Author Topic: PTS Stolen ( and i've never been hacked before ).  (Read 15158 times)

0 Members and 1 Guest are viewing this topic.

Offline barwizi

  • Hero Member
  • *****
  • Posts: 764
  • Noirbits, NoirShares, NoirEx.....lol, noir anyone?
    • View Profile
    • Noirbitstalk.org
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #18 on: November 17, 2013, 10:08:15 am »
nothing on a cursory glance, apart from protoshares qt, what else did you install recently?
--Bar--  PiNEJGUv4AZVZkLuF6hV4xwbYTRp5etWWJ

The magical land of crypto, no freebies people.

Offline hasher

  • Full Member
  • ***
  • Posts: 87
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #17 on: November 17, 2013, 09:16:04 am »
somebody told that had found trojan in ypool software  ...:-\

Offline simplydt

  • Jr. Member
  • **
  • Posts: 20
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #16 on: November 17, 2013, 09:06:22 am »
Just had an idea actually, i can run it on an ecrypted drive possibly. Will try that.

Offline simplydt

  • Jr. Member
  • **
  • Posts: 20
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #15 on: November 17, 2013, 08:54:24 am »
i can decompile, once i am home i'll run a text comparison with older version and see if there are additional unwanted lines.

Now that's dedication, cool stuff man!

Re what the install had, it was a clean install of xp, only thing installed was virtual box guest tools.

I'm pretty convinced that because the xp had no updates, it had a hole somewhere and that hole was broadcast over the network and some script kiddy could even access it. It was my own fault for under estimating the possibility of being hacked at this stage. Also, as I said, I made the erroneous assumption my virtual box was protected because my ubuntu was.

Is there a way to make the wallet run from an encrypted usb? Eg with truecrypt? Or does it always store the wallet.dat in appdata?

PS. Am i the first reported hacker victim of pts? I could go down on the list of first, yay :P

Offline barwizi

  • Hero Member
  • *****
  • Posts: 764
  • Noirbits, NoirShares, NoirEx.....lol, noir anyone?
    • View Profile
    • Noirbitstalk.org
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #14 on: November 17, 2013, 05:01:12 am »
i can decompile, once i am home i'll run a text comparison with older version and see if there are additional unwanted lines.
--Bar--  PiNEJGUv4AZVZkLuF6hV4xwbYTRp5etWWJ

The magical land of crypto, no freebies people.

MessyCoin

  • Guest
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #13 on: November 17, 2013, 01:40:38 am »
Sorry to hear of your apparent loss.

This has me concerned as I've used a similar setup (XP / virtualbox) for a mining wallet. Luckily no sign that any of my PTS are missing...

I'm wondering if you had much else installed in XP (other software, installs of other coins) or was it a clean install of XP?
Also, even if your virtualbox XP had no firewall, did you not have the benefit of your router's firewall - or was the XP fully exposed to the internet?

Would be nice for you to get to the bottom of the mystery.


« Last Edit: November 17, 2013, 02:05:17 am by MessyCoin »

Offline testz

Re: PTS Hacked ( and i've never been hacked before ).
« Reply #12 on: November 16, 2013, 11:54:43 pm »
PS: I don't know any coin yet which sign compiled wallet software, we will be first.

I do it's called bitcoin-qt

Just before post this message, I check my bitcoin-qt it's doesn't signed  :( maybe it's to old.

Offline fav

  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #11 on: November 16, 2013, 11:53:24 pm »
PS: I don't know any coin yet which sign compiled wallet software, we will be first.

I do it's called bitcoin-qt

Offline testz

Re: PTS Hacked ( and i've never been hacked before ).
« Reply #10 on: November 16, 2013, 11:39:42 pm »
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.

Going forward we will sign all software releases and host them from a secure domain.

We learn to much lessons during this launch.
PS: I don't know any coin yet which sign compiled wallet software, we will be first.

Offline bytemaster

Re: PTS Hacked ( and i've never been hacked before ).
« Reply #9 on: November 16, 2013, 11:33:53 pm »
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.

Going forward we will sign all software releases and host them from a secure domain.   
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline simplydt

  • Jr. Member
  • **
  • Posts: 20
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #8 on: November 16, 2013, 10:00:26 pm »
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock

Someone who reads chinese or is familiar - Is there a chance he's listening to bad nodes and just needs a good connection?  Also whats up with this for the scrip public key

DUP HASH160 20:13d5...81f0 EQUALVERIFY CHECKSIG

Is it possible that by adding extra nodes from ips posted in the forum one of those could be a "malicious" node? Just wondering to educate myself a bit. Right now I highly suspect it was just windows, its always windows.

--Also, im either not the only one he has hacked or he is using his address from other sources too. We can probably figure out who it is eventually if he makes a mistake like send his coins to one of the exchanges from the hacked address. But thats more than wishful thinking. :P

http://btsblock.com/address/PZjeKvpf7xc4e4h3e4Xo1ghXZ3irJVa5aF (he has added quite a few coins in the last 2 days)
« Last Edit: November 16, 2013, 10:20:06 pm by simplydt »

Offline fav

  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav

Offline Lighthouse

  • Sr. Member
  • ****
  • Posts: 376
  • Making a Market in PTS since 11/06/2013
    • View Profile
    • Lighthouse Bulk Orders and Trusted Escrow (Closed)
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #6 on: November 16, 2013, 09:53:46 pm »
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock

Someone who reads chinese or is familiar - Is there a chance he's listening to bad nodes and just needs a good connection?  Also whats up with this for the scrip public key

DUP HASH160 20:13d5...81f0 EQUALVERIFY CHECKSIG
Before you say the price of PTS is too high, take a look at theThe Reason.  Protoshares are an entirely new type of Cryptocurrency, one that pays to hold.

Offline simplydt

  • Jr. Member
  • **
  • Posts: 20
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #5 on: November 16, 2013, 09:48:40 pm »
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock

Offline simplydt

  • Jr. Member
  • **
  • Posts: 20
    • View Profile
Re: PTS Hacked ( and i've never been hacked before ).
« Reply #4 on: November 16, 2013, 09:45:26 pm »
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

My ubuntu is running iptables, firewall is on. Computer is not behaving strangely in any other way, id imagine they would have hacked my 8+ btc otherwise. However, when I ran my virtualbox windows xp there was no firewall in there. I figured (probably erroneously that since ubuntu was firewalled and virtualbox was inside ubuntu, there was no need). Its quite confusing as i am not sure whether it got hacked because i ran it in virtualbox, or because i ran it on ubuntu using wine. Who knows, either way. Pretty impressive by whoever did it so quickly.

The only weird thing I noticed was that my coins were not sending when i was running it on virtualbox; as I reported on my other post where you were helping me. It would just get stuck at 0 confirmations. I only managed to send my coins once i ran it on ubuntu. Also, as soon as i sent my coins then, it was like the hacker woke up and realised im emptying my wallet and emptied it himself instead.

I really think my wallet was compromised way earlier, hence why i could not send transactions perhaps? Maybe they were waiting for me to deposit more pts before they did it.

So all in all, it looks like it was because i ran it on XP inside virtualbox with no firewall. Anyway, this post is not to complain but rather to tell everyone else to take an extra step to protect their PTS.