Pages:
Author

Topic: Stolen BTCs from paper wallet - page 2. (Read 886 times)

hero member
Activity: 1439
Merit: 513
December 23, 2022, 08:21:59 PM
#23
@pointbiz @1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN usually will come around when summoned, maybe they can clarify things on their end?

pointbiz owns bitaddress.org

It's in my best interest to know too since we use the tool for merging keys. tld compromised means more could be as well.

However it appears the whois doesn't look too good with correlation to OP's timestamp claims. hopefully pointbiz renewed and not someone else.

Name: bitaddress.org

Dates
Registry Expiration: 2023-09-04 04:17:42 UTC
Updated: 2022-10-19 04:18:19 UTC
Created: 2011-09-04 04:17:42 UTC
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
December 23, 2022, 05:55:26 PM
#22
Maybe. But that wouldn't make sense, it's bad for the bad guy's privacy (and extra work).
Not all know to use bitcoin properly. There are people who regularly screw it up with their privacy, security, who they don't care, who they use bad software, who they haven't studied it a lot etc. There are a lot of examples of thieves who got caught because of these. From thieves who stole coins and deposited to CEX later on, to two folks who stored the private keys of billions worth of bitcoin in a cloud service.

Also, that's still possible:
You screwed it up in the process, and you didn't notice.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 23, 2022, 11:43:13 AM
#21
Isn't it possible a hacker just spent his other money along with OP's in one transaction?
Maybe. But that wouldn't make sense, it's bad for the bad guy's privacy (and extra work).

Quote
Or that their office had malware all across the computers and there were more than 1 employee who used bitaddress?
Maybe. But that's too much of a coincidence, unless someone convinced several people to do that.

Quote
Yes, but doesn't the administrator announce compromisation afterwards?
Maybe. But not if the site owner is behind the theft.

Quote
Isn't that what had happened with BitcoinPaperWallet?
No, it got sold, and the new owner scammed people. As far as I know, that's still ongoing.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
December 23, 2022, 10:38:38 AM
#20
    Here's what might have happened:

    • bitaddress.org was compromised at the time you used it (quite unlikely, it'd have been announced later).
    This is the only option from your list that can explain why different funds were sweeped at the same time with OPs funds.[/list]


    Actually, look at it this way: keep going with my earlier 'not your PC not your DATA' statement.

    It might not have even been someone at that company. A lot of places use external MSPs for things.
    It's a somewhat simple task for most of the software that is placed on corporate PCs for monitoring / remote service and things to generate an alert when something happens / someone goes to a specific site and so on.

    So if it's an external 3rd party that has access for legitimate reasons, and one of their staff has setup and alert to send an email to them when users go to a specific site and then record all actions done then, they could easily get 5 private keys from 5 people in different parts of the world. Then you delete the alert and data as part of the 'monthly database clean' or whatever and tan you take the BTC and run.

    Now 5 people who never met each other, some of them who do not even know what the name of the MSP their company uses is have missing coins.
    Good luck tracking that down.

    In theory figuring it out is very simple. Since the MSP is the common link. In reality since if they did it with a bit of thought, everyone worked for a different company and every company has a no private work on the work PC it's even better. Do you eat the loss or report it and risk loosing your job.

    -Dave
    legendary
    Activity: 1512
    Merit: 7340
    Farewell, Leo
    December 23, 2022, 10:23:17 AM
    #19
    This is the only option from your list that can explain why different funds were sweeped at the same time with OPs funds.
    Isn't it possible a hacker just spent his other money along with OP's in one transaction? Or that their office had malware all across the computers and there were more than 1 employee who used bitaddress?

    Could this indicate something larger, that Bitaddress itself could be compromised?

    I mean, that's exactly what happened to BitcoinPaperWallet several years ago.
    Yes, but doesn't the administrator announce compromisation afterwards? Isn't that what had happened with BitcoinPaperWallet? There is no known bitaddress compromisations as far as I'm concerned.
    legendary
    Activity: 3290
    Merit: 16489
    Thick-Skinned Gang Leader and Golden Feather 2021
    December 23, 2022, 08:53:07 AM
    #18
    (of course, if you downloaded the webpage, inspected the Javascript, and opened the offline page before generating private keys, you shouldn't be at risk of theft).
    Note that people still lost their money after downloading the BPW site once it turned into a scam.
    legendary
    Activity: 3346
    Merit: 3130
    December 23, 2022, 08:10:21 AM
    #17
    1) Many corporate printers will generate a copy of everything you print for management /

    2) Same with company owned machines, they know & see everything you do. In this case it's not even 'I went to a bad site and got malware installed' but the company PC came with it to report on you.

    I was thinking the same, for security reasons the printers at work used to save a copy of all the printed files, so, it was a terrible mistake to use the office printer for a paper wallet because even if the network is secure the saved files in the printer are not.

    And the second big mistake was to generate the address online, that's a terrible mistake that no one should do because you don't know if the page saves in a database each generated address.
    legendary
    Activity: 2380
    Merit: 5213
    December 23, 2022, 04:31:42 AM
    #16
    Hey Google, let the owners of 18CxzMfmadEvjwPjW8uzFe5n6xBDeraoJ6 and 1AmwSjzv6H3ujR7rFuVXLNz1yJfnJt2TFA find this topic!
    There's another address in that transaction too.
    1AhgYZ7Js6ytokA4zCD994MJJbpFsCUd61

    And there are probably more victims.
    OP's fund was sent to bc1qtjt2qa2pghrea2xv5fwn0t6a7gmrc4f2238rnr in this transaction and then to bc1qhwppsmswazl9pghsq9k4v7jy502cvlwjqr34hk in this transaction. Therefore, bc1q87jd5xfq6xypy9tx6ssfhynq0e5z99u8whnuvp and bc1ql5cz9yp23ggdz2tjhmj3hkr37wula3u34sa30e are owned by the hacker/thief too.
    If you check the history of these two addresses, you see that the same thing as OP has happened to 1P4o7U7tDsxeHVhRPRMFgmrmaFhGxRmjQx and 19fikpWsuxRnqQqrgnSWvVETvQHRMa9a3k.
    legendary
    Activity: 2268
    Merit: 18771
    December 23, 2022, 04:17:06 AM
    #15
    Could this indicate something larger, that Bitaddress itself could be compromised?
    Certainly it could. Or that there is a malicious clone site out there that several people are stumbling across. I always suggest people should use Core or Electrum over bitaddress or any other website in order to generate wallets.

    There are plenty of other explanations for the pattern of transactions see though. Perhaps several other people at OP's company also generated paper wallets using bitaddress, which were then stored on some server or printer memory bank or similar. This was hacked or otherwise accessed, and therefore the attacker accessed all the wallets at the same time and swept them all at once. Or perhaps OP also uploaded a copy of his paper wallet to his email or cloud storage, and again, a hack or rogue employee or similar then discovered his wallet at the same time as several other wallets, seed phrase back ups, or similar.
    legendary
    Activity: 1568
    Merit: 6660
    bitcoincleanup.com / bitmixlist.org
    December 23, 2022, 12:21:10 AM
    #14
    Quote
    It looks like someone stole from several wallets, mine was just one of that.
    Your address was emptied after 3 months, some of the other addresses after a year or almost 2 years.

    If someone somehow compromised your paper wallet from outside your office, that means they've patiently been waiting for people to make multiple deposits to those paper wallets before robbing them. That may also mean it will happen to more people.

    Could this indicate something larger, that Bitaddress itself could be compromised?

    I mean, that's exactly what happened to BitcoinPaperWallet several years ago.

    (of course, if you downloaded the webpage, inspected the Javascript, and opened the offline page before generating private keys, you shouldn't be at risk of theft).
    hero member
    Activity: 1439
    Merit: 513
    December 22, 2022, 01:35:30 PM
    #13
      Here's what might have happened:

      • bitaddress.org was compromised at the time you used it (quite unlikely, it'd have been announced later).
      This is the only option from your list that can explain why different funds were sweeped at the same time with OPs funds.[/list]


      Or originations are possibly the same. for example, 1 co-worker tells 3?
        "Supposing that there's no one from inside evolved"
      Judging by OP's wording of actions he learned about it at work, and thinks they are smart.
      When he started printing wallets the powers that be educated themselves as well or led OP to a trap.
      I think this scenario more likely than bitaddress.org being compromised I don't rule it out though.
      And to be fair on a newbie's behalf, bitaddress.org doesn't really elaborate that much on security, Air gapping, or anything commonsense really,
      A byproduct singular person coding without UX consultation.
      The information's portrayed to a more advanced person that probably knows how to generate their own wallet as if they can use PGP and checksums and things of this nature.
      They don't tell you anything until after you've made the wallet causing you to react uninformed.
      Not a guy who heard about it on his smoke break at his 8-5.



      A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above.

      To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location. This site does not have knowledge of your private key. If you are familiar with PGP you can download this all-in-one HTML page and check that you have an authentic version from the author of this site by matching the SHA256 hash of this HTML with the SHA256 hash available in the signed version history document linked on the footer of this site. If you leave/refresh the site or press the "Generate New Address" button then a new private key will be generated and the previously displayed private key will not be retrievable. Your Bitcoin private key should be kept a secret. Whomever you share the private key with has access to spend all the bitcoins associated with that address. If you print your wallet then store it in a zip lock bag to keep it safe from water. Treat a paper wallet like cash.

      Add funds to this wallet by instructing others to send bitcoins to your Bitcoin address.

      Check your balance by going to blockchain.info or blockexplorer.com and entering your Bitcoin address.

      Spend your bitcoins by going to blockchain.info and sweep the full balance of your private key into your account at their website. You can also spend your funds by downloading one of the popular bitcoin p2p clients and importing your private key to the p2p client wallet. Keep in mind when you import your single key to a bitcoin p2p client and spend funds your key will be bundled with other private keys in the p2p client wallet. When you perform a transaction your change will be sent to another bitcoin address within the p2p client wallet. You must then backup the p2p client wallet and keep it safe as your remaining bitcoins will be stored there. Satoshi advised that one should never delete a wallet.
      legendary
      Activity: 3290
      Merit: 16489
      Thick-Skinned Gang Leader and Golden Feather 2021
      December 22, 2022, 11:19:26 AM
      #12
      Here's what might have happened:

      • bitaddress.org was compromised at the time you used it (quite unlikely, it'd have been announced later).
      This is the only option from your list that can explain why different funds were sweeped at the same time with OPs funds.[/list]
      legendary
      Activity: 1512
      Merit: 7340
      Farewell, Leo
      December 22, 2022, 11:03:48 AM
      #11
      Supposing that there's no one from inside evolved, is it possible to have a malicious intermediate between my computer and bitaddress?
      Yes. Here's what might have happened:

      • Your computer was malware affected.
      • Your computer has been spied (not necessarily from an unintended spyware, lots of offices do spy on purpose).
      • Somebody at work saw you generating a private key, and took a picture.
      • Cameras (if any) caught you generating a private key.
      • bitaddress.org was compromised at the time you used it (quite unlikely, it'd have been announced later).
      • The printer exchanged sensitive information with your computer, private key included, and someone happened to find read access.
      • You screwed it up in the process, and you didn't notice.
      hero member
      Activity: 504
      Merit: 625
      Pizza Maker 2023 | Bitcoinbeer.events
      December 22, 2022, 10:21:36 AM
      #10
      It is possible that there could have been a malicious intermediate between your computer and bitaddress.org that intercepted the communication and accessed your paper wallet information. However, it is also possible that the compromise occurred at some other point, such as through a vulnerability in the system or network that you were using.

      As for the method you are considering for generating a paper wallet on bitaddress.org, it seems like a fairly secure method as long as you take the necessary precautions to ensure that the computer you are using is clean and free of any malware or other vulnerabilities. Disconnecting from the internet and wiping the hard drive before generating the wallet can help to reduce the risk of interception or compromise. However, it is also important to ensure that you are using a trusted computer and operating system, and to keep the computer and all software up to date with the latest security patches.

      legendary
      Activity: 3500
      Merit: 6320
      Crypto Swap Exchange
      December 22, 2022, 07:16:12 AM
      #9
      Some other random thoughts.

      1) Many corporate printers will generate a copy of everything you print for management /

      2) Same with company owned machines, they know & see everything you do. In this case it's not even 'I went to a bad site and got malware installed' but the company PC came with it to report on you.

      3) Eliminating 1 & 2 don't forget the person in the cube or office next to you. Did they see what you were doing?

      Not saying any of that happened here, but adding to 'not your keys not your coins' should also be 'not your PC not your DATA'

      -Dave
      legendary
      Activity: 3290
      Merit: 16489
      Thick-Skinned Gang Leader and Golden Feather 2021
      December 22, 2022, 03:09:51 AM
      #8
      You first funded it on September 15, and it was emptied on December 10. In that same transaction, 76 inputs were used, and a few different addresses had many different inputs.

      Quote
      It looks like someone stole from several wallets, mine was just one of that.
      Your address was emptied after 3 months, some of the other addresses after a year or almost 2 years.

      If someone somehow compromised your paper wallet from outside your office, that means they've patiently been waiting for people to make multiple deposits to those paper wallets before robbing them. That may also mean it will happen to more people.

      Hey Google, let the owners of 18CxzMfmadEvjwPjW8uzFe5n6xBDeraoJ6 and 1AmwSjzv6H3ujR7rFuVXLNz1yJfnJt2TFA find this topic!
      copper member
      Activity: 10
      Merit: 12
      December 21, 2022, 07:58:36 PM
      #7
      Thank you for the answers, guys. Believe me, I keep asking myself how could I be so idiot to trust in that network.

      I forgot to show the wallet:
      https://www.blockchain.com/explorer/addresses/btc/14AKAd16AEZZoW3dp4KEyANMJ3G5bPCrwE

      It looks like someone stole from several wallets, mine was just one of that.

      I will buy a hard wallet now. I suppose I was lucky, I have more BTC in the broker and was about to send them to my wallets - I generate several using the same way. Just this one had BTC, and, of course, I will never use them again.

      A few more infomations: I've never said that my work's network was 100% safe or that I trust 100% in the IT guys (I'm not in the IT team). I just said that I don't think that it was the problem and, for the safe of arguments, try to find other security problems.
      legendary
      Activity: 2212
      Merit: 7064
      December 20, 2022, 05:10:25 PM
      #6
      It is (was) a paper wallet I generated in bitaddress.org. I generated it online, in my work. The system is protected by firewall and VPN. Then I printed it in the printer connected in the network.
      You made a big mistake. Who knows what kind of malware and keyloggers you have, that can't be detected easily.
      No matter how ''safu'' you think your computer is, it's still connected to internet and paper wallet should be printed from website that is download and generated offline.
      Nobody knows if your office have hidden cameras or other type of surveillance, but paper wallets should never be used like this.

      Another thing is your opinion about one method I'm thinking for generate a paper wallet in bitaddress.org. Everybody tells that the bitaddress' website is safe. Is that so?
      Why are you using paper wallets in the first place, and why the heck are you doing this on your work place??

      legendary
      Activity: 2268
      Merit: 18771
      December 20, 2022, 07:26:45 AM
      #5
      I generated it online, in my work.
      Obviously I don't know your exact set up at work, but chances are that anyone in your IT department could probably have watched what you were doing.

      The system is protected by firewall and VPN.
      Neither of those mean that the system is safe or free from malware.

      Then I printed it in the printer connected in the network.
      Again exposing your wallet to anyone who had network privileges to view it. Additionally, the file would have been saved in the printer's own memory and could be retrieved later, and also potentially saved in your company's servers.

      The network is very safe - I will not tell the name of company for privacy.
      You have absolutely no way to know that, and you are relying on the common sense of every one of your colleagues to not download and expose the network to malware.

      Another thing is your opinion about one method I'm thinking for generate a paper wallet in bitaddress.org. Everybody tells that the bitaddress' website is safe. Is that so?
      It is (so far) been as safe as a website can be. But be aware that websites are generally a poor choice to generate private keys in the first place, and other paper wallet websites which were perfectly legitimate for years suddenly turned in to scams and resulted in lots of people having their coins stolen. I would agree with the advice above to generate your keys using Core or Electrum instead.

      The idea is to enter in the website and switch off the internet. The next steps will all be done without any internet:
      Turning off the internet for 5 minutes on a computer which has had frequent or constant internet access prior to this achieves almost nothing. The process needs to be done on a dedicated airgapped computer - that is one which has never had any internet access since you last formatted it and installed an open source Linux distro, and will never have any internet access again. You also need to connect that airgapped computer directly to an old fashioned dumb printer which does not have any internal memory or WiFi capabilities.
      legendary
      Activity: 3668
      Merit: 6382
      Looking for campaign manager? Contact icopress!
      December 20, 2022, 03:07:04 AM
      #4
      Any other ideas about how that happened?

      The first and easiest possibility would be that the website you've used to generate the paper wallet wasn't only showing it to you, instead it also made a copy of that paper wallet for the website owner.
      And at some point, when he noticed you've funded it, he stole your money since he had too the private key.

      Another discussion is about what you've done with the paper wallet an how you've stored it. If anyone else copied the private key, he could steal your money.
      A paper wallet as you've done it is a private key and an address. Those can be kept on paper, but some keep it (wrongly!) in e-mail or cloud storage, giving others the chance to steal.

      Plus if your computer has malware, for example, it was open to the internet.

      These are the first possibilities coming into my mind.

      Another thing is your opinion about one method I'm thinking for generate a paper wallet in bitaddress.org. Everybody tells that the bitaddress' website is safe. Is that so?
      The idea is to enter in the website and switch off the internet. The next steps will all be done without any internet:
      - generate the wallets
      - restore the windows, erasing everything
      - take out this HD, connect to my other notebook and format it using the program Eraser, which records random information in the drive
      - return the HD to the previous notebook and install Windows again
      Only now, turn on the internet.

      Any risk in this procedure?

      I don't know how good is bitaddress. If people say it's OK, fine, but such a tool can easily generate the keys even by a certain rule and make it easy to recover by the site owner. I would use a wallet to generate the private key.
      Apart of the first step and using a paper wallet generator, the rest of the steps look pretty good (although booting from an USB stick with a live OS with no persistence would achieve that easier).

      I would use Bitcoin core (offline, without downloading blockchain) or Electrum (offline) at first step and, as a later step, I would recover the wallet from the private key and make sure the address is the one expected (so you avoid surprises there too).



      Later edit: if you invest into amounts like 0.4 BTC, is it so difficult to invest in a hardware wallet? It would be safer and easier even for making yourself some sort of paper wallets, if you still want those.
      Pages:
      Jump to: