BitShares Forum
		Main => General Discussion => Topic started by: liondani on October 15, 2014, 05:53:40 pm
		
			
			- 
				Before 5 days (10/10/2014) I made a withdrawal request on BTER for 0.5 bitcoin and wanted the funds to go to address
 129mztHAP1VUMWn2BdTrNCEUpfDPVpkHEq (because I wanted to sent them for the bitshares music presale  :'()
 Now I realized that "my" 0.5 bitcoin is gone  to address:
 16LLwLZcEC7YM2L5NPwGLdSRTQNk3S67pM
 that not belong to me!!!
 The weird thing is that on the last 10 transactions history on BTER it is supposed I have sent  two more times to the same address!
 I don't remember these transactions but it is possible I have lost some more funds the same way and I didn't noticed until now  >:(....
 (http://2.bp.blogspot.com/-O8SG09Xo5YM/VD6yI-8p92I/AAAAAAAADLE/zkqfXm1uGvs/s1600/scam.png)
 With further investigation via https://blockchain.info/address/16LLwLZcEC7YM2L5NPwGLdSRTQNk3S67pM
 I saw that the funds arrived  on the "wrong" address" after 2 days and one day after they have gone to:
 16PXucAgi9N8LPqAxyNud1ySuVVCQRQ9bZ
 
 With a little googling I found that the last address is associated with SCAMS and is owned by a scammy exchange https://www.coinexd.com
 more users have lost their funds and have "see" them on this particular address 16PXucAgi9N8LPqAxyNud1ySuVVCQRQ9bZ
 https://bitcointalk.org/index.php?topic=754229.20
 
 So the question now is:
 What is happening?
 Is my computer compromised or is BTER in general in trouble?(I have submitted a ticket and I am waiting for answers)
 I am using Two-Factor Authentication so I would be very surprised to conclude that it was my fault...
 
 Have some of you identical experience?
 Thoughts?
 
 edit:
 PS I forgot to mention that I had much more funds on BTER that particular time I lost these funds (0.5 BTC)... But they have been untouched  ???
 
 
- 
				I am sorry you are facing this.  Two possible scenarios : 
 
 1) Bter is hacked.  You should quickly contact Bter support and check with them,  or
 
 2) Your PC is being hacked or it got a malware infection.   Your could be a victim of a phishing attempt.   The Bter website you are accessing was a fake and you were sending information to a fake bter.  Or your PC could be remotely controlled/spied on and your transmissions were being altered.  You should do a immediate full and thorough anvirus/anti-malware scan.
- 
				That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.
			
- 
				That sucks. You are sure its not your address? I have heard of chrome extensions that did an address swap for coinbase bitcoin address if you logged in to coinbase after downloading an exstension. I think it was something to do with doge.
 
 
 It was not my address but even if it was, the funds are gone from this address to another after one day without me doing anything!
- 
				I am sorry you are facing this.  Two possible scenarios : 
 
 1) Bter is hacked.  You should quickly contact Bter support and check with them,  or
 
 2) Your PC is being hacked or it got a malware infection.   Your could be a victim of a phishing attempt.   The Bter website you are accessing was a fake and you were sending information to a fake bter.  Or your PC could be remotely controlled/spied on and your transmissions were being altered.  You should do a immediate full and thorough anvirus/anti-malware scan.
 
 
 1) I have submitted a ticket to bter and I am still waiting for answers....
 2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)
 
 PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)
- 
				Found this about a malware that could possibly be responsible for your loss:
 
 "Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."
 
 http://en.wikipedia.org/wiki/Bitcoin#Malware
 
 
- 
				Found this about a malware that could possibly be responsible for your loss:
 
 "Malware stealing bitcoins[edit]Some malware can steal private keys for bitcoin wallets allowing the bitcoins themselves to be stolen. The most common type searches computers for cryptocurrency wallets to upload to a remote server where they can be cracked and their coins stolen.[235] Many of these also log keystrokes to record passwords, often avoiding the need to crack the keys.[235] A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."
 
 http://en.wikipedia.org/wiki/Bitcoin#Malware
 
 
 Thats pretty genius.  I'm waiting on a BTC from btc38 that has been sitting there for 12 hours.  God I hate these crypto-exchanges.  Part of the problem is I don't think they really do enough volume to pay well and cover all their expenses.  If BTC went to $100 for example, I would be highly doubtful they could even run a skeleton crew.  Most crypto-businesses could adapt in theory, but not these non-fiat crypto-exchanges.
- 
				i have no problem on BTER so far.
 
 seems like your computer is a long time infected. first wrong transaction occured in July?????
 
 
- 
				A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."
 
 http://en.wikipedia.org/wiki/Bitcoin#Malware
 
 
 That could be a method used in my case... I remember I copy-paste the original address to bter...
 (I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)
- 
				i have no problem on BTER so far.
 
 seems like your computer is a long time infected. first wrong transaction occured in July?????
 
 
 But I have no other incidents ... so assume I have a malware that change "only" the bitcoin address copied to the clipboard?
 
 Could it be that the transactions on July are fake? Only on history to make the user (me) use the wrong address "again"?
- 
				A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."
 
 http://en.wikipedia.org/wiki/Bitcoin#Malware
 
 
 That could be a method used in my case... I remember I copy-paste the original address to bter...
 (I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)
 
 
 It doesn't matter if you're offline while typing passwords as the log is sent when you're online.
- 
				A different approach detects when a bitcoin address is copied to a clipboard and quickly replaces it with a different address, tricking people into sending bitcoins to the wrong address.[235] This method is effective because bitcoin transactions are irreversible."
 
 http://en.wikipedia.org/wiki/Bitcoin#Malware
 
 
 That could be a method used in my case... I remember I copy-paste the original address to bter...
 (I am not really worried for key-loggers for this particular case since I am using on-screen keyboards and I am offline when typing passwords)
 
 
 It doesn't matter if you're offline while typing passwords as the log is sent when you're online.
 
 
 offline just to avoid nobody is spying in real time my screen (like on teamviewer)
 and see what I am "typing" with my virtual on-screen keyboard ...
 
 PS I am not typing in the traditional way...
- 
				hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
 boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.
 
 if same things happen, then bter compromise.
 otherwise your pc is compromise.
 
 just my 2btsx, good luck  ;)
- 
				hm maybe you can doing some test, create Linux live cd/dvd/usb any distro from "clean" pc/laptop.
 boot using live cd on your pc, login to bter then you can test sending very small amount of btc to your addy.
 
 if same things happen, then bter compromise.
 otherwise your pc is compromise.
 
 just my 2btsx, good luck  ;)
 
 
 thanks for your advice...
 I already do that  ;)
 
 will inform further on next post's with my conclusions...
- 
				I've had the exact same thing happen before!!!  It was a f*cking chrome extension!!!
 
 They update automatically and can become malware without you being able to do anything about it!!!
 
 I thought lastpass was changing the addresses on me, and I tried turning it off, and turning off autofill and everything.
 
 Nothing worked, and then I found that it was a bitcoin price notification extension (i found out by searching for the address it was sent to, and found others posting about similar problems) I checked yours, google didn't say anything, though it could be a new virus.
 
 I asked a google developer about how this could happen, he said: "Just turn off autoupdate" -- that is not possible from what I see, and he couldn't figure it out either.
 
 be super careful with Chrome Extensions
 
 I can digup more info on this if you need it. Good luck!  I hope it wasn't this, and BTer can somehow give you back your BTC
- 
				..
 1) I have submitted a ticket to bter and I am still waiting for answers....
 2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)
 
 PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)
 
 
 You are right. It may be a malware key-logger/replacer or a chrome extension.  Do a reformat/reinstall of Windows would help.
 
 As for the chrome extension, you can disable/remove it by going to chrome://extensions
- 
				..
 1) I have submitted a ticket to bter and I am still waiting for answers....
 2) If I was on a fake bter how could I see my right balances? And second I am using Two-Factor Authentication  ::)  And why they didn't touched my other funds (worth about 10 BTC @time)
 
 PS I suspect my chrome extensions on my windows PC or...BTER(?).... (anybody with bad experience with chrome/bter 8)?)
 
 
 You are right. It may be a malware key-logger/replacer or a chrome extension.  Do a reformat/reinstall of Windows would help.
 
 As for the chrome extension, you can disable/remove it by going to chrome://extensions
 
 
 Yes, but the thing is, if you are using ANY, it is really dangerous, because they can update automatically (and we just can't always know if the owners have changed or something) and they start to STEAL! -- here is the info on the one that stole from me! :(
 
 https://bitcointalk.org/index.php?topic=424686.msg6324333#msg6324333