Author

Topic: looks like i've been hacked - please help me understand what's happening (Read 2416 times)

legendary
Activity: 1456
Merit: 1000
Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then    1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalksearch.org/topic/lunaminecom-is-a-big-scam-scammed-customer-and-forum-members-739917 (and this address is known for scamming many members). Any way of finding out who owns this address?



If he/she keeps it in storage and does not spend/cash out.  It is unlikely of finding out who.  It appears who ever it is has done a huge amount of scams.   But he/she does not use the BTC which makes it hard to tell much of anything.
hero member
Activity: 504
Merit: 500
it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.
if you are checking the first broadcast node, it is totally inaccurate. You can broadcast transaction to any other node from anywhere on earth. if the other user were to use Bitcoin Core, the node owner could check connection logs and determine it. But probably a proxy is used.
legendary
Activity: 2632
Merit: 1094
Probably this address hacked your account:

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv on 28th March.

Then it sent that amount to 1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw on 2nd April

Then    1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL on 6th April and this address seems to be the scammers bitcoin address as it has many transactions.

And this address was noted here: https://bitcointalksearch.org/topic/lunaminecom-is-a-big-scam-scammed-customer-and-forum-members-739917 (and this address is known for scamming many members). Any way of finding out who owns this address?

full member
Activity: 155
Merit: 100
it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

i am sorry for your loss.
have you installed any cryptocurrency-software or altcoin-wallet or something in the past time (before the theft-TX happened) ??

this wallet look like a scammer coldstorage-wallet: https://blockchain.info/de/address/1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL
legendary
Activity: 1120
Merit: 1002
imput the adress in this tool  Wink and see the cluster !
https://bitiodine.net/
legendary
Activity: 1456
Merit: 1000
Farthest I could track it was someone else getting scammed on bitcointalk on a purchase: https://bitcointalk.org/index.php?topic=739917.15

Looks like a big time scammer that is just holding it there.  Which makes sense if he/she does not withdrawal or spend money from it makes it hard to track.
legendary
Activity: 1456
Merit: 1000
the last transaction to this adress :  1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL    Shocked

big fat wallet..  Grin

OP might actually be lucky.  It appears it was sent to like 3 or so different BTC address's.  It makes me wonder if he/she thinks it's hiding it by going through the 3 addresses but since linked together we can see it.  No mixer or anything I thought would be used was.

The final address is HUGE: 3,862.54723801 BTC   .   This makes me think it is linked to maybe a hardware company or exchange not a lot have this kinda of balance.

If you can figure out what that final address belongs to there is a slim chance of getting it back.
legendary
Activity: 1120
Merit: 1002
the last transaction to this adress :  1B8XBJ3g7sNZj4AUtJ15UgcfE3waYw7pPL    Shocked

big fat wallet..  Grin
legendary
Activity: 1456
Merit: 1000
it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.

Sadly most likely it's behind a proxy so hard to tell who actually did it or where.

I would watch it to see if they ever happen to make a mistake that can identify who it is.  Most likely they will sit on the btc not moving it or go through a bitmixer.
newbie
Activity: 12
Merit: 0
it looks to have stopped at the last address and hasn't moved in a couple of days. It seems fairly inactive. The final transaction appears to be somewhere in China, however im not sure how accurate that is.
legendary
Activity: 1456
Merit: 1000
so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?
Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?

If you click the blockchain it shows everything as far as your question.  And no it appears all was sent somewhere, they did not leave anything.  Which is not to surprising on a compromised wallet.
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?
Wow... 50 is a big value...
I'm just a newbie, I don't really know how to solve it but I'm so sorry for your loss.
How much is the coin that the thief left? Is that just 0.05 or 0.05xxxx?
hero member
Activity: 504
Merit: 500
you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?


that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address
I think you are confused with webservers and Bitcoin. Bitcoin doesn't use SQL databases and they can't be reversed. You can however, try to pinpoint to the person owning the address by googling the address.
hero member
Activity: 504
Merit: 500
what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.
Anti viruses are not always correct and shouldnt be your only defense against viruses. Antivirus merely checks the signature of the files on your computer with their servers to make sure you dont have any files that matches those known viruses that has already been detected. There are lots of virus that has not yet been detected. Your best protection would to be not downloading suspicious files or going to suspicious websites.
newbie
Activity: 28
Merit: 0
you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?



that i honestly dont know. if there was any way to sql inject a btc address, i would have probably helped you out, but its not possible.. you need to keep an eye with newbies on this forum and try see if anyone is pointing towards this last address
newbie
Activity: 12
Merit: 0
you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious

im sorry, i dont fully understand what you are saying here.

I can see that my bitcoin are unspent at the last address. how would I see if that final address belongs to anyone here?

what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke

i did perform a malware scan, and oddly found malware dating back to backup files i saved back in 2005. I dont think bitcoin was even around back then so im not sure if that would have caused it. I used malware-byte. I think as someone suggested, might be best to format and reinstall the OS along with setting up cold storage.
hero member
Activity: 504
Merit: 500
sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.


would like to know what is a hot wallet?
Wallets on your ordinary desktop which contains small amount of Bitcoins for daily use. Cold wallet stores most of the Bitcoin to keep it safe and Bitcoins is send to hot wallet when needed. Both of them are kept separately and cold wallet would have much more security than the hot wallet.
legendary
Activity: 3248
Merit: 1070
what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

can you try to do a scan with malwarebyte anti malware, and hitmanpro?

see if there is something malevolous

also i suggest you to use zemana free anti-logger, it hide your key-stroke
newbie
Activity: 28
Merit: 0
you should also verify that on this forum itself no one is using :

https://blockchain.info/address/1EsBPY677Dbft6FT39zJQYsVU5CC3QWRJw

this address cause HE has your bitcoins.

which he probably bought from :

1DN1VGT7DcfpjaS3R43quv2ZpbYxUumHVv

or is its his own address... like inter transfer from electrum which gives someone the opportunity to own over 5 bitcoin address in a same wallet. making inter transfers are obvious
newbie
Activity: 28
Merit: 0
sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.


would like to know what is a hot wallet?
sr. member
Activity: 476
Merit: 250
damn, so many people taking that kind of the losses lately. sorry for your loss, nothing to do. Sad
legendary
Activity: 1456
Merit: 1000
what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?

Yes that is the main client it sounds like.  Sadly a lot of the virus/malware target the wallet file. 

I'm sorry to hear it was such a costly lesson.  In future keep cold storage, and encrypt it.    In a perfect world we would not need to but sadly there are a lot of "bad guys" out there.
newbie
Activity: 12
Merit: 0
what kind of wallet?

I think its called Bitcoin Core or bitcoin-qt? does that make any sense to you?
legendary
Activity: 1456
Merit: 1000
thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this

Sadly this can not be reversed.   Hopefully you can follow it, but chances are they will use a mixer or some other way to hide it.

I suggest others reading this will use cold storage, and be safe with it.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
what kind of wallet?
legendary
Activity: 4228
Merit: 1313
so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?
those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.

And even if it does and says it has removed them, don't trust that they are all gone if you are going to store bitcoins on that computer.  It is better to re-install the OS to ensure that you are safe.

legendary
Activity: 1612
Merit: 1001
so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?
those coins are lost no way to recover them, sorry for your loss. were you using blockchain wallet? it's probably a keylogger that stole your account information.
install malwarebytes and scan your pc and see if it finds any virus/keyloggers.
legendary
Activity: 1344
Merit: 1024
Mine at Jonny's Pool
thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this
Possibilities:
* wallet not encrypted
* key logger on your system
* wallet encrypted with very easy to crack password
* wallet-stealing malware on your system
* wallet stored in publicly accessible location
* RPC ports open to your Bitcoin client
* no RPC password or very weak one
* allow any IP to connect via RPC

Sorry for your loss.
newbie
Activity: 12
Merit: 0
thanks for the quick response, pretty gutted, i can follow the transaction but don't really know how this were able to do this
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
sorry for that dude. that is a hard lesson.

dont store your coins in a hotwallet. the best thing you can do (as a newbie):

1.) buy a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253


2. ) split your bitcoin-stack. dont keep all eggs in one....you know.

3.) buy a good antivirus program.


good luck.
newbie
Activity: 12
Merit: 0
so i checked my wallet a couple of days ago and noticed my 50 coins were missing.

i restored my wallet from a backup and after rescanning it showed i only have 0.05 coins left.

almost 50btc where 'sent' unauthorised from my wallet to 1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

https://blockchain.info/address/1LAosJwSQHmUzNnToPgjLaRTVUHP2WM8Wt

according the my wallet it matches up on block chain showing 4 transactions. im still trying to follow it, but i have no idea what to do Sad

i was trying to restore for backup and do a double spend, but it looks like its too late for that now...

it looks like they are trying to launder it, anyone else able to dissect anything out of this?
Jump to: