Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time  (Read 7941 times)

0 Members and 1 Guest are viewing this topic.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile

My BitsharesX wallet was compromised housing all of my PTS and BTC keys.  My wallet was encrypted, but it did not matter.   This gave the attacker access to AGS shares, and all shares of the DACs I owned.  They have all been stolen.

Stolen BTS


Stolen DNS


STOLEN FUND RECOVERY PROGRESS
https://docs.google.com/spreadsheets/d/1ZHQkYlMlHG1R20mKpqYLdJBdxwvS7TV_Af1F2vnQq5o/edit?usp=sharing

LIST OF CURRENT DONORS
onceuponatime , delegate.liondani , puppies , montpelerin, bts-tv

HISTORY OF STOLEN FUNDS
PTS
-   10/31 9:36:22pm (UTC) 2080 PTS moved to address PqwaEkunbDFBweRdNQdKPLWWSEbmXH7jrU and are still there - https://coinplorer.com/PTS/Transactions/87677618d6c2f243ea1f35b86825c565f99c166be4b58ac8445b04c1505c1ab5

DNS
-   10/31 3:58 PM http://dns.bitsharesblocks.com/blocks?top=256541 (1,021,791.78 DNS stolen, can’t tell if funds moved)
BTSX
–10/31 3:59 PM http://www.bitsharesblocks.com/blocks/block?id=887769  (440,000.50 BTS  stolen, can’t tell if funds moved)
-10/31/4:00 PM http://www.bitsharesblocks.com/blocks/block?id=887777 (559,999.38 BTS stolen, can’t tell if funds moved)

AGS
- compromised.

There is currently an ongoing effort to increase Bitshares wallet security , since this type of incident is a threat to mainstream adoption for Bitshares.  Also, there is an effort for members in the community out of generosity to donate to their fellow  brother ( me educatedwarrior) to help recoup stolen funds.   

In order to keep track of all the work going on for short term and long term solutions to increase wallet security, and support to help recoup educatedwarriors losses; action items announced in this tread a listed below.  We hope this incident can be used for better protocols to be established in order to make our bitshares investments more secure and ensure mainstream adoption.

NEXT ACTIONS
None

ONGOING
educatedwarrior accepting donations at BTSX: codeblooded    (thanks in advance for donations to help me recoup my stolen funds. )
  ------Ex.  2000 PTS divided with our active 200 members is 10 pts for each donation, with current price x $1.7 = $17 bitUSD

WAITING FOR
Confirmation that YubiKey integration may be added into wallets (bytemaster)
Contact Trezor contacts to talk about possible integration with Bitshares wallets. ( cass)
Vesting AGS will probably eventually have to have a key update feature  (toast)


COMPLETE
11/16/2014 Post spreadsheet  or website of donations received for public review.
11/5/2014 EducatedWarrior took Liondani's recommendation and purchased YubiKee and is using with it with password manager and generator KeePass. Excellent increase in security.
    --- wallet now secure with 256 bit password
11/3/2014 Liondani recommended Short term solution -- use YubiKey with password manager like KeePass or LastPass
11/2/2014 Various members posed questions for forensic investigation (werneo , )
« Last Edit: December 13, 2014, 01:13:35 PM by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline Riverhead

Re: All Protoshares stolen from my wallet
« Reply #1 on: November 01, 2014, 07:28:34 PM »
Are you sure it's not one of your change addresses?

Offline pgbit

  • Sr. Member
  • ****
  • Posts: 241
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #2 on: November 01, 2014, 07:39:41 PM »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #3 on: November 01, 2014, 10:04:05 PM »
Looks like everything got wiped out.   All my Bitshares are gone, all my protoshares are gone as well.   

The transactions simultaneously went through October 31 12 noon on both wallets.   

I imported the Protoshares into Bitshares a while back using wallet import. 


I'm really sad now.   This is definitely going to not allow me to support the Bitshares community anymore.   And I will be discouraged to recommend to anyone else at this point.  I lost too much money.



« Last Edit: November 01, 2014, 10:09:22 PM by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

zerosum

  • Guest
Re: All Protoshares stolen from my wallet
« Reply #4 on: November 01, 2014, 10:08:56 PM »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?
« Last Edit: November 01, 2014, 10:13:28 PM by tonyk2 »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #5 on: November 01, 2014, 10:09:42 PM »
Does bitshares take away your money if you don't vote?
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #6 on: November 01, 2014, 10:17:58 PM »
And this is why a hardware device approving all transactions is a must. Something like Trezor or even if it is just a phone app to perform the digital signatures. Desktops are so easy to hack. Mind telling us what operating system you use. Running a Linux machine might be safer and building everything from code instead of downloading unsafe executables.

Offline Riverhead

Re: All Protoshares stolen from my wallet
« Reply #7 on: November 01, 2014, 10:19:19 PM »
If the transaction didn't come from your wallet then they had to have your private key. Were the bitshares that you lost ones you claimed and were they moved from the claimed address? Just wonder because if they had your PTS private key they'd also have your BTS private key for that stake if it wasn't moved.


That really sucks man. I can only imagine the gut wrenching feeling :( . If you were able to become a delegate you could start to recoup your loses once things picked up.

Offline roadscape

Re: All Protoshares stolen from my wallet
« Reply #8 on: November 01, 2014, 10:20:13 PM »
Does bitshares take away your money if you don't vote?

No. Please scan your computer for viruses.. and let us know what you find.

How does your BTSX wallet display the transaction?
http://cryptofresh.com  |  witness: roadscape

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #9 on: November 01, 2014, 10:21:00 PM »
And by the way this is a problem with all crypto. I think a main reason crypto hasn't become mainstream yet.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #10 on: November 01, 2014, 10:23:59 PM »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #11 on: November 01, 2014, 10:29:44 PM »
And this is why a hardware device approving all transactions is a must. Something like Trezor or even if it is just a phone app to perform the digital signatures. Desktops are so easy to hack. Mind telling us what operating system you use. Running a Linux machine might be safer and building everything from code instead of downloading unsafe executables.

I am using Windows.  It appears my BitsharesX wallet was compromised .. that would be the only way they got the private keys for my Protoshares and Bitshares at the same time.  Each wallet I had on my computer was secured with password,  and no one knows my password except me.

I'm not finding any viruses on my computer
« Last Edit: November 01, 2014, 10:32:53 PM by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline biophil

  • Hero Member
  • *****
  • Posts: 814
  • Incentives run the world
    • View Profile
    • Sign up for a Bitshares account!
  • BTS: zebulon
Re: All Protoshares stolen from my wallet
« Reply #12 on: November 01, 2014, 10:37:34 PM »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

Here's a very important question, I'm not sure why nobody has asked it yet:

When you imported your PTS wallet into BTSX, did you make any transactions afterwards? If you did not make any transactions, then your BTSX balance was never moved out of its place on the genesis block, where it had the same private key as your PTS balance. Then if anybody stole your PTS private key, they would have access to your BTSX balance.

If this is what happened, then our community is to blame for not having a solid best practices manual for importing balances.

Where do you store your PTS wallet.dat file? Is it encrypted?

Damn, educatedwarrior. I'm very sorry about this. I do hope to convince you that this isn't a Bitshares problem; it's a private key security problem, which is common to all cryptocurrencies.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #13 on: November 01, 2014, 10:46:07 PM »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

Here's a very important question, I'm not sure why nobody has asked it yet:

When you imported your PTS wallet into BTSX, did you make any transactions afterwards? If you did not make any transactions, then your BTSX balance was never moved out of its place on the genesis block, where it had the same private key as your PTS balance. Then if anybody stole your PTS private key, they would have access to your BTSX balance.

If this is what happened, then our community is to blame for not having a solid best practices manual for importing balances.

Where do you store your PTS wallet.dat file? Is it encrypted?

Damn, educatedwarrior. I'm very sorry about this. I do hope to convince you that this isn't a Bitshares problem; it's a private key security problem, which is common to all cryptocurrencies.

It sounds like this is what happened.  After I imported my PTS into my BTSX wallet, I made a couple transactions selling about 25% and keeping the rest in my claim address.   The amount I kept in my claim address is all gone now.

Both of my wallets were encrypted.  They were stored on my Windows desktop computer encrypted... PTS and BTSX.     

« Last Edit: November 01, 2014, 10:48:56 PM by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline sudo

  • Hero Member
  • *****
  • Posts: 2245
    • View Profile
  • BTS: ags
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #14 on: November 02, 2014, 12:45:21 AM »
check the sha1 hash of your btsx setup exe file

来自我的 GT-I9305 上的 Tapatalk


 

Google+