Author

Topic: Just was robbed (Read 278 times)

HCP
legendary
Activity: 2086
Merit: 4363
March 02, 2021, 05:44:40 PM
#18
It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.
Bitcoin Core is an HD wallet... it uses new addresses for each "receive" and whenever it generates change from a send transaction etc.

Most modern wallets are like this.
newbie
Activity: 35
Merit: 0
March 02, 2021, 05:37:55 PM
#17
I was robbed 21.02 and 22.02 not sure how it was happened
It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?
It was me, I decided to take this, for me It is single wallet, I don't know why it happens that these coins distributed between few addresses.
legendary
Activity: 2380
Merit: 5213
March 02, 2021, 04:03:20 PM
#16
What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?
Most probably, OP (or the robber) didn't notice those extra inputs and moved all UTXOs in a single transaction.

Those 3 UTXOs had come from following transactions.

Transaction 1
Transaction 2
Transaction 3

They seem to be dust attacks for chain analysis and linking some used addresses together.
The OP (or the robber) did exactly what the attacker expected.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 02, 2021, 01:40:10 PM
#15
I was robbed 21.02 and 22.02 not sure how it was happened
It looks like you were robbed again yesterday, when $280 worth of Forkcoins moved. It also looks like you have another $23 of shitForks left.

What's the story behind this transaction? Did you or the robber pay a lot in transction fees to move single satoshis from 3 different inputs?
hero member
Activity: 1680
Merit: 655
March 02, 2021, 12:55:22 PM
#14
My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No your wallets are not offline even if your cryptocurrencies is stored in desktop wallet as long as your computer is connected to the internet or is used for other purposes online then your wallet is still counted as an online wallet. This is one of the bad things on having a crypto stored on a multi-purpose computer as the risk will always be there as long as you are connected to the internet. Maybe the next time you will open an executable file scan it first to see if it is clean as you will never know if you are downloading a file that is vulnerable or a fake one. Also a lot of mining programs are having false positives when it comes to detections on anti-viruses so there is a chance it is not one of those files but from other downloaded files you have.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
March 02, 2021, 06:03:46 AM
#13
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.

The emphasis should always be on proactive protection, in other words the virus/malware should be prevented from infiltrating the system. Did you have any of that protection?

So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.

Definitely the wrong step that cost you in the end, of course combined with the fact that your wallet/s was not adequately protected - but even if that was the case, you may have downloaded a keylogger that would deliver your passwords to the attacker sooner or later. My advice to you in the future is to try to have one computer just for crypto and one for fun - it may sound paranoid, but with such a high price that BTC has, every kid is looking for a way to hack some crypto wallet.
sr. member
Activity: 938
Merit: 452
Check your coin privilege
March 02, 2021, 05:08:05 AM
#12
So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.

Binance most definitely will help him.



Open a ticket with binance or speak to live chat (it takes a while to queue for live chat). Best case scenario is this thief was KYC'd, worst case scenario he used binance to "mix" the money, and they only know his e-mail and IP (potentially behind a VPN). It doesn't harm to try though.
newbie
Activity: 35
Merit: 0
March 02, 2021, 04:37:30 AM
#11
Yes it was Trojan, I found traces of it dated 21.02 Sad

Trojan was configured to this address
https://i.itdenther.ru/SystemNetNameInfoFlagsC
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
March 02, 2021, 01:23:33 AM
#10
So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

I hate to break this to you, but Binance will not help you track your stolen money. The most they have is possibly the identity of the attacker if he did KYC but let's be honest, what kind of thief sends money to a KYC'd address? And also Binance ignores tracking requests from random people and would only step in if forced to by a government.

Police are of limited use as well if the thief can't be ID'd.

This should serve as a lesson to everyone to always protect your wallets with a strong password. It's money after all, more important than nearly any other login information.
newbie
Activity: 35
Merit: 0
March 02, 2021, 01:02:17 AM
#9
My both Wallets were offline, i didn't have any online backups.
So I thinking that 21.02 I was installing a miner, and maybe Phoenix miner or something different I downloaded.
I will scan my computers using SysInternal Autoruns, it have very good ability to check against VirusTotal all files that starts with system.
I think it was some single run app used to stole it.

No it is 100% no me, because I'm using Bitcoin Core and it stores info about my transactions.


And yes my fail that wallet.dat wasn't protected and eth wallet also had shitty password.

So now only found that BTC gone to binance, not sure yet, but wrote mail to them.
If it is Binance then I think it is possible to identify this Robbber, but with help of police.

HCP
legendary
Activity: 2086
Merit: 4363
March 01, 2021, 07:04:16 PM
#8
I was using Bitcoin Core(non password protected) and MyCrypto was password protected.
Then all they required was a copy of your wallet.dat file to get access to your Bitcoins... Without a password on it, anyone with a copy of your wallet.dat would be able to access the private keys and create transactions sending the bitcoins wherever they wanted.

Do you store a backup of your wallet.dat on a cloud-based backup server like OneDrive, Google Drive, DropBox etc? Huh Or perhaps you sent yourself a copy of your wallet.dat to your email as a backup? Huh


Interestingly... the BTC address (12P5MtCHoyTJdJitAWSDkeb5fYHSQj7X3X) that the bulk of your coins got sent to, is tweeted by a "Bens Bitcoin Consulting LLC"... seems they also had funds stolen from them that went to the same address (but from Exodus wallet):
https://twitter.com/ben92994350/status/1288107762048577538


I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.
If you never stored your wallet.dat backup online, then my guess would be malware of some description that has leaked your wallet.dat and/or your MyCrypto login credentials. I would consider the entire machine compromised... I would not be surprised if the thieves already have the details for your new wallets.

I would recommend that you format the PC and reinstall the OS.

If you stored your wallet.dat on a cloud server of some sort, then it's likely that your account on the cloud server was compromised. You'll need to change ALL your passwords.
legendary
Activity: 2534
Merit: 1233
March 01, 2021, 06:48:03 PM
#7
It seems very odd that they sent your bitcoins to 2 different addresses.  Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?
Lol, it's 4 days old, and look at the Ethereum TXID, it was landed on the exchange WhiteBIT.  It might be OP forgot that he made a transaction at that time.

Then, if your story is true.
Don't use the previous device that you have used where your crypto-assets that has been lost.  It might now be unprotected and presumably infected a malware virus that the hacker can able to access your wallet's credentials.

We should always find how to safeguard our crypto assets and treat them as one of your valuable stuff.  Our responsibility and diligence to keep them safe at all costs.
legendary
Activity: 3514
Merit: 4895
March 01, 2021, 06:16:00 PM
#6
Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.


Oleg

It seems very odd that they sent your bitcoins to 2 different addresses.  Maybe you sent the transaction yourself while you were drunk? or high? or sleepwalking?

Also, it seems surprising that you didn't notice for a whole week?
legendary
Activity: 4522
Merit: 3426
March 01, 2021, 05:52:08 PM
#5
I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?

It's easy to trace where they went. The destination is in the transaction. The hard part is identifying the persons controlling the destination address. That's close to impossible unless it is an exchange.
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
March 01, 2021, 05:47:42 PM
#4
How did you store your back-up phrase or seeds? (There can be a possibility they were leaked to a hacker if you kept them online)
Was your computer full of random apps (some apps can be malware and can easily steal your account credentials or seeds, others can be controlled remotely to access your device when you don't know, they are known as Remote Access Trojans)

When creating a new wallet, did you first reinstall a fresh OS?
newbie
Activity: 35
Merit: 0
March 01, 2021, 05:41:36 PM
#3
I was using Bitcoin Core(non password protected) and MyCrypto was password protected.
hero member
Activity: 1778
Merit: 907
March 01, 2021, 05:37:47 PM
#2
Hi,

I'm was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.


Oleg
I'm so sorry for your loss. When do you notice that your coins were missing? What wallet were you using? Also, have you signed up or accessed any sketchy website lately? There's a tool to check for any database leaks that you might have signed up, check it out. https://haveibeenpwned.com/
newbie
Activity: 35
Merit: 0
March 01, 2021, 05:34:35 PM
#1
Hi,

I was robbed 21.02 and 22.02 not sure how it was happened, but is there any way to trace where my coins were transferred?
Fortunately I already sold more coins
BTC - https://www.blockchain.com/btc/tx/d12ff2e1b628f10a6728603aaa89a93729752012c061b4cd94e809581c54d029
ETH - https://etherscan.io/tx/0x9003f71f8a7c6cb14eedc3d9b7d3546d6f8004b95c92cae1dc225c3d9e4a8c07

I already changed, my passwords and created new wallet.

And transferred cents that was left there in my wallet to new wallets.
Jump to: