Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 3. (Read 8369 times)

Quote from: jonald_fyookball on May 02, 2015, 12:06:53 PM

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt

Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage

I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Correct. You just have to make sure you generate the
seed on a machine that has never been online and
never will be.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: unamis76 on May 02, 2015, 03:58:24 PM

Quote from: Beliathon on May 02, 2015, 03:08:34 PM

Quote from: jonald_fyookball on May 02, 2015, 12:06:53 PM

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt

Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage

I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Simple... simple | a cold storage is an address generated offline (or better on an offline pc) so the use of the wallet is 'relative'. You can generate the coin also with another client/wallet , the important thing is "that the device/machine *must* be offline (better It should never be connected to the Internet *never*).

unamis76

legendary

Activity: 1512

Merit: 1012

Quote from: Beliathon on May 02, 2015, 03:08:34 PM

Quote from: jonald_fyookball on May 02, 2015, 12:06:53 PM

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt

Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage

I personally never played with Electrum because I only trust cold storage.

And Electrum + Cold Storage is also a possibility...

Beliathon

hero member

Activity: 784

Merit: 1000

https://youtu.be/PZm8TTLR2NU

Quote from: jonald_fyookball on May 02, 2015, 12:06:53 PM

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt

Damn that really sucks. I don't know what to tell you, other than the obvious:

There's really no substitute for cold storage

I personally never played with Electrum because I only trust cold storage.

fryarminer

hero member

Activity: 686

Merit: 500

Quote from: bennybong on May 02, 2015, 11:34:59 AM

It's moved

https://blockchain.info/address/14GhadwWV4uaoxWZcNrnU3zWkTrtHbCF2T

Hey OP, what does "SWX" mean? Does it mean anything to you?

Quote

3lectruM fail. More2come SWX
aLL bTc in my handz SWX

inBitweTrust

hero member

Activity: 658

Merit: 501

Quote from: MakingMoneyHoney on May 02, 2015, 02:39:29 PM

So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?

Very unlikely as the SSL certs would have to be compromised, but perhaps a hidden bug that is making electrum work completely differently than designed.

MakingMoneyHoney

hero member

Activity: 504

Merit: 500

So even though this thread got moved to Electrum, is the consensus still that it probably had nothing to do with being an Electrum wallet?

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: Blazr on May 02, 2015, 12:37:52 PM

Quote from: redsn0w on May 02, 2015, 12:35:07 PM

After 1 minute, it is not 'immediately' but he was 'very fast'.

Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.

So most probably the OP is not 'kidding' and he really lost those 0.92329 bitcoins. However the bitcoin is still in the last address ( TAG: aLL bTc in my handz SWX) from about 5 hours.

inBitweTrust

hero member

Activity: 658

Merit: 501

It is odd that the hacker is wasting his time taunting the victim as well with such a small amount. The hacker could be a sick loser I suppose that enjoys trolling.

In any which case I do not mind helping investigate and troubleshoot security for victims but it is a bad idea to reward those that practice bad security(SPV in Vmware on a windows box is poor security) when there are so many charities that are far more deserving.

Quickseller

copper member

Activity: 2996

Merit: 2374

Quote from: johnyj on May 02, 2015, 01:46:13 PM

Quote from: Quickseller on May 02, 2015, 12:29:27 PM

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

Quote from: bennybong on May 02, 2015, 06:17:26 AM

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!

Yup. He also claims to not be very tech savvy, however engages in things that would typically only be done by someone who is tech savvy

inBitweTrust

hero member

Activity: 658

Merit: 501

Quote from: johnyj on May 02, 2015, 01:51:46 PM

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine

It isn't and neither is the entropy generated from a live linux cd either... but it would still be a very rare and odd attack because enough entropy is typically realized.

johnyj

legendary

Activity: 1988

Merit: 1012

Beyond Imagination

Windows 7 and VMware from encrypted container running Ubuntu

Likely the problem is here, how good is the entropy of this encryption?

I'm also wondering if the randomness of the key generation on a VM can be as good as physical machine

johnyj

legendary

Activity: 1988

Merit: 1012

Beyond Imagination

Quote from: Quickseller on May 02, 2015, 12:29:27 PM

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.

That's not a brand new wallet:

Quote from: bennybong on May 02, 2015, 06:17:26 AM

I've had much more btc in that wallet in the past. And I only fire up my VM to check my electrum which isn't that often. WHY ME AND why now. This is bullshit!

Cinnob0n

member

Activity: 116

Merit: 10

-Credits (CRE) Miner/Enthusiast

Ouch! Make sure to scan your PC.

Amph

legendary

Activity: 3248

Merit: 1070

Quote from: randayh on May 02, 2015, 11:48:40 AM

Your running Windows? enough said...

ignorant statement, linux isn't so much better in term of virus and company, and it's not even about the SO here, it's the container apparently

Sarthak

hero member

Activity: 518

Merit: 501

Error 404: there seems to be nothing here.

Quote from: redsn0w on May 02, 2015, 12:35:07 PM

Quote from: Quickseller on May 02, 2015, 12:29:27 PM

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ...

Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV:

Quote from: ThomasV on May 02, 2015, 12:32:18 PM

Sorry for your loss.

The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.

One thing you can do is publish your seed; it does not make sense to keep it private anymore.

Quote from: redsn0w on May 02, 2015, 12:35:07 PM

..and that the funds were immediately sweeped into the hackers address.

After 1 minute, it is not 'immediately' but he was 'very fast'.

Either it was the OP himself or it was someone monitoring OP very closely! Though he denies that people he know don't use bitcoins I think someone very close to him was behind this If his computer was as safe as he stated it here!

Blazr

hero member

Activity: 882

Merit: 1006

After 1 minute, it is not 'immediately' but he was 'very fast'.

Yes it usually takes about 1 minute for a transaction to propagate the network, so it took around a minute before the hackers PC knew the address had received money that it could steal.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: Quickseller on May 02, 2015, 12:29:27 PM

Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) ...

Exactly, I have already quoted the post made by the OP. However this is a reply from ThomasV:

Quote from: ThomasV on May 02, 2015, 12:32:18 PM

Sorry for your loss.

The fact that the coins were stolen immediately means that the hacker had your seed or your private key before the coins were sent to you;
he was probably running a script waiting for some coins to land on compromised or weak private keys.

One thing you can do is publish your seed; it does not make sense to keep it private anymore.