Last night around 9PM PDT, I clicked a link to go to CoinChat[.]freetzi[.]com - and I was prompted to run java. I did (thinking this was a legitimate chatoom), and nothing happened. I closed the window and thought nothing of it.
I opened my bitcoin-qt wallet approx 14 minutes later, and saw a transaction that I did NOT approve go to wallet 1Es3QVvKN1qA2p6me7jLCVMZpQXVXWPNTC for almost my entire wallet (2.07 BTC).
I had something like 2.07225 BTC.
This is an exploit that was able to steal BTC from an encrypted wallet without having my password - how is this possible? I thought for the most part that bitcoin-qt was safe against these types of attacks as long as the wallet is encrypted.
This legitimately happened to me and I think this exploit needs to be given some attention, please do not downvote as I want to figure out why this exploit was able to access my encrypted wallet without having my password.
So, /r/bitcoin - what happened here?
More info: Browser - Chrome OS - Windows Wallet Version - 0.8.0beta
That is why you should never run Java and that is why you should use caution when storing your coins. Why put them all in one place?