Author Topic: All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time  (Read 46442 times)

0 Members and 1 Guest are viewing this topic.

Offline roadscape

So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

Zero confirmable claims have been made, nothing can be concluded just yet

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

We need it yesterday :)
http://cryptofresh.com  |  witness: roadscape

Offline Kenof

  • Full Member
  • ***
  • Posts: 71
    • View Profile
There should be a keyfile option implemented in next versions of the wallet.

Using classical password in parallel with keyfile stored on usb stick could prevent this type of theft. Small separate stick with many similar files to keyfile used only when accessing wallet is cheap and fast method to at least double security. Wallet file and keyfile must be in different locations (and not on the same usb stick).

Also there is possibility of using 2FA. I know that is pain in the ass, but that could improve security too.

Good luck, I hope this resolves positively for educatedwarrior as well as for BitShares.
Making life easier.

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Thank you!  :D

zerosum

  • Guest
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

Until then I think it is a bad idea to store any significant amount of funds on a Windows machine. If you want to keep using Windows fine, but I recommend buying a new laptop, install Linux on it, and use it only for cryptocurrency purposes. This should at least reduce the risk of hacks a little bit until we have proper security features built into the client.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #51 on: November 04, 2014, 12:23:18 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.

You mentioned the funds were extracted to a particular address. Have the funds moved from that address?


Here is the history of what happened so far... all transactions below.

PTS
-   10/31 9:36:22pm (UTC) 2080 PTS moved to address PqwaEkunbDFBweRdNQdKPLWWSEbmXH7jrU and are still there - https://coinplorer.com/PTS/Transactions/87677618d6c2f243ea1f35b86825c565f99c166be4b58ac8445b04c1505c1ab5

DNS
-   10/31 3:58 PM http://dns.bitsharesblocks.com/blocks?top=256541 (1,021,791.78 DNS stolen, can’t tell if funds moved)
BTSX
–10/31 3:59 PM http://www.bitsharesblocks.com/blocks/block?id=887769  (440,000.50 BTS  stolen, can’t tell if funds moved)
-10/31/4:00 PM http://www.bitsharesblocks.com/blocks/block?id=887777 (559,999.38 BTS stolen, can’t tell if funds moved)

AGS
- compromised.

Why does the destination address for the transactions have  UNKNOWN as a name and how is that possible?   ... doesn't a name have to be registered with a public address, how could that be?  Looks very fishy 
« Last Edit: November 04, 2014, 12:38:25 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline godzirra

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Sorry to hear about this man.

This sounds like a nightmare. I worry about this all the time. Until there is an easy way to safely store funds for the average user I don't know if we can expect any significant adoption.

I haven't seen a best practices thread for safe storage either. I would think this is a huge priority.

Is there something like 2FA where the thief has to get a hold of something physically as well?

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my AGS now.

 

Vesting AGS will probably eventually have to have a key update feature - watch for that too
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both

If this is the case it appears the key is not to allow anyone or anything to get access to the wallet file.      Also, create a complex wallet password that makes a brute force attack difficult to do. 

I'm sure Bitcoin has experience the same issues and have various solutions.
« Last Edit: November 03, 2014, 11:47:05 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my PTS and AGS now.

 
« Last Edit: November 03, 2014, 11:50:23 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline toast

  • Hero Member
  • *****
  • Posts: 4001
    • View Profile
  • BitShares: nikolai
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?


Question1: Is it possible to derive the private key if a user has the public address and wallet password?   (I'm assuming not and thinking the password is only used to encrypt the json contents of the wallet file.)

Question2: Anyway to do an address substition so I can regain control of my AGS?
« Last Edit: November 03, 2014, 11:41:49 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
This could just as easily have happened to btstv because our BitShares client, account, and address is located on a windows computer that visits countless gomorragraphic websites for hours.

Therefore, we pledge to give all excess donations from now until Cyber Monday to:

BTS:codeblooded

By Cyber Monday, all our promotions will be finished, and after we finish paying out the winning contestants, all remaining balance will go towards helping recoup some of educatedwarrior's stolen BTS.

Our heart and BTS go out to you warrior, please accept our humble token of financial support.

We feel for you, because it could just as easily have been us because not only do we not have any adblock or updated antivirus software to speak of, we have brutal day jobs that make computer security learning a low priority to us.

If someone can show us how to remove the titan features, then we can have a public display of who is donating what to our injured brother.

btstv , this would be much appreciated.   I don't know how much I can thank you ... and all our other brothers lending support.   I hope the entire community can learn from this experience and establish better protocols for the future.       

Anyone planning to put together a "best practices" document for securing your bts wallet, or does one already exist?    Someone or I can start a thread if you guys think it may be beneficial.
« Last Edit: November 03, 2014, 11:21:57 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline roadscape

.
« Last Edit: July 03, 2015, 03:34:53 am by roadscape »
http://cryptofresh.com  |  witness: roadscape