looks like i've been hacked - please help me understand what's happening

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: erikalui on April 07, 2015, 05:36:57 AM

Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then 1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalksearch.org/topic/lunaminecom-is-a-big-scam-scammed-customer-and-forum-members-739917 (and this address is known for scamming many members). Any way of finding out who owns this address?

If he/she keeps it in storage and does not spend/cash out. It is unlikely of finding out who. It appears who ever it is has done a huge amount of scams. But he/she does not use the BTC which makes it hard to tell much of anything.

yeponlyone

hero member

Activity: 504

Merit: 500

Quote from: beesa888 on April 05, 2015, 11:57:08 PM

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

if you are checking the first broadcast node, it is totally inaccurate. You can broadcast transaction to any other node from anywhere on earth. if the other user were to use Bitcoin Core, the node owner could check connection logs and determine it. But probably a proxy is used.

erikalui

legendary

Activity: 2632

Merit: 1094

Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then 1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalksearch.org/topic/lunaminecom-is-a-big-scam-scammed-customer-and-forum-members-739917 (and this address is known for scamming many members). Any way of finding out who owns this address?

zen2

full member

Activity: 155

Merit: 100

Quote from: beesa888 on April 05, 2015, 11:57:08 PM

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

i am sorry for your loss.
have you installed any cryptocurrency-software or altcoin-wallet or something in the past time (before the theft-TX happened) ??

this wallet look like a scammer coldstorage-wallet: https://blockchain.info/de/address/1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL

defcon23

legendary

Activity: 1120

Merit: 1002

imput the adress in this tool Wink

and see the cluster !
https://bitiodine.net/

notlist3d

legendary

Activity: 1456

Merit: 1000

Farthest I could track it was someone else getting scammed on bitcointalk on a purchase: https://bitcointalk.org/index.php?topic=739917.15

Looks like a big time scammer that is just holding it there. Which makes sense if he/she does not withdrawal or spend money from it makes it hard to track.

defcon23

legendary

Activity: 1120

Merit: 1002

a liitle more infos: http://www.walletexplorer.com/wallet/02218b04537fe585?from_address=1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL
Wink

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: defcon23 on April 07, 2015, 03:03:29 AM

the last transaction to this adress : 1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL Shocked

big fat wallet.. Grin

OP might actually be lucky. It appears it was sent to like 3 or so different BTC address's. It makes me wonder if he/she thinks it's hiding it by going through the 3 addresses but since linked together we can see it. No mixer or anything I thought would be used was.

The final address is HUGE: 3,862.54723801 BTC . This makes me think it is linked to maybe a hardware company or exchange not a lot have this kinda of balance.

If you can figure out what that final address belongs to there is a slim chance of getting it back.

defcon23

legendary

Activity: 1120

Merit: 1002

the last transaction to this adress : 1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL Shocked

big fat wallet.. Grin

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: beesa888 on April 05, 2015, 11:57:08 PM

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

Sadly most likely it's behind a proxy so hard to tell who actually did it or where.

I would watch it to see if they ever happen to make a mistake that can identify who it is. Most likely they will sit on the btc not moving it or go through a bitmixer.

beesa888

newbie

Activity: 12

Merit: 0

it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: Jeremycoin on April 03, 2015, 10:33:46 AM

Quote from: beesa888 on April 02, 2015, 11:04:45 AM

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?

If you click the blockchain it shows everything as far as your question. And no it appears all was sent somewhere, they did not leave anything. Which is not to surprising on a compromised wallet.

Jeremycoin

legendary

Activity: 1022

Merit: 1003

𝓗𝓞𝓓𝓛

Quote from: beesa888 on April 02, 2015, 11:04:45 AM

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?

yeponlyone

hero member

Activity: 504

Merit: 500

Quote from: HiTmanSql on April 03, 2015, 09:55:22 AM

Quote from: beesa888 on April 03, 2015, 09:51:06 AM

Quote from: HiTmanSql on April 03, 2015, 06:34:07 AM

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address

I think you are confused with webservers and Bitcoin. Bitcoin doesn't use SQL databases and they can't be reversed. You can however, try to pinpoint to the person owning the address by googling the address.

yeponlyone

hero member

Activity: 504

Merit: 500

Quote from: beesa888 on April 03, 2015, 09:51:06 AM

Quote from: Amph on April 03, 2015, 08:13:44 AM

Quote from: beesa888 on April 02, 2015, 10:31:04 PM

Quote from: jonald_fyookball on April 02, 2015, 01:22:54 PM

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.

Anti viruses are not always correct and shouldnt be your only defense against viruses. Antivirus merely checks the signature of the files on your computer with their servers to make sure you dont have any files that matches those known viruses that has already been detected. There are lots of virus that has not yet been detected. Your best protection would to be not downloading suspicious files or going to suspicious websites.

HiTmanSql

newbie

Activity: 28

Merit: 0

Quote from: beesa888 on April 03, 2015, 09:51:06 AM

Quote from: HiTmanSql on April 03, 2015, 06:34:07 AM

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address

beesa888

newbie

Activity: 12

Merit: 0

Quote from: HiTmanSql on April 03, 2015, 06:34:07 AM

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

Quote from: Amph on April 03, 2015, 08:13:44 AM

Quote from: beesa888 on April 02, 2015, 10:31:04 PM

Quote from: jonald_fyookball on April 02, 2015, 01:22:54 PM

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.

yeponlyone

hero member

Activity: 504

Merit: 500

Quote from: HiTmanSql on April 03, 2015, 06:26:21 AM

Quote from: LiteCoinGuy on April 02, 2015, 11:07:02 AM

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253

2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.

good luck.

would like to know what is a hot wallet?

Wallets on your ordinary desktop which contains small amount of Bitcoins for daily use. Cold wallet stores most of the Bitcoin to keep it safe and Bitcoins is send to hot wallet when needed. Both of them are kept separately and cold wallet would have much more security than the hot wallet.

Amph

legendary

Activity: 3248

Merit: 1070

Quote from: beesa888 on April 02, 2015, 10:31:04 PM

Quote from: jonald_fyookball on April 02, 2015, 01:22:54 PM

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

HiTmanSql

newbie

Activity: 28

Merit: 0

you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

HiTmanSql

newbie

Activity: 28

Merit: 0

Quote from: LiteCoinGuy on April 02, 2015, 11:07:02 AM

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253

2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.

good luck.

would like to know what is a hot wallet?

emrebey

sr. member

Activity: 476

Merit: 250

damn, so many people taking that kind of the losses lately. sorry for your loss, nothing to do. Sad

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: beesa888 on April 02, 2015, 10:31:04 PM

Quote from: jonald_fyookball on April 02, 2015, 01:22:54 PM

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

Yes that is the main client it sounds like. Sadly a lot of the virus/malware target the wallet file.

I'm sorry to hear it was such a costly lesson. In future keep cold storage, and encrypt it. In a perfect world we would not need to but sadly there are a lot of "bad guys" out there.

beesa888

newbie

Activity: 12

Merit: 0

Quote from: jonald_fyookball on April 02, 2015, 01:22:54 PM

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

notlist3d

legendary

Activity: 1456

Merit: 1000

Quote from: beesa888 on April 02, 2015, 11:11:50 AM

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

Sadly this can not be reversed. Hopefully you can follow it, but chances are they will use a mixer or some other way to hide it.

I suggest others reading this will use cold storage, and be safe with it.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

what kind of wallet?

cr1776

legendary

Activity: 4130

Merit: 1307

Quote from: fast2fix on April 02, 2015, 11:56:01 AM

Quote from: beesa888 on April 02, 2015, 11:04:45 AM

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.

And even if it does and says it has removed them, don't trust that they are all gone if you are going to store bitcoins on that computer. It is better to re-install the OS to ensure that you are safe.

fast2fix

legendary

Activity: 1612

Merit: 1001

Quote from: beesa888 on April 02, 2015, 11:04:45 AM

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.

jonnybravo0311

legendary

Activity: 1344

Merit: 1024

Mine at Jonny's Pool

Quote from: beesa888 on April 02, 2015, 11:11:50 AM

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

Possibilities:
* wallet not encrypted
* key logger on your system
* wallet encrypted with very easy to crack password
* wallet-stealing malware on your system
* wallet stored in publicly accessible location
* RPC ports open to your Bitcoin client
* no RPC password or very weak one
* allow any IP to connect via RPC

Sorry for your loss.

beesa888

newbie

Activity: 12

Merit: 0

thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

LiteCoinGuy

legendary

Activity: 1148

Merit: 1014

In Satoshi I Trust

sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253

2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.

good luck.

beesa888

newbie

Activity: 12

Merit: 0

so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?

Topic: looks like i've been hacked - please help me understand what's happening (Read 2402 times)