I just got hacked - any help is welcome! (25,000 BTC stolen) - page 23.

bitjet

hero member

Activity: 696

Merit: 500

Quote from: allinvain on June 13, 2011, 04:13:26 PM

but let's be honest the wallet should be encrypted.

I completely agree. There should be a password that needs to be punched in on an onscreen pas with the mouse to prevent keystroke detectors from accessing the pass.

Looks like I am going to start a new wallet and distribute the brunt of my coins to an offline wallet on a usb stick. I have only a fraction of what you lost but I have not much else these days. I would be very very upset if this happened to me. Sorry man. I guess this really says something about having all of your eggs in one basket so to speak.

Capitan

member

Activity: 112

Merit: 10

I agree with mouse. Securing the wallet, and everything else possible (I don't know what to demand security on specifically, because I'm not an encryption or security expert) is the single most important thing that needs to be done in the bitcoin world right now. I am still shocked when I read a forum post saying that one of the developers said that securing the wallet was low priority.

You aren't gonna get multiple chances with bitcoin. If it experiences one catastrophic failure, that could be enough to scare people away for good. I have no bitcoins to my name right now but as soon as I do I will pledge some to a bounty on securing the wallet, and a security audit of the entire toolchain. That includes pools, miners, clients, and wallet security. If any coders here are legitametly GOOD if not GREAT security programmers, they should set up to work on that. Or people should recruit their friends who are experts in the arena to contribute.

I said this in another thread. Cryptocurrency with a plain text wallet. Is that a joke?

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: mouse on June 13, 2011, 11:32:46 PM

Think about this - if EVERY user has to take steps X, Y, and Z in order to use the system safely, then steps X, Y, and Z must be built into the system.

This, most definitely, I agree with.

bcearl

full member

Activity: 168

Merit: 103

Quote from: wareen on June 13, 2011, 06:21:16 PM

Quote from: bcearl on June 13, 2011, 05:52:43 PM

What do I get if I get your money back?

Is there hope after all?

1. mtgox has the money

2. our victim can at least prove that he also has the private key of the account where the money got stolen from.

mouse

newbie

Activity: 56

Merit: 0

If anyone thinks this isn't a problem with the bitcoin system, they're deluding themselves.

While it's true that allinvain could have taken measures that would probably have avoided this, it still doesn't change the fact that as things currently stand the system is very difficult, if not impossible, to secure for the 'average joe', and this security DOES NOT come setup already out of the box. Suggestions of manually setting up laptops with multiple different encrypted (with 3rd party software no less) wallets or other such talk is FAR beyond anything the average consumer is willing to do to use this system.

Whether you want to hear this or not, my professional opinion is that unless security is built into the bitcoin system, and the system activly tries to protect users from themselves, it won't work. And by professional, I mean I've spent several years working for a few Government agencies where I've focussed mostly on usability and good UI design to reducing error rates for various high profile systems, etc.

Think about this - if EVERY user has to take steps X, Y, and Z in order to use the system safely, then steps X, Y, and Z must be built into the system.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Bind on June 13, 2011, 10:53:28 PM

...because there is no certifiable concrete documented evidence of the theft.

He can prove possession of the private keys by receiving a small amount and resending it to a specific address upon request. The amount would have to be very arbitrary and not coincide with any other coins in his wallet for the same amount, to ensure that when he sent the same amount out, he would be sending out the same transaction.

innervisi0nn

member

Activity: 98

Merit: 10

Tutorials, guidelines, optimizations for all!

Quote from: allinvain on June 13, 2011, 11:14:25 PM

They're not manipulated images but I had a feeling some of you would think that. I can get slush and maybe a few others to corroborate me. In the end it doesn't matter any more. I'm going to step back from this forum for a bit. I'll keep an eye on the thread but not participate. There is nothing more that I can add to this so far.

dont get me wrong, i didnt pay attention to the date =\
sorry pal...get in touch with mtgox and some of the pool operators (tyco (deepbit) (dinox (swepool) etc.. and see if they can help

allinvain

legendary

Activity: 3080

Merit: 1080

They're not manipulated images but I had a feeling some of you would think that. I can get slush and maybe a few others to corroborate me. In the end it doesn't matter any more. I'm going to step back from this forum for a bit. I'll keep an eye on the thread but not participate. There is nothing more that I can add to this so far.

innervisi0nn

member

Activity: 98

Merit: 10

Tutorials, guidelines, optimizations for all!

Quote from: bitcool on June 13, 2011, 11:04:59 PM

Quote from: innervisi0nn on June 13, 2011, 11:03:39 PM

how are you generating 50 coins per day? (or am i crazy?)

read the date: 6/8/2010

stupid me :X sorry. goodluck to you (allinvain) - time to look into more security measures on all my rigs now =\

bitcool

legendary

Activity: 1441

Merit: 1000

Live and enjoy experiments

Quote from: innervisi0nn on June 13, 2011, 11:03:39 PM

how are you generating 50 coins per day? (or am i crazy?)

read the date: 6/8/2010

innervisi0nn

member

Activity: 98

Merit: 10

Tutorials, guidelines, optimizations for all!

how are you generating 50 coins per day? (or am i crazy?)

Chick

member

Activity: 70

Merit: 10

Quote from: Bind on June 13, 2011, 10:53:28 PM

Again I am so very sorry for your loss, but anyone with even the most rudimentary photoshop skills can manipulate and alter a image screenshot.

There is absolutely no way, other than legal and judicial means, for you to get your money back, and anyone who helps you through exchanges and such are themselves stealing from others because there is no certifiable concrete documented evidence of the theft.

Additionally because of the anonymity and security build into the bitcoin system, there is plausible deniability as exemplified by the core teams development posts and released project information.

Supposition, conjecture, and coincidence ARE NOT PROOF.

Thinking or knowing something is a lot different than proving it.

Who would use photoshop for website text manipulation?

Bind

sr. member

Activity: 385

Merit: 250

Again I am so very sorry for your loss, but anyone with even the most rudimentary photoshop skills can manipulate and alter a image screenshot.

There is absolutely no way, other than legal and judicial means, for you to get your money back, and anyone who helps you through exchanges and such are themselves stealing from others because there is no certifiable concrete documented evidence of the theft.

Additionally because of the anonymity and security build into the bitcoin system, there is plausible deniability as exemplified by the core teams development posts and released project information.

Supposition, conjecture, and coincidence ARE NOT PROOF.

Thinking or knowing something is a lot different than proving it.

SgtSpike

legendary

Activity: 1400

Merit: 1005

So this was definitely not a meatspace attack, since two completely different individuals were attacked, with the monies sent to the same bitcoin address.

It was also definitely not due to the unencrypted dropbox upload. Stealing a dropbox file and stealing MtGox account info are two very different things.

I would say, with a high level of certainty, that this was a targeted hacker or malware attack.

Stay vigilant, fellow bitcoiners.

dayfall

sr. member

Activity: 312

Merit: 250

I tell, you the recent fall in prices make me reconsider how much some of us could stand to loose. And this story got me to finally make a secure wallet.

I am very interested in learning how this theft was done.

phillipsjk

legendary

Activity: 1008

Merit: 1001

Let the chips fall where they may.

Quote from: DamienBlack on June 13, 2011, 08:02:25 PM

It can't be "exploitable c code" in the client. Allinvein's pool payout address was changed. Someone had completely compromised his system, but he is saying anti-virus software has found nothing. Something able to compromise his system so thoroughly would have used a know vector, and the anti virus would find it.

Not true. Modern computers are so complex that nobody knows them from top to bottom. The abstraction layers are not proven correct. Every time the "abstraction leaks", you have a potential security breach. Anti-virus software just uses a dictionary of known malware. If a popular, well-known anti-virus (like symmantec) is used, the attacker can even take the time to test their malware against the antivirus software to see if it is detected.

In general, if we want to use crypto-currency in our lifetime (before computers are really ready), we need to build a list of "best practices" to keep your wallet safe.

The list may include:

If your wallet is compromised, (posted on dropbox, 4chan, etc) don't erase it: send all the coins to a new wallet instead.
keep your savings wallet on an encrypted partition. Some have suggested not even connecting the computer with the saving wallet to a network (just copy the address manually).
Keep encrypted back-ups in an off-site location. Keep the passphrase in an offsite location as well, preferably separate from your wallet.
Take steps to secure you computer: most probably put this off. For the record, I think anything requiring "Updates" (Including Windows and certain GNU/Linux distros, most graphical browsers) is inherently insecure. Undocumented hardware like those GPUs you use for mining are also a security risk.

Maged

legendary

Activity: 1204

Merit: 1015

The highlighted transaction here looks like it hit MtGox:
http://blockexplorer.com/tx/d878b5784c2c1f6642d83faeab86e97faba758b2733a572d181ee823faf54278#o1

Someone, get MagicalTux on IRC.

allinvain

legendary

Activity: 3080

Merit: 1080

Quote from: bitcoinBull on June 13, 2011, 08:52:11 PM

Your numbers don't add up.

So far you've only said that you lost "a very large chunk" from this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG.

The receiving address (1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg) indeed had 25,000 but only 3522 were received from said address.

How much did you lose and from which addresses?

Sorry, I never mentioned ...but it has been mentioned by people in the thread..all you had to do was read the blockchain.

It was 25K BTC.

Well the rest could come from my other private keys? That 1J18 address is the one I used most frequently..I kept on reusing that on mining sites so I knew where my mining profits came from...

Here is a screenshot:

Uploaded with ImageShack.us

and..

and..

Uploaded with ImageShack.us

Uploaded with ImageShack.us

The last screenshot is from my slush account..you can see the person changing my payout address..and the payout amounts match what you see in the screenshot..I dunno how much more I can show that this is indeed is my account...

ohwell ok I'm out of here..

Dude65535

full member

Activity: 126

Merit: 101

Since a new address is created for each coin generation during solo mining, you had created many more than 100 new addresses. Two things you could do to see if it was a backup that was compromised instead of your pc.

See if any of the coins that were left behind shared an address with coins that were stolen, if some shared an address then the attacker just went for a round number. If no addresses are shared it might have been a backup that was the problem.

If you sort through all 400+ inputs on the hackers transaction and look for the 101st newest first seen on date, that would give you the approximate time the backup was created.

allinvain

legendary

Activity: 3080

Merit: 1080

Quote from: bitcoinBull on June 13, 2011, 08:52:11 PM

Your numbers don't add up.

So far you've only said that you lost "a very large chunk" from this address: 1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG.

The receiving address (1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg) indeed had 25,000 but only 3522 were received from said address.

How much did you lose and from which addresses?

Well guys, I am taking a break from the forum. My fingers hurt from all this typing, and I got real life to deal with.

Thanks for all those who have wished me the best.

Cheers!

Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 23. (Read 381810 times)