Pages:
Author

Topic: I thought I would never get hacked... - page 4. (Read 1126 times)

hero member
Activity: 560
Merit: 1060
July 28, 2023, 03:19:04 AM
#24
Weird. It looks like someone was testing his malware backend.
If you want to explain further, I would appreciate it.
Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees.

Quote
What does it mean that someone was testing his malware?
It's just a guess because I can't think of any other reason to create such transactions.

Quote
In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.
Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario.

Quote
2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.
It's possible.

Quote
3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.
It's possible.

Quote
4. My phone is compromised somehow and someone gained access to my phone's storage.
It's possible.

Option 5: someone had access to your phone for a moment, and swept your funds.

Thanks. I have no sendable merit, but I appreciate your answer. In my opinion the most likely scenarios are (3), (4).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 28, 2023, 03:10:30 AM
#23
Weird. It looks like someone was testing his malware backend.
If you want to explain further, I would appreciate it.
Take a look at the receiving address, and "CTRL-F bc1qs9gxwj6497yk" on that page, then scroll down. That highlights when the address received funds, when it sent funds, and when it sent funds to itself. Some of the transactions are consolidating, but at high fee. Some are splitting inputs. Both actions are a waste of transaction fees.

Quote
What does it mean that someone was testing his malware?
It's just a guess because I can't think of any other reason to create such transactions.

Quote
In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.
Is there any possibility to know some (most) of your seed words, without knowing all of them? I guess not, so this is the least likely scenario.

Quote
2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.
It's possible.

Quote
3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.
It's possible.

Quote
4. My phone is compromised somehow and someone gained access to my phone's storage.
It's possible.

Option 5: someone had access to your phone for a moment, and swept your funds.
hero member
Activity: 560
Merit: 1060
July 28, 2023, 02:56:32 AM
#22
You can't obfuscate addresses like this, it's trivial to find.
Your topic would have been more clear if you kept windice out of it. This transaction has nothing to do with your previous transactions.

Ok, sorry my bad for both of the above.

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6:
~ many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why.
Weird. It looks like someone was testing his malware backend.
[/quote]

If you want to explain further, I would appreciate it.

What does it mean that someone was testing his malware?

In my opinion there are the following options:
1. Someone tried to brute-force my wallet and they succeeded. Highly unlikely. Except if the attacker knew some of my words and therefore were able to reduce the search space.
2. Someone saw my seed phrase on my piece of paper. Highly unlikely. Since where I store my seed phrase nobody has access except for me.
3. My BlueWallet app is compromised somehow. I downloaded it from the playstore.
4. My phone is compromised somehow and someone gained access to my phone's storage.

However all those options seem too obscure to me and I can't understand how it happened.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 28, 2023, 02:42:48 AM
#21
3Jp9hU........p6ai. I don't show the exact address because I don't want to expose all of my transactions for privacy reasons.
You can't obfuscate addresses like this, it's trivial to find.

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6:
~ many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why.
Weird. It looks like someone was testing his malware backend.
hero member
Activity: 560
Merit: 1060
July 28, 2023, 02:25:54 AM
#20
The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6: it received many more transactions, all within 24 hours. It looks like someone targeted many wallets at once.
As I said, it's from the website where I sent some sats to play roulette
You're contradicting yourself:
Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before?
I have never sent money to this address

First, you say your Bitcoin was sent to the address above. Then you say it's from a website you've used, while you say you've never sent funds to that address. It doesn't add up. How do you know which website the address belongs to?

Hang on, I have been misunderstood, perhaps because english is not my native language.

So, I have a hot wallet on my BlueWallet application.

I have sent multiple time to an address that the website (windice.io) provided me, which was looking like this: 3J....... I don't show the exact address because I don't want to expose all of my transactions for privacy reasons.

So, my wallet had multiple transactions to the address above.

Then, suddenly, I have seen this transaction from my wallet: https://mempool.space/tx/dc8460f585ec591a3a8ee264f2604e868dfada4efdcc30eb4d21f97692289d37

The output address of this transaction is this one:  bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6

I don't own the keys that generate this address.

I hope I made myself clear and I am happy to add any more information if needed.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 28, 2023, 02:16:43 AM
#19
The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6: it received many more transactions, all within 24 hours. It looks like someone targeted many wallets at once.
As I said, it's from the website where I sent some sats to play roulette
You're contradicting yourself:
Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before?
I have never sent money to this address

First, you say your Bitcoin was sent to the address above. Then you say it's from a website you've used, while you say you've never sent funds to that address. It doesn't add up. How do you know which website the address belongs to?
hero member
Activity: 560
Merit: 1060
July 28, 2023, 01:36:34 AM
#18
I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).
I remember this casino, they even advertised themselves in this forum, I think around 2018-2019. Let me look up the links

But I don't think a site would access your private keys (seeds) or something like that. There is a possibility there was some security lapse that led to the leakage of your private keys (seeds) recently or way back, and you can't remember.

Their ANN: ♨️🎲 WINDICE.io 🎲 Contests 🏆 TvT 🔰 Progressive Faucet💰 Jackpots 🎁❤
Their former Signature Campaign: Windice.io Signature Campaign(CLOSED)

Yeah I guess they couldn't access my PK, but I still wonder how someone gained access to my wallet...
copper member
Activity: 2198
Merit: 1837
🌀 Cosmic Casino
July 27, 2023, 06:59:00 PM
#17
I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).
I remember this casino, they even advertised themselves in this forum, I think around 2018-2019. Let me look up the links

But I don't think a site would access your private keys (seeds) or something like that. There is a possibility there was some security lapse that led to the leakage of your private keys (seeds) recently or way back, and you can't remember.

Their ANN: ♨️🎲 WINDICE.io 🎲 Contests 🏆 TvT 🔰 Progressive Faucet💰 Jackpots 🎁❤
Their former Signature Campaign: Windice.io Signature Campaign(CLOSED)
hero member
Activity: 560
Merit: 1060
July 27, 2023, 04:42:18 PM
#16
PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...
There is nothing suspicious with windice.
They gave you a deposit address and you sent bitcoin to that address. That's all. There is no way they can gain access to your private keys or seed phrase and make transaction from your wallet.

Hello! So, what do you think has happened?

I can assure you that nobody has ever seen my seed phrase. But the phone may be compromised. I just can't understand what I see in mempool. I have never seen the receiving address before.
legendary
Activity: 2380
Merit: 5213
July 27, 2023, 04:33:44 PM
#15
PS: I think there may be something wrong with windice.io. I had sent some sats multiple times to play some roulette. Maybe they are doing something suspicious. Anyway, I will blame myself only...
There is nothing suspicious with windice.
They gave you a deposit address and you sent bitcoin to that address. That's all. There is no way they can gain access to your private keys or seed phrase and make transaction from your wallet.
hero member
Activity: 560
Merit: 1060
July 27, 2023, 04:30:17 PM
#14
12 words are more than sufficient. 24 words are harder to brute force, yes, but brute forcing 12 words is already impossible. The number of words makes no difference if an attacker compromises your back up.
If the seed phrases from your multi-sig set up have never touched an internet connected device, then they remain as safe as possible.
What you should really be focusing on is how your hot wallet was compromised. How did you store the seed phrase back up, and did you import it anywhere else? It could well be that the device which was hosting this hot wallet is infected with malware, meaning you will need to think about formatting it and reinstalling your OS.

Sounds correct. My device is actually my phone. I really can't understand what went wrong... My seed phrase has never been imported to any other software apart from Bluewallet on my phone.

Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before?  That's where you're money went, did you log onto the roulette site to see if the funds are there?  Are you sure you didn't send the funds while on a fortified hookah bender, and just forgot?  Does anyone else have access to the device where you have the hot wallet? 

Nobody has access to my seed phrase (nor my phone) apart from me.

I have never sent money to this address but windice.io makes you always deposit to the same address (which is not the one where my money went).

copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
July 27, 2023, 02:54:13 PM
#13
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam.

Do you mean you've sent funds to bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6 before?  That's where you're money went, did you log onto the roulette site to see if the funds are there?  Are you sure you didn't send the funds while on a fortified hookah bender, and just forgot?  Does anyone else have access to the device where you have the hot wallet?  
legendary
Activity: 2268
Merit: 18771
July 27, 2023, 02:23:53 PM
#12
12 words are more than sufficient. 24 words are harder to brute force, yes, but brute forcing 12 words is already impossible. The number of words makes no difference if an attacker compromises your back up.

If the seed phrases from your multi-sig set up have never touched an internet connected device, then they remain as safe as possible.

What you should really be focusing on is how your hot wallet was compromised. How did you store the seed phrase back up, and did you import it anywhere else? It could well be that the device which was hosting this hot wallet is infected with malware, meaning you will need to think about formatting it and reinstalling your OS.

hero member
Activity: 560
Merit: 1060
July 27, 2023, 01:07:43 PM
#11
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam.
I'm confused: you said you "originally" created the seed phrase in Bluewallet. Does that mean you imported your seed phrase elsewhere? Which wallet did you use, and how can the website you sent funds to have anything to do with that?

I had used Bluewallet all the way from the beginning till the end with this wallet. I created the seed phrase there = I created the wallet there and used it as a hot wallet.

12 word seed phrases for 2-of-3 multisig wallet created on a hardware wallet is very safe and secure, you can not compare that with single sig online wallet which is far more vulnerable if you compare them both.

Having the backup in this order in different places also makes the backup to be safe:

Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1

As far as the multisig vault is concerned:
This is exactly how I have backed-up my wallet. In fact the only thing I have done using a device connected to the internet, it to monitor my wallet importing my xpubs to Sparrow which is connected to my personal electrum server.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 27, 2023, 01:03:24 PM
#10
As I said, it's from the website where I sent some sats to play roulette, I think it's a scam.
I'm confused: you said you "originally" created the seed phrase in Bluewallet. Does that mean you imported your seed phrase elsewhere? Which wallet did you use, and how can the website you sent funds to have anything to do with that?
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
July 27, 2023, 01:01:55 PM
#9
It's not a hardware device actually. It's a seed signer, meaning it has no memory at all. My seed phrases are on paper on 3 different places. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok?
12 word seed phrases for 2-of-3 multisig wallet created on a hardware wallet is very safe and secure, you can not compare that with single sig online wallet which is far more vulnerable if you compare them both.

Having the backup in this order in different places also makes the backup to be safe:

Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1
hero member
Activity: 560
Merit: 1060
July 27, 2023, 01:00:21 PM
#8
OP had less than 0.001BTC in a hot wallet. That's a totally acceptable amount to risk losing, and I assume OP has most of his funds in cold storage already.
Hello Loyce. It's not the amount... It's the fact I got  hacked... I have both a multisig vault and a cold wallet with passphrase. That's where I keep my entire net worth. I really couldn't afford losing it. That's why you see me desperate and forgive me for that...

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6: it received many more transactions, all within 24 hours. It looks like someone targeted many wallets at once.

As I said, it's from the website where I sent some sats to play roulette, I think it's a scam.

I trust 12 seed words. You should look elsewhere, changing to 24 words will only give you a false sense of security.

Thanks, I really appreciate this answer. It's what I thought anyway, so...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 27, 2023, 12:55:50 PM
#7
Going forward I would advice you prioritize offline method of storing your keys and seeds
OP had less than 0.001BTC in a hot wallet. That's a totally acceptable amount to risk losing, and I assume OP has most of his funds in cold storage already.

The interesting part is the receiving address: bc1qs9gxwj6497ykmj5txdk7aax0c6psyr62fwcuv6: it received many more transactions, all within 24 hours. It looks like someone targeted many wallets at once.
Update: It gets weirder: many of those transactions are sending his own inputs to his own address: this transaction for example. I have no idea why.

I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok?
I trust 12 seed words. You should look elsewhere, changing to 24 words will only give you a false sense of security.
hero member
Activity: 560
Merit: 1060
July 27, 2023, 12:54:49 PM
#6
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.

I start to worry about this setup too now...
Having the 2-of-3 multisig on hardware device is very safe and secure. One if the best options to go for.

It's not a hardware device actually. It's a seed signer, meaning it has no memory at all. My seed phrases are on paper on 3 different places. I am starting to think that I must create another wallet where each cosigner is 24 words long. Should I? Or am I ok?
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
July 27, 2023, 12:48:36 PM
#5
I also have a 2-of-3 multisig. All cosigners are 12 words long. They have all been generated using a hardware wallet which is airgapped. I am monitoring my wallet (as watch-only) connected to my own node.

I start to worry about this setup too now...
Having the 2-of-3 multisig on hardware devices is very safe and secure. One of the best options to go for.
Pages:
Jump to: