Pages:
Author

Topic: WARNING, WALLET STEALER!!! (Read 4589 times)

sr. member
Activity: 420
Merit: 263
let's make a deal.
January 04, 2014, 05:59:57 AM
#56
wait





that wasn't the Wallet Inspector!

full member
Activity: 149
Merit: 100
January 04, 2014, 05:57:26 AM
#55
Running any third party software that involves your wallet is STUPID, no other word for it.

If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.

~BCX~
I never understood why people blame the victim. Grow some empathy for fuck sake.
Until it happens to them, then they cry bloody murder.
Except it won't happen to them, because they have common sense.

It wasn't a mistake on the users part, it's not a clever con by the scammer; it's people just being ignorant.

Your digital wallet is the same as the physical wallet in your pocket. Your wallet address is the same as your bank account number.

Why and how on earth could anyone even begin to think that it would be safe to run a 3rd party program from someone you don't know on your computer that requires that sensitive information? I mean, really, if someone released a chat client that required you to enter your bank account #, would you do it? If you would, you're dumb as a sack of rocks. This is exactly the same thing. Unknown unofficial 3rd party software + wallet address = SCAM. No ifs, ands, buts or exceptions about it.

The only thing you run on your computer regarding your wallet IS your wallet. That is it, nothing else. Except maybe an auto-trade script, and that is ONLY if you write the script yourself.

Its seriously pretty darn sad that this needs to be explained to people at all. Makes me wonder what else needs to be explained to some people. Don't wash your eyes with bleach. Don't take a nap in the middle of an intersection. Don't lick an electrical outlet. Don't buy a Rollexx for $50 from that guy out of his trunk. Your welcome!  Roll Eyes  Roll Eyes  Roll Eyes

I don't even understand what the interest in this was anyways. Like there aren't enough legitimate chat clients out there that everyone can use safely for free that don't require such information.


I never understood why people blame the victim. Grow some empathy for fuck sake.
It's called personal responsibility.

~BCX~
Exactly. When someone chooses to fore go common sense and do something that is very dumb, anything that happens ultimately becomes their responsibility.
cof
newbie
Activity: 21
Merit: 0
January 02, 2014, 12:20:29 AM
#54
winning negative money is fun. doge doge!
member
Activity: 112
Merit: 10
January 01, 2014, 05:13:21 AM
#53
I highly suspect this guy is using a keylogger.

So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.


site:bshades.eu "All4coins"  Huh
http://lmgtfy.com/?q=site%3Abshades.eu+%22All4coins%22
legendary
Activity: 1316
Merit: 1000
January 01, 2014, 03:11:24 AM
#52
I highly suspect this guy is using a keylogger.

So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.
member
Activity: 118
Merit: 10
January 01, 2014, 02:36:13 AM
#51
Oh boy, why would he do such a thing. He was just fishing for newbs :/ Sorry about your luck.
sr. member
Activity: 428
Merit: 252
January 01, 2014, 01:46:55 AM
#50
Sorry to hear about the loss.  Sad   I'm sure with the advent of crypto currency, we'll probably have some form of a global Crypto police out there in a matter of years. 
xnu
newbie
Activity: 24
Merit: 0
January 01, 2014, 01:28:39 AM
#49
Feel so bad about this and don't really know if we can do anything. Is there? Can we do anything?

You should write to police if they have department which research sybercrimes. Usually they should have. They can find this man, but process is comlicated here.
legendary
Activity: 854
Merit: 1000
December 31, 2013, 03:42:53 PM
#48
Is there any precaution to avoid this malware?

Yep.

Scan whatever you download if it has not been verified clean by other members of the forum here.
Edit2: Here's a link for individual file online virus scanning: https://www.virustotal.com/ for that purpose.


how to use virustotal.com to scan a wallet before you download?  do you have to download it first and then scan?

I DL the object in a win7 VM and scan it there. No need to open it, just scan the entire thing. 

That way, if it indeed is a virus it only blows up the VM.  I just restore the VM to the clean image.
newbie
Activity: 28
Merit: 0
December 31, 2013, 03:30:22 PM
#47
Is there any precaution to avoid this malware?

Yep.

Scan whatever you download if it has not been verified clean by other members of the forum here.
Edit2: Here's a link for individual file online virus scanning: https://www.virustotal.com/ for that purpose.


how to use virustotal.com to scan a wallet before you download?  do you have to download it first and then scan?
sr. member
Activity: 509
Merit: 250
Disrupt the banking system!
December 31, 2013, 02:42:23 PM
#46
So there you have it folks. Use a brainwallet next time. Or, a trusted exchange with 2FA.
legendary
Activity: 1946
Merit: 1005
My mule don't like people laughing
December 31, 2013, 02:40:37 PM
#45
Running any third party software that involves your wallet is STUPID, no other word for it.

If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.



~BCX~

I never understood why people blame the victim. Grow some empathy for fuck sake.

Until it happens to them, then they cry bloody murder.
sr. member
Activity: 406
Merit: 250
December 31, 2013, 02:38:10 PM
#44
Yeah I think you're dead right it is a tough one... I wonder too if there is a happy medium, I reckon it is probably not possible because really anything connected to the internet is a risk. It looks like if you are storing coins cold storage is the best bet and then maybe have some in your normal wallet to play around with.

I think I will get to work on making a cold storage thread on my forum. Do you know if armory id available for other coins or is it just BTC?


I don't think Armory is available for any altcoins, just Bitcoin.

Thread with a little discussion on it from the developer of Armory:
https://bitcointalksearch.org/topic/can-armory-support-altcoin-qt-wallets-trc-fc-ltc-etc-187835

member
Activity: 112
Merit: 10
December 31, 2013, 02:29:09 PM
#43
Running any third party software that involves your wallet is STUPID, no other word for it.

If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.



~BCX~

I never understood why people blame the victim. Grow some empathy for fuck sake.

some think because it doesnt get flagged by anti virus its safe  Huh
newbie
Activity: 46
Merit: 0
December 31, 2013, 02:24:37 PM
#42
Running any third party software that involves your wallet is STUPID, no other word for it.

If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.



~BCX~

I never understood why people blame the victim. Grow some empathy for fuck sake.
full member
Activity: 167
Merit: 100
December 31, 2013, 02:17:30 PM
#41
Thanks for the warning, the Same guy is at the Litecoin forums trying to steal wallets. I've warned the Litecoin community.

Good work, thanks for helping to spread the message, about all we can do. Sad
full member
Activity: 167
Merit: 100
December 31, 2013, 02:16:25 PM
#40
So let me get this straight, the wallets, ALL of them had their coins emptied. The passwords were all different.

So how did he do this? This must mean that Satoshi's client is broken and needs more security! This is insane.

Maybe the passwords were weak and all similar? So easy to crack? I really don't know. I guess he can tell you more about it.

I think the above is highly likely Sad
full member
Activity: 167
Merit: 100
December 31, 2013, 02:15:05 PM
#39
I think wallet security is the biggest fundamental flaw with Bitcoin.

Everyone compares Bitcoin with cash with good reason.  After all, storing Bitcoin in an online wallet is akin to stuffing your cash in a stranger’s mattress.  No one would do that, yet people still use online wallets and, in the case of inputs.io, lose a lot of money by doing so.

The wallet stealing viruses can easily be prevented, but it is not something that most people really think of when downloading programs.  It’s not really the same as being pickpocketed because you never even have to come in contact with the criminal.  It’s more similar to someone leaving a business card on your windshield and you placing that in your wallet and then when you get home you notice that the business card just ate all of your cash.  

Cold storage is the best way to prevent this, but even with Armory’s efforts to make it as easy as possible; this is a very complicated process for some people and a deterrent for them to actually spend their Bitcoins.  

Online storage is easy to spend but it is not safe.  
Cold storage is very safe but is not easy to spend.

Is there a happy medium (safe and easy to spend) that I am missing?


Yeah I think you're dead right it is a tough one... I wonder too if there is a happy medium, I reckon it is probably not possible because really anything connected to the internet is a risk. It looks like if you are storing coins cold storage is the best bet and then maybe have some in your normal wallet to play around with.

I think I will get to work on making a cold storage thread on my forum. Do you know if armory id available for other coins or is it just BTC?
full member
Activity: 167
Merit: 100
December 31, 2013, 02:09:46 PM
#38
If it is possible for the victim to post in here and verify himself, perhaps the community could donate a bit to him to lessen his impact.

Okay he is here, https://bitcointalk.org/index.php?topic=393618.new#new

He's a bit upset and I must say that he told me after that the $10,000 came out wrong and it was 10,000 gold that went missing as well as 250,000 NET and a bunch of other coins. He can obvioulsy tell you more than I anyway.

Thanks guys.
member
Activity: 112
Merit: 10
December 31, 2013, 02:08:02 PM
#37
Pages:
Jump to: