Pages:
Author

Topic: My Wallet got hacked and the hacker paid huge transaction fees to take the money - page 2. (Read 5116 times)

hero member
Activity: 518
Merit: 500
I currently keep mine in a blockchain.info wallet as it was recommended to me a while back. I would certainly be interested to hear if there is something more desirable though.

Electrum. I could never recommend storing your bitcoins online, sorry.
newbie
Activity: 42
Merit: 0
*.is is Iceland.

Code:
% Abuse contact for '79.134.224.0 - 79.134.255.255' is '[email protected]'

inetnum:        79.134.224.0 - 79.134.255.255
netname:        CH-GLOBAL-20071024
descr:          Backbone ehf
remarks:        icecell-net
country:        IS
org:            ORG-GNSA2-RIPE
admin-c:        AF15-RIPE
tech-c:         AF15-RIPE
tech-c:         ME2795-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      AF15-MNT
mnt-routes:     AF15-MNT
notify:         [email protected]

Also it does appear to be a Tor node.

 * Dns resolved 79.134.234.200 to masterchief2.tor.leo-unglaub.net
member
Activity: 71
Merit: 10
If it really is TOR then what is the point? It could be anyone and anywhere. Really sorry but its likely gone forever.
Yeah, I kind of accept that would be the outcome. But I still feel the right thing would be to tell the police about it... even if they do nothing about the stuff :/
newbie
Activity: 42
Merit: 0
If it really is TOR then what is the point? It could be anyone and anywhere. Really sorry but its likely gone forever.
member
Activity: 71
Merit: 10
if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.


But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?
Not he wouldn't, just to add I use armory for any large amount of coin. Electrum offline storage also works well.

Ok, just one thing. Where do you keep the backups for this? I mean, I could make a linux installation in a USB pen and use it just for keeping the bitcoins. But I'm afraid that if something happened to that USB pen, my BTC would be lost forever that way.
member
Activity: 71
Merit: 10
Ok, thank you all for the support.

I already spent most of the day changing the most important passwords I have (email, dropbox, ebay, paypla, etc...).
I had installed Maverics (Mac OSX) about 1 month ago from scratch, but well, I guess it's time to be a bit paranoid so I'll install it again like you suggest.

About the lost bitcoins, perhaps it's a silly question, but do you think it's worth to make a complaint in the police? So far the hacker didn't move them from any of the two addresses where he sent them.

The IP address the hacker used was: 79.134.234.200
I can see this belongs to some guy in Austria, but like I said, I think he's just someone how runs a TOR server.

member
Activity: 112
Merit: 10
Looking to start various enterprises
if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.


But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?
Not he wouldn't, just to add I use armory for any large amount of coin. Electrum offline storage also works well.
newbie
Activity: 42
Merit: 0
This is exactly the sort of advice I was expecting and for that I thank you. Once something is compromised then its gone, out of the door, bolted!

Its how you move on from there that is important. I hope you can win!
legendary
Activity: 3682
Merit: 1580
I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.

blockchain.info is even worse than a desktop client! You computer has been compromized. Moving to blockchain.info won't make things any better.

What you should do is backup essential documents, delete everything on your computer, reinstall the operating system, install anti-malware software like anti-virus apps and scan and restore the backups. Then change your passwords everywhere including your email accounts. As far as bitcoins go you should move all the coins to a new wallet. Make sure you set a password on your new wallet.
newbie
Activity: 42
Merit: 0
and that's the most important point I feel. You have to be paranoid when it comes to anything money related. Not even directly but anything which could affect YOUR money. I am paranoid but I feel totally justified in being so.
hero member
Activity: 728
Merit: 500
if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.


But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?
One way or the other, the attacker got access to your wallet file and the password. Whether that's from your backup or from your main machine is unknown. Note that if your computer has been compromised, the attacker could empty the wallet at any time, even when your computer is off.
newbie
Activity: 42
Merit: 0
When it comes to things I fell I simply cannot lose, I am on suspicion alert 101%. Online backups from other parties are not trustworthy at all, if they have access (which could be a possibility) then there would be a lucrative market selling information. Trust nothing or no-one.
legendary
Activity: 4214
Merit: 1313
That's so bad  Sad
How could the attacker hack a multibit wallet?
A custom trojan?

Well, I know the hacker had access to my email (I saw a login using the security questions in the GMAIL logs, it comes from some guy in Austria, but I think he was just running a TOR node).
Now, since the wallet backup was sent by email to another person, I think that's how he got it.

I don't know how he got the password tough... I have some suspicion it has something to do with Dropbox, but I can't find any logs in Dropbox to confirm this.

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.


If your computer was compromised, be sure to change your password at blockchain.info from a different machine or be absolutely sure that it is clean now.
newbie
Activity: 42
Merit: 0
I would work on the same principle as with anything related to security. Once compromised, always compromised. Backup the essentials and start afresh, its most likely the only option after any infiltration.
member
Activity: 71
Merit: 10
That's so bad  Sad
How could the attacker hack a multibit wallet?
A custom trojan?

Well, I know the hacker had access to my email (I saw a login using the security questions in the GMAIL logs, it comes from some guy in Austria, but I think he was just running a TOR node).
Now, since the wallet backup was sent by email to another person, I think that's how he got it.

I don't know how he got the password tough... I have some suspicion it has something to do with Dropbox, but I can't find any logs in Dropbox to confirm this.

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.
member
Activity: 71
Merit: 10
You are wrong, Hacker did not paid huge fees.

check this out :



Why would he pay high fee?

Hi, I know that now, it's just that Multibit gave some 3.4 BTC fees like the screenshot I posted, but that part must have been some mistake.
sr. member
Activity: 259
Merit: 250
That's so bad  Sad
How could the attacker hack a multibit wallet?
A custom trojan?
member
Activity: 112
Merit: 10
You are wrong, Hacker did not paid huge fees.

check this out :



Why would he pay high fee?
sr. member
Activity: 406
Merit: 251
http://altoidnerd.com
if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.


But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?

Nothing has to be running for someone to initiate a transfer of your funds if they have your sensitive information. 
member
Activity: 71
Merit: 10
if your funds were stolen from multibit it has nothing to do with multibit.
It means your computer is compromised. Using qt OR blockchain.info
on the same computer will make you lose more money.


But my computer was not even on.

What if the hacker had access to the wallet backup and the password? It wouldn't need my computer that way, right?
Pages:
Jump to: