Topic: [XPM] 7800 STOLEN - Please read / help - page 2. (Read 3375 times)
Sorry to hear about your loss. Use multiple wallets and strong passwords next time.
Sorry for your loss. In the future, run Ubuntu from CD, install Qt, disconnect from internet physically, never mind syncing blocks, create new wallet, extract private key and save on paper or somerhing, switch of power to computer. Now when you do mining, send all proceeds to this cold storage and do it at once you get the coins.
Sounds great, Im a bit new...what a cold wallet?
Is it one that does stay online and up-to-date with the blockchain?
Is it one that does stay online and up-to-date with the blockchain?
Exactly the opposite
Sounds great, Im a bit new...what a cold wallet?
Is it one that does stay online and up-to-date with the blockchain?
Is it one that does stay online and up-to-date with the blockchain?
Ive encrypted it from day one, I have the wallet.dat files.
What the safest way to store them? I guess leaving them on the desktop on the server isnt a good idea ?
What the safest way to store them? I guess leaving them on the desktop on the server isnt a good idea ?
I have a cold wallet that I keep on a flash drive.
I made a new encrypted wallet.dat and stored it on a flash drive, writing down the address.
This is my savings account flash drive. I have a cold wallet of every coin I take as payments.
They are all in the same password protected rar. I even have a copy of every wallet/client on that flash drive as well.
There is no way conceivable for someone to hack my cold wallet.
I plan on eventually making it 2x flash drives and keeping one in my safety deposit box. This way If anything happens to the first flash drive I'm not completely boned.
Another way to store a cold wallet for long term is to put it in a password protected rar and email it to yourself. As long as Gmail is still alive and kicking you have a copy.
For shits and giggles, and so its "stealthy", Name the rar something like "Christmas Pics". If someone gets into your email they wont even think twice about trying to brute force your "Chrismas Pics" lol
Ive encrypted it from day one, I have the wallet.dat files.
What the safest way to store them? I guess leaving them on the desktop on the server isnt a good idea ?
EDIT:
Ive been thinking...
The thing is this thief has been successful and probably feeling pretty smug right now, he will most likely continue.
OP I've emailed ypool support to see if they can help and dropped a link tp this thread in the freenode XPM channel, Ypool are the only functional XPM pool that I know of.
I'll also drop links to this thread where I can to make people aware. I suggest that if anyone else know a good place to drop a link then to do so and keep this thread updated so we dont pester admins etc with dupe requests.
What the safest way to store them? I guess leaving them on the desktop on the server isnt a good idea ?
EDIT:
Ive been thinking...
The thing is this thief has been successful and probably feeling pretty smug right now, he will most likely continue.
OP I've emailed ypool support to see if they can help and dropped a link tp this thread in the freenode XPM channel, Ypool are the only functional XPM pool that I know of.
I'll also drop links to this thread where I can to make people aware. I suggest that if anyone else know a good place to drop a link then to do so and keep this thread updated so we dont pester admins etc with dupe requests.
Woah dude, this sucks.
Hope you find out who it is and recover your coins.
What step can I take to ensure the security of my wallet??
Make sure it is encrypted from day 1 and make sure you dont have a keylogger! Hope you find out who it is and recover your coins.
What step can I take to ensure the security of my wallet??
Woah dude, this sucks.
Hope you find out who it is and recover your coins.
What step can I take to ensure the security of my wallet??
Hope you find out who it is and recover your coins.
What step can I take to ensure the security of my wallet??
Have you checked your ~/.bash_history file?
Everything you type to the console will be recorded there, including your plaintext wallet passwords, if you are not explicitly excluding them.
So it would be easy for an attacker who has access to the machine to steal the wallet and the bash_history file.
Are you aware of this security hole?
Wow I wasn't actually. But I had never unlocked a wallet on a linux machine until after the first coins were taken and I had to unlock in order to run the sendoaddress script. Good to know for future though! Everything you type to the console will be recorded there, including your plaintext wallet passwords, if you are not explicitly excluding them.
So it would be easy for an attacker who has access to the machine to steal the wallet and the bash_history file.
Are you aware of this security hole?
Have you checked your ~/.bash_history file?
Everything you type to the console will be recorded there, including your plaintext wallet passwords, if you are not explicitly excluding them.
So it would be easy for an attacker who has access to the machine to steal the wallet and the bash_history file.
Are you aware of this security hole?
Everything you type to the console will be recorded there, including your plaintext wallet passwords, if you are not explicitly excluding them.
So it would be easy for an attacker who has access to the machine to steal the wallet and the bash_history file.
Are you aware of this security hole?
I don't have any coin i guess worth anything like 7k however would be good to know there is a way to thwart people stealing your coins to some degree. I don't see how it would work ? why was he only trying to draw 10xpm at one time, why did he not extract the coins in one large transaction?
I would guess because the block value is a little over 10 XPM right now.
Really sorry to hear what happened to you, Paul. I had my Bter account hacked a couple of months back, and while my losses pales in comparison to yours, they were quite significant to me and hurt a lot.
Mail the shit out of all the exchanges and tell them not to accept any transactions from that address. Also keep a lookout to see where the coins move.
Code:
#!/bin/bash
while true; do ./primecoind sendtoaddress10.4; done;
I don't have any coin i guess worth anything like 7k however would be good to know there is a way to thwart people stealing your coins to some degree. I don't see how it would work ? why was he only trying to draw 10xpm at one time, why did he not extract the coins in one large transaction?
I would guess because the block value is a little over 10 XPM right now.
Really sorry to hear what happened to you, Paul. I had my Bter account hacked a couple of months back, and while my losses pales in comparison to yours, they were quite significant to me and hurt a lot.
Mail the shit out of all the exchanges and tell them not to accept any transactions from that address. Also keep a lookout to see where the coins move.
Yeah this is not good, i wonder how it would be possible to give wallets or funds even more security?
BTW - can you explain more how this works
" I turned on a single miner and set it running a script to sendtoaddress 10 XPM and ran it as fast as I could in an effort to beat the thief"
Have you got a copy of this script that runs on ubuntu 64 bit?
I don't have any coin i guess worth anything like 7k however would be good to know there is a way to thwart people stealing your coins to some degree. I don't see how it would work ? why was he only trying to draw 10xpm at one time, why did he not extract the coins in one large transaction?
BTW - can you explain more how this works
" I turned on a single miner and set it running a script to sendtoaddress 10 XPM and ran it as fast as I could in an effort to beat the thief"
Have you got a copy of this script that runs on ubuntu 64 bit?
I don't have any coin i guess worth anything like 7k however would be good to know there is a way to thwart people stealing your coins to some degree. I don't see how it would work ? why was he only trying to draw 10xpm at one time, why did he not extract the coins in one large transaction?
Damn that's allot hope you will find out who it was and how he did it! to ease your pain a little (i know you are not begging) i send 10 xpm to your address, i know it's a small amount but maybe if 780 people do the same i enjoy crypto and like it very much. it's not only the crypto but the crypto community what make's it worth liking it so please don't lose faith.
Regards.
thanks nfuse, I'm certainly not begging, but it is much appreciated. i enjoy crypto and like it very much. it's not only the crypto but the crypto community what make's it worth liking it so please don't lose faith.Regards.
Damn that's allot hope you will find out who it was and how he did it! to ease your pain a little (i know you are not begging) i send 10 xpm to your address, i know it's a small amount but maybe if 780 people do the same i enjoy crypto and like it very much. it's not only the crypto but the crypto community what make's it worth liking it so please don't lose faith.
Regards.
i enjoy crypto and like it very much. it's not only the crypto but the crypto community what make's it worth liking it so please don't lose faith.Regards.
Damm that sucks paul. That really sucks.
I guess the lesson to be learned here is not to hold your funds in a wallet that exists in many many places. It would be better practice to be routinely sending those funds to a cold wallet which you have stored in a very safe place.
If it is like you say, a VPS vulnerability, i wonder if we will be seeing more reports about this in the near future, as there were a lot of other people mining on those same VPS's.
Best of luck,
crendore
I guess the lesson to be learned here is not to hold your funds in a wallet that exists in many many places. It would be better practice to be routinely sending those funds to a cold wallet which you have stored in a very safe place.
If it is like you say, a VPS vulnerability, i wonder if we will be seeing more reports about this in the near future, as there were a lot of other people mining on those same VPS's.
Best of luck,
crendore
Sorry about your loss.
I have sent you small (0.15btc) donation to help you with your losses to the address in your signature.
txid: 0a393ac298ca893567b1746eea0455f916a3b2d979d4640db2bf0143522b0167
I have sent you small (0.15btc) donation to help you with your losses to the address in your signature.
txid: 0a393ac298ca893567b1746eea0455f916a3b2d979d4640db2bf0143522b0167
thanks usahero, that was both unnecessary but warmly welcomed.
Sorry about your loss.
I have sent you small (0.15btc) donation to help you with your losses to the address in your signature.
txid: 0a393ac298ca893567b1746eea0455f916a3b2d979d4640db2bf0143522b0167
I have sent you small (0.15btc) donation to help you with your losses to the address in your signature.
txid: 0a393ac298ca893567b1746eea0455f916a3b2d979d4640db2bf0143522b0167
Since maturing coins were still being stolen it meant that they must have had a copy of my wallet.dat rather than using my RPC.
Why? They could have asked for unconfirmed transactions over RPC, dump the privkey of the block and import into their own wallet. This way, once the block matures, they can spend it.
I know this works because I do this very thing to group all my immature mined blocks into one wallet.
Sad story =/ Hope you to recover somehow
Jump to: