First of all, Hi. I am the "potential culprit". Since I read this thread, because we're investigeting on all levels.... of course I get that the story as my bro wrote it, might only lead into one direction, but even he admitted he forgot a few things. You have to know that me and my buddy are doing business since longer times on many levels. Very super close. We're going to invest in a few things end of this year and beginning of next year, where the money would be much more valueable then ever. I would never let some shitty money come inbetween trust and loyality I value much more, this was the reason my buddy chose me before longer time. Im far from money problems and my wife is a good earning teacher and the business we do is growing attracts a lot customers where integrity is everything and it was never runnign better than now. Same that I would directly pay a bunch of it back and work my ass of the next few months to give him back his share because I would never let something like this come inbetween us and our future. So why should I do this, and then work for nothing a few months only to be breakeven while he has his money and we lost a huge investment part which is much more valueble. That would be insane. And saying it could be part of the plan, yeah whos leveling himself then. So I beg you please, to come to the part where you guys with a lot experience can help us for real, would be really helpful, so please lets get over this standard friend scam thing. I will post now what I will write Trezor for what I can only imagine is necessary for finding out what happened. As well as a part of the discussion with a sicko from the scene who helped a lot and asked the right questions. If necessary I can even post the whole conversation but its a lot material. I try to include the pics as well.
This is basically what I want to send to Trezor. If someone can help, even if you believe or not, try to think in another direction, I would appreciate this very much.
I'm writing here because something happend which no one can explain. I want to post this online and maybe find answers, maybe others that happened the same. I'm forced to deal with a situation I never wish anyone to deal with. I need to tell you guys at first that you have to believe me about the details I say and about me. I dont want to cover anything or make up a story.
I have IT background. I worked as an admin and I have somewhat clue about how to treat internet stuff. I'm normally the one telling others to tighten up security and check internet behaviour. I have a good running business which involves a lot cryptos.
At the 12th of September evening asia time I logged into my myetherwallet account to check the balance of my USDT and saw that my whole account was cleared. From 3 different adresses that belong to me, everything gone. Everything has been withdrawn to this adress:
0xe80196d56ab6158b6dbfe6df5a143e04419fecb4
From most valueable to some smaller coins, at least eth so everything had gas. It can be seen in the chain explorer.
I didn't log into my MEW account for more than one and a half day. I only sent some USDT from binance to my MEW at the 12th lunch or so. The whole day at the 12th I was connected to my trezor 1 and doing btc business via chrome and had the tab still open to my wallet. When I connect to my trezor I need 6 digit pin. For MEW I dont use any addon, only the URL and then follow usual steps login to trezor with the pin and export key.
I treat my laptop correct. I dont open spammails, I dont surf on shitty sites nor watch porn with it. Its my working laptop and I have a high responsebility about what I do and I'm aware of it. I use another zonealarm firewall, avira antivir, malwarebytes, realtime protection enabled. Have ublock origin as addon.
I scanned my laptop with all updated tools and even downloaded more. No virus, trojan, not even harmful malware was found.
No comes the part where I'm lucky that my best friends trust in me. WHILE the funds where withdrawn, I was standing infront of the computer and chatting with a customer on skype. The whole time. I checked all time stemps if MEW maybe has a different server time or so, I was standing infront of my computer. logged into my btc wallet, not into my MEW wallet and I didnt confirm any transactions for the USDT and Ethereum stuff.
How can this be. Thats whats everyone asks. I realised that If I log into my MEW account and then enter the btc part later and the browser is still open with another page, that I dont need a pin to access my BTC wallet. The otherway around from BTC to MEW I have to type in the pin, chose the wallet etc etc
Of course me and my friends we spoke about all scenarios. Here in my room, no one was alone with my laptop. I checked the antivir part if maybe stuff is installed and hidden in the settings to not scan it, and it wasnt.
Which things happened, I changed, I never did before, that maybe let to an security breach. I had to use a few times Teamviewer last days to acces and install stuff for customers. But this should only work in one direction and I was always using a VPN when connecting and the last time was 2 days before the accounts where emptied.
The most curious part happened a few days before the “hack”. Before a few days 6th of september I was in vietnam. I stayed in a hotel and had to send some funds to a customer from MEW. I was connected to my VPN but in the hotel Wifi. Something unusal happened. I wanted to send funds and the process circled around 30 min then broke up. We thought its the network having probs. The ETH network. I copied all details again and sent the funds to my customer. And It sent the money TWICE. At the same time. But I show you screens how the first one failed. It send 8k at once, so 2 times same time 4k but I only wanted to send 4k.
https://s17.directupload.net/images/190919/7jvjj5b7.jpghttps://s17.directupload.net/images/190919/v7rl546m.jpgNone of the scenarios we think about makes sense. If my computer has been compromised, why sending the headfuck ETH stuff where you normally have to click a million times to get the transaction done. Why not sending the BTCs where the tab was open. Why not sending everything.
In my position from my friends, everyone knows I wouldnt do it. It doesn’t even make sense because we’re going to invest the most share of it and its way more valuable there. I am trustful and loyal. There was money from one of my best friends as well involved. Everyone we ask says, it's not possible. But then how. I was here in front of my laptop not clicking anything to accept a transaction. I wasnt even logged into MEW. The times of the btc transactions and the ETH later are different. ETH was way later. I was thinking if maybe a script can use my accept on the hardware wallet to send something else as well. But theres 1.5h inbetween when sending my latest btc transaction and when ETH stuff was sent.
Can a sniffer in a hotel room read data from MEW? Is it possible to clone and hack when I login to MEW and get my seeds, not even I have ever seen from the ETH part. Is MEW saving data which they shouldn't. what definitely happened is, there have been transactions from my Trezor (if it really happened from my trezor) whithout the need of me to accept it. Can a tool when the 30 mins failed transaction was going on and failing encrypting a key or getting information about it which they can encrypt later? I realized that after I setup new windows on the laptop to clear out if the computer is a tunnel and then connecting to MEW that one step came I didn’t have to do before. That “allow MEW to read public key on trezor [] remember the device checkbox wasn’t there before but now back again. If this option is enabled. What infos are gonna stored where?
Of course we searched for similar stories. If someone has this hacking skills there might be more people involved. We can't find anything which is obvlsy not looking good for me.
Do you guys know any about this? What was that perfect with me that this could happen. Why aren't others posting about lost funds on ETH without a third party involved or someone who gave away logins or seeds or whatever, so the obvious scam reasons. I feel horrible. Something I cant explain happened. I don’t see that some pishing site got the infos and I anyway check the wallet address again when doing transactions on my trezor. And even then coming back to that transactions happened without me accepting it on the trezor and the btc part wasnt gone, only MEW ETH things. I had a long discussion with a high talented crypto guy and whale and programmer whos long in the scene.
Parts of the conversation where like this:
Me, [17.09.19 22:36]
Can you describe how the process maybe went after getting my key after whatever Method?
Him, [17.09.19 22:39]
One possibility is that they derived your private key through the data they gathered on mew
Him, [17.09.19 22:39]
It shouldn’t be able to
Him, [17.09.19 22:40]
But if so. It’s a flaw that trezor should be aware of
Me, [17.09.19 22:40]
But somehow it seems possible?
Him, [17.09.19 23:04]
I don’t think you exported your private key
Him, [17.09.19 23:05]
Either (A) mew allowed your private key to be exported. Or.
Him, [17.09.19 23:06]
(B) by allowing mew to keep reading your public key, they could have repeatedly asked for all your pub key addresses derived from your master key.
Him, [17.09.19 23:07]
And perhaps that allows for a weakness for them to work out your eth key
Me, [17.09.19 23:13]
Yes this was where I was searching for unusual things. Which happened in the hotel in Vietnam
Me, [17.09.19 23:13]
But that was my transaction to a customer
Me, [17.09.19 23:13]
It was processing 32 min
Me, [17.09.19 23:13]
Then broke up
Me, [17.09.19 23:13]
Next time I sent money it sent both same time
Me, [17.09.19 23:13]
The Customer sent me 4k usdt back cause he recieved 8
Me, [17.09.19 23:14]
And I was like: WHAT. THE. FUCK.
Him, [17.09.19 23:18]
I suspect something might have happened then... the hacker was just waiting for you to log in again
Me, [17.09.19 23:43]
Just one thing. All others say after the story, a transfer from a coldwallet without accepting the transactions is not possible. And you say it is right?
Me, [17.09.19 23:44]
With the idea of, they key got stolen, cloned etc
Me, [17.09.19 23:45]
That the transactions have been made from our wallet without me accepting it on the trezor
Him, [17.09.19 23:46]
By design it shouldn’t be possible
Him, [17.09.19 23:47]
It’s highly unlikely
Him, [17.09.19 23:47]
And if that is the case. They would have taken your BTC first
Me, [17.09.19 23:49]
So conclusion?
Me, [17.09.19 23:49]
It’s more likely that they somehow extracted the eth private key
Me, [17.09.19 23:49]
Yes, thx.