Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 9. (Read 8361 times)

Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.

I am really sorry for your loss.

Some mistakes you made with security to learn from.

1) You have no physical security or 2fa or hardware wallet securing your bitcoins. VMware doesn't protect you if your host is compromised.
2) You backed up your HD seed digitally in a encrypted container in likely the same computer that was compromised. When creating a wallet, this needs to be done on a completely clean uninfected system and you should back up this seed on either an offline linux computer or secured paper backup. Everytime you access that encrypted container or use the password for encrypting new items you are feeding the hacker the keys to access all that data on a compromised host.
3) You mentioned you download and install a lot of software which further increases your risks

I would investigate your Windows OS a bit further but ultimately you should wipe it clean and perform a reinstall and treat all your backed up data , all your external cards and drives, and all your pirated software as suspect.

There are trade offs with security but you are better using cold storage or hardware wallets in the future.

 Here is some more info-
https://bitcointalksearch.org/topic/options-for-securing-your-bitcoin-wallet-858604

You should never secure most your bitcoins in a cellphone or primary computer especially if it is a windows host. The good news is that you just spent 220 dollars to find out your computer is compromised and to learn a valuable lesson in security. Not a bad price to pay for such knowledge.

Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual!
The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet!
Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction?

Sorry for your loss OP I hope the thieves die a slow and painful death, thieving lowlife scum.....

Have you attached an 'infected'  usb key on that computer? Maybe it is this the problem, who knows.




I do not think, OP can you repeat again the version of the electrum wallet (I can't find it in this thread) thanks.

Aha... that is likely the problem. Sorry for your losses but here is some advice and likely scenarios of how you were hacked.

Scenario 1-
1) Your windows system is rooted or has a keylogging trojan. Here is another tool to scan your OS-
http://usa.kaspersky.com/downloads/TDSSKiller
But be aware that no AV program catches all infections.

2) The hacker was able to compromise your encrypted VMware container by injecting a virus in an unencrypted GRUB bootloader or by simply logging your password that you type into your compromised host OS (windows) .

VM offers a degree of security but mainly protect against keyloggers and infections from within the container leaking over into the Host OS or logging keystrokes from the host OS and not the other way around.

Scenario 2-

1) You installed an infected pirated version of VMware
or
2) You have a vulnerable outdated version of VMware - VMware released security patches for an ESX server hypervisor

Scenario 3-

1) There is a small possibility that ubuntu was directly compromised if you installed some malicious software on it.

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably

Potentially, but considering that there hasn't been a sudden onslaught of people saying they've lost BTC from their Electrum wallet it leads me to believe your case is more isolated. I take it your running Electrum on Ubuntu on the VM, which would tend to nullify the effects of most wallet stealing malware. Have a look for any RATs - might be that.

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks

I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?

can you send us a screenshot of your transaction log

Windows 7 and VMware from ecypted container running Ubuntu

Was this your VM OS or your regular OS that your VM is installed on or both?
What OS was your truecrypt installed on and was it on an isolated computer that wasn't Windows?
Was the VM software pirated?

Done and done. still can't find evidence of an infection. I use pretty good security and scan my computer twice a week at least. And my IP is never public. Damn. Anyone in the BTC lendng business? I really need that BTC!

 Me I have 1 copy of a paper wallet for my BTC and 1 copy of a paper wallet of my LTC in the local bank vault. Thats it only copies. I use coinbase to move dust about.
 and rarely use a wallet on my laptop again just dust if at all.

 If I had a wife I could misplace her..thus why above.......they know me at the bank so hell i could even lose the key

 If my accounts get stolen then something much worse is going on with the blockchain imho

 I suppose with my luck the 'meteorite' will take out my bank and the vault.....but have all my important docs in the bank anyway so wtf
 will be a clean sweep when i then start sleeping under bridges and riding the rails....

I think we should all take precautions.  Thanks for the heads up OP.

I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

I was running linux. Ubuntu 14

No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

There can also be issues with VM's and poor entropy, it's much less secure to put your wallet in a VM in some cases. OP, what operating system did you run in the VM? and what software did you use for it?