Topic: I just got hacked - any help is welcome! (25,000 BTC stolen) - page 29. (Read 381810 times)

That's precisely what i've done for years personally (but for far less sensitive data - a MySQL dump of a website with 20k users including private messages - the "private" bit being what's sensitive).
Basically I encrypt the SQL dump with a stupidly long key and a passphrase made up of random letters and numbers only I know and send it to a bunch of reasonably trustworthy individuals to store.

For a bitcoin wallet backup, personally I ain't letting anyone else have physical possession even with incredibly strong crypto - any crypto system other than a one-time pad can fall eventually, and it only takes one smart and patient attacker to wait out the years/decades before cracking a bunch of wallet files and using them. I could get rich in BTC only to lose it all due to a silly mistake years ago.

One thing that I would advise for anyone with a large amount of BTC though is to split it up across multiple wallets, the majority of them completely offline and stored in physically secure locations. If I had something in the 6 figure range i'd definitely be paranoid about it.

The more I read this thread the more absurd it gets

Work computer?
25k on computer used for browsing web?
UNENCRYPTED wallet on multiple websites?
Forensics can't do shit?

You must be either a troll or incredibly stupid. If it's the latter, and you obviously have no clue about online security, I suggest you still turn that computer off and hire someone reputable to take a look at it.

I have a router, the router is secure.

The funds were taken from a WINDOWS machine. God I'm starting to hate windows so much now! I doubt this would've happened had it been a linux machine!

I agree the fact that the wallet is unencrypted is totally ridiculous.

Yes.

In theory yes. Of course it would protect against stealing the wallet file. Normally you only need the data encrypted for doing transactions which is a very short time window. Especially with savings wallets which get accessed not very often. An encrypted wallet that stays encrypted even while the client is running would do tons in favor of security.
There is a big difference between getting one time access to a machine and having a program running to wait for the wallet to be decrypted in memory for 100ms.

I would put in a trouble ticket in at mount gox right away.  I am not saying they will do anything but it is worth a shot. 

$20k != $500k

You really should try to track the thief. That's your only chance! And the chance isn't that small, bitcoin is not exactly anonymous.

And the damage is reduced too if it happens.  Good idea.

It might be somebody you work with.

The best way to protect against this is to have an encrypted wallet file that you use as a savings account, and rarely access. Leave a smaller amount of coins in your regular wallet and the incentive to attack your computer is lessened.

If you stored your wallet.dat in three online sites unencrypted, any one of those places could have possibly taken the bitcoins by loading that wallet.dat on their client then spending the coins.

Spreading the file out in multiple places isn not necessarily the best idea unless the file is securely encrypted by YOU and not the place that is storing it.

I'd be equally suspicious of an inside job (someone in meatspace with physical access to your computer).

If it was a trojan or malware theft, they probably would have already deleted it remotely.

Call your ISP and try to get logs of all of your activity.  Maybe you can trace it to a proxy or C&C server.

If you don't see any suspicious activity in the ISP logs, then start interrogating your friends or friends of friends.  But don't lose them over this.  Some are trustworthy but trust nobody.  Maybe it was a stranger down who found out through the grapevine of your BTC activity, and walked in your dorm room while you were on the pot.

I sympathize with you.


Don't get stuck in the past.  I know its no comparison, but I'm sure any trader is kicking themselves for not selling at $30 and buying back at $10, (triple their holdings).  Many more traders are probably kicking themselves for selling at $10 and buying back at $20 (lost half their holdings).

Move on.  If you were rich once you can get rich again.

Move on.  It is hard to get rich trading.  Start an exchange.  MtGox once again having technical problems.  With the volume of BTC moving, wouldn't take much share of the trading volume to start making $2k per day.  After 10 days of that you'd have it back.

Move on.  If you let this stop you, it will.  Shit happens.  Some people were overnight millionaires because they started mining in 2010.  I knew of bitcoin then.  Why fall into a deep depression for not being an even earlier adopter?  In retrospect, its the same thing as losing coins.

Don't live in retrospect.  Will be very hard to move on.  BTC is still a wonderful opportunity.

Once again: Encryption would not have protected anything. Encryption can protect stored data. It does not protect a wallet file that is in use, because it is accessed by the client and stored unencrypted in main memory.

If those coins indeed wound up on mtgox the thief can be identified as soon as he tries to get the money out of mtgox, no?

Please describe the security of all the PC's in your home network. Do you a router with any firewall configured on it? Is your router secure? You said the funds were taken when the wallet was on a non Windows machine. What OS was running on that machine, and can you describe the security measures in place on both machines (firewall, anti virus, you only do day-to-day use with a non admin account, etc).

Is your network on wifi and is it secure? Have you done anything that would have publicized your IP address since you started acquiring bitcoins?

I'm asking all these because I think it sucks this happened, but all the people here might be able to help you investigate this incident. And another important motivation is that others could learn from your mistakes if any, and take steps to protect themselves. I think the fact that the wallet is unencrypted is the most ridiculous thing ever. How does a cryptocurrency not encrypt the very wallet where the value is stored? I think i read in another post someone explaining that it was low priority compared to other items in the work queue. That's ridiculous. It should be a top priority. Is the code for the client open source? If so it's probably time for a community effort to make that system more secure.

The problem is that I can't shut the machine as this is my work machine. I doubt any forensic expert can do shit. Bitcoins are 100% non reversible and even if this "expert" were to find out the IP address of the person who got it there is no guarantee that it was his real IP and well I'd be spending more than 25,000 BTC just to chase this.

What I'm going to do though is shut the machine down and let the symantec antivirus clean the supposed infection it detected when I ran a scan of f-secure online scan (for some reason it detected a bunch of virus in the temp dir where the online scanner stores its temporary work - could be false). And then I'm going to backup my important data. Format and reinstall the machine.

Then I'm going to sell whatever bitcoins I have remaining, take it as a life lesson, and count this as a not so fun experimentation with cryptographic currency.

I am then going to focus on making plain old paper dollars and store them in a bank where at least I'll have the full force of society or some central government insurance backing me up - not to mention some recourse to the law in case of any theft.

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

That could easily be fixed then. Those are not real spends, just database motions. The coins could be restored easily by repurchasing them. Until he tries to make off with them in USD or whatever.

It is not a solution to the OP's problem at all. Encryption only protects data while you are not using it.