Pages:
Author

Topic: My wallet was just hacked (Read 2401 times)

full member
Activity: 131
Merit: 100
June 18, 2013, 01:37:37 PM
#65
Hope you get them back!
wcx
newbie
Activity: 6
Merit: 0
June 18, 2013, 12:26:24 PM
#64
Did this totally clean out your wallet?  I noticed 0.01 BTC left on 1Gi9WcK7gVufFf3eZ5jjK6nWRbPRcigLtH in this transaction.  Strange they did not totally clean you out.
Yes, they kindly left 0.01 BTC in my wallet.

Random8

consider it as a tip... loll

joking aside.. sorry about it...
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
June 18, 2013, 12:22:17 PM
#63
I wish you the best of luck in getting your bitcoins back

is it possible to get one's bitcoins back after they have been stollen? The whole system is built to be anonymous and has no centralization so there's no way to put insurance on the bitcoins is there?  Huh I would think once it's gone it's gone.
No way to get them back unless the thief gives them back.

Basically once they are gone they are gone.

Did you store your private key on your mac? Private keys should be kept in cold storage (ie: offline computers). Perhaps a hacker found your private key.
I appreciate you are trying to help (or just get your post count up) but FYI when you install a client on your computer all your private keys are kept in the wallet.  That is the way it works.  Your question does not make any sense.  Your statement "Private keys should be kept in cold storage" also makes no sense.

Did your coins show up yet
What do you mean "show up"?  Show up from where?  We all know exactly where all 3.17115309 of his coins went. They are here:  

https://blockchain.info/address/1HeAK9siHVWYfWGBVBcGz13WUZkYs5aUGx
newbie
Activity: 7
Merit: 0
June 18, 2013, 12:15:21 PM
#62
I wish you the best of luck in getting your bitcoins back

is it possible to get one's bitcoins back after they have been stollen? The whole system is built to be anonymous and has no centralization so there's no way to put insurance on the bitcoins is there?  Huh I would think once it's gone it's gone.
newbie
Activity: 28
Merit: 0
June 18, 2013, 12:11:09 PM
#61
I wish you the best of luck in getting your bitcoins back
newbie
Activity: 7
Merit: 0
June 18, 2013, 12:00:41 PM
#60
Did you experiment with any other cryptocurrencies maybe one of them had a keylogger attached to it (or anything you've download lately) I don't know how vulnerable Macs are to website scripts (probably not very) but windows freely accepts virus attacks from tricky java codes if you're not careful.

I'm sorry for your loss of bitcoin
newbie
Activity: 28
Merit: 0
June 18, 2013, 11:53:04 AM
#59
Did your coins show up yet
member
Activity: 83
Merit: 10
https://bitgo.com
June 18, 2013, 11:46:43 AM
#58
Did you store your private key on your mac? Private keys should be kept in cold storage (ie: offline computers). Perhaps a hacker found your private key.
newbie
Activity: 31
Merit: 0
June 18, 2013, 11:34:19 AM
#57
Can you compare the checksum or hash of your downloaded client to the official one?
Yep, I can do that, as soon as I find an official version that's the same as mine. I'll let you guys know what I find out.

Random8
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
June 18, 2013, 10:03:00 AM
#56
Can you compare the checksum or hash of your downloaded client to the official one?
full member
Activity: 126
Merit: 100
June 18, 2013, 06:07:58 AM
#55
The most reasonable answer is a compromised client - the source is freely avaılable so not too hard to simply adjust code to send to a predefined address after some threshold, compile it for mac and then release it for download.

İ would download the client from a trusted source and compare at least file sizes and/or signatures if they are available. Decompiling and looking at source would also be interesting - maybe the address is hardcoded that would make the compromised parts easy to find.
legendary
Activity: 1498
Merit: 1000
June 18, 2013, 05:40:01 AM
#54
I just picked up a hardware wallet, and I think that will be the future OP should look into getting that.

Only what happens when you get a hardware error? Can you make a backup with those?

BIP 32 and a key phase, that you write down and lock in vault.
hero member
Activity: 784
Merit: 501
June 18, 2013, 05:26:09 AM
#53
I just picked up a hardware wallet, and I think that will be the future OP should look into getting that.

Only what happens when you get a hardware error? Can you make a backup with those?
sr. member
Activity: 392
Merit: 250
June 18, 2013, 04:57:01 AM
#52
Sorry for your loss
newbie
Activity: 18
Merit: 0
June 18, 2013, 04:52:42 AM
#51
Any other bitcoin related applications you have installed? I imagine its quite easy for an app to enable the bitcoind api and then hammer sendbitcoins request over the api until the user unlocks the wallet (which is a security flaw of you ask me. )
donator
Activity: 294
Merit: 250
June 18, 2013, 04:45:04 AM
#50
The perils of virtual money :-/

Yeah... so much more fraud and theft than with the traditional currencies.   Roll Eyes
newbie
Activity: 17
Merit: 0
June 18, 2013, 04:08:11 AM
#49
suprising that it would be on a mac and also I dont understand why a wallet nneds to be installed on a system? is it generally more secure or what.
member
Activity: 70
Merit: 10
June 18, 2013, 04:03:49 AM
#48
Sorry to hear Random8, but that sounds like the location where you got the bitcoin client from was compromised or not a legitimate application.

For reference to all the pro-Mac people, the firewall on Mac OS is disabled... by default.  Push your "Mac is very secure" antics elsewhere -> coming from someone that has been in the IT support industry (with Macs as well) for the past 12 years.
newbie
Activity: 24
Merit: 0
June 18, 2013, 03:12:15 AM
#47
Where did you download bitcoin-qt from? I hope it was from this forum.

I installed Bitcoin-Qt on my iMac, put some bitcoins in it, and locked the wallet.

When I wanted to make a new address to send some bitcoins to an exchange, it asked me to unlock my wallet. I entered the key, and the wallet application locked up. I had to kill the task. When I started it up, it said my wallet was corrupted. I restored my wallet from a backup, and discovered that all of my bitcoins (over 3 coins  Angry ) had been transferred. They had been transferred to an address I've never used before. In fact, I've never transferred any bitcoins out of my wallet.

Well, the fact that I lost over $USD300 in coins is bad, but I'll chalk that up to experience. What I'd like to know is how it was done. I can only guess that my computer has been infected with malware that was waiting for me to unlock my wallet so it could do a transfer. Is this a known hack?

Thanks,

Random8, bitcoin n00b
sr. member
Activity: 420
Merit: 250
June 18, 2013, 01:46:58 AM
#46
Security software seems much easier for the average user than changing their OS.

Granted - but the problem with all security software is... it doesn't catch new stuff... first the virus has to be documented and a definition distributed for it... before the AV software is able to prevent an infection.

Just an example:

In the past 6 months there's been a FBI virus going around - it took all of 2 weeks to get a good def written and now all major AVs block it. About a week after that, the makers changed the methods used and updated it say DOJ instead of FBI... that one took almost a month to define and about 2 weeks later they pushed a new version (changed DOJ to ICE). And there still isn't a good removal method for that one.

fbi - wasn't present in sm. infection was a rundll.exe loaded item in a temp folder - and had a shortcut in windows startup folder.
doj - is present in sm (and causes reboot to normal mode). also loading through a runonce entry. removal be booting to smcp and creating a temp admin user that could then be logged into to remove.
ice - present in sm (and blocks use), breaks the machines ability to boot into smcp, recovery console and system restore partitions. Only way is recovery console off a cd/dvd or pulling the drive and cleaning it on another machine.

All of these virus ask for moneypak in varying amounts and threaten arrest and prosecution for illegal activity (child porn) if the user doesn't 'pay the fine'

The big 3 AVs (yes there are only 3 legit av networks and they all shares defs with each other):

Norton: can catch FBI & DOJ but can't stop ICE.
Mcafee: can catch FBI but not ICE or DOJ.
Eset: active methods got FBI and DOJ. was able to remove FBI even without a def. Doj was a able to stop it from loading (but wasn't able to remove until defs came out). ICE still flys right by it tho.

~

my whole point is - there's lag time between when a new virus deploys and the AVs catch up. The only really secure way is via a USB bootable optical media with wallet already on it - or a handheld device that has never done and will never do anything else.

Pages:
Jump to: