Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 26. (Read 381810 times)

I assure you it is legitimate. I have nothing to gain from this. In fact it may have been smarter to not even report it on the forum. But I figure I'd at least let everyone know about the hacker's address or to let them know that someone is out there with the know how to do this. I am not hte first and I will not be the last - mark my words.

What would you consider sufficient proof that I indeed controlled this balance?

Exactly. How would one hacker randomly have access to both of you? It simply isn't likely. Furthermore the attack vectors were different, one was mt gox, the other your wallet and pool payout. I see know similarities at all. There is still a 99.9% chance that this was a physical attack by someone who new you, knew you had bitcoins, and is around your computer a lot.

It does, for a while. Until it doesn't. Without exception, every criminal enterprise is eventually discovered, and its perpetrators pay the piper. It's not because they are stupid, mind you, it's because they are greedy and develop a god-complex. Rarely if ever do you see someone who's bent on stealing other people's money stop after one or two successful heists....

I know this is little consolation to you, but you need to grow faith in the fact that he will pay for what he/she did.

Thank you Sir. I much appreciate your condolences. I would be glad to pay anyone a good chunk of those bitcoins to get them back.

If you guys had any idea how much I believed in BTC. I can't believe I managed to control myself from selling them all. I could've and I thought about it when it was at $30. Then I waited and waited even when it hit $10. I remember watching the price like a hawk. My big hope was that I could use them to start some sort of viable BTC business that would not only grow the value of my existing coins but of everyone else's.

No you can't.

It is far more likely that there are multiple attackers.

Wow you sure? wow this is awesome - well sort of - that I have corroborating evidence that I am not the only victim and that this is some hacker for sure. I can now rule out my friends stealing from me.

True, this would not have been a problem in a bank. Foolish of me to hoard them. I should've just sold half of the damn things.

Lesson to me, lesson to the developers to do more to secure the wallet.dat file and the bitcoin balance.

What do you want? lol I doubt you can get it back honestly.

do you remember why you chose that name a year and a half ago? it really is some amazing freudian foresight.

I did encrypt the wallet.dat file on 4 different locations - 3 online and 1 offline (USB stick). But that doesn't mean shit if the original bitcoin file is still on my PC unencrypted. It was stupid of me to trust my security that much. I should have spread the money around as many wallets as possible and also on a computer NOT running windows. Yes yes I know it's all very easy for you guys to criticize.

I never said I can't turn off the computer. I said I can't turn it off at this very moment. I have to backup whatever important stuff I have left on it. I store in encrypted format password to some banking and other info. At this point I have to assume all that is compromised and eventually I have to go through the laborious task of changing everything! There are many things on my to do list.

I am not a troll.

man, there are many people who would grab a half mil from their mom if they didn't think they would get caught. meatspace cannot be ruled out unless this guy is a complete recluse and nobody knows to connect his body to bitcoin.

You think laundry operators will help?

You guys honestly dont realize how unlikely a "meatspace" attack is?  Come on.

With enough time and patience, finding out who stole the coins is possible. You need to have a software and keep watching the block chain and follow the "money trail".

All those stolen coins eventually have to reach an exchange if some one tries to convert to fiat. Even currently exchanges do not publish their receiving addresses,  I am sure they have certain unique characteristics. If you can identify one of these addresses in the money trail, you should contact them and get their cooperation. With so much in stake, it's hard to think they won't help. The good thing is, the more transactions this thief makes, the better chances you have.

Longer term, I think bitcoin community should refuse to do business with exchanges that don't publish their receiving addresses.  This is for their own good (avoid legal liability) and benefit the community.

EDIT: Just had 2nd thought on this, may not be a good idea. It's two edge sword.

Do you sleep in the same room as your computer? a lock is quite to pick and .5mil is a heluva motivator, is your lock able to be locked from the inside and then the door closed? the reason i ask is because if it was locked when you woke then, well, it is much harder to pick a lock closed then open, and thus makes it unlikely someone came in and left. granted, a meatspace attack could have happened while you were taking a shower a month ago and the coed down the hall grabbed it then and waited till now.

but blockexplorer being down is steering me away from meatspace...

there are many, many disturbing aspects to this story.
The comment regarding the client's possible vulnerabilities made me think --
a) "exploitable c code in the client" :: since jgarzik awarded the bounty to puddinpool back last fall, how reliable is the security audit for the open-source bitcoin Windows client?
b) although 'allinvain' online name also made me wonder, the quality of this person's responses inclines me to think they are honest. methinks that if we want the larger world to adopt BTC, we are going to have to be proactive in creating ways that theft and hacking doesn't overwhelm the bitcoin. Read the Economist article today: largely positive, except for the bit at the end which describes the 'nerd-centric' nature of the Bitcoin. If there is a vulnerability in the client, we need to find it.

Who had physical access to your computer around the time that your pool payout address was changed? They most likely grabbed your wallet at the same time they changed the payout address. By all the information you've given, this sounds like someone had physical access to your computer, copied your wallet and and later transferred everything out.

It is simple: who knew you owned a huge amount of bitcoins, and was near your computer when the pool payout address was changed? Seriously, make a list.

If you think no one has had access to your computer for long enough, who do you know that is slimy enough to actually sneak into your house? I give a 99.9% chance that this was a physical entry job.

Just to rule out the .1% chance that it was a hack, let me ask this: Have you downloaded anything recently related to bitcoins? A bitcoin generator? Anything that sounded too good to be true like a "free bitcoin program". If it was a trojan, it would most likely be targeted specifically at the bitcoin community.

P.S. I'm not sure I buy this story, but if it is true, you have my condolences.

If you ever stored wallet.dat on dropBox unencrypted, I think an employee could get access to old versions of your wallet due to the fact that DropBox essentially stores a copy of every version of every file, as it changes over time. So even if you delete it from your hard drive i think you can go into DropBox web interface and get old versions of it. Presumably DropBox employees have this same type of access. This is why people store sensitive files on DropBox only if they are stored in encrypted containers (like a TrueCrypt volume).

TrueCrypt is annoying with DropBox though, because DropBox doesn't sync the changes to the container until after it is dismounted.

I haven't looked at the block chain data structure, but is it possible to set up a service that tracks coins? Kind of like Lo-Jack for bitcoins? I'm not sure how that would work with fractions of bitcoins though. I'm not even sure how a specific "Bitcoin" is distinguished from any other, but my vague understanding is that that is how it works. So this would be a web app where people like the OP register the address of their stolen or lost bitcoins, and the website permanently watches the block chain for activity for the flagged bitcoins. Email/text notifications of course.

I'm not sure how useful that would be because I'm not familiar with what data is available and what isn't, in the chain. Thinking about it more I'm not sure there would be much value in it. Someone could falsely flag any random coins as being stolen from them, and how would anyone prove ownership? But if there were some way to prove that they were stolen, then this tracker app could be used as a clearinghouse by people and institutions who want to only deal in clean money. Exchanges could refuse any coins that are flagged as stolen, etc. One way to prove ownership might be to register bitcoins with this website when you get them, and the website somehow verifies your ownership. That would be a precautionary step in case you ever get robbed of BTC.

Eh. Anyone who knows more about how the chain works know if this kind of thing is feasible?