Topic: Wallet Hack on 4/25 - page 5. (Read 11267 times)

I have a customer who is a victim of this particular theft.

Here are his answers to piuk's questions.


He insists that he is keeping a secure environment and that neither his computer nor strong password were compromised.

Any leads on what could have caused this? Or who the thief is?

Will reimbursing affected users be considered?

I love how you can watch your money being stolen from you LIVE and there's really nothing you can do. hopefully, during one of those jumps, someone catches on to it and returns the funds like in the case of Ozcoin.

Innovation will solve these issues unless regulation decides to stifle creativity.

Looks like someone had a busy day yesterday.  Traced where some of my funds went and over 2500 BTC got dumped into this account all yesterday after being routed bunch of different places.

https://blockchain.info/address/16WcStW5Mef1KrmyC9pMBKzKdp5RFsFxjo

By 'hot' i mean one connected to the network that can be used to send and receive.  'Cold' storage usually means setting up a key you can store things then printing out a paper wallet or something similar and not having the private key/wallet accessible by any means on your computer.

Can you post a link?  I couldn't find a thread either in Offtopic or your history at a glance.

What phone?  What do you mean "hacked"?  Would like to know given I store up to about 10 BTC on my phone most of the time.

When you say "hot wallet" do you just mean one linked to the Internet? Online wallet? What are the limitations of an offline wallet?

Actually been on here for just about a year - just never had any reason or desire to post until recently.

Or an artifact of speed-reading.  I would not rule out the OP being a sock-puppet account (or just a fresh account.)  These are neither discouraged by the forum owner, nor would it be a bad idea to report a security issue.

It also may be the case that certain people are fairly involved with Bitcoin without having early (or any) involvement with this forum.  It's not unfair in my mind to classify this forum as something of a cesspool, and it is certainly a waste of time...particularly for those like myself who have limited self-control and much free time.

re: casascius -- you are correct, I didn't lose 500+ coins.  I only lost 0.78, still stings given I haven't been at this for long and don't have a ton, but you were right to think that through versus jumping to conclusion like SgtSpike did.  Signed a message for him proving him wrong and never heard back.

re: Piuk --  I'm PM'd the other user to see if we were sharing any apps.  Would be difficult to go through everything or what we've downloaded to ensure no keyloggers, but...

    Do you have a bitcoin app on your android phone?  Yes - BitcoinSpinner
    Do you have a blockchain.info wallet holding the address in question?  Yes.
    If you have a blockchain wallet do you use a public alias the same as your bitcointalk, bitcoin-otc or irc username?  No. Separate name and separate password.
    Do you have accounts on one of the following sites: BTC-e, bitcoin-central or mining.bitcoin.cz? Account on BTC-e
    Do you reuse the same wallet password on different websites (specifically the above sites)?  Different passwords
    Do you read the BTC-e chat box?  Can't say I "read" it but messages are flashing up all the time while I'm on the site.
    Does your browser have Java enabled? http://isjavaenabled.com  -- Tough call on this one.  I've been running noscript for a week or so on Firefox on a fresh install, so should be protected there, but have had that address for a while and know I was on btc-e prior to installing noscript, so all depends when person would gotten my privkey.

And that my friends is experience and good judgement.

I know someone personally who lost 4 BTC in one of these blockchain.info wallet heists, where the transaction taking his funds was a multi-txin transaction that combined the funds of many others.

My guess is the OP is not complaining of losing 500+ BTC, he just lost whatever BTC he had, which was part of a single theft from multiple people, the theft totaling 500+ BTC.

Unfortunately I think more users are likely to be affected by this transaction.

Any users who own an address used in the above transaction (https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80) please could you answer the following questions:

• Do you have a bitcoin app on your android phone?
• Do you have a blockchain.info wallet holding the address in question?
• If you have a blockchain wallet do you use a public alias the same as your bitcointalk, bitcoin-otc or irc username?
• Do you have accounts on one of the following sites: BTC-e, bitcoin-central or mining.bitcoin.cz?
• Do you reuse the same wallet password on different websites (specifically the above sites)?
• Do you read the BTC-e chat box?
• Does your browser have Java enabled? http://isjavaenabled.com

Oh -- is this that BTC-e (hope I'm remembering this right -- sorry if I didn't) chatroom javascript hack we saw a week or two ago, anyone? IIRC, it used a keylogger, too.

Probably unrelated, but in my case:  I had only one or two apps installed.  Android OS. The only app I remember was a GPS satellite monitoring program...I'd replaced the phone recently because the GPS had given out.  Phones generally are not my thing and I mainly use it for it's navigation functions.

I was out of cell range, but hooked up to a friend's satellite via wi-fi (way way out a rural area where there is just about zero chance that the wi-fi was hacked unless through the friend's hard-wired compute or ipad or router.)  I received a chat and it was in some foreign script.  I then noticed that my keyboard had changed to Arabic.

Later that evening, I noticed several unusual drafts in my outbox so I am pretty sure that the attacker had accessed my e-mail.  I left the house not long after my the chat, so it is possible that the attacker got cut off and did not get a chance to fully do what he wished and/or clean up successfully.

Yeah - phones are worthless for security.  I keep less than $25 on mine - in Bridgewalker - just for showing people how it works and giving them a couple of bitcents to get started playing.

If I'm going to be away from home and in need of bitcoin I take my linux netbook with an encypted bitcoin-qt hot wallet loaded with what I think I'll need.  I consider that adequate for moderate amounts.  I enter passwords with an on-screen keyboard.

Well, i learned my lesson.  Having access on phone is nice so i can transfer when I'm not in front of my machine at home, but agree that's only good for limited amounts.  Fortunately, I've lurked here long enough to learn about cold storage and how to set that up disconnected from network so I'm safe.  I PM'd the other guy that got hacked in the same transaction but haven't hear back yet.  Right now it would appear blockchain.info is the common factor, but if he was running same program on phone I'd probably consider that another possible weak link.

New wallet, one location. 

My phone was hacked the other day (posted in off-topic.)  I didn't investigate it in detail...just wiped the phone and moved on.  I would have a lot of trouble trusting the phone for anything at this point.  Certainly not a bitcoin client or access to any on-line wallet with more than a few dollars worth of value.  I now don't use it for e-mail on my main e-mail account.  Just set up a secondary e-mail for very limited data and use which is a drag (vs. being able to check my mail e-mail from my phone.)  I guess I'll do the same with on-line wallets which should be easy enough.  I have a Windows machine but would prefer to not access any wallet with more than a few BTC from it as well so this will kill several birds with one stone.

have the bitcoin-qt client (behind firewall and encrypted wallet), blockchain.info (pretty tough password) and also have the address on my phone using bitcoinspinner for android (could be weak link).

Ok, we'll run with this.

So your address is 1HHwDwxpeq4ZxRDE3TDNVfhT6jyj6Cx6nE.  What Bitcoin wallet software are you using?

Address in question is 1HHwDwxpeq4ZxRDE3TDNVfhT6jyj6Cx6nE

I don't have nearly 500 BTC.  That's what is screwed up.  Only one of the accounts on that list is from me which seems very odd given not sure how transfers from multiple separate accounts could be under one transaction. 

SgtSpike - Just went back and re-read my original post.  Don't recall asking for handouts.  Just trying to do public service.  Don't jump down my throat.

GyFo+kcxewu+KG51xxXHI+JFOhnpXX0oSr08QzWV22im9mnD1ksVAKxxq7VYkyXR+7tqHczO8DZS94PK7UPJ30w=