Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 22. (Read 381810 times)

Sorry for your loss.

On a lighter note, I thought you had gone crazy for a moment and had written "I am then going to focus on making plain old paper dolls and..." =P

I think the thief could be an early reader of this post after he successfully transfer your money.

I recommend FTK Imager as well. Perform a physical acquisition, you can do it on a live system as well. That is an industry standard method. You can also grab an image of your memory on a live system with it.

Coins are not anonymous, but users can be, when they are aware of how to not leave traces.

When no one has incentive for the time, effort, and knowledge yes. It can be done however.

hadn't i just heard that contrary to claims, bitcoins are not anonymous.  that the long arm of the law can find out who used bitcoins and for what purpose?

i'm guessing it just isn't as easy as it sounds.

Bitcoin is still an experiment. We don't know if the miners will leave en mass when the block reward drops after about 210000 blocks (For example). As far as I can tell, the Bitcoin protocol is sound. It is the client that is not ready for the masses.

For example, the default client still requires transaction fees if the transaction is less than 0.01 BTC; that decision was made when Bitcoins were worth far less than $1 USD each. Similarly, the default client can't encrypt the wallet and then prompt the user for the passphrase when needed: the wallet is needed for processing transactions. Even my CPU miner has a 1 in 50,000 chance of processing a block in a given day. A prerequisite for a wallet encrypted by default is a "thin" client that does not process transactions directly. The default client is halfway there now: no longer hashing by default.

This past month, I started using GnuPG. My private key is encrypted on the disk. My e-mail client only remembers the passphrase for a limited period of time, so encryption is doable. However, I have set my key to expire in 13 months. If I forget my passphrase, it is inconvenient, but I won't really lose any money. With wallets encrypted by default, the "average joe" will either forget the passphrase or chose a simple one that can be brute-forced using the victim's own computer.

As others (and I) have pointed out, all bets are off if the computer is insecure to start with.

That could be a problem, but it isn't when it is directly associated with an MtGox account. This seems to be the case here.

The issue is not proving he owns the addresses the bitcoins came from, the problem is he has no way of proving that he does not own the addresses the bitcoin went to.

The OP can prove that he has the private keys to the account the money was stolen from.


That means that we have two people claiming property, which is way better than nothing.

After reading through all ten pages, I have a theory (just like everyone else has their own theory)

At first I thought it was due to dropbox employees scanning their files for *wallet.dat, but after seeing someone else have their money stolen to the exact same address, it's obvious that was not the case.

The only logical explanation is exactly what user "koin" posted a few pages back:



Somebody, or an organized cyber-criminal-gang most likely, setup basically an AutoRooter-for-BitCoin® that uses an 0-day (or one that's still new enough to work for many windows boxes), that loads a list of ip address known to be running the bitcoin client (and therefore 99% likely to have a wallet.dat on the hard drive), and then systematically tries to execute the exploit to each IP.  After gaining entry (bind shell, reverse shell, tftp, etc) the script or program then simply copies the wallet.dat to the attacker's local computer where it can be loaded into the local bitcoin client, and coins may be spent at will.

We will start seeing more and more of this now that files on people's computers can be worth hundreds of thousands of dollars.

Whats to stop  a scammer from lying and claiming they were ripped off then ?

Whats the evidentiary criteria ?

Sure the transactions exist, but what does that prove in and of itself ?

that the transactions exist ?

Anyone can log into a website through tor or another proxy and change those details. Even the real account holder  in an effort to solidify the claim.

How do we know they were not legitimate, other than taking someones word on it, who might have ulterior motives ?

There is a reason BitCoin is designed the way it is with reversible anonymous transactions.

I don't think windows is to blame, you say that you ran an anti-virus and found stuff...why would you not have been running antivirus all along to prevent infection in the first place?!  Basic computer security is a must for this kind of thing.

One of the problems here though is that in the normal world when you have $500,000 you don't have it sitting around in cash, you place it in a bank account where your deposits aren't just backed by the bank but are further re-insured by governments.  Here there are no banks so everyone ends up having to build their own digital bank vault of sorts.  Unfortunately as it is the currency is best used by not only very experienced but also rather paranoid computer users.

In real life we don't just expect everyone to be able to safeguard all their life savings by putting in a wallet in their living room.  Maybe we need to start bitcoin banks of sorts-you transfer your money into a bank where the people running it use optimal security procedures.  Of course the downside is that if someone manages to hack one of the banks things are even worse but if the banks were universally accepted they could easily mark money as being "dirty".  In addition these banks could publish a checkable database of stolen money that can be checked against with a client program when accepting any transaction so nobody will accept stolen cash (making it pointless to steal), or even automatically accept and forward it back to the rightful owner, etc.

I guess the closest thing right now are the exchanges though a bank should have some kind of 3rd party insurance backing them up much like in real life, as well as regular bank level website security procedures-the anti-phishing image verification checks, double passwords with non-keyboard password entry (to prevent keylogging), new computer IP address telephone pin verifications (calls you to verify that this new computer IP address is yours), etc.  Banks use these sorts of things to prevent people from just transferring tons of money out of your account, and even then if that happens they'll revert the transactions if your account is compromised.  Frankly it's rather insane to have everyone hold hundreds of thousands of dollars in their private wallets.  And with an incorporated bank you also have an entity you can sue for recovery in case something does happen.

Honestly it might be best to transfer your funds into one or more exchange accounts then log in daily to make sure nothing funny is going on, and reporting it immediately if something funny has gone down.  Because even if someone has sold your BTC's for cash, the money transfers out aren't immediate and they can work with the transfer services to get the transactions reversed, so there's definitely a time window where recovery is relatively easy to accomplish.  Of course optimally we'd have way better organized and supported exchanges than we have right now, you basically need something on the level of a real-world bank.

I think were derailing this thread's original discussion somewhat, even though its a natural segue, so I'm going to leave it there.

Immediately:

1. ask Slush to get IP which changed your payout address
2. contact MagicalTux to inform him about what happened to you
3. perform a complete disk image of your working PC, ASAP (use PartImage from Live CD) so it can be later analyzed for possible installed trojans etc.
   

fortunately we do not have to deal with 2 theoretical universes factoring in obtuse theories.

we have one where bitcoin and personal responsibility reside

in our real universe, there are no errors here besides the ones bitcoin users make (by inaction) who do not secure their property and finances as exhaustively promoted, suggested, and listed on the page they need the download the program, and on this forum.

I have not defended bitcoin.

If bitcoin did anything wrong or were neglegent I would have been on them like white on rice too.

personal responsibility goes a long way.

now perhaps incidents like this will enable a more inconvenient form of wallet protection from bitcoin ... who knows ... personally I dont think its needed ... I know I am safe because I research and read things i am interested in and dont ignore the in-your-face security alerts and precautions plastered all over this domain and forum ... but thats just me ... a simple guy with a brain and an attention span longer than a toddlers' with eyes that can see whats in front of me.

bind security detractors, I don't think you get it.

Lets take the same group of people in 2 parallel universes. In universe A they use software A. It just so happens that, in universe A, there is an error rate of about 2%. Now in universe B, we have the same users, but they use software B. There, the error rate is about 12%.

In EVERY SINGLE CASE (yes I'm using caps), BAR NONE, you can point to a user action in universe B that caused the error. REGARDLESS of this truth, software B is clearly inferior to software A, and, I would argue, is (to some degree) responsible for those extra errors, since its the only variable between each universe.

P.S. bitcoin doesn't have feelings that need to be defended.

The only security measure that matters is to run bitcoin on a secure machine. If the machine is secure no security need be built into the client. If the machine is infected no security in the software can protect you. All the hacker has to do is sit back and wait for you provide whatever is needed to bypass the security.

If you have more in bitcoins that you would be comfortable carrying as cash in your pocket or leaving sitting on your night stand, you need to set up bitcoins equivalent of a safe. A one use machine with full system encryption and no regular connection to any network. Create a second wallet on that machine and send most of your bitcoins to it. For best security don't ever connect it to the internet. If you need to send bitcoins from the safe to your spending wallet disconnect your home network from the internet and let your 2 copies of bitcoin just talk to each other. Once the safe has sent the transaction to your main computer shut down the safe and connect to the internet again. Your main machine will resend the transaction and then it can get in a block. You still need to create multiple encrypted backups of your safe's wallet.dat file to protect against hardware failure.

At least Allinvain takes responsibility for his lose. Hearing some of you proclaim that someone else should make an effort to protect yourselves is laughable. Be responsible for yourself and handle your accounts. It's been said many a time even in this thread how one can take precautions against theft. Do you lock your car? Put valuable's in a safe or bank? Then you should have enough understanding that you're responsible for securing your possessions not someone else, same applies to bitcoin. Now I will back off and admit that more automated measures for security of personal accounts would be beneficial and attractive for gaining more bitcoin user's.

its a wallet, and much like you own money wallet or purse, you need to secure it.

if you have 25k in your money wallet and leave it sitting on the living room table and hutch at the front door with the doors UNLOCKED, someone that breaks in can steal it quite easily. You going to blame the banks because someone stole your cash out of your wallet from your unlocked home ?

hello ?

Its up to you to secure your wallet and house.

Just like its up to you to secure whats housing your wallet ... you computer.

The onus is on you, not bitcoin, to secure your computer. Bitcoin cant secure your computer. Bitcoin is not a system security program. If you want that go run a system security suite (that probably would have protected you from intrusion in the first place). It sends and receives secure encrypted data. Thats it.  Its not a system security suite. Now if they ever make a change that allows additional wallet security, like making you type in a password before each and every manual send transaction, then you (or others) would be complaining what a pain in the ass THAT is because its inconvenient.

All over these forums and specifically on the bitcoin how to info and help section is everything you need to do it. They explain it and the risk in exhausting detail. What more do you want ?

This is NOT a bitcoin issue.

This is an issue where the user didnt secure his wallet and the house his wallet is sitting in.

Those of you who disagree go read the help how to and info section.

You shouldnt even be using bitcoin without knowing all of that information, but no, you just wanted to jump right in (or ignore that information) because of your greed and apathy and disinterest in learning or doing what you need to know and do, and now you blame bitcoin for it.