Pages:
Author

Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 2. (Read 381841 times)

mrb
legendary
Activity: 1512
Merit: 1028
And all someone would have to do is some quick laundering if they noticed some of the coins they had were on the list.  Sending them to a couple of exchanges, then back to themselves would suffice.

Hum, no. In fact, the moment you send stolen coins to an exchange is the moment you can get caught and linked to a personal identity. In the method I described, stolen coins would be tracked by the Bitcoin client, including the clients used by exchanges/merchants to receive payments.
legendary
Activity: 3080
Merit: 1083
Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!
I don't see much profit in it.  There's no way that such a company could recover the funds, even if they were labeled as stolen.  And all someone would have to do is some quick laundering if they noticed some of the coins they had were on the list.  Sending them to a couple of exchanges, then back to themselves would suffice.

That said, I would like to build a tracker program with some reasonable statistical analysis.  People would be able to outsmart it, but for the most part, you would be able to see what addresses/coins are associated with a particular address.  It would be a fascinating analysis for sure.

You're definitely right, the nature of bitcoin makes it easy to launder funds. I'd certainly like to demo your tracker program Smiley Good luck with it!

legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
Re: I just got hacked - any help is welcome! (25,000 BTC stolen)
$5 flash drive w/ multiple wallets in non-default locations
Windows 7, third party browser like Opera, and AV
Even more serious? Bitlocker or Truecrypt
Not loosing 25,000 BTC priceless
Makes a lot more sense than tracking everyone's BTC transactions.
Closed-source browser? Interesting choice
member
Activity: 69
Merit: 10
respecttheslider
Re: I just got hacked - any help is welcome! (25,000 BTC stolen)
$5 flash drive w/ multiple wallets in non-default locations
Windows 7, third party browser like Opera, and AV
Even more serious? Bitlocker or Truecrypt
Not loosing 25,000 BTC priceless
Makes a lot more sense than tracking everyone's BTC transactions.
legendary
Activity: 1400
Merit: 1005
Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!
I don't see much profit in it.  There's no way that such a company could recover the funds, even if they were labeled as stolen.  And all someone would have to do is some quick laundering if they noticed some of the coins they had were on the list.  Sending them to a couple of exchanges, then back to themselves would suffice.

That said, I would like to build a tracker program with some reasonable statistical analysis.  People would be able to outsmart it, but for the most part, you would be able to see what addresses/coins are associated with a particular address.  It would be a fascinating analysis for sure.
legendary
Activity: 3080
Merit: 1083
Honestly anything is better than what we have now - which is NOTHING. Nobody is going to take BTC seriously if the currency is seen as being super risky - in the sense that there is no recourse against theft.

What you described can be useful as long as the reputation and rating system is robust and secure.

To be honest I'm surprised nobody has created any such service. It would be fine for me if it was for profit. I for one would gladly pay a percentage of the funds recovered if I can have them back. There could be a LOT of money in it for any company/organization who sets this up.

Another thing that could be useful would be a website that does in a more professional, detailed and graphical manner the same thing my C program does - track bitcoins. Once again I and no doubt many people would pay for this service. So my point is that there is a lot of opportunity for bitcoin security entrepreneurs. But sadly I get the impression that those who are intimately familiar with computer security and far more busy figuring out ways to STEAL bitcoins instead of how to legitimately EARN them. I could be over-reacting here and may be wrong on this wide generalization, but anyways, thanks for sharing your ideas mrb!

mrb
legendary
Activity: 1512
Merit: 1028
It would be nice if there was a centralized database/website where people like allinvain could report fraudulent transactions with as much details as possible ("theft of 25k BTC", link to forum thread), and if the Bitcoin client could check this database and would instantly alert its user when receiving coins that are linked to these fraudulent transactions. The receiver of the coins could report, on the website, as much info as possible about the sender of the coins, who could, in turn, be contacted, and so on, to trace the transactions backward up to the original thief. Think about this as an open platform for voluntarily de-anonymizing Bitcoin transactions.

Of course, some problems need to be addressed. One of them being that malicious users would attempt to pollute the centralized database by reporting many "fraudulent transactions". A rating system could be implemented to allow the community to rate the plausibility of each theft. The Bitcoin client would only alert its user if a certain level of plausibility is met. By default only the most well-known thefts that have been largely publicized would be tracked by the client. (For example most people recognize that the theft of allinvain's money is real, given how much energy/time he has spent on the forums tracking it and communicating about it.)

Another problem is that the original thief would most likely transfer the coins to a few addresses, and create a fake persona X pretending to have received them from Y, and them would spend the coin while pretending to be X. The voluntary de-anonymizer platform would be able to trace the thief at least up to persona "X" but would have no way to distinguish if X is the thief, or Y, etc. It would have successfully traced back to the thief, but its identity would be unknown, so... would that make it useful or not?
legendary
Activity: 3080
Merit: 1083
I'd also like to say that if any of you can come up with an improved version of that C program I shared please by all means feel free to do so. I'd also like to thank a guy that goes by the IRC handle of vegard for creating this program. I am sure he would have no problems with modifications to his program. But I'd kindly ask that if you improve it/modify it that you'd share it with the bitcoin community in the same spirit that I/vegard have done.

Take care everyone!
legendary
Activity: 3080
Merit: 1083
Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com







Just want to say allinvain, that you arent alone anymore.

Yep, sadly no. The bitcoin community has been plagued by thieves lately but I sincerely hope this only makes us stronger/smarter/more secure.

full member
Activity: 140
Merit: 100
Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com







Just want to say allinvain, that you arent alone anymore.
+1
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com







Just want to say allinvain, that you arent alone anymore.
legendary
Activity: 3080
Merit: 1083
Just for shitz'n'giggles I updated the btc tracking data. Everything including the program I used to track the coins can be found at the link below (hope you find it useful somehow):

http://allinvain.4shared.com






sr. member
Activity: 322
Merit: 252
Jesus, let this zombie thread DIE already.
legendary
Activity: 3080
Merit: 1083
Blimey! just finished reading every single post on this thread....*rubs eyes*

beens that at my current hashing rate i will generate (if the difficulty never goes up) 25,000 coins in approximatly 1712 years i really feel for you allinvain



Yeah  Sad Not sure what else I can really say.

Best of luck with your mining!
newbie
Activity: 7
Merit: 0
Blimey! just finished reading every single post on this thread....*rubs eyes*

beens that at my current hashing rate i will generate (if the difficulty never goes up) 25,000 coins in approximatly 1712 years i really feel for you allinvain

legendary
Activity: 3080
Merit: 1083

I don't. Word just came through IRC that there was a big selloff on MtGox just a bit ago. Maybe we'll get more info soon?

20,000 BTC sold though. How many folks would sell it all in one big chunk like that?



I don't think that is related to the theft, but I read on that thread you opened that it wasn't 20K but more like 10K.

full member
Activity: 128
Merit: 100
I'm doin' fine on cloud 9

I don't. Word just came through IRC that there was a big selloff on MtGox just a bit ago. Maybe we'll get more info soon?

20,000 BTC sold though. How many folks would sell it all in one big chunk like that?

legendary
Activity: 3080
Merit: 1083

Allinvain, was it possibly your 20K in coins that just got cashed out on MtGox?

Just curious if you've been able to track it.



I'm able to track it to a certain degree, but the tool that I'm using needs to be ran on a regular basis and I haven't ran it recently (kind of given up on this thing). The problem for me is that I do not have the coding skills necessary to properly track the coins. I can run this tool that was built for me, but then again all that does is spew up a ton of addresses and transaction, but does not provide any other info.

Do you know the address of where some of the coins came from?
full member
Activity: 128
Merit: 100
I'm doin' fine on cloud 9

Allinvain, was it possibly your 20K in coins that just got cashed out on MtGox?

Just curious if you've been able to track it.

legendary
Activity: 3080
Merit: 1083

Yeah, that's like $300K right now. Imagine knowing you had that for a year or more and that it could finally be a safe nest egg for you and your family, only to lose it because you were trying to be safe by backing it up to Dropbox, because that's a very popular way to back stuff up. Regardless of Allinvain's technical acumen and what he should or should not have known and done, it's a very crappy situation for him.

For Bitcoin to gain any kind of real acceptance, people have to learn from this Universal lesson. This needs to happen now, because it's shaking out the fears and the realities of a world-wide, decentralized digital currency. It's a hard lesson to learn, and Allinvain is going to be remembering this for the rest of his life. Why not help to soften those memories a bit for him?



I agree. There are numerous key infrastructures that btc does not have which almost every other standard currency does. As it stands BTC  = wild west of currencies. This is not to say that it won't change; I'm hoping it does.

My biggest regret (besides me not moving the coins to a linux box) is not having the wallet.dat encrypted by default. I am almost 99% sure that the coins would not have been stolen had the file been encrypted.
Pages:
Jump to: