Pages:
Author

Topic: I've just been robbed :-( - page 3. (Read 19273 times)

full member
Activity: 196
Merit: 100
September 30, 2012, 12:58:33 PM
#96
I would still like to know if its possible, how the original theft of the OP took place exactly so that I can make sure that it doesn't happen. Looks like the ssh login occured on a non-standard port so the OP's PC must have been scanned. If that is the case, then the OP must have had a public facing computer with no firewall between him and the internet? Assuming the attacker located the correct ssh port, then in order to login either

attacker had private key to authenticate with ssh server on OP's pc or
OP had a weak password that was brute-forced

The the OP says the attacker nicked his private key and then logged onto his work computer. htf did the attacker know to look on his work computer? I think that the OP's security environment must have been totally compromised somehow. Maybe something he said on an IRC channel perhaps? I worry that this can happen to anybody if some joe hacker decides he wants some bitcoin, he just breaks into some poor sod's non-standard ssh port and then navigates his way to his work pc in a space of a few minutes. what gives?
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
September 30, 2012, 12:44:39 PM
#95
If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.
Sure, there's a piece of a solution for everything. But it's unreasonable to expect someone to put all those pieces together. A program that produces cut-apart paper wallets with barcoded public and private parts would be a great part of a solution.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
September 30, 2012, 12:29:00 PM
#94
If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.

That's where a barcode scanner comes in.  Surely there must be something out there that makes a barcode scanner out of the webcam.
legendary
Activity: 1031
Merit: 1000
September 30, 2012, 12:27:26 PM
#93
What's so difficult to understand about a paper wallet?
Primarily how you securely withdraw from it. It's not bad for long-term storage.

So where are the potential flaws in this method of both creating wallets and generating transactions offline.

(1) Transfer the address and transaction generator code via USB to the offline computer.
(2) Create the private keys and store them in a .pdf, .txt, etc. file.
(3) Create a TrueCrypt volume and if desired a hidden volume.
(4) Place the files containing the private keys into the TrueCrypt volume. I like to place the public keys in the main folder, along with some dummy private keys, and the other private keys in the hidden folder.
(5) Transfer the TrueCrypt volume via USB to an online computer.
(6) Store the TrueCrypt volume in many places such as Dropbox, Amazon Cloud, Google Drive, Gmail, multiple USB sticks, email to friends, etc.
(7) With Blockchain.info you can click Import/Export and input a public key to ‘watch’. This will let you keep an eye on your wallets without revealing the private keys in anyway beyond the TrueCrypt volume.
hero member
Activity: 557
Merit: 500
September 30, 2012, 10:15:31 AM
#92
That sucks, bro.

If it's any consolation (probably not), I heard a story on this forum once about a guy that formatted a drive with tens of thousands of coins on it. He said the worst part was his wife knowing about it.

You can easily recover files from a formatted drive.  
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 29, 2012, 11:08:54 PM
#91
how does the paper wallet work when you get money back on change address ?
or does the privkey of the 1 key include the other 100 keys ?
That would depend on how and where you create the transaction. If you imported your key into a client then that client would build the transaction and likely return change to one of it's addresses. Some clients do allow change address selection. blockchain.info allows you to do that and you could send it back to the same address or another offline address. In the satoshi (std) client it would be returned to a new address in your wallet.
legendary
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
September 29, 2012, 09:50:16 PM
#90
how does the paper wallet work when you get money back on change address ?
or does the privkey of the 1 key include the other 100 keys ?
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 29, 2012, 09:38:57 PM
#89
there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.
Mind boggling but as long as you're organised doable.

I'd think that a binary sequence of deposit values to addresses would work. Then you would just spend what combination of keys gave you the value you wanted. I suppose you would have to do a balance re-org after to keep it usable.  Wink
full member
Activity: 125
Merit: 100
September 29, 2012, 09:33:37 PM
#88
Any tips on what to do next? I'm still a bit fuzzy about the details. Can we blacklist those funds somehow?

Figure out how it happened, gather details, file a police and FBI cybercrimes report.

Make sure the method of theft is not still open.



FBI, huh?  Gonna pay taxes on those bitcoins now to pay for that?
legendary
Activity: 4424
Merit: 4794
September 29, 2012, 09:31:54 PM
#87
theres no point in tracing the block chain.. u can try though im not stopping you.

i have just found when trying to use known deposit addresses from pirates BS&T and the addresses people that (early on before he went rogue) received the funds on..

he used the 1DKY address in the middle.. which is where from what has been recently confirmed as the silkroad address..

so most theifs and scum would simply deposit money into silkroad. and then withdraw it.. and due to the large volume in the mix what u get out is not the same 'taint' as what u put in.

alot of us thought this was pirates actual wallet.. but due to it know known as silk roads its harder to point down where those funds ended up due to the mixer.. and how much pirate actually hoarded.

i dont think silk road would want to reveal who owned the deposit/withdrawl address 1 hop either side of the 1DkyBEK address. so the OP of this thread will have a hard time too tracking the payments.

hopefully the IP address is not a tor node/proxy ..

sorry to be the bearer of bad news.

id definetly suggest to everyone to hand write their privkeys on paper. and cleanse their system if they are large holders.
hero member
Activity: 668
Merit: 501
September 29, 2012, 06:50:46 PM
#86
there could be a scheme like that with hierachical deterministic paper wallets, where you build up a paper chessboard, put 4 smaller chessboards on top, 16 on top, 64 on top... etc. then you can pick small denominations from the top and spend them, or the largest sheet from the bottom and spend all of them.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
September 29, 2012, 04:00:42 PM
#85
Bitcoins on paper do not need to be monolithic, surely?

Couldn't you print a whole bunch of addresses with different amounts in them, either already chopped up into separate pieces of paper, or go in with scissors to cut out just enough for your current withdrawl needs when you need to withdraw?

Basically print hundreds or thousands of encrypted one-bitcoin bills, for example, and bring only as many out of your vault as you actually want to spend?
That's extremely inconvenient. But you could probably draw a bit of a compromise and use a scheme where any time you need to get money from one of your paper wallets, you empty it and put the change (if it's a large amount) into a new paper wallet. If you need a larger amount, you grab multiple paper wallets and empty them all. That's still pretty inconvenient though.
legendary
Activity: 2940
Merit: 1090
September 29, 2012, 03:40:09 PM
#84
Bitcoins on paper do not need to be monolithic, surely?

Couldn't you print a whole bunch of addresses with different amounts in them, either already chopped up into separate pieces of paper, or go in with scissors to cut out just enough for your current withdrawl needs when you need to withdraw?

Basically print hundreds or thousands of encrypted one-bitcoin bills, for example, and bring only as many out of your vault as you actually want to spend?

-MarkM-
donator
Activity: 994
Merit: 1000
September 29, 2012, 03:19:08 PM
#83
What's so difficult to understand about a paper wallet?
Primarily how you securely withdraw from it. It's not bad for long-term storage.
I agree. Every time you want to withdraw you need access to an "uncompromised" system.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
September 29, 2012, 02:57:50 PM
#82
How do you keep fiat safe? That is not fool proof either. But I do agree Bitcoin still needs some time to mature. Thanks.
In many countries, banks are insured by government agencies. That's pretty close to fool proof. You can also hide fiat and/or lock it securely. Of course, that's not 100% reliable, but its risks are very easy to understand and not that difficult to reduce. People have many years of experience protecting fiat and have gotten very good at it. It's rare for a person to be a victim of a large theft of fiat.

What's so difficult to understand about a paper wallet?
Primarily how you securely withdraw from it. It's not bad for long-term storage.
hero member
Activity: 532
Merit: 500
September 29, 2012, 02:09:56 PM
#81


If you still think you might have a rootkit, wipe your system clean. It's really the only surefire way to get rid of a rootkit.

I think after a disaster like this the only secure method is to reinstall all affected computers, make some images of the harddisk so you can still analyze what happend.

+1, don't try to fix a os if you think it might have a root kit.
Root kit cleaners are like anti virus software, they only clean what they know and recognize ....

Very true, which is why I don't necessarily condone Rootkit removers. I'd much rather lose everything on a hard disk than have my BTC get stolen (again in his case).
legendary
Activity: 1937
Merit: 1001
September 29, 2012, 11:50:58 AM
#80
geez, 9000 btc... thats big money...
I feel for you man, next time dont keep it online, just print the keys encrypted, keep it safe and wipe the wallet.
full member
Activity: 129
Merit: 100
September 29, 2012, 11:30:49 AM
#79
Really sorry for the OP. There's not much one can say to help the situation. These kind of problems have got to be sorted out before BTC hits the mainstream. I get the feeling that on the average, we are here are quite tech savvy compared to the the normal guy. But if a granny had her wallet.dat stolen and the tabloid newspapers get hold of it, that would be a serious blow to the credibility of bitcoin and might be irreversible.

Granny doesn't use her computer or smartphone for financial transactions, she's probably more secure than any of us right now Cheesy
hero member
Activity: 490
Merit: 500
September 29, 2012, 10:39:33 AM
#78
Bitcoin is an excellent social experiment in the depravity of people.
Bitcoin has to fight at two fronts right now. Governments & Regulations and Scammers & Hackers.
It's a bit depressing to see that it's more the Scammers & Hackers site of things which makes most users suffer.

That tells you something about the predatory attitude of people. We may have abolished cannibalism in the literal meaning, but we still have it in an economical sense.


True on this. Over the time bitcoin shall mature and hold tight aganist these people.
legendary
Activity: 2940
Merit: 1333
September 29, 2012, 10:33:22 AM
#77
This makes me want to rethink again how I stole my BTC.

Great Freudian slip there Goat!  Smiley
Pages:
Jump to: