Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: My Bitcoin withdrawal on BTER.COM gone/disappeared to "wrong" address ! (SCAM?)  (Read 903 times)

Offline liondani


Before 5 days (10/10/2014) I made a withdrawal request on BTER for 0.5 bitcoin and wanted the funds to go to address
129mztHAP1VUMWn2BdTrNCEUpfDPVpkHEq (because I wanted to sent them for the bitshares music presale  :'()
Now I realized that "my" 0.5 bitcoin is gone  to address:
16LLwLZcEC7YM2L5NPwGLdSRTQNk3S67pM
that not belong to me!!!
The weird thing is that on the last 10 transactions history on BTER it is supposed I have sent  two more times to the same address!
I don't remember these transactions but it is possible I have lost some more funds the same way and I didn't noticed until now  >:(....

 With further investigation via https://blockchain.info/address/16LLwLZcEC7YM2L5NPwGLdSRTQNk3S67pM
I saw that the funds arrived  on the "wrong" address" after 2 days and one day after they have gone to:
16PXucAgi9N8LPqAxyNud1ySuVVCQRQ9bZ

With a little googling I found that the last address is associated with SCAMS and is owned by a scammy exchange https://www.coinexd.com
more users have lost their funds and have "see" them on this particular address 16PXucAgi9N8LPqAxyNud1ySuVVCQRQ9bZ
https://bitcointalk.org/index.php?topic=754229.20

So the question now is:
What is happening?
Is my computer compromised or is BTER in general in trouble?(I have submitted a ticket and I am waiting for answers)
I am using Two-Factor Authentication so I would be very surprised to conclude that it was my fault...

Have some of you identical experience?
Thoughts?

edit:

PS I forgot to mention that I had much more funds on BTER that particular time I lost these funds (0.5 BTC)... But they have been untouched  ???

« Last Edit: October 15, 2014, 06:22:29 PM by liondani »
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline cube

  • Hero Member
  • *****
  • Posts: 1404
  • Bit by bit, we will get there!
    • View Profile
  • BTS: bitcube
  • Witness: bitcube
I am sorry you are facing this.  Two possible scenarios :

1) Bter is hacked.  You should quickly contact Bter support and check with them,  or

2) Your PC is being hacked or it got a malware infection.   Your could be a victim of a phishing attempt.   The Bter website you are accessing was a fake and you were sending information to a fake bter.  Or your PC could be remotely controlled/spied on and your transmissions were being altered.  You should do a immediate full and thorough anvirus/anti-malware scan.
ID: bitcube
bitcube is a dedicated witness and committe member. Please vote for bitcube.

Ggozzo

  • Guest
That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.

Offline liondani

That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.

It was not my address but even if it was, the funds are gone from this address to another after one day without me doing anything!
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline liondani

I am sorry you are facing this.  Two possible scenarios :

1) Bter is hacked.  You should quickly contact Bter support and check with them,  or

2) Your PC is being hacked or it got a malware infection.   Your could be a victim of a phishing attempt.   The Bter website you are accessing was a fake and you were sending information to a fake bter.  Or your PC could be remotely controlled/spied on and your transmissions were being altered.  You should do a immediate full and thorough anvirus/anti-malware scan.

1) I have submitted a ticket to bter and I am still waiting for answers....
2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)

PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)
« Last Edit: October 15, 2014, 06:35:37 PM by liondani »
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline Chuckone

Found this about a malware that could possibly be responsible for your loss:

"Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline gamey

  • Hero Member
  • *****
  • Posts: 2252
    • View Profile
Found this about a malware that could possibly be responsible for your loss:

"Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

Thats pretty genius.  I'm waiting on a BTC from btc38 that has been sitting there for 12 hours.  God I hate these crypto-exchanges.  Part of the problem is I don't think they really do enough volume to pay well and cover all their expenses.  If BTC went to $100 for example, I would be highly doubtful they could even run a skeleton crew.  Most crypto-businesses could adapt in theory, but not these non-fiat crypto-exchanges.   
I speak for myself and only myself.

Offline Shentist

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 1605
    • View Profile
    • metaexchange
  • BTS: shentist
i have no problem on BTER so far.

seems like your computer is a long time infected. first wrong transaction occured in July?????


Offline liondani

A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline liondani

i have no problem on BTER so far.

seems like your computer is a long time infected. first wrong transaction occured in July?????

But I have no other incidents ... so assume I have a malware that change "only" the bitcoin address copied to the clipboard?

Could it be that the transactions on July are fake? Only on history to make the user (me) use the wrong address "again"?
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline Method-X

  • Hero Member
  • *****
  • Posts: 1120
  • VIRAL
    • View Profile
    • Learn to code, fast.
  • BTS: methodx
A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)

It doesn't matter if you're offline while typing passwords as the log is sent when you're online.

Offline liondani

A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."

http://en.wikipedia.org/wiki/Bitcoin#Malware

That could be a method used in my case... I remember I copy-paste the original address to bter...
(I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)

It doesn't matter if you're offline while typing passwords as the log is sent when you're online.

offline just to avoid nobody is spying in real time my screen (like on teamviewer)
and see what I am "typing" with my virtual on-screen keyboard ...

PS I am not typing in the traditional way...
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline sva_h4cky0

hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.

if same things happen, then bter compromise.
otherwise your pc is compromise.

just my 2btsx, good luck  ;)
天の道を行き、総てを司る! Ten no michi o iki, subete o tsukasadoru!

Offline liondani

hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.

if same things happen, then bter compromise.
otherwise your pc is compromise.

just my 2btsx, good luck  ;)

thanks for your advice...
I already do that  ;)

will inform further on next post's with my conclusions...
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline happybit

  • Full Member
  • ***
  • Posts: 87
  • Happy Bit!
    • View Profile
I've had the exact same thing happen before!!!  It was a f*cking chrome extension!!!

They update automatically and can become malware without you being able to do anything about it!!!

I thought lastpass was changing the addresses on me, and I tried turning it off, and turning off autofill and everything.

Nothing worked, and then I found that it was a bitcoin price notification extension (i found out by searching for the address it was sent to, and found others posting about similar problems) I checked yours, google didn't say anything, though it could be a new virus.

I asked a google developer about how this could happen, he said: "Just turn off autoupdate" -- that is not possible from what I see, and he couldn't figure it out either.

be super careful with Chrome Extensions

I can digup more info on this if you need it. Good luck!  I hope it wasn't this, and BTer can somehow give you back your BTC

 

Google+