Topic: Received and Lost Bitcoins in 1 minute!!! (Read 1632 times)

That is the very unlucky story I ever heard here. 1.5 BTCTC and boom gone in a minute? I hate those guys who stole from others. But how that happen that he can withdraw on your wallet when you did not gave him access. I hope that will be solve. You can ask support of your wallet to check on that ans ask them what happen.

I tried using some APIs, such as Blockchain and Codebase API. But they lack some important features, such as how to withdraw or send coins, for instance :/

Do you know any other Java API I could use?

Why code all that yourself? There are better options than doing it all yourself

Yes, I'm using it to create a virtual store, it is not to keep my personal wallet

I'll research more about multisignature.. thanks for your hint!

So I assume this is not for personal use, but some service you are building?  Otherwise its pointless and foolish to keep your wallet on AWS.

I don't know much about security in those cases, but I think many big sites use multisig.  They may be passing unsigned transactions to
a more secure server, signing them and then returning for broadcasting.

You should try to find the problem step by step. Did you manage to receive any coins that weren't eventually stolen? If yes, what were the amounts, circumstances, analyse the situation and find the difference.
If not (each transaction was intercepted), what machine/network are you using to access the Amazon server? I understand the server is secure, but your point of access could be compromised, unless I'm missing something and you're actually typing from the server room. Try using different setups: a different wallet, different access point (try your phone or a friend's computer) and send a small test transaction to each new wallet, maybe he'll take the bait and you'll be able to identify his point of entry.

Hi guys, thanks for all the messages!!!

Let me send some more information, maybe someone can have a light with me  


- this wallet is running in a super new webserver, hosted at Amazon Web Services. So, I'm pretty sure it doesn't have any virus or keyloggers

- it is a Linux machine

- after the first time I noticed the problem, I stopped using the wallet and created a new one. But the problem happened again, and again, and again (no matter how many new wallets I have created)

- I'm using BitcoinJ because I'm integrating the payments to my Java software. I need to create new addresses, receive money and eventually withdraw


Do you guys know how can I improve my wallet and addresses security? Below is the code I'm using to create the wallet and addresses:

------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------

NetworkParameters params = MainNetParams.get();

WalletAppKit kit = new WalletAppKit(params, new File("."), WALLET_NAME);  // BitcoinJ creates the wallet if it doesn't exists

kit.startAsync();
kit.awaitRunning();


String newAdd = kit.wallet().freshReceiveAddress().toString(); // this command creates a new address for me

------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------


THANK YOU SO MUCH!!!

windows is secure if you know what you're doing. Having been using it since the windows me days and having vivid memories of pirating windows xp version 2505, which was release candidate 1 way back when, I can keep my rig secure just fine.

If you have only an 'average joe' level of PC skills you probably shouldn't be using linux either, lol.. like you'll know what you're doing... not.

This is if you're going to be using something along the lines of a wallet which is on your computer, which I would avoid doing in hopes of wanting to use something such as a hardware wallet with such a high amount of Bitcoin or a high security web wallet, which I personally would rather choose.

Something along the lines of BitGo, or BlockChain (With all security done and enabled) would work fine for something like this, you just have to have some faith in the companies that have been around for awhile and have set themselves as reputable.

Though if you want ultimate security, Trezor or Ledger.

At this point the coins are lost, so the best you can do is to wipe out your hard drive and make a new installation on your machine and don’t install anything except the necessary things to run a wallet, if you don’t want to run your own wallet then create a new web wallet and don’t write your password anywhere, if I were you I will install Linux but that is up to you.

Linux is not a perfect solution and bastion which will prevent every form of malware. It is safer than Windows, but nothing is 100% safe.
There are viruses, malware and even ransomware attacking Linux distributions.

The only way is to take care of your security, keep proper digital hygiene, encrypt your wallets and don't be naive idiot.

You should be using a Linux machine. Winxx is a joke. Next, NEVER download any bitcoin related software on that computer. Only a well established, trusted wallet. I would guess that the computer you are on is compromised. I would format the HD with an easy distro like Ubuntu and start over. Sorry I don't have better news for you.
 

Those are great points. Also check if:
you have an antivirus software and it's up to date, try scanning your pc.
you are sharing a connection with other people via lan/wifi? It's quite easy to access pc through wifi and even easier through LAN
anybody else have access to your computer (roommates, friends)

Someone suggested a keylogger. This would only give away his wallet passphrase, not his private key. If he only generated the address and never displayed or copied the private key, he'd be safe. It looks like full access hack with the thief being in control of his OS account and logging in remotely, or his Bitcoin address was generated in a hacked wallet (not downloaded from a trusted site) that shared the priv key with the hacker.

The money is gone, sorry. why do use BitcoinJ? there are many wallets better than BitcoinJ. anyways which os are you using?
switch to linux for good! (if you're using windows)

How distressing!  Sorry to hear this.  If I were you, I'd create a new wallet and clear out my PC, checking it for viruses, etc.  

Thanks for sharing and reminding us of one of the challenges and risks in the cryptoworld.

for someone to steal ur coins so fast means they have your private key.

things to check

think about all bitcoin related downloads you have
have you ever downloaded any of them scammy "bitcoin generators"
where did you get your bitcoinJ from

did the bitcoinj program generate your address or did you import it from another program/pc previously.

The money ended up in a very big wallet, that contains almost 80 thousand addresses. Looks like an exchange.
https://www.walletexplorer.com/wallet/00015efc88765e70/addresses
Maybe someone can identify it. It's not impossible to track down the thief, but you'd have to get in touch with the owners of this exchange.

This person had access to your address before you even got the money. He waited until the transaction is confirmed and instantly sent the money to a brand new address in an empty wallet (1Ja8Kxn7oeYbc7wWqoVCCqCmygRLEVR3qv).

It is impossible that bitcoin network is hacked. Your machine must have been breached somehow, attacker somehow got access to your private keys.
If you are sure that your machine is clean then I would suggest you use standard bitcoin SPV walletElectrum, Multibit or full validation wallet like Bitcoin Core or Armory.
Install it on different PC and encrypt is with a strong password. As for the helping you receive your BTC back... your coins are gone. I am sorry.

that looks really bad, sorry for your loss man but unfortunately I have not seen anything such as this. it seems like someone have your private keys and the hacker has alredy started some scripts to check if your wallet has some balance or not.if it has then it will send them all to that another address. I will advice you to switch your wallet or even your device can also be infected by this virus/malware

You meant everytime ?

Is it not the first time that you had BTC stolen ? Did you verify for keylogger or malware ?