose all your earnings or they got stolen, you still have whatever you invested into these other areas, which with time represents the majority of your capital.

Hmm, don't you think this will take away from the decentralized nature of the bitcoin monetary system? In the end this is what must happen in order for bitcoin to gain mainstream acceptance. You have to trust someone else other than your self, but that may be the price you have to pay. In that case it would be wise to spread out your bitcoin savings amongst several of these security experts and whatever bitcoin banks they will eventually operate.

This is a crazy idea but we need some form of unique physical form of ID or way of signing your private keys - say retina scan.

You can expect to pay capital gains taxes on that sum, if it is recovered.  If not, then claim it as a loss on your taxes!

A VM truecrypt that uses an on-screen keyboard that is randomly scrambled with each startup.  User clicks in his passcode.  Keylogger fails, mouse recording fails, screen capture does not fail.

Speech to text?  Soundcard sniffer?