Pages:
Author

Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 4. (Read 8369 times)

hero member
Activity: 882
Merit: 1006
Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have

OP claims that he was transferring the funds from his bitcoin exchange into his brand new electrum wallet (that was my interpretation anyway) and that the funds were immediately sweeped into the hackers address.

I have no idea if he is lying or not, unless you trust the OP a lot you shouldn't donate as there is no way we can know if OP is telling the truth.
copper member
Activity: 2996
Merit: 2374
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Sad

Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so.

The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default.

He (the op) said :

can you send us a screenshot of your transaction log

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks

This is the transaction id: https://blockchain.info/it/tx/5cc872a7dc9bebb03290e9d537d57eba51056e764483a4f4ef4f6bc2bac66e0f

So I do not know if the OP is trolling or if he has really lost those bitcoins.


Well it is somewhat unusual to have exactly zero bitcoin in your wallet IMO. Generally speaking when you buy something you are not going to be spending exactly all of what you have
legendary
Activity: 1778
Merit: 1043
#Free market
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Sad

Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so.

The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default.

He (the op) said :

can you send us a screenshot of your transaction log

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks

This is the transaction id: https://blockchain.info/it/tx/5cc872a7dc9bebb03290e9d537d57eba51056e764483a4f4ef4f6bc2bac66e0f

So I do not know if the OP is trolling or if he has really lost those bitcoins.

copper member
Activity: 2996
Merit: 2374
Well either way I'm fucked. Accepting donations to my sig.. Fuck my dignity. hah Sad

Based on the blockchain messages I would think that the hacker is likely reading this thread therefore I would suspect it was a more targeted attack as he likely knows the OP had an account here.
I think the chances are probably higher that the OP made the story up in order to try to get "donations". There are enough contradictions in this thread to suggest so.

The "hacker" only took funds from one address and having funds in only one address in an electrum wallet would be somewhat unusual, especially considering that change addresses are enabled by default.
hero member
Activity: 518
Merit: 501
Error 404: there seems to be nothing here.
I'm really confused about this theft! How the hell did the hacker steal the coin?
Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!

Or he was compromised in one of many other ways we have been discussing. Just because someone doesn't think they were compromised in certain ways doesn't make it so. Its not like his coins were stored securely either. They were on a windows box, using an SPV client, and likely had pirated software. This doesn't constitute secure by any means.

I am not a technical guy but as I read the thread whatever you guys ask OP gives a positive answer! Makes me think he stored it in a 100% secure way! But I am learning.. Nothing is perfect!
hero member
Activity: 774
Merit: 500
Lazy Lurker Reads Alot
Or through the fake emails with so called offers and other crap which have an jar attached to steal anyones coins
I had hundreds of them and all get deleted before even reaching any of the people who open emails
There are so many ways people can infiltrate computers these days, even some alt-coins are released containing wallet stealers.
The list is darn long with the ways criminals have invented to steal.
I caught several mining trojans as well which where using the cpu/gpu of my friends computers

Sorry for your loss
hero member
Activity: 658
Merit: 501
I'm really confused about this theft! How the hell did the hacker steal the coin?
Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!

Or he was compromised in one of many other ways we have been discussing. Just because someone doesn't think they were compromised in certain ways doesn't make it so. Its not like his coins were stored securely either. They were on a windows box, using an SPV client, and likely had pirated software. This doesn't constitute secure by any means.
hero member
Activity: 518
Merit: 501
Error 404: there seems to be nothing here.
Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual!
The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet!
Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction? Smiley

I'm really confused about this theft! How the hell did the hacker steal the coin?
Either the Hacker is a Genius or OP is trolling! (I don't mean I guarantee you are trolling)!
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Sorry to hear about it OP.

There's really no substitute for cold storage I guess.

Still, I have some coins in my online PC with electrum
and they are still there.

Like someone said, strange they were moved within a minute
of getting received...seems to be a clue.
legendary
Activity: 1090
Merit: 1000
Always a good idea to use chkrootkit in linux installs. Install it, open a terminal, enter   sudo chkrootkit

It should show you anything suspicious.
hero member
Activity: 682
Merit: 500
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Pretty strong. i use truerypt
sr. member
Activity: 386
Merit: 250
Your running Windows? enough said...
legendary
Activity: 1512
Merit: 1012
Sorry for your loss. This is pretty odd... I highly doubt of an error in Electrum (if it was, the hackers would have many stolen Bitcoin right now), this was more a targeted attack, or so it seems.

More info about OP's setup would be needed... VM software, recently installed programs, weird wallet behavior in the last few days, possibility of infected USB's...
hero member
Activity: 774
Merit: 500
Lazy Lurker Reads Alot
nope looks like an official release

Well its possible that one would get the same one but its very unlikey given the possible combinations.
But i remember on safe seller putting a large sum for those who could open it with a bunch of numbers they asumed it would never happen.
The funny thing is a nice woman just did the lucky guess and got it out
legendary
Activity: 1778
Merit: 1043
#Free market
Another transaction : https://blockchain.info/it/tx/8a47c42aa28aefe9f47f28777c319265998730b6bf5fa0a3aadcd85f76c50906

This time with only 0.00003 bitcoin as fee. I'm so curious to see if he will add a blockchain.info tag also to that bitcoin address.


I'm quoting myself : aLL bTc in my handz SWX (https://blockchain.info/it/address/14GhadwWV4uaoxWZcNrnU3zWkTrtHbCF2T).


Electrum seed is different than the passphrase of a brainwallet, or am I wrong?

It is different, however it can be cracked in the same way, for example if you made up your own seed, one that is easy to remember, people often do things like this and if you do that it likely won't be very random and is vulnerable like a brainwallet. It is also possible that the hacker found the wallet file and noticed it was empty, so he set up his PC to sweep it once funds were transferred to it.


But it is so complicated to 'find' or crack 12 words (the electrum seed).

Wait, are you quoting your forum message or are you quoting "your" tag?  Grin

Sorry for your loss OP. But I have a feeling this is done by a troll that might give it back eventually.


With " I'm quoting " I meant , quote my previous post because I thought the 'hacker' or who is managing the funds would be add surely the blockchain.info tag.



But it is so complicated to 'find' or crack 12 words (the electrum seed).

If your twelve words are all the same word it isn't. Sometimes people "pick" their own seeds that are weaker.

In that case it is very easy, but usually it is the wallet (itself) that generete the 12 words as seed and you can't decide (or better can't modify) those words.
hero member
Activity: 774
Merit: 500
Lazy Lurker Reads Alot
you mean a quote like : like like like like like like like like like like like like like Wink
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Two things.

#1 OP move this into the Electrum section please. This will make sure people with more knowledge about Electrum will read the thread. The option to move a thread is at the lower left of the page.

-> https://bitcointalk.org/index.php?board=98.0

#2 Isnt Electrum 2 still in beta?
hero member
Activity: 882
Merit: 1006
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?

Yes I was thinking that it could be a problem with low entropy. Electrum uses /dev/urandom to generate seeds (with some filtering IIRC). /dev/urandom doesn't work so good in a VM, and if you are doing encryption in the VM too then you are gonig to deplete the entropy further. I wonder if it could be that OP's wallet was generated using poor entropy, and a hacker out there trying to crack weak seeds managed to crack the seed, much like the johoe bc.info hack. It's less likely though as the /dev/urandom in Ubuntu is pretty good, and probably safe enough, but I wonder if VMWare could change that or maybe even specifically the OP's VMWare configuration, as the LRNG uses lots of hardware inputs to make entropy. In any case I think the most likely scenario is that OP's machine is infected or the hacker found a backup or got the wallet some way like that.
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
Windows 7 and VMware from encrypted container running Ubuntu
Likely the problem is here, how good is the entropy of this encryption?
hero member
Activity: 882
Merit: 1006
But it is so complicated to 'find' or crack 12 words (the electrum seed).

If your twelve words are all the same word it isn't. Sometimes people "pick" their own seeds that are weaker.
Pages:
Jump to: