Pages:
Author

Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 3. (Read 8382 times)

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Correct.  You just have to make sure you generate the
seed on a machine that has never been online and never will be.
Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again.

This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine!



There is an attack vector where your machine could get corrupted while online and then use pre-determined random numbers
or a set of seeds known to an attacker.  So at that point it doesn't matter if the machine is offline,
the attacker caused the victim to unwittingly use a known seed/private key which the attack is
monitoring.

Note that you could mitigate this attack by rolling dice or flipping coins which the
ultra-paranoid should be doing anyway.
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
Correct.  You just have to make sure you generate the
seed on a machine that has never been online and never will be.
Not never has been, only never will be again. The machine can be online 5 seconds before you generate the seed, so long as you ensure it will never connect to the internet again.

This includes network-capable printers if you're printing paper wallets, best bet is to physically remove the network card from the machine!

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Correct.  You just have to make sure you generate the
seed on a machine that has never been online and
never will be.

legendary
Activity: 1778
Merit: 1043
#Free market
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Simple... simple | a cold storage is an address generated offline (or better on an offline pc) so the use of the wallet is 'relative'. You can generate the coin also with another client/wallet , the important thing is "that the device/machine *must* be offline (better It should never be connected to the Internet *never*).
legendary
Activity: 1512
Merit: 1012
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage
I personally never played with Electrum because I only trust cold storage.
hero member
Activity: 686
Merit: 500

Hey OP, what does "SWX" mean? Does it mean anything to you?

Quote
3lectruM fail. More2come SWX
aLL bTc in my handz SWX
hero member
Activity: 658
Merit: 501
So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?

Very unlikely as the SSL certs would have to be compromised, but perhaps a hidden bug that is making electrum work completely differently than designed.
hero member
Activity: 504
Merit: 500
So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?
legendary
Activity: 1778
Merit: 1043
#Free market
After 1 minute, it is not 'immediately' but he was 'very fast'.

Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.

So most probably the OP is not 'kidding' and he really lost those 0.92329 bitcoins. However the bitcoin is still in the last address ( TAG: aLL bTc in my handz SWX) from about 5 hours.
hero member
Activity: 658
Merit: 501
It is odd that the hacker is wasting his time taunting the victim as well with such a small amount. The hacker could be a sick loser I suppose that enjoys trolling.

In any which case I do not mind helping investigate and troubleshoot security for victims but it is a bad idea to reward those that practice bad security(SPV in Vmware on a windows box is poor security) when there are so many charities that are far more deserving.
copper member
Activity: 2996
Merit: 2374
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!


Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy
hero member
Activity: 658
Merit: 501
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine

It isn't and neither is the entropy generated from a live linux cd either... but it would still be a very rare and odd attack because enough entropy is typically realized.  
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!

member
Activity: 116
Merit: 10
-Credits (CRE) Miner/Enthusiast
Ouch! Make sure to scan your PC.
legendary
Activity: 3248
Merit: 1070
Your running Windows? enough said...

ignorant statement, linux isn't so much better in term of virus and company, and it's not even about the SO here, it's the container apparently
hero member
Activity: 518
Merit: 501
Error 404: there seems to be nothing here.
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ...

Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV:


Sorry for your loss.

The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.

One thing you can do is publish your seed; it does not make sense to keep it private anymore.


..and that the funds were immediately sweeped into the hackers address.

After 1 minute, it is not 'immediately' but he was 'very fast'.

Either it was the OP himself or it was someone monitoring OP very closely! Though he denies that people he know don't use bitcoins I think someone very close to him was behind this If his computer was as safe as he stated it here!
hero member
Activity: 882
Merit: 1006
After 1 minute, it is not 'immediately' but he was 'very fast'.

Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.
legendary
Activity: 1778
Merit: 1043
#Free market
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ...

Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV:


Sorry for your loss.

The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.

One thing you can do is publish your seed; it does not make sense to keep it private anymore.


..and that the funds were immediately sweeped into the hackers address.

After 1 minute, it is not 'immediately' but he was 'very fast'.
Pages:
Jump to: