Just was robbed | Bitcointalksearch.org

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: Mastahh on March 02, 2021, 06:37:55 PM

It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.

Bitcoin Core is an HD wallet... it uses new addresses for each "receive" and whenever it generates change from a send transaction etc.

Most modern wallets are like this.

Mastahh

newbie

Activity: 35

Merit: 0

Quote from: LoyceV on March 02, 2021, 02:40:10 PM

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

I was robbed 21.02 and 22.02 not sure how it was happened

It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?

It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: LoyceV on March 02, 2021, 02:40:10 PM

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?

Most probably, OP (or the robber) didn't notice those extra inputs and moved all UTXOs in a single transaction.

Those 3 UTXOs had come from following transactions.

Transaction 1
Transaction 2
Transaction 3

They seem to be dust attacks for chain analysis and linking some used addresses together.
The OP (or the robber) did exactly what the attacker expected.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

I was robbed 21.02 and 22.02 not sure how it was happened

It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?

Theb

hero member

Activity: 1680

Merit: 655

Quote from: Mastahh on March 02, 2021, 02:02:17 AM

My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No your wallets are not offline even if your cryptocurrencies is stored in desktop wallet as long as your computer is connected to the internet or is used for other purposes online then your wallet is still counted as an online wallet. This is one of the bad things on having a crypto stored on a multi-purpose computer as the risk will always be there as long as you are connected to the internet. Maybe the next time you will open an executable file scan it first to see if it is clean as you will never know if you are downloading a file that is vulnerable or a fake one. Also a lot of mining programs are having false positives when it comes to detections on anti-viruses so there is a chance it is not one of those files but from other downloaded files you have.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Mastahh on March 02, 2021, 02:02:17 AM

I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.

The emphasis should always be on proactive protection, in other words the virus/malware should be prevented from infiltrating the system. Did you have any of that protection?

Quote from: Mastahh on March 02, 2021, 02:02:17 AM

So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.

Definitely the wrong step that cost you in the end, of course combined with the fact that your wallet/s was not adequately protected - but even if that was the case, you may have downloaded a keylogger that would deliver your passwords to the attacker sooner or later. My advice to you in the future is to try to have one computer just for crypto and one for fun - it may sound paranoid, but with such a high price that BTC has, every kid is looking for a way to hack some crypto wallet.

KingZee

sr. member

Activity: 910

Merit: 452

Check your coin privilege

Quote from: NotATether on March 02, 2021, 02:23:33 AM

Quote from: Mastahh on March 02, 2021, 02:02:17 AM

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.

Binance most definitely will help him.

Open a ticket with binance or speak to live chat (it takes a while to queue for live chat). Best case scenario is this thief was KYC'd, worst case scenario he used binance to "mix" the money, and they only know his e-mail and IP (potentially behind a VPN). It doesn't harm to try though.

Mastahh

newbie

Activity: 35

Merit: 0

Yes it was Trojan, I found traces of it dated 21.02 Sad

Trojan was configured to this address
https://i.itdenther.ru/SystemNetNameInfoFlagsC

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Mastahh on March 02, 2021, 02:02:17 AM

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.

Mastahh

newbie

Activity: 35

Merit: 0

My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No it is 100% no me, because I'm using Bitcoin Core and it stores info about my transactions.

And yes my fail that wallet.dat wasn't protected and eth wallet also had shitty password.

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

HCP

legendary

Activity: 2086

Merit: 4314

Quote from: Mastahh on March 01, 2021, 06:41:36 PM

I was using Bitcoin Core(non password protected) and MyCrypto was password protected.

Then all they required was a copy of your wallet.dat file to get access to your Bitcoins... Without a password on it, anyone with a copy of your wallet.dat would be able to access the private keys and create transactions sending the bitcoins wherever they wanted.

Do you store a backup of your wallet.dat on a cloud-based backup server like OneDrive, Google Drive, DropBox etc? Huh

Or perhaps you sent yourself a copy of your wallet.dat to your email as a backup? Huh

Interestingly... the BTC address (12P5MtCHoyTJdJitAWSDkeb5fYHSQj7X3X) that the bulk of your coins got sent to, is tweeted by a "Bens Bitcoin Consulting LLC"... seems they also had funds stolen from them that went to the same address (but from Exodus wallet):
https://twitter.com/ben92994350/status/1288107762048577538

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.

If you never stored your wallet.dat backup online, then my guess would be malware of some description that has leaked your wallet.dat and/or your MyCrypto login credentials. I would consider the entire machine compromised... I would not be surprised if the thieves already have the details for your new wallets.

I would recommend that you format the PC and reinstall the OS.

If you stored your wallet.dat on a cloud server of some sort, then it's likely that your account on the cloud server was compromised. You'll need to change ALL your passwords.

sheenshane

legendary

Activity: 2366

Merit: 1206

Quote from: DannyHamilton on March 01, 2021, 07:16:00 PM

It seems very odd that they sent your bitcoins to 2 different addresses. Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?

Lol, it's 4 days old, and look at the Ethereum TXID, it was landed on the exchange WhiteBIT. It might be OP forgot that he made a transaction at that time.

Then, if your story is true.
Don't use the previous device that you have used where your crypto-assets that has been lost. It might now be unprotected and presumably infected a malware virus that the hacker can able to access your wallet's credentials.

We should always find how to safeguard our crypto assets and treat them as one of your valuable stuff. Our responsibility and diligence to keep them safe at all costs.

DannyHamilton

legendary

Activity: 3416

Merit: 4658

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.

Oleg

It seems very odd that they sent your bitcoins to 2 different addresses. Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?

Also, it seems surprising that you didn't notice for a whole week?

odolvlobo

legendary

Activity: 4298

Merit: 3209

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?

It's easy to trace where they went. The destination is in the transaction. The hard part is identifying the persons controlling the destination address. That's close to impossible unless it is an exchange.

Bitcoin_Arena

copper member

Activity: 2030

Merit: 1788

฿itcoin for all, All for ฿itcoin.

How did you store your back-up phrase or seeds? (There can be a possibility they were leaked to a hacker if you kept them online)
Was your computer full of random apps (some apps can be malware and can easily steal your account credentials or seeds, others can be controlled remotely to access your device when you don't know, they are known as Remote Access Trojans)

When creating a new wallet, did you first reinstall a fresh OS?

Mastahh

newbie

Activity: 35

Merit: 0

I was using Bitcoin Core(non password protected) and MyCrypto was password protected.

Ultegra134

hero member

Activity: 1582

Merit: 758

Quote from: Mastahh on March 01, 2021, 06:34:35 PM

Hi,

I'm was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.

Oleg

I'm so sorry for your loss. When do you notice that your coins were missing? What wallet were you using? Also, have you signed up or accessed any sketchy website lately? There's a tool to check for any database leaks that you might have signed up, check it out. https://haveibeenpwned.com/

Mastahh

newbie

Activity: 35

Merit: 0

Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.

Topic: Just was robbed (Read 244 times)