Author Topic: All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time  (Read 46478 times)

0 Members and 1 Guest are viewing this topic.

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?


Offline Riverhead

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

When you send a partial balance from an address (say 1 PTS from an address that has 2000 PTS) ALL PTS leaves the sending address. 1PTS goes to whomever you sent it to and 1999 PTS (minus fee) goes to a third address your wallet either has already or creates (it starts with a pool of about 100). The wallet software masks this somewhat as it shows total balance.

So if it is an old copy  of your wallet that you're trying to use it's possible it doesn't have the change addresses of the post-backup wallet. As for the BTS it works in a similar way but the money can be found again be regenerating the keys for an account and then rescanning the blockchain.
« Last Edit: November 03, 2014, 02:05:09 pm by Riverhead »

Offline BitcoinJesus2.O

  • Newbie
  • *
  • Posts: 15
    • View Profile
This could just as easily have happened to btstv because our BitShares client, account, and address is located on a windows computer that visits countless gomorragraphic websites for hours.

Therefore, we pledge to give all excess donations from now until Cyber Monday to:

BTS:codeblooded

By Cyber Monday, all our promotions will be finished, and after we finish paying out the winning contestants, all remaining balance will go towards helping recoup some of educatedwarrior's stolen BTS.

Our heart and BTS go out to you warrior, please accept our humble token of financial support.

We feel for you, because it could just as easily have been us because not only do we not have any adblock or updated antivirus software to speak of, we have brutal day jobs that make computer security learning a low priority to us.

If someone can show us how to remove the titan features, then we can have a public display of who is donating what to our injured brother.
« Last Edit: November 03, 2014, 02:02:19 pm by btstv »

Offline bytemaster

Did you use the password more than one p lace?

Did you leave your wallet open? 

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
werneo , those are some great questions.  I'm working on getting those answers to you.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #36 on: November 03, 2014, 03:31:17 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.

educatedwarrior: exactly how and when was your desktop computer infected in the first place? I'm not clear that Armory was the attack vector.

Did you use a password manager or did you type in your password each time you loaded the wallet?

Have you identified any sort of keylogging malware that would explain how your pwd was stolen?

You mentioned the funds were extracted to a particular address. Have the funds moved from that address?

Have you made an inventory of your wallet change addresses and compared them with the suspect address?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?
« Last Edit: November 03, 2014, 03:39:52 am by werneo »

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #35 on: November 03, 2014, 03:21:52 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "codeblooded" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.
« Last Edit: November 03, 2014, 04:14:48 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline roadscape

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #34 on: November 03, 2014, 02:46:34 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?
http://cryptofresh.com  |  witness: roadscape

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
item: ordinary windows bts wallet vulnerable to attack

It seems to me everyone in this thread (even the victim) seem remarkably calm. I see this event as a major threat to any future marketing effort.

It seems to me that all the appropriate brains of this community should be aimed at discovering all the forensic evidence necessary to identify the profile and source of the attack.

At the very least there should be an investigation and then a recommended course of action for other ordinary windows bts/x wallet users.

This is an extremely serious matter. Where's the emergency response?  :o

I'm trying my best to remain calm and control emotions to keep my thinking intact; I don't know what else I can do at this point ... I feel so helpless.  I do agree if there isn't any processes in place to mitigate issues like this, mainstream adoption is going to be challenging.  I was recommending Bitshares to people and offering to get them set up, but now .. looks like I need some education myself before I can be a warrior on the streets to increase adoption.  I have to have a good testimony.
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #32 on: November 03, 2014, 02:31:07 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "codeblooded" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.
« Last Edit: November 03, 2014, 04:14:14 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
item: ordinary windows bts wallet vulnerable to attack

It seems to me everyone in this thread (even the victim) seem remarkably calm. I see this event as a major threat to any future marketing effort.

It seems to me that all the appropriate brains of this community should be aimed at discovering all the forensic evidence necessary to identify the profile and source of the attack.

At the very least there should be an investigation and then a recommended course of action for other ordinary windows bts/x wallet users.

This is an extremely serious matter. Where's the emergency response?  :o

Offline roadscape

Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #30 on: November 03, 2014, 02:02:30 am »
So.. have you formatted yet?

Nothing else was stolen?
http://cryptofresh.com  |  witness: roadscape

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #29 on: November 03, 2014, 01:09:49 am »
OnceUponAtime and LionDani, thank you very much for the donations.    I definitely have a long way to go to get close to recouping my loss, but this is a start and I really appreciate your charity.

Currently I'm getting errors transfering funds out of my educatedwarrior wallet so I need to get that resolved before I can transfer what donations I received out.      Issue posted here --->https://bitsharestalk.org/index.php?topic=10919.msg143861#msg143861

I did register a new name delegate.educatedwarrior which is not compromised to accept donations.

bytemaster is right, they compromised the BTSX wallet and therefore got all of my imported keys for PTS, BTC (Angelshares), BTSX, and DNS all at the same time.

So here is the total I lost... my former investment proves my loyalty to the Invictus community.
1,000,000 BTSX
2080 PTS
1,021,791 DNS

I think Liondani's idea of an insurance DAC is a great idea.  I also think a document needs to be posted with protocols to better secure wallets.   Getting a BTSX wallet compromised is devastating since you stand to lose equity in multiple DACs.  I'm definitely planning to move all of my wallets to Unix now.

Question for Bytemaster ... Is there a way to do an address substitution so I could get my AGS back ... if approved by the Invictus Community?
« Last Edit: November 03, 2014, 01:56:24 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline vlight

  • Sr. Member
  • ****
  • Posts: 275
    • View Profile
  • BitShares: vlight