Pages:
Author

Topic: PAY FOR INFORMATION - 600 BTC REWARD FOR IDENTITY OF HACKER - page 3. (Read 8925 times)

sr. member
Activity: 271
Merit: 250
well...no further comment, as already stated earlier, i had a backup copy of my wallet "offline" (and i still have). And regarding the timing....(for whatever reason this is so interesting) It took me 30 min to reinstall windows, 5 min to download the bitcoin client, 2 min to reinsert the wallet from my backup copy and about 6 hours or so for the blockchain to be downloaded again and tadaaa, i could see the address where my bitcoins went to. The time of the stealing can easily be seen in the blockchain, it was thursday to friday early in the morning, but i still dont understand why this is such a problem to understand, to say "i invented the whole shit because i want to get some attention" is just laughable.

I could get some useful tips here and thanks to all constructive comments

Actually i invested quite a lot of time and resources into this bitcoin project, not because i think it is a "get rich quick" scheme. (At the moment it is more a getting poor quick scheme), but because it is one of the greatest inventions ever and i still believe in the concept. And yes, it was my fault to run windows machines and yes, now i know that wallet encryption does not help against keyloggers.

I will simply resetup my IT stuff together with some expert, (I agreed to give him 300 euro for his services) and life has to go on...  Still, for any tipps that could identify the guy, the reward is still valid
hero member
Activity: 532
Merit: 500
Running windows and bitcoin is not a good idea..
vip
Activity: 756
Merit: 504
I have a home network of several (14) more or less high-end computers, which i need for various tasks, not only for bitcoin. The wallet was stored at three places, on my bitcoin mining server plus on my laptop (which was the access point for the hacker) and i also have a backup copy of my wallet.dat on a USB stick totally offline from all IT infrastructure i have. Via TeamViewer all PCs were connected, so the hacker managed to delete the wallet.dat on my mining server AND on my laptop.

The wallet.dat file was used at the same time by the server's Bitcoin client and the laptop's Bitcoin client?

Even though my hard drive was erased, i still had a copy of the wallet.dat on my offline storage and i could make a screenshot after reloading this wallet in my newly setup computer. Even though 2600 were stolen from my local wallet, this was luckily "only" the minor part, since I stored the rest at other "offline" places or for example simply on my MtGox account.

You did not explain how you managed to discover the deposit address used by the thieves. When you discovered the erased hard drive? Please, provide an accurate date and time. From that point, how did you managed to recover the wallet.dat file?
member
Activity: 73
Merit: 10
I'm still a bit unclear... so it wasn' really a trojan but he was able to just walk in the front door using your remote admin software?
what makes you think this?

i had to run the teamviewer to access my data / computer network from outside, since i have several IT projects running (not only bitcoin mining) besides my full time job. Obviously this was a mistake. I now will pay a professional network security specialist to redo my whole IT setup. This costs a lot but will be cheaper than losing more bitcoins in the future Wink
How much you paying? Wink
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
What if you are an attention whore, and you stole your own Bitcoins?

For a guy that just lost 30 grand, you don't seem to care.
just the standard version from teamviewer.com
i dont recall which exact version, but it was running 24/7 with permament IP
If I lost that much, I'd be doing my best to figure out what was in charge of my 30k. Also wondering how someone knew I had Bitcoins, and that I was running Team Viewer. How did they know where to look? You story doesn't sound very convincing
sr. member
Activity: 271
Merit: 250
Oh come on!


I have a home network of several (14) more or less high-end computers, which i need for various tasks, not only for bitcoin. The wallet was stored at three places, on my bitcoin mining server plus on my laptop (which was the access point for the hacker) and i also have a backup copy of my wallet.dat on a USB stick totally offline from all IT infrastructure i have. Via TeamViewer all PCs were connected, so the hacker managed to delete the wallet.dat on my mining server AND on my laptop.

Even though my hard drive was erased, i still had a copy of the wallet.dat on my offline storage and i could make a screenshot after reloading this wallet in my newly setup computer. Even though 2600 were stolen from my local wallet, this was luckily "only" the minor part, since I stored the rest at other "offline" places or for example simply on my MtGox account.


Still, losing 2600 BTC + the 200 from MtGox is also for me quite a lot of money, but why the hell should this be inconsistent. I know these coins will be lost forever, nevertheless i was hoping that some more skilled person than me might be able to help me for what i am offering a reward of 600 BTC.

full member
Activity: 196
Merit: 100
Another block in the wall
This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?

Poor guy. Lost his coins now this....
sr. member
Activity: 430
Merit: 250
When required to prove you are controlling the address listed in the alleged transaction, you provided a screenshot showing your address list.
To be fair, he did also provide a signature for address 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g, from which ~2600 coins were transfered.

Quote
This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?

EDIT:

The IP 178.177.115.229 from the Mt.Gox log did not relayed any transaction:

http://blockchain.info/ip-address/178.177.115.229

He could have his wallet.dat backed up somewhere, and import it on a different computer. That would explain 1. and 3., at least.
vip
Activity: 756
Merit: 504
There is something wrong about your allegations. You said the wallet.dat file was stolen from your computer by a Trojan horse. That means the thieves would have to extract the private keys from your wallet.dat file and then redeem the electronic coins.

The redemption occurred on 16 November 2012, 03:28:22:

http://blockchain.info/tx/8d6602b0e8e4479d79e5dab0c35bdb4f7545513cb426411348ec1502413a8f80

At the same time of course he also stole 200 from my mt gox account, for that the hacker used the email address [email protected] and the transaction data was Transaction reference:
f5e5acd4-50a6-4de5-9061-1c0e3964eafe
Date: 2012-11-16 03:30:13 GMT
IP: 178.177.115.229

At that time, you would not have had access to your computer files because the hard drive was completely erased:

well, the hard drive was erased, so i could not identify the program. But i am sure you fill find more information when you can log into the guys email:

When required to prove you are controlling the address listed in the alleged transaction, you provided a screenshot showing your address list. Moreover, you also indicated that you became aware that the Trojan horse was inserted in your computer by the software Teamviewer:

is this prove enough?
http://imageshack.us/photo/my-images/29/adressbook.jpg/

It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan

This is completely inconsistent. If your hard drive was really erased, then you would:

1. Not have access to your Bitcoin client to take a screenshot of your address list.
2. Not have access to your operating system to determine how the Trojan horse was inserted.
3. Not have access to your wallet.dat file to determine how the electronic coins were redeemed.

How do you explain this?
sr. member
Activity: 271
Merit: 250
well, the hard drive was erased, so i could not identify the program. But i am sure you fill find more information when you can log into the guys email:
 
[email protected]
full member
Activity: 238
Merit: 100
Do you have a copy of the trojan you installed?
If so it may be possible to 'decompile' it to find the IP/Email of where the key log results were being sent.
full member
Activity: 196
Merit: 100
Another block in the wall
....I now will pay a professional network security specialist to redo my whole IT setup....

Get some common sense while you're at it.

Machines hack machines. Hackers hack you.
sr. member
Activity: 430
Merit: 250
this is the result of signing the message

"This is a test message"

on the public key 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g


Result:
G7SvfRszZfLipOXVvy8pGEgiRKcugumXb7Oo+8uvAX0RCqqAuhOuOcPk5JQHA7l4ulmsijgwmMAYEGHrrKPXPmg=

You always want to at least include your nickname in such a message. You could find something like this online and claim it was you that signed it. Or better yet, have someone else in this thread tell you what to sign.
sr. member
Activity: 271
Merit: 250
this is the result of signing the message

"This is a test message"

on the public key 1MTscp1WQz2QRBgpWPy2ctmiQ7zvXZPy5g


Result:
G7SvfRszZfLipOXVvy8pGEgiRKcugumXb7Oo+8uvAX0RCqqAuhOuOcPk5JQHA7l4ulmsijgwmMAYEGHrrKPXPmg=


This should hopefully prove ownership of my (now empty) wallet.dat :-(



i had to run the teamviewer to access my data / computer network from outside, since i have several IT projects running (not only bitcoin mining) besides my full time job. Obviously this was a mistake. I now will pay a professional network security specialist to redo my whole IT setup. This costs a lot but will be cheaper than losing more bitcoins in the future Wink


Still, for any hints to catch the guy, no matter how small the chances are, I will pay 600 BTC reward.
sr. member
Activity: 271
Merit: 250
just the standard version from teamviewer.com
i dont recall which exact version, but it was running 24/7 with permament IP
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
What version of Team Viewer? Where did you download it?
full member
Activity: 146
Merit: 100
There is probably some exploit for Team Viewer so he didn't have to know the password. If you have that kind of money on your wallet you are definetly a hot target.
legendary
Activity: 1512
Merit: 1049
Death to enemies!
Quote
It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan
Why did You have that teamviewer installed? Did someone know the password for the connection or was given access to it at any point in past?
vip
Activity: 756
Merit: 504

No.

That is a screenshot of your address list. You can add or remove the addresses at any time. I recommend you to follow prezbo's suggestion:

In case you're not aware of it, you can prove ownership of any address by signing a message with the corresponding private key. You can use brainwallet.org to do this. You can also use the bitcoind's signmessage command.
newbie
Activity: 54
Merit: 0
I do not think you be able to find it, however, I wish you good luck!
Pages:
Jump to: