I didn't read too many pages in so I'll just throw my two cents in,
This sounds like a case of lack of security.
Trojan or not if you made as many backups and encrypted as much as you say you did
this shouldn't be a problem.
Nobody just has fat stacks of BTC/cash just lying around ready for anybody to take especially in this economy.
Next time encrypt your wallet.dat file copy it to an inaccessible folder in your smart-Phone like i do,
Delete the wallet.dat file from your computer.
Problem solved!
Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 28. (Read 381810 times)
If the guy is selling right now on mtgox he will be selling all of them as fast as possible.
Phone up or do whatever you can to get hold of mtgox, pretty sure this person would have loaded all the coins onto mtgox so even tho he isnt selling all of them in one go you could freeze his mtgox account and sort out the matter with evidence etc to make sure who the legit owner is.
That would be your best option.
Phone up or do whatever you can to get hold of mtgox, pretty sure this person would have loaded all the coins onto mtgox so even tho he isnt selling all of them in one go you could freeze his mtgox account and sort out the matter with evidence etc to make sure who the legit owner is.
That would be your best option.
MtGOX has $1k/day, $10k/month cashout limits. He won't get far selling them all on MtGox rapidly.
sry i have trouble actually beliving this, you just lost 500k$ and you have a problem with turning off your work pc? seriously?
personally i think this is a troll, but if not, then you did everything in your power to lose that money, short of posting your wallet.dat on forum for "safekeeping" and it most deffinetly was not a hack from far away, physical attack vectors are always 100X easier
if you dont know how to protect your assets they will find a new owner, that applies in both bitcoin and offline, someone having 500k$ under their bed and telling their friends about it will lose it very quickly too
personally i think this is a troll, but if not, then you did everything in your power to lose that money, short of posting your wallet.dat on forum for "safekeeping" and it most deffinetly was not a hack from far away, physical attack vectors are always 100X easier
if you dont know how to protect your assets they will find a new owner, that applies in both bitcoin and offline, someone having 500k$ under their bed and telling their friends about it will lose it very quickly too
It could be a sophisticated virus. But if it would steal his pool password, it could not grab his wallet. And vice versa. Would I design a worm stealing Bitcoins, I would not care about some pool payout address. I would just grab wallets.
Nowadays it seems these payloads are now "multifunction" all-in-ones.
I once had a machine get infected with malware - it threw up the usual fake antivirus mumbo jumbo - and also had a folder full of temporary files.
In the temporary files, the malware had constructed a message that was left in cleartext and presumably went to the author: "eBay passwords found... none. eGold passwords found... none. Hotmail passwords found... none". Fortunately all of these were "none" becuase I don't save this crap on my computer.
It also had all my keystrokes since the time I got the malware, which started out iwth an instant message to a friend, along the lines of "shit, I think I just got a virus". I shut down and reinstalled my OS right away onto a different hard drive.
The idea that malware does "this" - so therefore it does not do "that" - is not a safe assumption.
I've worked with AI systems that can self-modify based on particular goals with very high realtime performance in a very lightweight application. If I wanted to, I could combine a selection of attack vectors as primitive actions in the goal system, code a set of rules for finding pool-like sites in browser history and wallet-like files and give it the goal of "obtain as many bitcoins as possible". Such a system would be capable of getting an enormous number of coins through a worm attack in a very short amount of time.
The thing is though, i'm not a worm author - this would require a specific overlap of "worm author", "bitcoin user" and "AI knowledgeable" that is very very rare.
Much more likely is a local compromise - occam's razor would tell us to ignore the unrequired entity of an external anonymous party on the internet to explain this theft. I'd look at coworkers and the staff of the remote backup services myself.
Meatspace is more likely.
I have to agree with this possibility as very likely as well. If the BTC was transferred from your physical computer by someone at the keyboard, computer forensics might yield useful data. Unless you keep messing up the datestamps on files via virus scanning.
With forensics in this case, it might be shown what other things occurred on the machine at the time of the transfer. Like, if it occurred at night at a particular time and there were only a few people in the building at that time.
The other possibility is that you were targeted online specifically. Just think if you've received targeted email, PMs, IMs, etc. Social engineering this way can be one of the easiest methods. Just look at HBGary Federal as an example.
It could be a sophisticated virus. But if it would steal his pool password, it could not grab his wallet. And vice versa. Would I design a worm stealing Bitcoins, I would not care about some pool payout address. I would just grab wallets.
Nowadays it seems these payloads are now "multifunction" all-in-ones.
I once had a machine get infected with malware - it threw up the usual fake antivirus mumbo jumbo - and also had a folder full of temporary files.
In the temporary files, the malware had constructed a message that was left in cleartext and presumably went to the author: "eBay passwords found... none. eGold passwords found... none. Hotmail passwords found... none". Fortunately all of these were "none" becuase I don't save this crap on my computer.
It also had all my keystrokes since the time I got the malware, which started out iwth an instant message to a friend, along the lines of "shit, I think I just got a virus". I shut down and reinstalled my OS right away onto a different hard drive.
The idea that malware does "this" - so therefore it does not do "that" - is not a safe assumption.
If the guy is selling right now on mtgox he will be selling all of them as fast as possible.
Phone up or do whatever you can to get hold of mtgox, pretty sure this person would have loaded all the coins onto mtgox so even tho he isnt selling all of them in one go you could freeze his mtgox account and sort out the matter with evidence etc to make sure who the legit owner is.
That would be your best option.
Phone up or do whatever you can to get hold of mtgox, pretty sure this person would have loaded all the coins onto mtgox so even tho he isnt selling all of them in one go you could freeze his mtgox account and sort out the matter with evidence etc to make sure who the legit owner is.
That would be your best option.
You need to examine the possibility of this being meatspace theft.
You said something about a work computer. A co-worker with a keylogger would have defeated an encrypted wallet (he'd have the encryption password). Get over the encrypted wallet thing. Also not windows fault.
You don't know that this was a due to a windows exploit. As for an old wallet.dat file on some internet host? Possible.
Meatspace is more likely.
It seems to me that you are imagining internet boogiemen and pimply faced russian script kiddies and placing your fear on windows exploits and unencrypted wallet files.
Sounds to me that you are much too trusting of people you meet in meatspace, because your fear is placed in the unknown in cyberspace.
None of that matters in a meatspace attack. Physical access.
You told people about your BTC activity. Meatspace.
Work computer? Meatspace.
My point is that you don't know if it was a meatspace attack or a cyberspace attack.
But if it was a meatspace attack, you'll have a much better chance of tracking him there than in cyberspace.
You said something about a work computer. A co-worker with a keylogger would have defeated an encrypted wallet (he'd have the encryption password). Get over the encrypted wallet thing. Also not windows fault.
You don't know that this was a due to a windows exploit. As for an old wallet.dat file on some internet host? Possible.
Meatspace is more likely.
It seems to me that you are imagining internet boogiemen and pimply faced russian script kiddies and placing your fear on windows exploits and unencrypted wallet files.
Sounds to me that you are much too trusting of people you meet in meatspace, because your fear is placed in the unknown in cyberspace.
None of that matters in a meatspace attack. Physical access.
You told people about your BTC activity. Meatspace.
Work computer? Meatspace.
My point is that you don't know if it was a meatspace attack or a cyberspace attack.
But if it was a meatspace attack, you'll have a much better chance of tracking him there than in cyberspace.
Computer forensics likely won't reveal the attacker, especially not after so much access to the data on your disk afterwards. To really get something with forensics the proper response is to image RAM while it is still running and then image the physical hard drives.
I know of a case where an individual lost 160k USD to a RAT (remote access trojan) and was unable to recover any of it because of how the USD was split up and pulled out of accounts via mules and sent to shady banks in Eastern Europe.
They were running Norton A/V on Windows and did not run Windows update or update their Java installation. The source of the attack was from a banner ad on a legit website which used a java exploit that had been patched for months. The RAT had a reverse proxy as well so the attacker actually used the individuals PC as a proxy to sign in to online banking.
Unfortunately, just encrypting the wallet file would not have fixed this problem, if it was malware and not someone in meatspace. Just as the bank used SSL/TLS for web management and included username/password and image through login. Bitcoin is no less and no more secure than any online banking.
I know of a case where an individual lost 160k USD to a RAT (remote access trojan) and was unable to recover any of it because of how the USD was split up and pulled out of accounts via mules and sent to shady banks in Eastern Europe.
They were running Norton A/V on Windows and did not run Windows update or update their Java installation. The source of the attack was from a banner ad on a legit website which used a java exploit that had been patched for months. The RAT had a reverse proxy as well so the attacker actually used the individuals PC as a proxy to sign in to online banking.
Unfortunately, just encrypting the wallet file would not have fixed this problem, if it was malware and not someone in meatspace. Just as the bank used SSL/TLS for web management and included username/password and image through login. Bitcoin is no less and no more secure than any online banking.
start making $2k per day. After 10 days of that you'd have it back.
$20k != $500k
Please don't remind me
. That 25K BTC could've done a lot of good for the BTC community when I eventually would spend it on BTC related projects - which I had in mind to do. For example I wanted to set up the BTC equivalent of ebay, which I believe is one of the things that the BTC community needs - a strong auction site. *sigh*
I'm far more paranoid - I used a dedicated machine for BTC and only connected it to the network to do transactions. Also sent most of my coins to an offline wallet all the way in the beginning - generated on a computer with no network connection, hand keying the address off the screen. The only way Bitcoin or any other cryptocurrency will succeed in the future IMO is a hardware-based wallet (which is essentially what I have been using, it just happened to be in the shape of an old laptop).
Yeah, that's what I would do if I had thousands of coins.
I just read a part of allinvain's older posts. A day ago he noticed someone changed his payout address in the Slush pool. And he was using strong password.
Considering this, I think that the attack was committed from his own Windows machine. Someone got access (probably even physically).
It could be a sophisticated virus. But if it would steal his pool password, it could not grab his wallet. And vice versa. Would I design a worm stealing Bitcoins, I would not care about some pool payout address. I would just grab wallets.
So, someone who can gain access to your PC might stole your Bitcoins.
Considering this, I think that the attack was committed from his own Windows machine. Someone got access (probably even physically).
It could be a sophisticated virus. But if it would steal his pool password, it could not grab his wallet. And vice versa. Would I design a worm stealing Bitcoins, I would not care about some pool payout address. I would just grab wallets.
So, someone who can gain access to your PC might stole your Bitcoins.
The problem is that I can't shut the machine as this is my work machine.
It might be somebody you work with.
That may be possible too. There are many possibilities at this point. Question is how can I find evidence of this. Bitcoin is a double edged sword that is for sure. If I had all these funds in paypal I wouldn't be crying now lol..
Oh god...
I'm far more paranoid - I used a dedicated machine for BTC and only connected it to the network to do transactions. Also sent most of my coins to an offline wallet all the way in the beginning - generated on a computer with no network connection, hand keying the address off the screen. The only way Bitcoin or any other cryptocurrency will succeed in the future IMO is a hardware-based wallet (which is essentially what I have been using, it just happened to be in the shape of an old laptop).
Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.
In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.
Encrypt wallet, decrypt only when the user wants to send coins - interesting idea.
That's how I do it. I described it in a thread:
http://forum.bitcoin.org/index.php?topic=15068.0
Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.
In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.
You always have to assume that the attacker knows how the client works. Anything else isn't security.
UNENCRYPTED wallet on multiple websites?
This is the most shocking part for me... he actually uploaded a half-million-dollar wallet.dat to the internet in the clear.
Even I wonder about hosting companies seeing the wallet.dat on people's web servers.
Yeh, and the non geeks are going to be able to get and use BTC. 
Faith is quickly draining, except for the hackers stealing BTC. So amazing to me, is the general atheist, hard darwin belief most hackers and BTCs believers seem to espouse, and yet at the same time this naive belief in the goodness of humans and the "community". REALLY Perplexing.
More and more crims showing up by the day, and the more the government associates BTC with silk road etc, the more crims will be alerted to the opportunities....
Faith is quickly draining, except for the hackers stealing BTC. So amazing to me, is the general atheist, hard darwin belief most hackers and BTCs believers seem to espouse, and yet at the same time this naive belief in the goodness of humans and the "community". REALLY Perplexing. More and more crims showing up by the day, and the more the government associates BTC with silk road etc, the more crims will be alerted to the opportunities....
Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.
In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.
Encrypt wallet, decrypt only when the user wants to send coins - interesting idea.
Looks like the thief is selling them on MtGox as we speak. LOL
Maybe. Who knows. It would suck if bitcoin price tanked because of me. God, that would be double worse for me and for everyone else.
Jump to: