Pages:
Author

Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 8. (Read 8382 times)

hero member
Activity: 682
Merit: 500
May 02, 2015, 09:54:21 AM
#78
NEw address has a new tag:

https://blockchain.info/address/1FpsRjQXFgiGzLNwyb2UC7bDNkj99xwdnf

wtf does that mean?!?
hero member
Activity: 658
Merit: 501
May 02, 2015, 09:54:10 AM
#77
Trust me. I'm on a boat, with a personal crappy old laptop. No one has been near this. My internet is 150kb/s tops and I hate it!

Additionally, think about anyone else that has access or come in contact with your computer or any usb drive in the past. Additionally, since you are on a boat with a 150 kb/s connection that also brings 2 concerns to my mind : 1) you aren't keeping your windows box patched because of your extremely limited bandwidth. 2) You are using a wifi hotspot that is compromised.

The fact that you are so incredulous that you have been compromised is a security concern in itself as their are so many ways to be compromised with the way you store bitcoins. At most you should be upset and slightly shocked that you were compromised but aware that you made some security shortcuts and need to do better in the future.
legendary
Activity: 1662
Merit: 1050
May 02, 2015, 09:52:51 AM
#76
U could try www.bitundo.com... but it has already got a confirmation.

Wow! Interesting share! Have you ever tried this site?
I don't think its legit! I will try it right now and edit this post Smiley

No. I have never tried. I'd be interested in your feedback as well...
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:46:05 AM
#75
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?

The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time.

There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well.

Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit.



Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!

Again, I'm going to go with the point of failure wasn't you, I would press that there is a failure point with the VPN.  If someone has your info, they could just wait for you to confirm signing the transaction then send it immediately thereafter.  I've read cases of botched tor exit nodes that pass fake blockchain.info credentials to users to log the credentials. 

was the btc cold for a while beforehand?  why were you moving it to this address?

No it was fresh from localbitcoins. My VPN is iPedator which I trust
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:43:16 AM
#74
Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!

If you have any IT job or a job as a network administrator you are a much higher target for hackers and the NSA/FBI(remember many of them are corrupt as well)

You should always assume that whatever you have in your primary computer that you install software on and browse the internet with can be instantly compromised. I find that this is a good thing to expose myself to with small amounts of bitcoin as it is a cheap way of telling me my computer is compromised(never happened yet) If you do not use cold storage than you need to at least use a hardware wallet.

It doesn't matter that you are security conscientious as security is difficult to do right and all it takes is one mistake or one unlucky encounter.

Trust me. I'm on a boat, with a personal crappy old laptop. No one has been near this. My internet is 150kb/s tops and I hate it!
legendary
Activity: 1456
Merit: 1018
HoneybadgerOfMoney.com Weed4bitcoin.com
May 02, 2015, 09:41:01 AM
#73
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?

The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time.

There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well.

Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit.



Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!

Again, I'm going to go with the point of failure wasn't you, I would press that there is a failure point with the VPN.  If someone has your info, they could just wait for you to confirm signing the transaction then send it immediately thereafter.  I've read cases of botched tor exit nodes that pass fake blockchain.info credentials to users to log the credentials. 

was the btc cold for a while beforehand?  why were you moving it to this address?
hero member
Activity: 770
Merit: 509
May 02, 2015, 09:36:23 AM
#72
I just deposited the above amount to one of electrum wallets. Almost immediately the balance was tramsferred to:

13GrQ46YQ3x3fp1p5eHrPKSsMaxjDY9VwC

tx: https://blockchain.info/tx/c92f9c265f0a7a9b7fec9184a0314545f8d3f2b3d6d53c240eec97a087826a00

Noth of the transaction have any confirmations, it just happen immediately. How is this possible and how can I get my funds back??? I cannot understand how this is possible. FML

My address:

https://blockchain.info/address/15WapDB1AsoKKp4vMTims836Jxn9mJdHJA


Help!!!  

Very weird, I would assume you maybe got infected by a trojan of some sorts. The way it went is strange, as you didn't input that address. Maybe your electrum installation is compromised?
hero member
Activity: 658
Merit: 501
May 02, 2015, 09:34:25 AM
#71
Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!

If you have any IT job or a job as a network administrator you are a much higher target for hackers and the NSA/FBI(remember many of them are corrupt as well)

You should always assume that whatever you have in your primary computer that you install software on and browse the internet with can be instantly compromised. I find that this is a good thing to expose myself to with small amounts of bitcoin as it is a cheap way of telling me my computer is compromised(never happened yet) If you do not use cold storage than you need to at least use a hardware wallet.

It doesn't matter that you are security conscientious as security is difficult to do right and all it takes is one mistake or one unlucky encounter.
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
May 02, 2015, 09:31:24 AM
#70
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?

The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time.

There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well.

Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit.



Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!

Someone check with Electrum as well.
legendary
Activity: 1778
Merit: 1043
#Free market
May 02, 2015, 09:28:46 AM
#69
Aaaaand it's gone

https://blockchain.info/address/1FpsRjQXFgiGzLNwyb2UC7bDNkj99xwdnf

Look at the fucking tag eh put on the address! Cunt. He must be browsing this!

Interesting blockchain.info tag : YoUr MyStErIoUs ThIeF lolz


https://blockchain.info/it/address/13GrQ46YQ3x3fp1p5eHrPKSsMaxjDY9VwC

https://archive.is/xhdHz

Maybe the hacker is reading this thread, who knows?
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:27:44 AM
#68
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?

The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time.

There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well.

Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit.



Yeah I am actually pretty hot on security and pentesting. Which is why I'm so confused!
hero member
Activity: 658
Merit: 501
May 02, 2015, 09:26:20 AM
#67
But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?

The attacker is unlikely to know what your balance until it is taken or attacking many people at the same time.

There are many 0day exploits in the wild and your computer if not properly patched with the latest flash/browser/OS patches can be vulnerable to older exploits as well.

Even if you use WPA2 on your local router , if you live in an apartment building and a hacker lives next door and can see your hotspot they can perform a dictionary attack or bruteforce attack on your wifi password and than serve you up a malicious page with a 0 day exploit.

He must be browsing this!

No necessarily as its a safe assumption you would be reading that with or without this thread. He is definitely and asshole though.
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:25:17 AM
#66
Aaaaand it's gone

https://blockchain.info/address/1FpsRjQXFgiGzLNwyb2UC7bDNkj99xwdnf

Look at the fucking tag eh put on the address! Cunt. He must be browsing this!
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:21:34 AM
#65
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.


Anti- virus software isn't foolproof and cannot catch many types of infections.

All it takes is one click on a link in a phishing email, one infected jump drive or external plugged in for a brief moment, visiting one page that has a 0 day exploit, 1 piece of infected pirated software or crack, or an insecure wireless AP. This is why you should never store what you cannot lose on a windows machine connected to a network or at least use a hardware wallet.

But 0-days? I only have a few new usb drives that I use... all that for 0.9 btc?
hero member
Activity: 658
Merit: 501
May 02, 2015, 09:17:27 AM
#64
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.


Anti- virus software isn't foolproof and cannot catch many types of infections.

All it takes is one click on a link in a phishing email, one infected jump drive or external plugged in for a brief moment, visiting one page that has a 0 day exploit, 1 piece of infected pirated software or crack, or an insecure wireless AP. This is why you should never store what you cannot lose on a windows machine connected to a network or at least use a hardware wallet.

tyz
legendary
Activity: 3360
Merit: 1533
May 02, 2015, 09:15:49 AM
#63
@bennybong: If you reference to my post then you need to know that the computer does not need to be online in order to be unsecure. What I meant is completely independed from your wallet.

Read this to get what I meant: https://bitcointalksearch.org/topic/httpwwwdirectoryio-354518
hero member
Activity: 682
Merit: 500
May 02, 2015, 09:03:56 AM
#62
No one has access to my pc at all. I honestly can believe I've been hacked... all that trouble for 0.9btc? I've run scans with every tool out there... Nothing. This pc is hardly ever online, I don't ue it for browsing or anything. I'm stumped... and really pissed off.
tyz
legendary
Activity: 3360
Merit: 1533
May 02, 2015, 08:58:10 AM
#61

Hmm... it is really not probable.


Probably I am a little paranoid but every time I am creating a new bitcoin address I check first if it is among the first 10000 addresses. I even wrote a simple python script to check this Smiley
legendary
Activity: 1778
Merit: 1043
#Free market
May 02, 2015, 08:12:05 AM
#60
Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.

Hmm... it is really not probable.



Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley

Nah, I do not think the fault is by exchange. Here the problem is the computer (at 99%).
legendary
Activity: 1596
Merit: 1010
May 02, 2015, 08:08:51 AM
#59
Or to electrum - because that came from an exchange.

Which exchange, if I may ask? The culprit might be on that end as well... Smiley
Pages:
Jump to: