Author

Topic: Money stolen from an older wallet version (Read 572 times)

hero member
Activity: 692
Merit: 500
January 21, 2016, 04:00:12 AM
#7
Does your friend download any backups from torrent sites ?
http://bitcoinist.net/fallout-4-player-gets-bitcoins-stolen-dilemma-piracy/
sr. member
Activity: 242
Merit: 251
January 20, 2016, 10:27:19 AM
#6
Yes, the wallet was encrypted. Will suggest the live boot/scan idea.
hero member
Activity: 672
Merit: 502
January 20, 2016, 10:13:09 AM
#5
Was his wallet encrypted? Because it is much easier for malwares to steal the wallet and funds from inside it, if the wallet is unencrypted as they contain the private keys in simple form.

I have used 1.9.8 in the past for a long time but am not aware of any vulnerabilities in it and never had anything stolen from it either, although, I never had/kept that much funds in it.
hero member
Activity: 619
Merit: 500
January 20, 2016, 06:40:12 AM
#4
Could it be that he exported the private key at some point in time?

Well, he actually DID a Malwarebytes scan, it returned nothing suspicious. Is it possible for a rootkit to squeeze through the cracks and not be detected?
You should boot the computer with a live system and check for malware from the live system.
The only malware that could avoid such a scan would be in the bios.
sr. member
Activity: 242
Merit: 251
January 20, 2016, 04:56:46 AM
#3
Well, he actually DID a Malwarebytes scan, it returned nothing suspicious. Is it possible for a rootkit to squeeze through the cracks and not be detected?
legendary
Activity: 1806
Merit: 1164
January 19, 2016, 10:16:31 AM
#2
First of all, if this is the wrong section for this, sorry, let me know where I should post it.

Now, there's a friend of mine that used version 1.9.8 and didn't check his wallet in a pretty long time. He had a grand total of 39 BTC in it for some time. A couple of days ago he opened his wallet only to find a transaction from December that sent the cash to an unknown address. From the looks of it, the person that took the money waited for one confirmation and then sent them through some mixing process. Which means any chances of recovery are basically zero.

The question is - how could this have happened? He had the wallet secured with an unique password. The first thing I thought was a vulnerability in Teamviewer that did the rounds some time ago, but he never had TV installed. Then I thought some sort of trojan/virus/whatever, but he claims to have had antivirus/firewall software installed and active at all times. As far as I can see, there are only 2 possibilities left: he either has a rootkit on his computer or somebody that had physical access to his computer did the deed. The second option is more unlikely, since he is careful about who he lets on the computer and what they do. However, maybe there was some sort of vulnerability in that version of Electrum that I don't know about.

Any ideas?

[edit] - he says the wallet was online all the time and that his computer is on most of the time.

Sounds like malware, has he used Malwarebytes to check his computer? I had a small amount of coin stolen from a password protected official client a year ago before I became serious about security. That incident caused me to move to cold storage.
sr. member
Activity: 242
Merit: 251
January 19, 2016, 10:08:36 AM
#1
First of all, if this is the wrong section for this, sorry, let me know where I should post it.

Now, there's a friend of mine that used version 1.9.8 and didn't check his wallet in a pretty long time. He had a grand total of 39 BTC in it for some time. A couple of days ago he opened his wallet only to find a transaction from December that sent the cash to an unknown address. From the looks of it, the person that took the money waited for one confirmation and then sent them through some mixing process. Which means any chances of recovery are basically zero.

The question is - how could this have happened? He had the wallet secured with an unique password. The first thing I thought was a vulnerability in Teamviewer that did the rounds some time ago, but he never had TV installed. Then I thought some sort of trojan/virus/whatever, but he claims to have had antivirus/firewall software installed and active at all times. As far as I can see, there are only 2 possibilities left: he either has a rootkit on his computer or somebody that had physical access to his computer did the deed. The second option is more unlikely, since he is careful about who he lets on the computer and what they do. However, maybe there was some sort of vulnerability in that version of Electrum that I don't know about.

Any ideas?

[edit] - he says the wallet was online all the time and that his computer is on most of the time.
Jump to: