Pages:
Author

Topic: my wallets were stolen just now, can any one help me? - page 5. (Read 12255 times)

sr. member
Activity: 322
Merit: 250
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
So... can we all finally stop recommending blockchain.info as the easiest wallet?

It became obvious that problems were inevitable as soon as StrongCoin revealed the ease with which they redirected someone else's transactions. The model is compromised.

There's no way around it. All users, even new ones, need to keep the bulk of their bitcoins in cold storage. That means ON SOMETHING PHYSICAL AND INERT. Yes. Physical and inert, where it takes physical movement beyond a few keypresses to spend it. Paper. A text file burned to CD through a new OS. Whatever.

The rest would do well to be contained within a dedicated client app, ideally on a dedicated device. With the number of high-quality clients available today, there is little reason now to do your bitcoin finances through your browser. If you need to handle large amounts of bitcoins away from home, then you should probably spend the money for a laptop or a smartphone.

----------

To the OP: I hate to say it, but your coins are probably beyond hope. But at least the problem might be identified and prevented from recurring.

With that in mind, several more (admittedly basic) questions:

  • What is your home computer's OS? If it's Windows or Mac OS, is it a bootleg copy?
  • Do you have a bitcoin client on your home computer? Are there bitcoins in its wallet that have remained untouched?
  • Have you accessed your wallet on computers other than your home computer?
  • How many characters was your password? Was it in English? If it was in English, was the password all letters?
  • Have you imported your keys from another wallet? Have you exported the keys to other wallets?
  • Do any of the addresses in your wallet come from "brainwallets" (where a passphrase of some sort was used to create the address?)
  • Had you tried to send 221.84 BTC to a different address, only to find that the bitcoins went elsewhere?

Every bit of information helps.


I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.

For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.
member
Activity: 98
Merit: 10
Looks like your pc is compromised. Scan it .
Rather erase it and reinstall OS and software.
Scanning is useless for sophisticated malware.
newbie
Activity: 2
Merit: 0
Looks like your pc is compromised. Scan it .
newbie
Activity: 20
Merit: 0
Holy fuck. Sorry for the loss. I don't know the link... but there is a data recovery service provided by a company for BTC. First of it's kind.
Yeah, but what they can do is limited to:

"The company is offering a Bitcoin retrieval service to individuals, companies and businesses around the globe who may need Bitcoin recovered from damaged hard drives, memory cards and mobile phones." http://www.sytech-consultants.com/

But also

'In a world first, SYTECH has announced a stolen Bitcoin tracing and recovery service; turning its decades of digital forensics expertise to tracing online Bitcoin criminals and recovering stolen Bitcoin for their clients.'

From http://www.sytech-consultants.com/blog/2013/worlds-first-stolen-bitcoin-tracing-service-and-bitcoin-data-recovery-high-profile-digital-forensic-services-company-sytech-embraces-bitcoin

If it was my coins stolen, I think I'd offer them the job if they would take no more than 50% of what they recovered.
legendary
Activity: 1050
Merit: 1002
We really need those Trezors.

I like my hardware wallet.  https://bitcointalk.org/index.php?topic=277583.msg2964099#msg2964099

Just kidding.  Smiley

Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.

Now that's what I call a safe! Smiley

I actually consider Trezors about equal to keeping coins offline. That's why I'm so anxious for them. Most people won't bother with the complexity of learning how to keep and manage coins in cold storage. Not only do you have to learn how to do it, but then learn how to spend those coins as well as keep the physical storage medium safe. Trezor allows convenient access to spending coins while keeping them just as safe as cold storage. The task for users is reduced down to learning to use it and managing their backup seed.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.

Lesson learned for anyone else. Keep large amounts in cold storage. Only use online wallets for day to day spending.
vip
Activity: 756
Merit: 503
Why is he now playing SD with tiny amount?
donator
Activity: 1218
Merit: 1079
Gerald Davis
We really need those Trezors.

I like my hardware wallet.  https://bitcointalksearch.org/topic/m.2964099

Just kidding.  Smiley

Trezors and the like will be great but even so unless you are planning on spending/transfering coins it is best to have them offline.

legendary
Activity: 1050
Merit: 1002
This is the second incident (I'm aware of) with an attacker gaining access to a blockchain.info account. In the earlier one several account balances were moved to a new one in an apparently coordinated operation.

The victims share similarities. If I remember at least one of the victims in the earlier theft used 2FA, and may have kept a local backup. The best guess I have is similar to DeathAndTaxes which is some kind of keylogger, but even that seems to not fit well because there would be reports of other services being burgled.

It's hard to see where the vulnerability is here. We really need those Trezors. In the meantime, once again, if you are keeping more coins stored long term with any online service than you can afford to lose you have too much stored there.
sr. member
Activity: 406
Merit: 250
Holy shit!  That's a lot of Bitcoin.  Sorry to hear about this Sad

sr. member
Activity: 322
Merit: 250
looks like its all going to dice.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.

If attacker has gained access to your computer he would have access to the backup file and could keylog your passphrase the last time you used it (anywhere you typed it not necessarily just blockchain.info).  
Password + backup file is all that is needed.  blockchain.info 2FA only prevents attacker from using the site not from decrypting a backup.

That is the most likely attack scenario however since you reused passwords on multiple sites it is possible (although less likely) the password was compromised from another site.  NEVER reuse passwords.  If you are going to ignore that advice at a minimum use unique strong passwords for financial sites (banks, paypal, bitcoin exchanges, wallets, etc) as well as any method of resetting password for those sites (i.e. email).  Someone hacking your twitter account is much less of a loss than hacking your money.
member
Activity: 98
Merit: 10
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.
Your computer might be compromised and keylogged and your wallet.aes.json file been stolen.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.

He did not steal all your BTC, there is a small amount of change left:

https://blockchain.info/address/1Mq2Q1BMicK4ECE6GNR6mDTPdkxwxDe3mc has 0.010544 BTC left

https://blockchain.info/address/1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn has 0.005631 BTC left



Oh come on now, don't throw salt in this users wound.  If you were driving home from your bank with thousands of dollars in your wallet and armed thieves stole all your cash but one dollar in your front pocket.  You'd tell people they stole ALL your money too.
I was not trying to make him feel worse than he already does.  I consider the fact that the thief left this small amount of BTC and did not take it all a clue.
member
Activity: 61
Merit: 10
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?

my computer.
member
Activity: 98
Merit: 10
Since 2-factor-authorization was used, I don't think they did this via the blockchain.info website.

Where are your backups stored?
donator
Activity: 1218
Merit: 1079
Gerald Davis
I believe you are also incorrect here ...

In review you are correct.  I fixed the post.  Thanks.
donator
Activity: 1218
Merit: 1079
Gerald Davis
2 address difference password. one of them same password as [REDACTED]

If the attacker is watching you just gave him more accounts to attack.  
1) Delete or modify your post above  ^
2) Change those passwords ASAP.

NEVER reuse passwords at least not for any account which has monetary value.
member
Activity: 61
Merit: 10

i don't use android phone. i use  blockchain.info
he stole all btc in these 2 address.
Did you have 2 factor authorization activated on blockchain.info?

YES. I Have google authenticator.
Pages:
Jump to: