Pages:
Author

Topic: JUST HAD 0.92329 BTC STOLEN - HOW??? - page 9. (Read 8369 times)

tyz
legendary
Activity: 3360
Merit: 1533
May 02, 2015, 07:49:58 AM
#58
Have you proofed if your address is on the first (lets say 500) pages of directory.io? It is almost unlikely but it is possible. Many people are trying all those private keys of first pages in the hope to find an account with some balance.
hero member
Activity: 658
Merit: 501
May 02, 2015, 07:43:01 AM
#57
I am really sorry for your loss.

Some mistakes you made with security to learn from.

1) You have no physical security or 2fa or hardware wallet securing your bitcoins. VMware doesn't protect you if your host is compromised.
2) You backed up your HD seed digitally in a encrypted container in likely the same computer that was compromised. When creating a wallet, this needs to be done on a completely clean uninfected system and you should back up this seed on either an offline linux computer or secured paper backup. Everytime you access that encrypted container or use the password for encrypting new items you are feeding the hacker the keys to access all that data on a compromised host.
3) You mentioned you download and install a lot of software which further increases your risks

I would investigate your Windows OS a bit further but ultimately you should wipe it clean and perform a reinstall and treat all your backed up data , all your external cards and drives, and all your pirated software as suspect.

There are trade offs with security but you are better using cold storage or hardware wallets in the future.

 Here is some more info-
https://bitcointalksearch.org/topic/options-for-securing-your-bitcoin-wallet-858604

You should never secure most your bitcoins in a cellphone or primary computer especially if it is a windows host. The good news is that you just spent 220 dollars to find out your computer is compromised and to learn a valuable lesson in security. Not a bad price to pay for such knowledge.
hero member
Activity: 518
Merit: 501
Error 404: there seems to be nothing here.
May 02, 2015, 07:41:50 AM
#56
Mysterious theft! If you were an organization, I would have called it an "Insider Job" but you are an individual!
The hacker seems to be Genius! He got through such a secure computer system and hacked your wallet!
Why not try asking the hacker himself by sending a 0.0001 to his address and adding a public note on that transaction? Smiley
legendary
Activity: 1414
Merit: 1077
May 02, 2015, 07:40:52 AM
#55
Sorry for your loss OP I hope the thieves die a slow and painful death, thieving lowlife scum.....
legendary
Activity: 1778
Merit: 1043
#Free market
May 02, 2015, 07:35:04 AM
#54
Have you attached an 'infected'  usb key on that computer? Maybe it is this the problem, who knows.



No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably

I do not think, OP can you repeat again the version of the electrum wallet (I can't find it in this thread) thanks.
hero member
Activity: 658
Merit: 501
May 02, 2015, 07:34:13 AM
#53
Windows 7 and VMware from ecypted contain running Ubuntu

Aha... that is likely the problem. Sorry for your losses but here is some advice and likely scenarios of how you were hacked.

Scenario 1-
1) Your windows system is rooted or has a keylogging trojan. Here is another tool to scan your OS-
http://usa.kaspersky.com/downloads/TDSSKiller
But be aware that no AV program catches all infections.

2) The hacker was able to compromise your encrypted VMware container by injecting a virus in an unencrypted GRUB bootloader or by simply logging your password that you type into your compromised host OS (windows) .

VM offers a degree of security but mainly protect against keyloggers and infections from within the container leaking over into the Host OS or logging keystrokes from the host OS and not the other way around.

Scenario 2-

1) You installed an infected pirated version of VMware
or
2) You have a vulnerable outdated version of VMware - VMware released security patches for an ESX server hypervisor

Scenario 3-

1) There is a small possibility that ubuntu was directly compromised if you installed some malicious software on it.
legendary
Activity: 3248
Merit: 1070
May 02, 2015, 07:32:53 AM
#52
No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website

you are the only one who can access to your machine? sometimes i feel all those stolen money from local wallet, are because of bad friends or parent

otherwise there must be something wrong with electrum, a bug probably
hero member
Activity: 742
Merit: 502
Circa 2010
May 02, 2015, 07:25:06 AM
#51
I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?

Potentially, but considering that there hasn't been a sudden onslaught of people saying they've lost BTC from their Electrum wallet it leads me to believe your case is more isolated. I take it your running Electrum on Ubuntu on the VM, which would tend to nullify the effects of most wallet stealing malware. Have a look for any RATs - might be that.
hero member
Activity: 682
Merit: 500
May 02, 2015, 07:19:56 AM
#50
can you send us a screenshot of your transaction log

Which one? From electrum? Or to electrum - because that came from an exchange.

Thanks
hero member
Activity: 682
Merit: 500
May 02, 2015, 07:18:55 AM
#49
I don't get it. This PC isn't used much and is always running a VPN. Is there any way there is something wrong with electrum?
full member
Activity: 140
Merit: 100
May 02, 2015, 07:18:20 AM
#48
can you send us a screenshot of your transaction log
hero member
Activity: 682
Merit: 500
May 02, 2015, 07:11:32 AM
#47
Windows 7 and VMware from ecypted container running Ubuntu
hero member
Activity: 658
Merit: 501
May 02, 2015, 07:09:09 AM
#46
I was running linux. Ubuntu 14

Was this your VM OS or your regular OS that your VM is installed on or both?
What OS was your truecrypt installed on and was it on an isolated computer that wasn't Windows?
Was the VM software pirated?
hero member
Activity: 682
Merit: 500
May 02, 2015, 07:08:57 AM
#45
I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.

Done and done. still can't find evidence of an infection. I use pretty good security and scan my computer twice a week at least. And my IP is never public. Damn. Anyone in the BTC lendng business? I really need that BTC!
copper member
Activity: 2898
Merit: 1465
Clueless!
May 02, 2015, 07:04:29 AM
#44
 Me I have 1 copy of a paper wallet for my BTC and 1 copy of a paper wallet of my LTC in the local bank vault. Thats it only copies. I use coinbase to move dust about.
 and rarely use a wallet on my laptop again just dust if at all.

 If I had a wife I could misplace her..thus why above.......they know me at the bank so hell i could even lose the key Smiley

 If my accounts get stolen then something much worse is going on with the blockchain imho Smiley

 I suppose with my luck the 'meteorite' will take out my bank and the vault.....but have all my important docs in the bank anyway so wtf
 will be a clean sweep when i then start sleeping under bridges and riding the rails.... Smiley
legendary
Activity: 3976
Merit: 1421
Life, Love and Laughter...
May 02, 2015, 07:03:38 AM
#43
I think we should all take precautions.  Thanks for the heads up OP.
legendary
Activity: 1484
Merit: 1001
Personal Text Space Not For Sale
May 02, 2015, 07:01:51 AM
#42
I would suggest you to change your password for Bitcointalk and Email now. They may have been leaked.
hero member
Activity: 682
Merit: 500
May 02, 2015, 06:55:50 AM
#41
I was running linux. Ubuntu 14
hero member
Activity: 682
Merit: 500
May 02, 2015, 06:55:27 AM
#40
No I don't download anything suspicious. The last thing I downloaded was a new driver for my soundcard - from the official website
hero member
Activity: 882
Merit: 1006
May 02, 2015, 06:54:46 AM
#39
A VM tries to keep bad stuff in, if the virus had infected your PC, doesn't matter if you were using a VM, however it would have to know and handle the fact that there is a VM.

There can also be issues with VM's and poor entropy, it's much less secure to put your wallet in a VM in some cases. OP, what operating system did you run in the VM? and what software did you use for it?
Pages:
Jump to: