Author Topic: All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time  (Read 46436 times)

0 Members and 1 Guest are viewing this topic.

Offline Globally Distributed

  • Full Member
  • ***
  • Posts: 54
    • View Profile
If I find out the person who stole my Bitshares... someone is going to get hurt really bad.    As time goes on the more angry I get.

If someone wants to see an asskickin', help me find who stole my BTS.

Did they access your account by brute force?
"People don't buy what you do, they buy why you do it."  https://www.youtube.com/watch?v=u4ZoJKF_VuA

kudos robrigo

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
If I find out the person who stole my Bitshares... someone is going to get hurt really bad.    As time goes on the more angry I get.

If someone wants to see an asskickin', help me find who stole my BTS.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Thanks to bts-tv, bitbud, monperlerin, onceuponatime, liondani, and puppies  for your donations.  I really appreciate your help.     Currently recouped   0.43% of my stolen BTS.    I have a long way to go but it's definitely better than nothing.   

 
« Last Edit: March 09, 2015, 01:21:04 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Does anyone know what exchanges owns this address?  PcHTgdPVkX83SGfzHF6KN34tsZpy3KbDzm
Any suggestions on how I could find out?  This exchange started transacting PTS around 2/26/2014.

looks like a total of 623,323 old PTS flowed through.
https://coinplorer.com/PTS/Addresses/PcHTgdPVkX83SGfzHF6KN34tsZpy3KbDzm
« Last Edit: December 30, 2014, 07:25:16 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline bytemaster

Does anyone have any thoughts on how this can be transferred to UNKNOWN?

Unless your wallet generated the transaction you don't know which account it was transferred to. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline speedy

  • Hero Member
  • *****
  • Posts: 1160
    • View Profile
  • BitShares: speedy
I would be devastated if I lost that much BTS.  :-\

Its worth noting that it always seems to be Windows users that this happens to. Store your wallet on a separate machine that you only use for crypto, and make that machine run Linux.

Offline Gentso1

  • Hero Member
  • *****
  • Posts: 931
    • View Profile
  • BitShares: gentso
Does anyone have any thoughts on how this can be transferred to UNKNOWN?

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
The new PTS wallet is cool.   If someone could help me get my 2080 old PTS stolen back, that would be even cooler.   :)     
@alphabar

That would be 2080 * 567 = 1179360 new PTS.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Received donations from
montpelerin 1000 BTS (11/18)
bts-tv    1900 BTS (12/5 and 12/7)


Thank you!!


BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Does anyone know if there is any initiative for improving wallet security?   


Also, I have been able to recoup less than 1% of the funds lost at this point.  I do appreciate the donations so for. 


Here are images of what happened to me on October 31,2014

Stolen BTS


Stolen DNS

« Last Edit: December 13, 2014, 01:23:46 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Thanks Toast,

Gotcha , I was told about that ... but lacking detail on whether it will fully recover me.    Nice to see it in the code   +5%

 Guess we'll wait and see, I do have a lot of faith.

BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
You seemed to have missed the memo:
https://github.com/BitShares/bitshares/blob/develop/build_sharedrop.py#L233
what does that mean?

Sent from my ALCATEL ONE TOUCH 997D


Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
I posted a summary of the donations received as of 11/16/2014.   Your help to recover my stolen funds will be appreciated.

https://docs.google.com/spreadsheets/d/1ZHQkYlMlHG1R20mKpqYLdJBdxwvS7TV_Af1F2vnQq5o/edit?usp=sharing

BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Let's get together and help out with this.  I will gladly put information in the server to a new wallet and we can see if attendees would be willing to help make you at least partially whole again. 

Sorry this happened and I will gladly add any delegates to the Beyond Bitcoin Delegate Slate who are working on bringing real security solutions to non-technical holders of these chains's tokens.

Your help would be appreciated fuzzy.   That was a devastating hit.  Currently I'm very far away from being even partially whole.  I have received donations from two members so far.. which are very much appreciated.  That's less than 0.1% of my losses.  However I am very optimistic of this community, which seems to be very caring and supportive.

I only desire to be made hole again, and anything above that given back to the community to support "bringing real security solutions ... of these chains's tokens".   
« Last Edit: November 07, 2014, 02:30:30 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
Let me just add though - that even in this mode, if your PC is compromised you are not safe, as the produced master key could still be captured. The device won't do the signature, it will just produce the master key, which can be captured on a compromised PC.

Here is an example of how the Yubikey may not protect you if you have malware running on your computer. You use the Yubikey to essentially auto-type a secure passphrase into Keepass and unlock the password manager. You then need to copy your BitShares wallet password from Keepass and paste it into the BitShares client to unlock it. You could have malware running on your computer that simply logs a copy of everything you copy and paste while using the OS. It could then upload the changes to this log to the attacker's server whenever it has internet connection. The malware could also scan your hard drive for something that looks like your Keepass database and your BitShares encrypted wallet private key and upload those to the server as well (worst case scenario the attacker could do this semi-manually with the help of screen captures after they are informed by the malware that the victim has cryptocurrency apps installed on their computer). With the BitShares encrypted wallet private key, the Keepass database, and the Keepass master passphrase which can be trivially bruteforced using the list of copied text from the clipboard log, the attacker could get access to the decrypted BitShares wallet private key and thus access to all of the funds held by all BTS accounts available via the BitShares wallet.

Even on compromised  Computers it's much more difficult for the intruder to get the password when someone has combined these "techniques":

http://keepass.info/help/v2/autotype_obfuscation.html

http://keepass.info/help/kb/sec_desk.html

EDIT: Can somebody explain me how they can get the static password from Yubikey ? It don't work like copy/paste as I know...
« Last Edit: November 06, 2014, 07:49:02 pm by liondani »

Offline fuzzy

Let's get together and help out with this.  I will gladly put information in the server to a new wallet and we can see if attendees would be willing to help make you at least partially whole again. 

Sorry this happened and I will gladly add any delegates to the Beyond Bitcoin Delegate Slate who are working on bringing real security solutions to non-technical holders of these chains's tokens.
WhaleShares==DKP; BitShares is our Community! 
ShareBits and WhaleShares = Love :D

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
Let me just add though - that even in this mode, if your PC is compromised you are not safe, as the produced master key could still be captured. The device won't do the signature, it will just produce the master key, which can be captured on a compromised PC.

However if the signature happens on another device (e.g. Trezor / mobile cell phone) it is far less likely that it will get hacked.

Just to add to what bitmeat said, all of these supposedly MFA schemes being recommended in this thread are just tiny marginal improvements in security that are insignificant compared to the true MFA security provided by multisig. The multisig security necessary can only be achieved when the BitShares client itself has been upgraded to implement those features. Then, a transaction can be signed by different devices each storing the private key for their part of the signature on the separate devices. The probability of all of the devices being simultaneously compromised is low, which is what provides the security. This is especially true when some of the devices are used specifically for these signing purposes only and do not have an internet connection. An example of such a device would be a Trezor or, more realistically for our purposes, a separate laptop with internet connectivity disabled that boots a live Linux environment from a read-only medium (this is also why offline transaction signing features are necessary for the client).

Here is an example of how the Yubikey may not protect you if you have malware running on your computer. You use the Yubikey to essentially auto-type a secure passphrase into Keepass and unlock the password manager. You then need to copy your BitShares wallet password from Keepass and paste it into the BitShares client to unlock it. You could have malware running on your computer that simply logs a copy of everything you copy and paste while using the OS. It could then upload the changes to this log to the attacker's server whenever it has internet connection. The malware could also scan your hard drive for something that looks like your Keepass database and your BitShares encrypted wallet private key and upload those to the server as well (worst case scenario the attacker could do this semi-manually with the help of screen captures after they are informed by the malware that the victim has cryptocurrency apps installed on their computer). With the BitShares encrypted wallet private key, the Keepass database, and the Keepass master passphrase which can be trivially bruteforced using the list of copied text from the clipboard log, the attacker could get access to the decrypted BitShares wallet private key and thus access to all of the funds held by all BTS accounts available via the BitShares wallet.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Let me just add though - that even in this mode, if your PC is compromised you are not safe, as the produced master key could still be captured. The device won't do the signature, it will just produce the master key, which can be captured on a compromised PC.

However if the signature happens on another device (e.g. Trezor / mobile cell phone) it is far less likely that it will get hacked.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
You guys don't understand how Yubikey works. It requires a centralized server that knows the secret and verifies it. Not that it can't be done with crypto, but you will still need to put your trust in a centralized entity. I'd much rather have an app that receives all transaction details over the net and shows it to you on your phone, where you can then decide whether to sign it or not. So even if your PC is compromised you never ever have your private keys exposed on it.

bitmeat, I don't think Yubikey needs a centralized server.   It works with KeePass and doesn't require a centralized server, you just had to install a KeePass plugin.

Here is the source to the plugin - http://keepass.info/extensions/v2/otpkeyprov/OtpKeyProv-2.3-Source.zip
Maybe someone could take a look at the source and implement it in Bitshares ... it is written in Visual C#

Thank you for the clarification! There are two modes, I was referring to the server mode. I see the static master password mode - that's fantastic. Should be easy to implement.

http://keepass.info/help/kb/yubikey.html

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
You guys don't understand how Yubikey works. It requires a centralized server that knows the secret and verifies it. Not that it can't be done with crypto, but you will still need to put your trust in a centralized entity. I'd much rather have an app that receives all transaction details over the net and shows it to you on your phone, where you can then decide whether to sign it or not. So even if your PC is compromised you never ever have your private keys exposed on it.

bitmeat, I don't think Yubikey needs a centralized server.   It works with KeePass and doesn't require a centralized server, you just had to install a KeePass plugin.

Here is the source to the plugin - http://keepass.info/extensions/v2/otpkeyprov/OtpKeyProv-2.3-Source.zip
Maybe someone could take a look at the source and implement it in Bitshares ... it is written in Visual C#
« Last Edit: November 06, 2014, 03:06:55 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
I took Liondani's recommendation and purchased YubiKee Neo for $50 and using with it with password manager and generator KeePass. Excellent increase in security.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
You guys don't understand how Yubikey works. It requires a centralized server that knows the secret and verifies it. Not that it can't be done with crypto, but you will still need to put your trust in a centralized entity. I'd much rather have an app that receives all transaction details over the net and shows it to you on your phone, where you can then decide whether to sign it or not. So even if your PC is compromised you never ever have your private keys exposed on it.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
@bytemaster
"We provide the YubiKey OTP Validation server for developers looking to integrate the YubiKey OTP Validation with an existing web site or service."
https://www.yubico.com/develop/open-source-software/validation-server/

What about the idea to integrate the YubiKey OTP Validation with our BTS client ?
I am sure the most delegates would be positive to fund such a integration, or not? Am I missing something?

yup or maybe BTS Trezor... i stay in touch with slush and alena from Bitcoin Trezor ...i'll contact them later this week …
+5 to use your connection's...
but my understanding is that the yubikey solution is much cheaper for the end user than the trezor solution...  at least with the current prices... and the degree of security is about the same...   but it would be optimal to have both options in the near future...  Nobody could use the "security" argument against bitshares after that !  It would definitely help a lot  to get to mass adoption ...

Sent from my ALCATEL ONE TOUCH 997D


Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
@bytemaster
"We provide the YubiKey OTP Validation server for developers looking to integrate the YubiKey OTP Validation with an existing web site or service."
https://www.yubico.com/develop/open-source-software/validation-server/

What about the idea to integrate the YubiKey OTP Validation with our BTS client ?
I am sure the most delegates would be positive to fund such a integration, or not? Am I missing something?

yup or maybe BTS Trezor... i stay in touch with slush and alena from Bitcoin Trezor ...i'll contact them later this week …
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
@bytemaster
"We provide the YubiKey OTP Validation server for developers looking to integrate the YubiKey OTP Validation with an existing web site or service."
https://www.yubico.com/develop/open-source-software/validation-server/

What about the idea to integrate the YubiKey OTP Validation with our BTS client ?
I am sure the most delegates would be positive to fund such a integration, or not? Am I missing something?

@liondani , integration with YubiKey seems to be a great idea.  Thank you.

Here is a link for using YubiKey + Password manager for applications without YubiKey integration.
https://www.yubico.com/applications/password-management/consumer/keepass/
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
@bytemaster
"We provide the YubiKey OTP Validation server for developers looking to integrate the YubiKey OTP Validation with an existing web site or service."
https://www.yubico.com/develop/open-source-software/validation-server/

What about the idea to integrate the YubiKey OTP Validation with our BTS client ?
I am sure the most delegates would be positive to fund such a integration, or not? Am I missing something?
« Last Edit: November 04, 2014, 07:42:57 am by liondani »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Thank you!  :D

I checked the change address in PTS wallet, and the destination address did not match any of the them.   

About changing the wallet password ... If a user has access to an older version of the wallet file the private keys compromised in that file would still be compromised.   Wouldn't the best solution be to make a new wallet instead of changing the password on the old wallet so you do not mistakenly use the compromised private keys?   

OR are you changing the password on your wallet now just to beef up security?
« Last Edit: November 04, 2014, 07:49:33 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
  Also, create a complex wallet password that makes a brute force attack difficult to do. 

There should be a keyfile option implemented in next versions of the wallet.

Using classical password in parallel with keyfile stored on usb stick could prevent this type of theft. Small separate stick with many similar files to keyfile used only when accessing wallet is cheap and fast method to at least double security. Wallet file and keyfile must be in different locations (and not on the same usb stick).

Also there is possibility of using 2FA. I know that is pain in the ass, but that could improve security too.

Good luck, I hope this resolves positively for educatedwarrior as well as for BitShares.

 +5%

A good solution for now also is a combination of:

1.yubikey+keepass (password manager) or
2.yubikey+lastpass (password manager)

yuibikey: https://www.yubico.com/
keepass: http://keepass.info/index.html
lastpass: https://lastpass.com/

PS ... with a very strong master-password for the password-manager (created from yubikey) combined with a One-Time Passwords (OATH HOTP)
« Last Edit: January 06, 2015, 08:57:29 pm by liondani »

Offline roadscape

So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

Zero confirmable claims have been made, nothing can be concluded just yet

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

We need it yesterday :)
http://cryptofresh.com  |  witness: roadscape

Offline Kenof

  • Full Member
  • ***
  • Posts: 71
    • View Profile
There should be a keyfile option implemented in next versions of the wallet.

Using classical password in parallel with keyfile stored on usb stick could prevent this type of theft. Small separate stick with many similar files to keyfile used only when accessing wallet is cheap and fast method to at least double security. Wallet file and keyfile must be in different locations (and not on the same usb stick).

Also there is possibility of using 2FA. I know that is pain in the ass, but that could improve security too.

Good luck, I hope this resolves positively for educatedwarrior as well as for BitShares.
Making life easier.

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Thank you!  :D

zerosum

  • Guest
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

Until then I think it is a bad idea to store any significant amount of funds on a Windows machine. If you want to keep using Windows fine, but I recommend buying a new laptop, install Linux on it, and use it only for cryptocurrency purposes. This should at least reduce the risk of hacks a little bit until we have proper security features built into the client.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #51 on: November 04, 2014, 12:23:18 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.

You mentioned the funds were extracted to a particular address. Have the funds moved from that address?


Here is the history of what happened so far... all transactions below.

PTS
-   10/31 9:36:22pm (UTC) 2080 PTS moved to address PqwaEkunbDFBweRdNQdKPLWWSEbmXH7jrU and are still there - https://coinplorer.com/PTS/Transactions/87677618d6c2f243ea1f35b86825c565f99c166be4b58ac8445b04c1505c1ab5

DNS
-   10/31 3:58 PM http://dns.bitsharesblocks.com/blocks?top=256541 (1,021,791.78 DNS stolen, can’t tell if funds moved)
BTSX
–10/31 3:59 PM http://www.bitsharesblocks.com/blocks/block?id=887769  (440,000.50 BTS  stolen, can’t tell if funds moved)
-10/31/4:00 PM http://www.bitsharesblocks.com/blocks/block?id=887777 (559,999.38 BTS stolen, can’t tell if funds moved)

AGS
- compromised.

Why does the destination address for the transactions have  UNKNOWN as a name and how is that possible?   ... doesn't a name have to be registered with a public address, how could that be?  Looks very fishy 
« Last Edit: November 04, 2014, 12:38:25 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline godzirra

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Sorry to hear about this man.

This sounds like a nightmare. I worry about this all the time. Until there is an easy way to safely store funds for the average user I don't know if we can expect any significant adoption.

I haven't seen a best practices thread for safe storage either. I would think this is a huge priority.

Is there something like 2FA where the thief has to get a hold of something physically as well?

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my AGS now.

 

Vesting AGS will probably eventually have to have a key update feature - watch for that too
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both

If this is the case it appears the key is not to allow anyone or anything to get access to the wallet file.      Also, create a complex wallet password that makes a brute force attack difficult to do. 

I'm sure Bitcoin has experience the same issues and have various solutions.
« Last Edit: November 03, 2014, 11:47:05 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my PTS and AGS now.

 
« Last Edit: November 03, 2014, 11:50:23 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?


Question1: Is it possible to derive the private key if a user has the public address and wallet password?   (I'm assuming not and thinking the password is only used to encrypt the json contents of the wallet file.)

Question2: Anyway to do an address substition so I can regain control of my AGS?
« Last Edit: November 03, 2014, 11:41:49 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
This could just as easily have happened to btstv because our BitShares client, account, and address is located on a windows computer that visits countless gomorragraphic websites for hours.

Therefore, we pledge to give all excess donations from now until Cyber Monday to:

BTS:codeblooded

By Cyber Monday, all our promotions will be finished, and after we finish paying out the winning contestants, all remaining balance will go towards helping recoup some of educatedwarrior's stolen BTS.

Our heart and BTS go out to you warrior, please accept our humble token of financial support.

We feel for you, because it could just as easily have been us because not only do we not have any adblock or updated antivirus software to speak of, we have brutal day jobs that make computer security learning a low priority to us.

If someone can show us how to remove the titan features, then we can have a public display of who is donating what to our injured brother.

btstv , this would be much appreciated.   I don't know how much I can thank you ... and all our other brothers lending support.   I hope the entire community can learn from this experience and establish better protocols for the future.       

Anyone planning to put together a "best practices" document for securing your bts wallet, or does one already exist?    Someone or I can start a thread if you guys think it may be beneficial.
« Last Edit: November 03, 2014, 11:21:57 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline roadscape

.
« Last Edit: July 03, 2015, 03:34:53 am by roadscape »
http://cryptofresh.com  |  witness: roadscape

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?


Offline Riverhead

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

When you send a partial balance from an address (say 1 PTS from an address that has 2000 PTS) ALL PTS leaves the sending address. 1PTS goes to whomever you sent it to and 1999 PTS (minus fee) goes to a third address your wallet either has already or creates (it starts with a pool of about 100). The wallet software masks this somewhat as it shows total balance.

So if it is an old copy  of your wallet that you're trying to use it's possible it doesn't have the change addresses of the post-backup wallet. As for the BTS it works in a similar way but the money can be found again be regenerating the keys for an account and then rescanning the blockchain.
« Last Edit: November 03, 2014, 02:05:09 pm by Riverhead »

Offline BitcoinJesus2.O

  • Newbie
  • *
  • Posts: 15
    • View Profile
This could just as easily have happened to btstv because our BitShares client, account, and address is located on a windows computer that visits countless gomorragraphic websites for hours.

Therefore, we pledge to give all excess donations from now until Cyber Monday to:

BTS:codeblooded

By Cyber Monday, all our promotions will be finished, and after we finish paying out the winning contestants, all remaining balance will go towards helping recoup some of educatedwarrior's stolen BTS.

Our heart and BTS go out to you warrior, please accept our humble token of financial support.

We feel for you, because it could just as easily have been us because not only do we not have any adblock or updated antivirus software to speak of, we have brutal day jobs that make computer security learning a low priority to us.

If someone can show us how to remove the titan features, then we can have a public display of who is donating what to our injured brother.
« Last Edit: November 03, 2014, 02:02:19 pm by btstv »

Offline bytemaster

Did you use the password more than one p lace?

Did you leave your wallet open? 

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
werneo , those are some great questions.  I'm working on getting those answers to you.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #36 on: November 03, 2014, 03:31:17 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.

educatedwarrior: exactly how and when was your desktop computer infected in the first place? I'm not clear that Armory was the attack vector.

Did you use a password manager or did you type in your password each time you loaded the wallet?

Have you identified any sort of keylogging malware that would explain how your pwd was stolen?

You mentioned the funds were extracted to a particular address. Have the funds moved from that address?

Have you made an inventory of your wallet change addresses and compared them with the suspect address?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?
« Last Edit: November 03, 2014, 03:39:52 am by werneo »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #35 on: November 03, 2014, 03:21:52 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "codeblooded" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.
« Last Edit: November 03, 2014, 04:14:48 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline roadscape

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #34 on: November 03, 2014, 02:46:34 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?
http://cryptofresh.com  |  witness: roadscape

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
item: ordinary windows bts wallet vulnerable to attack

It seems to me everyone in this thread (even the victim) seem remarkably calm. I see this event as a major threat to any future marketing effort.

It seems to me that all the appropriate brains of this community should be aimed at discovering all the forensic evidence necessary to identify the profile and source of the attack.

At the very least there should be an investigation and then a recommended course of action for other ordinary windows bts/x wallet users.

This is an extremely serious matter. Where's the emergency response?  :o

I'm trying my best to remain calm and control emotions to keep my thinking intact; I don't know what else I can do at this point ... I feel so helpless.  I do agree if there isn't any processes in place to mitigate issues like this, mainstream adoption is going to be challenging.  I was recommending Bitshares to people and offering to get them set up, but now .. looks like I need some education myself before I can be a warrior on the streets to increase adoption.  I have to have a good testimony.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #32 on: November 03, 2014, 02:31:07 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "codeblooded" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.
« Last Edit: November 03, 2014, 04:14:14 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
item: ordinary windows bts wallet vulnerable to attack

It seems to me everyone in this thread (even the victim) seem remarkably calm. I see this event as a major threat to any future marketing effort.

It seems to me that all the appropriate brains of this community should be aimed at discovering all the forensic evidence necessary to identify the profile and source of the attack.

At the very least there should be an investigation and then a recommended course of action for other ordinary windows bts/x wallet users.

This is an extremely serious matter. Where's the emergency response?  :o

Offline roadscape

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #30 on: November 03, 2014, 02:02:30 am »
So.. have you formatted yet?

Nothing else was stolen?
http://cryptofresh.com  |  witness: roadscape

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #29 on: November 03, 2014, 01:09:49 am »
OnceUponAtime and LionDani, thank you very much for the donations.    I definitely have a long way to go to get close to recouping my loss, but this is a start and I really appreciate your charity.

Currently I'm getting errors transfering funds out of my educatedwarrior wallet so I need to get that resolved before I can transfer what donations I received out.      Issue posted here --->https://bitsharestalk.org/index.php?topic=10919.msg143861#msg143861

I did register a new name delegate.educatedwarrior which is not compromised to accept donations.

bytemaster is right, they compromised the BTSX wallet and therefore got all of my imported keys for PTS, BTC (Angelshares), BTSX, and DNS all at the same time.

So here is the total I lost... my former investment proves my loyalty to the Invictus community.
1,000,000 BTSX
2080 PTS
1,021,791 DNS

I think Liondani's idea of an insurance DAC is a great idea.  I also think a document needs to be posted with protocols to better secure wallets.   Getting a BTSX wallet compromised is devastating since you stand to lose equity in multiple DACs.  I'm definitely planning to move all of my wallets to Unix now.

Question for Bytemaster ... Is there a way to do an address substitution so I could get my AGS back ... if approved by the Invictus Community?
« Last Edit: November 03, 2014, 01:56:24 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline vlight

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
  • BitShares: vlight

Offline bytemaster

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #27 on: November 02, 2014, 04:20:05 pm »

I sent 400 btsx to "educatedwarrior". If he hadn't changed his Titan name, and it went to the thief, then I am pretty pissed off and will not send more.

If thief stole pts wallet then it will be fine, if btsx wallet then the account key may be compromised. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline onceuponatime

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #26 on: November 02, 2014, 04:12:58 pm »
I sent 400 btsx to "educatedwarrior". If he hadn't changed his Titan name, and it went to the thief, then I am pretty pissed off and will not send more.

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #25 on: November 02, 2014, 02:15:41 pm »
could we as a community help  educatedwarrior out?
Would it be a good idea to make something like a fund raise to help him out?
Anybody could be in his position after all... even members that are very careful and experienced could have problems like that.
What about to vote for a delegate with 100% payrate that will use all funds as a security fund for members that get screwed in future like educatedwarrior ?
Of course somehow they may exist rules so future members don't create fake story’s etc. ....
We could vote for example with polls or even using the future vote dac about the decision we made to help trusted(?) members with identical issues...
What about the future insurance DAC? Could it be useful for situations like that?
I have lost about 3 BTC because they had compromised my windows account before some months ... It was an awful feeling !!! And he lost everything! Imagine that! Man that's a nightmare...
And I bet it's not only the value of the coins... it's more fustrating to know they lost PTS and BTSX, not money... He lost something with real emotional value, cause he was probably also supporting the vision we all share together... bitshares...


PS1 I know everybody here are frustrated the last days because of the BTSX price decline (me included), but it doesn't mean we will not support our community members...
We managed to see 10% and 20% declines every day on our total stake value... I assume nobody will have problem to "loose" another 0.1% because he donated to help a member in trouble out ?  We are about 200 forum members every single day online... If we all help, it will need only a very small donation from each of us...

2000 PTS divided with our active 200 members is 10 pts for each donation, with current price x $1.7 = $17 bitUSD
I start  with sending $20 bitUSD and I promise to send more if we not get close to the numbers we need to make him happy again   :)

PS2 It would be great to give us maybe more details about your losses and some proves maybe for members that are not so sure/convinced etc...


EDIT:
shit! now I thought about it! I sent my donation to: BTSX: educatedwarrior
does it mean I sent it to the thief ? Please login and sent it somewhere else before you loose that too... Our did you changed the password?
Is your wallet safe now? Either way let us know where we can sent safely  some funds  ;)

Anybody that made a donation please reply here to track the total  donations... We don't want to make him rich either  :P
« Last Edit: November 02, 2014, 02:43:31 pm by liondani »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #24 on: November 02, 2014, 01:06:21 pm »
Hmm , we'll you guys know my riches to rags story.  Learn from it.  Don't put your wallets in  windows.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #23 on: November 02, 2014, 07:24:56 am »
Guys, I believe I figure out the issue.

I had Armory wallet installed to protect my bitcoins ... it appears Armory wallet has installed some virus on my computer.   Here are viruses I have found all in my Armory wallet data folders.

Murphy, oropax, syslock, diskspoiler, prtscr 1024, attention.


Armory wallet F'd me up my brothers.   Damn, bastards!!   

So figured the issue could have been a virus ... maybe.   But my funds are long gone.
That's probably a false positive:
https://bitcointalk.org/index.php?topic=554738.0

I wanted to to say that also.
I am sure it was not armory but false positives because of the blockchain that has virus signatures on it... It's a known "issue"...

Liondani, I verified what you said to be correct ... the virus were identified under the blockchain database file folders.

So if this was a false positive, that would mean the virus was not the culprit?


QUESTIONS
Anyone got any ideas on how I can get my money back .... or am I just screwed.  Anyway we could track who the coins went to?

How could they have stolen my PTS and BTSX at the same time? .... they may have my AGS as well.


« Last Edit: November 02, 2014, 01:04:26 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #22 on: November 02, 2014, 06:05:16 am »
Guys, I believe I figure out the issue.

I had Armory wallet installed to protect my bitcoins ... it appears Armory wallet has installed some virus on my computer.   Here are viruses I have found all in my Armory wallet data folders.

Murphy, oropax, syslock, diskspoiler, prtscr 1024, attention.


Armory wallet F'd me up my brothers.   Damn, bastards!!   

So figured the issue could have been a virus ... maybe.   But my funds are long gone.
That's probably a false positive:
https://bitcointalk.org/index.php?topic=554738.0

I wanted to to say that also.
I am sure it was not armory but false positives because of the blockchain that has virus signatures on it... It's a known "issue"...

busygin

  • Guest
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #21 on: November 02, 2014, 03:48:37 am »
Guys, I believe I figure out the issue.

I had Armory wallet installed to protect my bitcoins ... it appears Armory wallet has installed some virus on my computer.   Here are viruses I have found all in my Armory wallet data folders.

Murphy, oropax, syslock, diskspoiler, prtscr 1024, attention.


Armory wallet F'd me up my brothers.   Damn, bastards!!   

So figured the issue could have been a virus ... maybe.   But my funds are long gone.
That's probably a false positive:
https://bitcointalk.org/index.php?topic=554738.0

Offline liondani

  • Hero Member
  • *****
  • Posts: 3737
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #20 on: November 02, 2014, 03:23:21 am »
yubikey combined with a password manager is a  good solution...

Sent from my ALCATEL ONE TOUCH 997D


Offline Riverhead

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #19 on: November 02, 2014, 02:27:48 am »
Just send your balance to yourself. TITAN will make sure the keys are unique

Sent from my SM-G900T using Tapatalk


Online Brekyrself

  • Hero Member
  • *****
  • Posts: 512
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #18 on: November 02, 2014, 02:25:04 am »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

Here's a very important question, I'm not sure why nobody has asked it yet:

When you imported your PTS wallet into BTSX, did you make any transactions afterwards? If you did not make any transactions, then your BTSX balance was never moved out of its place on the genesis block, where it had the same private key as your PTS balance. Then if anybody stole your PTS private key, they would have access to your BTSX balance.

If this is what happened, then our community is to blame for not having a solid best practices manual for importing balances.

Where do you store your PTS wallet.dat file? Is it encrypted?

Damn, educatedwarrior. I'm very sorry about this. I do hope to convince you that this isn't a Bitshares problem; it's a private key security problem, which is common to all cryptocurrencies.

Does the entire balance need to be moved after importing from the genesis block?  What's the best method here?

Offline joele

  • Sr. Member
  • ****
  • Posts: 467
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #17 on: November 02, 2014, 02:03:30 am »
Guys, I believe I figure out the issue.

I had Armory wallet installed to protect my bitcoins ... it appears Armory wallet has installed some virus on my computer.   Here are viruses I have found all in my Armory wallet data folders.

Murphy, oropax, syslock, diskspoiler, prtscr 1024, attention.


Armory wallet F'd me up my brothers.   Damn, bastards!!   

So figured the issue could have been a virus ... maybe.   But my funds are long gone.

Do you have antivirus? or your antivirus did not catch it?

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Guys, I believe I figure out the issue.

I had Armory wallet installed to protect my bitcoins ... it appears Armory wallet has installed some virus on my computer.   Here are viruses I have found all in my Armory wallet data folders.

Murphy, oropax, syslock, diskspoiler, prtscr 1024, attention.


Armory wallet F'd me up my brothers.   Damn, bastards!!   

So figured the issue could have been a virus ... maybe.   But my funds are long gone.
« Last Edit: November 03, 2014, 12:41:51 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline sudo

  • Hero Member
  • *****
  • Posts: 2255
    • View Profile
  • BitShares: ags
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #15 on: November 02, 2014, 12:45:21 am »
check the sha1 hash of your btsx setup exe file

来自我的 GT-I9305 上的 Tapatalk


Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #14 on: November 01, 2014, 10:46:07 pm »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

Here's a very important question, I'm not sure why nobody has asked it yet:

When you imported your PTS wallet into BTSX, did you make any transactions afterwards? If you did not make any transactions, then your BTSX balance was never moved out of its place on the genesis block, where it had the same private key as your PTS balance. Then if anybody stole your PTS private key, they would have access to your BTSX balance.

If this is what happened, then our community is to blame for not having a solid best practices manual for importing balances.

Where do you store your PTS wallet.dat file? Is it encrypted?

Damn, educatedwarrior. I'm very sorry about this. I do hope to convince you that this isn't a Bitshares problem; it's a private key security problem, which is common to all cryptocurrencies.

It sounds like this is what happened.  After I imported my PTS into my BTSX wallet, I made a couple transactions selling about 25% and keeping the rest in my claim address.   The amount I kept in my claim address is all gone now.

Both of my wallets were encrypted.  They were stored on my Windows desktop computer encrypted... PTS and BTSX.     

« Last Edit: November 01, 2014, 10:48:56 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
Re: All Protoshares stolen from my wallet
« Reply #13 on: November 01, 2014, 10:37:34 pm »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

Here's a very important question, I'm not sure why nobody has asked it yet:

When you imported your PTS wallet into BTSX, did you make any transactions afterwards? If you did not make any transactions, then your BTSX balance was never moved out of its place on the genesis block, where it had the same private key as your PTS balance. Then if anybody stole your PTS private key, they would have access to your BTSX balance.

If this is what happened, then our community is to blame for not having a solid best practices manual for importing balances.

Where do you store your PTS wallet.dat file? Is it encrypted?

Damn, educatedwarrior. I'm very sorry about this. I do hope to convince you that this isn't a Bitshares problem; it's a private key security problem, which is common to all cryptocurrencies.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #12 on: November 01, 2014, 10:29:44 pm »
And this is why a hardware device approving all transactions is a must. Something like Trezor or even if it is just a phone app to perform the digital signatures. Desktops are so easy to hack. Mind telling us what operating system you use. Running a Linux machine might be safer and building everything from code instead of downloading unsafe executables.

I am using Windows.  It appears my BitsharesX wallet was compromised .. that would be the only way they got the private keys for my Protoshares and Bitshares at the same time.  Each wallet I had on my computer was secured with password,  and no one knows my password except me.

I'm not finding any viruses on my computer
« Last Edit: November 01, 2014, 10:32:53 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #11 on: November 01, 2014, 10:23:59 pm »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?

When I look at the ledger it says it went to "UNKNOWN"    .   How could that be?

I quick scanned my computer for virus using AVAST and didn't have any viruses.   I will do a deep scan and let you know.

BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #10 on: November 01, 2014, 10:21:00 pm »
And by the way this is a problem with all crypto. I think a main reason crypto hasn't become mainstream yet.

Offline roadscape

Re: All Protoshares stolen from my wallet
« Reply #9 on: November 01, 2014, 10:20:13 pm »
Does bitshares take away your money if you don't vote?

No. Please scan your computer for viruses.. and let us know what you find.

How does your BTSX wallet display the transaction?
http://cryptofresh.com  |  witness: roadscape

Offline Riverhead

Re: All Protoshares stolen from my wallet
« Reply #8 on: November 01, 2014, 10:19:19 pm »
If the transaction didn't come from your wallet then they had to have your private key. Were the bitshares that you lost ones you claimed and were they moved from the claimed address? Just wonder because if they had your PTS private key they'd also have your BTS private key for that stake if it wasn't moved.


That really sucks man. I can only imagine the gut wrenching feeling :( . If you were able to become a delegate you could start to recoup your loses once things picked up.

Offline bitmeat

  • Hero Member
  • *****
  • Posts: 1116
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #7 on: November 01, 2014, 10:17:58 pm »
And this is why a hardware device approving all transactions is a must. Something like Trezor or even if it is just a phone app to perform the digital signatures. Desktops are so easy to hack. Mind telling us what operating system you use. Running a Linux machine might be safer and building everything from code instead of downloading unsafe executables.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #6 on: November 01, 2014, 10:09:42 pm »
Does bitshares take away your money if you don't vote?
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

zerosum

  • Guest
Re: All Protoshares stolen from my wallet
« Reply #5 on: November 01, 2014, 10:08:56 pm »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

I am curious about that also, as well as what did the anti-virus found, if anything?

Also where did the money on the BTSX chain went?
« Last Edit: November 01, 2014, 10:13:28 pm by tonyk2 »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #4 on: November 01, 2014, 10:04:05 pm »
Looks like everything got wiped out.   All my Bitshares are gone, all my protoshares are gone as well.   

The transactions simultaneously went through October 31 12 noon on both wallets.   

I imported the Protoshares into Bitshares a while back using wallet import. 


I'm really sad now.   This is definitely going to not allow me to support the Bitshares community anymore.   And I will be discouraged to recommend to anyone else at this point.  I lost too much money.



« Last Edit: November 01, 2014, 10:09:22 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline pgbit

  • Sr. Member
  • ****
  • Posts: 241
    • View Profile
Re: All Protoshares stolen from my wallet
« Reply #3 on: November 01, 2014, 07:39:41 pm »
For the record, did you import the wallet or pts keys to other wallets? If so, which ones?

Offline Riverhead

Re: All Protoshares stolen from my wallet
« Reply #2 on: November 01, 2014, 07:28:34 pm »
Are you sure it's not one of your change addresses?

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time
« Reply #1 on: November 01, 2014, 06:58:16 pm »
My BitsharesX wallet was compromised housing all of my PTS and BTC keys.  My wallet was encrypted, but it did not matter.   This gave the attacker access to AGS shares, and all shares of the DACs I owned.  They have all been stolen.

Stolen BTS


Stolen DNS


STOLEN FUND RECOVERY PROGRESS
https://docs.google.com/spreadsheets/d/1ZHQkYlMlHG1R20mKpqYLdJBdxwvS7TV_Af1F2vnQq5o/edit?usp=sharing

LIST OF CURRENT DONORS
onceuponatime , delegate.liondani , puppies , montpelerin, bts-tv

HISTORY OF STOLEN FUNDS
PTS
-   10/31 9:36:22pm (UTC) 2080 PTS moved to address PqwaEkunbDFBweRdNQdKPLWWSEbmXH7jrU and are still there - https://coinplorer.com/PTS/Transactions/87677618d6c2f243ea1f35b86825c565f99c166be4b58ac8445b04c1505c1ab5

DNS
-   10/31 3:58 PM http://dns.bitsharesblocks.com/blocks?top=256541 (1,021,791.78 DNS stolen, can’t tell if funds moved)
BTSX
–10/31 3:59 PM http://www.bitsharesblocks.com/blocks/block?id=887769  (440,000.50 BTS  stolen, can’t tell if funds moved)
-10/31/4:00 PM http://www.bitsharesblocks.com/blocks/block?id=887777 (559,999.38 BTS stolen, can’t tell if funds moved)

AGS
- compromised.

There is currently an ongoing effort to increase Bitshares wallet security , since this type of incident is a threat to mainstream adoption for Bitshares.  Also, there is an effort for members in the community out of generosity to donate to their fellow  brother ( me educatedwarrior) to help recoup stolen funds.   

In order to keep track of all the work going on for short term and long term solutions to increase wallet security, and support to help recoup educatedwarriors losses; action items announced in this tread a listed below.  We hope this incident can be used for better protocols to be established in order to make our bitshares investments more secure and ensure mainstream adoption.

NEXT ACTIONS
None

ONGOING
educatedwarrior accepting donations at BTSX: codeblooded    (thanks in advance for donations to help me recoup my stolen funds. )
  ------Ex.  2000 PTS divided with our active 200 members is 10 pts for each donation, with current price x $1.7 = $17 bitUSD

WAITING FOR
Confirmation that YubiKey integration may be added into wallets (bytemaster)
Contact Trezor contacts to talk about possible integration with Bitshares wallets. ( cass)
Vesting AGS will probably eventually have to have a key update feature  (toast)


COMPLETE
11/16/2014 Post spreadsheet  or website of donations received for public review.
11/5/2014 EducatedWarrior took Liondani's recommendation and purchased YubiKee and is using with it with password manager and generator KeePass. Excellent increase in security.
    --- wallet now secure with 256 bit password
11/3/2014 Liondani recommended Short term solution -- use YubiKey with password manager like KeePass or LastPass
11/2/2014 Various members posed questions for forensic investigation (werneo , )
« Last Edit: December 13, 2014, 01:13:35 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true