Topic: my wallets were stolen just now, can any one help me? - page 5. (Read 12204 times)
So... can we all finally stop recommending blockchain.info as the easiest wallet?
It became obvious that problems were inevitable as soon as StrongCoin revealed the ease with which they redirected someone else's transactions. The model is compromised.
There's no way around it. All users, even new ones, need to keep the bulk of their bitcoins in cold storage. That means ON SOMETHING PHYSICAL AND INERT. Yes. Physical and inert, where it takes physical movement beyond a few keypresses to spend it. Paper. A text file burned to CD through a new OS. Whatever.
The rest would do well to be contained within a dedicated client app, ideally on a dedicated device. With the number of high-quality clients available today, there is little reason now to do your bitcoin finances through your browser. If you need to handle large amounts of bitcoins away from home, then you should probably spend the money for a laptop or a smartphone.
To the OP: I hate to say it, but your coins are probably beyond hope. But at least the problem might be identified and prevented from recurring.
With that in mind, several more (admittedly basic) questions:
Every bit of information helps.
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.
It became obvious that problems were inevitable as soon as StrongCoin revealed the ease with which they redirected someone else's transactions. The model is compromised.
There's no way around it. All users, even new ones, need to keep the bulk of their bitcoins in cold storage. That means ON SOMETHING PHYSICAL AND INERT. Yes. Physical and inert, where it takes physical movement beyond a few keypresses to spend it. Paper. A text file burned to CD through a new OS. Whatever.
The rest would do well to be contained within a dedicated client app, ideally on a dedicated device. With the number of high-quality clients available today, there is little reason now to do your bitcoin finances through your browser. If you need to handle large amounts of bitcoins away from home, then you should probably spend the money for a laptop or a smartphone.
----------
To the OP: I hate to say it, but your coins are probably beyond hope. But at least the problem might be identified and prevented from recurring.
With that in mind, several more (admittedly basic) questions:
- What is your home computer's OS? If it's Windows or Mac OS, is it a bootleg copy?
- Do you have a bitcoin client on your home computer? Are there bitcoins in its wallet that have remained untouched?
- Have you accessed your wallet on computers other than your home computer?
- How many characters was your password? Was it in English? If it was in English, was the password all letters?
- Have you imported your keys from another wallet? Have you exported the keys to other wallets?
- Do any of the addresses in your wallet come from "brainwallets" (where a passphrase of some sort was used to create the address?)
- Had you tried to send 221.84 BTC to a different address, only to find that the bitcoins went elsewhere?
Every bit of information helps.
I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.
Looks like your pc is compromised. Scan it .
Rather erase it and reinstall OS and software.Scanning is useless for sophisticated malware.
Looks like your pc is compromised. Scan it .
Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/
But also
'In a world first, SYTECH has announced a stolen Bitcoin tracing and recovery service; turning its decades of digital forensics expertise to tracing online Bitcoin criminals and recovering stolen Bitcoin for their clients.'
From http://www.sytech-consultants.com/blog/2013/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin
If it was my coins stolen, I think I'd offer them the job if they would take no more than 50% of what they recovered.
We really need those Trezors.
I like my hardware wallet. https://bitcointalk.org/index.php?topic=277583.msg2964099#msg2964099
Just kidding.
Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.
Now that's what I call a safe!
I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.
Lesson learned for anyone else. Keep large amounts in cold storage. Only use online wallets for day to day spending.
Why is he now playing SD with tiny amount?
We really need those Trezors.
I like my hardware wallet. https://bitcointalksearch.org/topic/m.2964099
Just kidding.
Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.
This is the second incident (I'm aware of) with an attacker gaining access to a blockchain.info account. In the earlier one several account balances were moved to a new one in an apparently coordinated operation.
The victims share similarities. If I remember at least one of the victims in the earlier theft used 2FA, and may have kept a local backup. The best guess I have is similar to DeathAndTaxes which is some kind of keylogger, but even that seems to not fit well because there would be reports of other services being burgled.
It's hard to see where the vulnerability is here. We really need those Trezors. In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.
The victims share similarities. If I remember at least one of the victims in the earlier theft used 2FA, and may have kept a local backup. The best guess I have is similar to DeathAndTaxes which is some kind of keylogger, but even that seems to not fit well because there would be reports of other services being burgled.
It's hard to see where the vulnerability is here. We really need those Trezors. In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.
Holy shit! That's a lot of Bitcoin. Sorry to hear about this 
looks like its all going to dice.
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.
Where are your backups stored?
Where are your backups stored?
my computer.
If attacker has gained access to your computer he would have access to the backup file and could keylog your passphrase the last time you used it (anywhere you typed it not necessarily just blockchain.info).
Password + backup file is all that is needed. blockchain.info 2FA only prevents attacker from using the site not from decrypting a backup.
That is the most likely attack scenario however since you reused passwords on multiple sites it is possible (although less likely) the password was compromised from another site. NEVER reuse passwords. If you are going to ignore that advice at a minimum use unique strong passwords for financial sites (banks, paypal, bitcoin exchanges, wallets, etc) as well as any method of resetting password for those sites (i.e. email). Someone hacking your twitter account is much less of a loss than hacking your money.
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.
Where are your backups stored?
Where are your backups stored?
my computer.
i don't use android phone. i use blockchain.info
he stole all btc in these 2 address.
he stole all btc in these 2 address.
He did not steal all your BTC, there is a small amount of change left:
https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left
https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left
Oh come on now, don't throw salt in this users wound. If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket. You'd tell people they stole ALL your money too.
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.
Where are your backups stored?
Where are your backups stored?
my computer.
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.
Where are your backups stored?
Where are your backups stored?
I believe you are also incorrect here ...
In review you are correct. I fixed the post. Thanks.
2 address difference password. one of them same password as [REDACTED]
If the attacker is watching you just gave him more accounts to attack.
1) Delete or modify your post above ^
2) Change those passwords ASAP.
NEVER reuse passwords at least not for any account which has monetary value.
i don't use android phone. i use blockchain.info
he stole all btc in these 2 address.
YES. I Have google authenticator.
Jump to: