Pages:
Author

Topic: My wallet on the computer was robbed (Read 2475 times)

sr. member
Activity: 490
Merit: 250
April 11, 2015, 03:01:25 AM
#23
How could the hacker transfer the money ? I had the wallet secured by a password as well ?


This is quite easy if the attacker had a keylogger installed on your system. A little patience and sooner or later he would see you typing in your password.
Yes probably a keylogger, try to run a virus scan because the keylogger/virus could still be located in the hard drive. Be more careful on what you download in the future. Good luck !
legendary
Activity: 1120
Merit: 1002
April 10, 2015, 02:31:30 PM
#22
Hi, an intruder robbed my bitcoins. What can I do ? Any suggestions ?
transaction ID of this please?
legendary
Activity: 3766
Merit: 1217
April 10, 2015, 01:58:31 PM
#21
Thanks for your advice, I felt safe, because I had Bitdefender anti virus programme installed, but that one completely disappeared. Looks like the attacker could delete it.

Which version of Bitdefender you were using? Still there is something fishy here. I don't think the intruder can remotely disable or remove Bitdefender from your system. Do you regularly update your anti-virus?
legendary
Activity: 3248
Merit: 1070
April 10, 2015, 01:08:16 AM
#20
So, when I am running a new security programme with scanning and all kind of options to debug my computer, will it still not be safe for future attacks ?
Of course I will not store any Bitcoins anymore, just for normal operations.....does it mean that these standard security programmes are not protecting my computer against a pro attack at all ? (obviously Bitdefender did not do the job).
If this is the case I see no future for a digital currency.....

they can help, but they will not offer 100% protection, for 100% protection you must build a separate machine and don't surf internet or download anything

for now you should do a format c, to be sure your machine is clear
newbie
Activity: 20
Merit: 0
April 09, 2015, 06:30:41 PM
#19
So, when I am running a new security programme with scanning and all kind of options to debug my computer, will it still not be safe for future attacks ?
Of course I will not store any Bitcoins anymore, just for normal operations.....does it mean that these standard security programmes are not protecting my computer against a pro attack at all ? (obviously Bitdefender did not do the job).
If this is the case I see no future for a digital currency.....
legendary
Activity: 3248
Merit: 1070
April 09, 2015, 03:35:22 PM
#18
Amph
ok, I understand, but how could he manage to delete my security software (bitdefender), obviously he hacked my computer and then deleted this programme....
There is a lot of criminal energy involved to achieve this...well like in any other robbery of course.
But longterm this could kill the Bitcoin. If in a case like this, you cannot mark your coins as stolen to block them for further usage at least, not even talking about tracing the coins to the new "owner".

if he controlling your pc at kernel level, you are screwed, he can do basically everything with your machine, the only option now is to secure erase

next time i would suggest to keep a small amount in your client that is running on your main machine(like 0.01 btc), all your other funds in a different wallet(cold storage, no internet connection)

if your 0.01 vanishes one day, you know you are infected, and you can clean your machine with a minimal loss, it's the best strategy against those malicious guy
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
April 09, 2015, 03:26:33 PM
#17
Amph
ok, I understand, but how could he manage to delete my security software (bitdefender), obviously he hacked my computer and then deleted this programme....
There is a lot of criminal energy involved to achieve this...well like in any other robbery of course.
But longterm this could kill the Bitcoin. If in a case like this, you cannot mark your coins as stolen to block them for further usage at least, not even talking about tracing the coins to the new "owner".

Marking (Tainting) wouldnt help you. He looks like a pro so you can be very sure that he knows how to exchange his coins to fresh untainted coins. So at the time your coins are found and stopped, they only belong to another innocent person.

I wonder what would happen. Is money marked as belonging to a robbery is seized? I guess so. Maybe then those coins would be seized too and the innocent person would be the victim.
newbie
Activity: 20
Merit: 0
April 09, 2015, 03:11:41 PM
#16
Amph
ok, I understand, but how could he manage to delete my security software (bitdefender), obviously he hacked my computer and then deleted this programme....
There is a lot of criminal energy involved to achieve this...well like in any other robbery of course.
But longterm this could kill the Bitcoin. If in a case like this, you cannot mark your coins as stolen to block them for further usage at least, not even talking about tracing the coins to the new "owner".
legendary
Activity: 3248
Merit: 1070
April 09, 2015, 01:01:59 PM
#15
MegaFall: Or could have simply found the private keys...

What does that mean exactly ?

if he infected your pc with a rat, he can take control of your pc, and see your private key after you access your wallet, so it doesn't even need to type the password, he just wait you to do so and steal your private key
newbie
Activity: 20
Merit: 0
April 09, 2015, 12:57:30 PM
#14
MegaFall: Or could have simply found the private keys...

What does that mean exactly ?
legendary
Activity: 1120
Merit: 1002
April 09, 2015, 12:47:54 PM
#13
nothing you can do at this point, unless thinking cold storage or hardware wallet..
sorry for your loss.. Lips sealed
jr. member
Activity: 56
Merit: 1
April 09, 2015, 12:47:10 PM
#12
How could the hacker transfer the money ? I had the wallet secured by a password as well ?


This is quite easy if the attacker had a keylogger installed on your system. A little patience and sooner or later he would see you typing in your password.

Or could have simply found the private keys...
newbie
Activity: 20
Merit: 0
April 09, 2015, 12:44:17 PM
#11
OnkelPaul: How do you know the IP addresses?
Thanks for your message. The IP address was used to attack my exchange account at the same time. I know he might have used some vpn, nevertheless I try my best. I also filed a fraud report in the meantime.
legendary
Activity: 1064
Merit: 1000
April 09, 2015, 12:42:01 PM
#10
How could the hacker transfer the money ? I had the wallet secured by a password as well ?


This is quite easy if the attacker had a keylogger installed on your system. A little patience and sooner or later he would see you typing in your password.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
April 09, 2015, 12:38:06 PM
#9
You may want to consider your computer compromised.  Undecided

Is it a windows PC? Then you may also want to consider installing Linux in a partition. That way you can boot up Linux when you need better security. (Not that it's fool proof).  It may be hard to determine where you picked up some mal-ware, but avoid downloading programs related to BTC unless they are open source. Anyway, sorry to hear about your loss.
newbie
Activity: 20
Merit: 0
April 09, 2015, 12:28:48 PM
#8
Thanks, I always wanted to do this, use a cold computer also, but well, too busy with other things, so stupid.
How could the hacker transfer the money ? I had the wallet secured by a password as well ?
Any specialist out there who has a good idea please contact me !
hero member
Activity: 926
Merit: 1001
weaving spiders come not here
April 09, 2015, 11:01:32 AM
#7
I recommend buying an old decent quality laptop from ebay. Maybe an IBM Thinkpad with fingerprint recognition. Do a DOD wipe/rewrite of the hard drive or replace it. Install a linux distro. Only connect it to the internet for security updates, Bitcoin core updates, to update the blockchain and to perform Bitcoin transactions. Also, after you installed and updated Bitcoin, disconnect from internet, encrypt wallet in the Bitcoin Core and save a copy into a truecrypt v7 container. I would also encrypt the entire hard drive with truecrypt v7 as well. Use very strong and unique passphrases for each the wallet, portable truecrypt container, and disk encryption.

Here is an example of a very strong passphrase: "My Daughter was born on May 13, 2003 in Hamburg Hospital in Room 213 @ 7:03am."
legendary
Activity: 1039
Merit: 1005
April 09, 2015, 08:31:31 AM
#6
One attack came from this IP: 51.21.9.22 Netherland, NL
Second one from here: 198.38.94.199   ALAMO, CALIFORNIA, UNITED STATES   2015-04-09 06:59:08 EST

How do you know the IP addresses? It is extremely difficult to find the actual source of malware because by the time it gets active, the traces of its installation are normally gone.
If you're just looking at IP addresses recorded by your firewall software, just ignore them, any computer on the internet is constantly bombarded with "attack" IP packets that are not any more than simple knocks at the door. The firewall has already prevented connections from these IP addresses, but it will not report the real source of a successful attack because it can't - otherwise it would have prevented the attack.

Malware on windows computers is mostly installed either by yourself (when you installed something downloaded from the internet) or by your browser when an attacker exploits a browser security hole.

Onkel Paul
legendary
Activity: 3248
Merit: 1070
April 09, 2015, 08:18:08 AM
#5
Thanks for your advice, I felt safe, because I had Bitdefender anti virus programme installed, but that one completely disappeared. Looks like the attacker could delete it.

My bitcoins went to this address:  1GgJkUADnzZ6kNF13toGpv7o8bCj3WYQov

One attack came from this IP: 51.21.9.22 Netherland, NL
Second one from here: 198.38.94.199   ALAMO, CALIFORNIA, UNITED STATES   2015-04-09 06:59:08 EST

Can somebody help me to trace this guy ?

if he deleted the wallet, you have probably a rootkit or rat, because some antivirus have protection against cancellation from malware(i know malwarebyte has chamaleont)

tracing him would be really hard because it seems he is using a proxy/vpn
newbie
Activity: 20
Merit: 0
April 09, 2015, 07:21:44 AM
#4
Thanks for your advice, I felt safe, because I had Bitdefender anti virus programme installed, but that one completely disappeared. Looks like the attacker could delete it.

My bitcoins went to this address:  1GgJkUADnzZ6kNF13toGpv7o8bCj3WYQov

One attack came from this IP: 51.21.9.22 Netherland, NL
Second one from here: 198.38.94.199   ALAMO, CALIFORNIA, UNITED STATES   2015-04-09 06:59:08 EST

Can somebody help me to trace this guy ?
Pages:
Jump to: