Pages:
Author

Topic: my wallets were stolen just now, can any one help me? - page 2. (Read 12255 times)

full member
Activity: 168
Merit: 100
i never really use the addresses from blockchain.info
if anything i add a watch only address, and when i want to sent i just put in my private key, this way only i have access to the private key,
oh and also the private is store encrypted on a persistent partition of a tails os usb,
this way im only loggin in with tails os, and thats the only way i put my private key in,

im thinkin of gettin a new address, not sure if bitaddress.org is safe to generate me a good secure privatekey ofcourse in tails with a saved version of the website and while im offline too !!!

i think im going to do that soon, and transfer some direct shares to that addresss, leaving me farther away from my money, this way i can just leave it and let it grow,

hmm or maybe use it to circulate more money? we'll see Smiley


edit: it could of been a phising site that was like blockchain, i havent seen one but thats how i got my account on here hacked, from a phising site that looked and was identicle and i just didnt notice i clicked on the link from like a chat somewhere, and thought let me log in to add or w.e.

dont know any other way that they could of stole your keys, i keep my keys offline, this way its even more difficult for me to get to them,


its really not that hard to be safe, make a tails os, boot it, make a persistent drive if u want or not, download bitaddress.org but make sure its a safe one from like github thats been up for a while and everyone trusts it,

then get offline if u want, or save it to persistent so u have a copy of it if needed,
make urself some keys,

now make a new blockchain wallet, dont really matter, ofcourse the more secure your passwords ect. is better but still dont matter,
then add your keys as watch only, and if u want to send anything just boot ur tails and persistent that has the private keys,

and make a transaction add your private key,

this procedure im currently using, im sure there is more safer, like a dedicated offline wallet, that signs transactions offline, and then put those transactions on a usb, and broadcast it from a diff computer to the network, this way your completely offline at alltimes,

but i feel this method i use is easier for now for me, and not so burdensom
legendary
Activity: 952
Merit: 1000
get answer from Jesse James (blockchain.info) as bellow  https://bitcointalk.org/index.php?topic=277595.new

I did a bit more transaction following ... it appears another address implicated with the thief address is 13KLNHPWLtWKTtKtr4fY5pu4Di4aQVLzPf.  This address received a coinad payout on 2013-04-10 07:54:10.

Coinad probably has the guy's email address.  Could be a dead end if their policy prevents them from handing this information out, or if they don't validate email addresses of members, or if he gave them a throwaway address.

Keep in mind, my evidence linking these two addresses is not 100% ... but it's pretty high.

Another possible lead is that the thief seems to think using Satoshi Dice a few times after a heist is an effective laundering technique.  In this transaction he apparently submitted his gambling transaction directly to blockchain.info ... so depending on how much they log, they may have the IP address of the thief.  This could also be a dead end if he's using Tor or some other proxy ... but seeing as he apparently thinks using Satoshi Dice makes tracking stolen coins harder, he probably isn't the brightest hacker in the world.
Thank you Jesse. I have send messenger to coinad.com . Hope to receive their reply soon.
I'm really sorry but I've deleted all CoinAd old backups... This is the second time someone asks me for information for the exact same reason.  Embarrassed
member
Activity: 61
Merit: 10
I just changed passphrase for the address  1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn . Let's see what happen.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?

You haven't tried to send money from that address recently, have you?

no. i didn't do anything from this address after stolen.

Then it sounds like he actually has your keys. Which makes it even more strange that he left change in the address earlier. Laziness on his part? Is he having to manually enter transactions or something? It's all very odd.

So far the evidence indicates:

  • The PRNG isn't the issue at hand.
  • The thief has your keys.
  • The money-snatching process isn't automated, at least not in any efficient way.

My best guess is, he has your password, and is actually logging onto blockchain.info and moving money from your address.

HOW he got your password is the tricky part that would reveal a lot. If you already know if your password was weak, that could solve that right away. If you DON'T believe you have a weak password, then likely your system is compromised. (There's a way to test that, but it would involve spending a little more BTC, which probably isn't necessary at this point.)
hero member
Activity: 593
Merit: 505
Wherever I may roam
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?

You haven't tried to send money from that address recently, have you?

no. i didn't do anything from this address after stolen.

I am shocked to read this I just lost 150$ and restless for many days and its a huge amount feeling sorry for you Sad

How did you loose that? Same story?
member
Activity: 84
Merit: 10
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?

You haven't tried to send money from that address recently, have you?

no. i didn't do anything from this address after stolen.

I am shocked to read this I just lost 150$ and restless for many days and its a huge amount feeling sorry for you Sad
member
Activity: 61
Merit: 10
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?

You haven't tried to send money from that address recently, have you?

no. i didn't do anything from this address after stolen.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?

You haven't tried to send money from that address recently, have you?
member
Activity: 61
Merit: 10
get answer from Jesse James (blockchain.info) as bellow  https://bitcointalk.org/index.php?topic=277595.new

I did a bit more transaction following ... it appears another address implicated with the thief address is 13KLNHPWLtWKTtKtr4fY5pu4Di4aQVLzPf.  This address received a coinad payout on 2013-04-10 07:54:10.

Coinad probably has the guy's email address.  Could be a dead end if their policy prevents them from handing this information out, or if they don't validate email addresses of members, or if he gave them a throwaway address.

Keep in mind, my evidence linking these two addresses is not 100% ... but it's pretty high.

Another possible lead is that the thief seems to think using Satoshi Dice a few times after a heist is an effective laundering technique.  In this transaction he apparently submitted his gambling transaction directly to blockchain.info ... so depending on how much they log, they may have the IP address of the thief.  This could also be a dead end if he's using Tor or some other proxy ... but seeing as he apparently thinks using Satoshi Dice makes tracking stolen coins harder, he probably isn't the brightest hacker in the world.
Thank you Jesse. I have send messenger to coinad.com . Hope to receive their reply soon.
member
Activity: 61
Merit: 10
Just now one of the lose address (1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn )made 2 new transaction. this address is 1dice1e6pdhLzzWQq7yMidf6j8eAg7pkY for SatoshiDICE 0.0015% . What should i do now for next?
newbie
Activity: 29
Merit: 0
get answer from Jesse James (blockchain.info) as bellow  https://bitcointalk.org/index.php?topic=277595.new

I did a bit more transaction following ... it appears another address implicated with the thief address is 13KLNHPWLtWKTtKtr4fY5pu4Di4aQVLzPf.  This address received a coinad payout on 2013-04-10 07:54:10.

Coinad probably has the guy's email address.  Could be a dead end if their policy prevents them from handing this information out, or if they don't validate email addresses of members, or if he gave them a throwaway address.

Keep in mind, my evidence linking these two addresses is not 100% ... but it's pretty high.

Another possible lead is that the thief seems to think using Satoshi Dice a few times after a heist is an effective laundering technique.  In this transaction he apparently submitted his gambling transaction directly to blockchain.info ... so depending on how much they log, they may have the IP address of the thief.  This could also be a dead end if he's using Tor or some other proxy ... but seeing as he apparently thinks using Satoshi Dice makes tracking stolen coins harder, he probably isn't the brightest hacker in the world.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Any one can know I lose my BTC due to a bug in the blockchain.info wallet ?

This question was answered above directly by the man himself.  Unfortunately your coins are not lost due to the RNG bug:

It is correct. Click "Show scripts & coinbase" for these both transactions. You will see that both used the same random number: 04b8c7b27846a1df35a87763f75b421a4f8148d17ca91c2daab6838aa5b04d48e373bba0cc1e081 be696bc626296febcdccab5336a43b8861a91afa57865bbb3f5

That is the public key of the address, not the random number (public keys always being with 04). These addresses are not affected by the random number issue.
member
Activity: 61
Merit: 10
get answer from Jesse James (blockchain.info) as bellow  https://bitcointalk.org/index.php?topic=277595.new
member
Activity: 61
Merit: 10
Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/

But also

'In a world first, SYTECH has announced a stolen Bitcoin tracing and recovery service; turning its decades of digital forensics expertise to tracing online Bitcoin criminals and recovering stolen Bitcoin for their clients.'

From http://www.sytech-consultants.com/blog/2013/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin

If it was my coins stolen, I think I'd offer them the job if they would take no more than 50% of what they recovered.
I'd like SYTECH's help. But How can I contact them?
sr. member
Activity: 298
Merit: 250
Regarding the very bad information in my post which is now quoted here:

https://bitcointalksearch.org/topic/my-wallets-were-stolen-just-now-can-any-one-help-me-277601

piuk and others corrected me and I removed that post within minutes.  How on Earth did you dig up my deleted stupidity?

Why did you re-post my deleted stupidity?

Please delete your post, which quotes my deleted post:

https://bitcointalksearch.org/topic/my-wallets-were-stolen-just-now-can-any-one-help-me-277601

as it contains a lot of bad information.

Thanks!
sorry, my bad Smiley Post deleted.
sr. member
Activity: 352
Merit: 250
unfortunately. my 2 wallets were stolen 2 hours ago by same thief. thief's address is 1FeUJVtvchu3NREJnACpWAYG6B1xN4oBKB . he stole 42 btc from 1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc    and  221.84btc from 1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn    

can any one help me to track this address and catch this thief?

Really sorry to hear this happened OP
member
Activity: 61
Merit: 10
Can you contact blockchain to get a record of logins to your account?  You may have a key stroke logger program that is installed on your machine and they just collected your login info from that data.  If blockchain shows someone logged in as you, at a time that doesn't look familiar to you, they probably used more traditional hacking methods to get access.  Let's rule out the easy stuff first.
Thank you very much. I just contact with blockchain.info  . I'll do as they asked and let all know the next step.
member
Activity: 61
Merit: 10
Was this a brain wallet or a regular blockchain wallet?
regular blockchain wallet
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Was this a brain wallet or a regular blockchain wallet?
member
Activity: 61
Merit: 10
let us know if blockchain gave you your bitoins back.
Not yet. I just email  <[email protected]> today.
Pages:
Jump to: