JUST HAD 0.92329 BTC STOLEN - HOW??? - page 2.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: Sarthak on May 03, 2015, 11:07:31 AM

Quote from: btchris on May 03, 2015, 10:54:47 AM

Even if he did, that doesn't mean his seed is definitely unrecoverable as you imply.

Electrum, until recently, truncated the wallet file before writing to it for each wallet save. This could leave the (possibly encrypted) seed in multiple blocks on the drive, depending on how often Electrum saved the wallet file, even if he shredded it. (Newer versions of Electrum create a new wallet file, and then unlink the old one, again leaving the seed in potentially multiple blocks).

MZ's questions are good ones.

Sorry But I am not a technical guy and I didn't get what you said Tongue

Anyway, "Shred"="Permanently Delete"! That's what I have heard till now! If that can be recovered either I am using an outdated technology or you are using a new one Tongue

In other words, whenever Electrum saves the wallet file, it does a normal delete, and then creates a new wallet file. If OP shredded his wallet file, he only shredded that most recently saved file. Other older copies of the wallet, as deleted by Electrum, might still be on the drive somewhere.

Sarthak

hero member

Activity: 518

Merit: 501

Error 404: there seems to be nothing here.

Quote from: btchris on May 03, 2015, 10:54:47 AM

Quote from: Sarthak on May 03, 2015, 09:56:08 AM

Quote from: Muhammed Zakir on May 03, 2015, 09:32:44 AM

Sorry if this is already answered. Which OS are you using? Have you tried to recover deleted file?

P.S. See http://wikihow.com/Recover-Deleted-Files-from-Your-Computer. If you are lucky, you maybe able to recover it.

He said he "shredded" it! It cannot be recovered! Shredding Files deletes it permanently and cant be recovered!

Even if he did, that doesn't mean his seed is definitely unrecoverable as you imply.

Electrum, until recently, truncated the wallet file before writing to it for each wallet save. This could leave the (possibly encrypted) seed in multiple blocks on the drive, depending on how often Electrum saved the wallet file, even if he shredded it. (Newer versions of Electrum create a new wallet file, and then unlink the old one, again leaving the seed in potentially multiple blocks).

MZ's questions are good ones.

Sorry But I am not a technical guy and I didn't get what you said Tongue

Anyway, "Shred"="Permanently Delete"! That's what I have heard till now! If that can be recovered either I am using an outdated technology or you are using a new one Tongue

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: Sarthak on May 03, 2015, 09:56:08 AM

Quote from: Muhammed Zakir on May 03, 2015, 09:32:44 AM

Sorry if this is already answered. Which OS are you using? Have you tried to recover deleted file?

P.S. See http://wikihow.com/Recover-Deleted-Files-from-Your-Computer. If you are lucky, you maybe able to recover it.

He said he "shredded" it! It cannot be recovered! Shredding Files deletes it permanently and cant be recovered!

Even if he did, that doesn't mean his seed is definitely unrecoverable as you imply.

Electrum, until recently, truncated the wallet file before writing to it for each wallet save. This could leave the (possibly encrypted) seed in multiple blocks on the drive, depending on how often Electrum saved the wallet file, even if he shredded it. (Newer versions of Electrum create a new wallet file, and then unlink the old one, again leaving the seed in potentially multiple blocks).

MZ's questions are good ones.

unamis76

legendary

Activity: 1512

Merit: 1012

The coins have been joined in an address with similar small inputs and then passed through addresses with more coins, they have probably been mixed/are being mixed. I bet this is some new malware that's being widespread. Too bad OP shredded everything, otherwise we have many security experts around that could have analysed the system...

Sarthak

hero member

Activity: 518

Merit: 501

Error 404: there seems to be nothing here.

Quote from: Muhammed Zakir on May 03, 2015, 09:32:44 AM

Sorry if this is already answered. Which OS are you using? Have you tried to recover deleted file?

P.S. See http://wikihow.com/Recover-Deleted-Files-from-Your-Computer. If you are lucky, you maybe able to recover it.

He said he "shredded" it! It cannot be recovered! Shredding Files deletes it permanently and cant be recovered!

Muhammed Zakir

hero member

Activity: 560

Merit: 509

I prefer Zakir over Muhammed when mentioning me!

Sorry if this is already answered. Which OS are you using? Have you tried to recover deleted file?

P.S. See http://wikihow.com/Recover-Deleted-Files-from-Your-Computer. If you are lucky, you maybe able to recover it.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: tokeweed on May 03, 2015, 09:22:57 AM

So is this a flaw in Electrum?

We will never know if it is a fault 'by electrum' or a computer problem... but the OP said:

Quote from: bennybong on May 03, 2015, 07:37:47 AM

I've already deleted that wallet, cleared it out and shredded it. Shit. Is there anyway to retrieve it?

When ThomasV asked the seed for a check.

tokeweed

legendary

Activity: 3976

Merit: 1421

Life, Love and Laughter...

So is this a flaw in Electrum?

bennybong

hero member

Activity: 682

Merit: 500

Fuck sake. I sold my gopro to buy those coins. Unbelievable!

Sarthak

hero member

Activity: 518

Merit: 501

Error 404: there seems to be nothing here.

Quote from: bennybong on May 03, 2015, 07:44:41 AM

It's on the move:

https://blockchain.info/tx/c2eba70e624fbb4e5766beb2e4f630db8d1a5ae8bca52ef097376e0f0388479e

Don't even bother tracking! He will mix it soon or he already mixed it

bennybong

hero member

Activity: 682

Merit: 500

It's on the move:

https://blockchain.info/tx/c2eba70e624fbb4e5766beb2e4f630db8d1a5ae8bca52ef097376e0f0388479e

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: bennybong on May 03, 2015, 06:06:34 AM

Quote from: redsn0w on May 03, 2015, 05:26:15 AM

Quote from: bennybong on May 03, 2015, 05:17:06 AM

It goes without saying then that I'm screwed, and now broke Sad

Can't believe it. Time after time I've been scammed by vapourware or delays. Never been robbed straight up from my wallet

Donations welcome Embarrassed

Help a 'hero' out!

I don't think you will receive any donation from the forum users, because it seems really strange from you.

No me neither. Got nothing to lose though. I'm an honest guy I just really hope people don't think I'm making this up. I am just a small time bitcoin user with a roof over my head and place to rest my head. So I'm lucky in that respect. If anyone should be asking for donations it should be the poor souls in Nepal that really really need donations.

Just wish I hadn't lost all of bitcoin is all! Sad

However I suggest you to pubblic your seed (as ThomasV said previously in his post). So the electrum team can investigate, but I do not think it is an electrum problem (at 99% is a 'machine' problem).

Have you checked your computer? A complete check.

For the question of donation, I think if it is (was) an electrum error ... ThomasV will repay you (why not?).

virtualx

hero member

Activity: 672

Merit: 508

LOTEO

I think you have a trojan on your machine.

The blockchain record has the message:

Quote

13GrQ46YQ3x3fp1p5eHrPKSsMaxjDY9VwC (YoUr MyStErIoUs ThIeF lolz) 0.92329 BTC

The thief transfers to 13GrQ46YQ3x3fp1p5eHrPKSsMaxjDY9VwC -> 1FpsRjQXFgiGzLNwyb2UC7bDNkj99xwdnf -> 14GhadwWV4uaoxWZcNrnU3zWkTrtHbCF2T.

bennybong

hero member

Activity: 682

Merit: 500

Quote from: redsn0w on May 03, 2015, 05:26:15 AM

Quote from: bennybong on May 03, 2015, 05:17:06 AM

It goes without saying then that I'm screwed, and now broke Sad

Can't believe it. Time after time I've been scammed by vapourware or delays. Never been robbed straight up from my wallet

Donations welcome Embarrassed

Help a 'hero' out!

I don't think you will receive any donation from the forum users, because it seems really strange from you.

No me neither. Got nothing to lose though. I'm an honest guy I just really hope people don't think I'm making this up. I am just a small time bitcoin user with a roof over my head and place to rest my head. So I'm lucky in that respect. If anyone should be asking for donations it should be the poor souls in Nepal that really really need donations.

Just wish I hadn't lost all of bitcoin is all! Sad

ThomasV

legendary

Activity: 1896

Merit: 1353

Quote from: Blazr on May 03, 2015, 05:32:16 AM

Bitcoin clients still need to generate a random R value when creating a transaction, and if that isn't random then it can allow an attacker to recover your private key. Thus, while using real-world entropy to generate your private keys is a good idea, be aware that your client still uses an RNG when signing and if it is weak you can easily lose coins. This risk will be mitigated once more Bitcoin clients have support for deterministic R values. I checked OP's transaction and it doesn't appear that this was the case this time.

That is not the case here; Electrum uses deterministic signatures (RFC6979).
The only way a weak RNG could be exploited is for the generation of the seed.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: jonald_fyookball on May 02, 2015, 05:33:21 PM

There is an attack vector where your machine could get corrupted while online and then use pre-determined random numbers
or a set of seeds known to an attacker. So at that point it doesn't matter if the machine is offline,
the attacker caused the victim to unwittingly use a known seed/private key which the attack is
monitoring.

Note that you could mitigate this attack by rolling dice or flipping coins which the
ultra-paranoid should be doing anyway.

Bitcoin clients still need to generate a random R value when creating a transaction, and if that isn't random then it can allow an attacker to recover your private key. Thus, while using real-world entropy to generate your private keys is a good idea, be aware that your client still uses an RNG when signing and if it is weak you can easily lose coins. This risk will be mitigated once more Bitcoin clients have support for deterministic R values. I checked OP's transaction and it doesn't appear that this was the case this time.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: bennybong on May 03, 2015, 05:17:06 AM

It goes without saying then that I'm screwed, and now broke Sad

Can't believe it. Time after time I've been scammed by vapourware or delays. Never been robbed straight up from my wallet

Donations welcome Embarrassed

Help a 'hero' out!

I don't think you will receive any donation from the forum users, because it seems really strange from you.

bennybong

hero member

Activity: 682

Merit: 500

It goes without saying then that I'm screwed, and now broke Sad

Can't believe it. Time after time I've been scammed by vapourware or delays. Never been robbed straight up from my wallet

Donations welcome Embarrassed

Help a 'hero' out!

bennybong

hero member

Activity: 682

Merit: 500

Quote from: Quickseller on May 02, 2015, 03:11:17 PM

Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy

Incorrect check my previous post. I am very computer literate and often very careful with my BTC.

No idea what SWX is, like I said, no one I kno knows I have any bit coin or what they even are! NO one has access to my PC. I've spent all night formatting and re-installing everything but I still can't work out if I was compromised or not.... Running in a VM with no other program except Tor and all unnecessary services disabled.

I'm stumped. And in a real tricky situation because I needed that BTC more than you can imagine.

FML

johnyj

legendary

Activity: 1988

Merit: 1012

Beyond Imagination

Another question: How long has the wallet been used? When is the last time you receive coins with this wallet?

The receiving address has never been used, it seems the key for that specific address was already compromised before the transaction happened. Since all the addresses in an Electrum wallet are generated by the same seed, it is very likely that the seed was compromised

Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 2. (Read 8361 times)