BitShares Forum

Other => Graveyard => BitShares PTS => Topic started by: simplydt on November 16, 2013, 09:30:40 pm

Title: PTS Stolen ( and i've never been hacked before ).
Post by: simplydt on November 16, 2013, 09:30:40 pm
I've been trading bitcoins for 8 months and i've never been hacked before.

Third day doing PTS and I've got hacked. I've lost 200 PTS at least.

Just a heads up for people to be careful and take that extra step. You don't want to be out of the PTS game too as I now am.

How it happened:

Either my protoshares-qt.exe on ubuntu or my windows virtual machine was compromised. My wallet was not encrypted ( i wish it was... newb mistake?). Still, not quite sure how it happened, as even if my wallet wasnt encrypted, they had to have my secret or access to my computer. Meh, whatever.

Here is transaction proof of my wallets being emptied:
http://btsblock.com/address/PmCfLvBSXFE4VdLoD4QB7DG2qTMgFqB7AH
http://btsblock.com/address/Psw4cKr9HWXikT6Q2d7WggMEBL87yQ6bVt

If anybody knows the hacker and wants to convince him to be a good guy and give me back my coins, that would be cool. :)
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: Lighthouse on November 16, 2013, 09:36:09 pm
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: fav on November 16, 2013, 09:39:17 pm
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 16, 2013, 09:45:26 pm
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

My ubuntu is running iptables, firewall is on. Computer is not behaving strangely in any other way, id imagine they would have hacked my 8+ btc otherwise. However, when I ran my virtualbox windows xp there was no firewall in there. I figured (probably erroneously that since ubuntu was firewalled and virtualbox was inside ubuntu, there was no need). Its quite confusing as i am not sure whether it got hacked because i ran it in virtualbox, or because i ran it on ubuntu using wine. Who knows, either way. Pretty impressive by whoever did it so quickly.

The only weird thing I noticed was that my coins were not sending when i was running it on virtualbox; as I reported on my other post where you were helping me. It would just get stuck at 0 confirmations. I only managed to send my coins once i ran it on ubuntu. Also, as soon as i sent my coins then, it was like the hacker woke up and realised im emptying my wallet and emptied it himself instead.

I really think my wallet was compromised way earlier, hence why i could not send transactions perhaps? Maybe they were waiting for me to deposit more pts before they did it.

So all in all, it looks like it was because i ran it on XP inside virtualbox with no firewall. Anyway, this post is not to complain but rather to tell everyone else to take an extra step to protect their PTS.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 16, 2013, 09:48:40 pm
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: Lighthouse on November 16, 2013, 09:53:46 pm
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock

Someone who reads chinese or is familiar - Is there a chance he's listening to bad nodes and just needs a good connection?  Also whats up with this for the scrip public key

DUP HASH160 20:13d5...81f0 EQUALVERIFY CHECKSIG
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: fav on November 16, 2013, 09:55:10 pm
DUP HASH160 20:13d5...81f0 EQUALVERIFY CHECKSIG

no idea, but it's under every tx.

and: http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fbtsblock.com%2Ftx%2Ffcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e%23i0&act=url

not spending = unspent I think
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 16, 2013, 10:00:26 pm
Please post the TX that seem to have resulted from a hack.  How long from the TX to your discovering?  Is your computer acting strangely in any other way, have you run a virus scan, etc?  Did you have a firewall up?

As much detail as you can give will help us figure out if there is anything actually wrong or if you just got unlucky.  Did you tell ANYONE that you had PTS on your computer?

TXID
http://btsblock.com/tx/fcca1a154512823253bc91e6f68a5c76cb65e1b4cb8048afa4f58c27775ee81e#i0
http://btsblock.com/tx/c8574094af94b9c04df42aee85cf594d7643c6fc01241b1ab0974f428b79aa8d#i0

there are some more in there but cant be bothered to filter them out right now, im in a bit of a shock

Someone who reads chinese or is familiar - Is there a chance he's listening to bad nodes and just needs a good connection?  Also whats up with this for the scrip public key

DUP HASH160 20:13d5...81f0 EQUALVERIFY CHECKSIG

Is it possible that by adding extra nodes from ips posted in the forum one of those could be a "malicious" node? Just wondering to educate myself a bit. Right now I highly suspect it was just windows, its always windows.

--Also, im either not the only one he has hacked or he is using his address from other sources too. We can probably figure out who it is eventually if he makes a mistake like send his coins to one of the exchanges from the hacked address. But thats more than wishful thinking. :P

http://btsblock.com/address/PZjeKvpf7xc4e4h3e4Xo1ghXZ3irJVa5aF (he has added quite a few coins in the last 2 days)
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: bytemaster on November 16, 2013, 11:33:53 pm
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.

Going forward we will sign all software releases and host them from a secure domain.   
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: testz on November 16, 2013, 11:39:42 pm
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.

Going forward we will sign all software releases and host them from a secure domain.

We learn to much lessons during this launch.
PS: I don't know any coin yet which sign compiled wallet software, we will be first.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: fav on November 16, 2013, 11:53:24 pm
PS: I don't know any coin yet which sign compiled wallet software, we will be first.

I do it's called bitcoin-qt
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: testz on November 16, 2013, 11:54:43 pm
PS: I don't know any coin yet which sign compiled wallet software, we will be first.

I do it's called bitcoin-qt

Just before post this message, I check my bitcoin-qt it's doesn't signed  :( maybe it's to old.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: MessyCoin on November 17, 2013, 01:40:38 am
Sorry to hear of your apparent loss.

This has me concerned as I've used a similar setup (XP / virtualbox) for a mining wallet. Luckily no sign that any of my PTS are missing...

I'm wondering if you had much else installed in XP (other software, installs of other coins) or was it a clean install of XP?
Also, even if your virtualbox XP had no firewall, did you not have the benefit of your router's firewall - or was the XP fully exposed to the internet?

Would be nice for you to get to the bottom of the mystery.


Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: barwizi on November 17, 2013, 05:01:12 am
i can decompile, once i am home i'll run a text comparison with older version and see if there are additional unwanted lines.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 17, 2013, 08:54:24 am
i can decompile, once i am home i'll run a text comparison with older version and see if there are additional unwanted lines.

Now that's dedication, cool stuff man!

Re what the install had, it was a clean install of xp, only thing installed was virtual box guest tools.

I'm pretty convinced that because the xp had no updates, it had a hole somewhere and that hole was broadcast over the network and some script kiddy could even access it. It was my own fault for under estimating the possibility of being hacked at this stage. Also, as I said, I made the erroneous assumption my virtual box was protected because my ubuntu was.

Is there a way to make the wallet run from an encrypted usb? Eg with truecrypt? Or does it always store the wallet.dat in appdata?

PS. Am i the first reported hacker victim of pts? I could go down on the list of first, yay :P
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 17, 2013, 09:06:22 am
Just had an idea actually, i can run it on an ecrypted drive possibly. Will try that.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: hasher on November 17, 2013, 09:16:04 am
somebody told that had found trojan in ypool software  ...:-\
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: barwizi on November 17, 2013, 10:08:15 am
nothing on a cursory glance, apart from protoshares qt, what else did you install recently?
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: fav on November 17, 2013, 10:56:07 am
somebody told that had found trojan in ypool software  ...:-\

the precompiled version or inside the code on github?

that's a troll. do your homework please.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 17, 2013, 10:59:42 am
nothing on a cursory glance, apart from protoshares qt, what else did you install recently?

Windows had nothing aside from virtualbox guest tools. I think therein lies the problem, i didnt update windows to any service packs or anything. Still, even so, it took only a few hours to get hacked. Crazy.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: barwizi on November 17, 2013, 11:17:16 am
wow, i've seen a lot of wallet stealers *cough* bes thing to do is encrypt your wallet.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 17, 2013, 11:58:50 am
wow, i've seen a lot of wallet stealers *cough* bes thing to do is encrypt your wallet.

Well im not only gonna encrypt my wallet now, i am going to encrypt the drive it runs on as well :P
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: hasher on November 17, 2013, 12:40:22 pm
somebody told that had found trojan in ypool software  ...:-\

the precompiled version or inside the code on github?

that's a troll. do your homework please.
hmm..no?

http://bitsharestalk.org/index.php?topic=5.msg5978#msg5978
i believe someone may have just proved you idea unsuccessful by stealing all pts, well 8/10... and counting... with a virus compiled on the 29th of october...!
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: cryptrol on November 17, 2013, 01:27:53 pm
wow, i've seen a lot of wallet stealers *cough* bes thing to do is encrypt your wallet.

Well im not only gonna encrypt my wallet now, i am going to encrypt the drive it runs on as well :P
Which is pretty useless if you have a trojan. Only useful if your computer is stolen.

BTW, make sure you are using the latest version of PTS and execute a -salvagewallet on the wallet.
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: simplydt on November 18, 2013, 12:16:37 pm
wow, i've seen a lot of wallet stealers *cough* bes thing to do is encrypt your wallet.

Well im not only gonna encrypt my wallet now, i am going to encrypt the drive it runs on as well :P
Which is pretty useless if you have a trojan. Only useful if your computer is stolen.

BTW, make sure you are using the latest version of PTS and execute a -salvagewallet on the wallet.

What does -salavagewallet do?

Also, was it safe to add these nodes posted on the node thread, i noticed the member is a jr member.

Offline joesmoe
Jr. Member
**
Posts: 30
View Profile

Re: Seed Node IPs
« Reply #3 on: November 10, 2013, 01:43:53 PM »
DO nodes:

146.185.170.228
146.185.171.163
146.185.162.112
146.185.171.61
192.241.140.139
192.241.128.52
198.199.120.193
Title: Re: PTS Hacked ( and i've never been hacked before ).
Post by: digitalindustry on November 19, 2013, 09:53:29 am
literally impossible to say what happened.

invictus server *could* be compromised. we have no way to check the pre-compiled wallets, for some reason they think it's not necessary to sign their releases.

What ?!

And yes in that case always complie .
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: ahpigsy on November 19, 2013, 11:32:51 pm
My malware software just blocked an outgoing process to:

IP-BLOCK   218.7.152.6 (Type: outgoing, Port: 50540, Process: protoshares-qt.exe)
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: Pocket Sand on November 22, 2013, 06:02:24 am
My malware software just blocked an outgoing process to:

IP-BLOCK   218.7.152.6 (Type: outgoing, Port: 50540, Process: protoshares-qt.exe)

It's just reacting to protoshares trying to update itself when it's trying to reach the nodes.
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: joesmoe on November 24, 2013, 07:36:17 am
nothing on a cursory glance, apart from protoshares qt, what else did you install recently?

Windows had nothing aside from virtualbox guest tools. I think therein lies the problem, i didnt update windows to any service packs or anything. Still, even so, it took only a few hours to get hacked. Crazy.

Maybe a pirated version of windows from a not 100% reliable source?

Download half the windows release torrents available via google and they are backdoored...
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: cass on November 24, 2013, 10:10:09 am
http://www.modern.ie/en-us/virtualization-tools#downloads (http://www.modern.ie/en-us/virtualization-tools#downloads)
You can download all win version as test vesions from Microsoft directly (as VB image / .ova files).. let my know if it helps somebody
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: random_user on December 20, 2013, 02:18:40 am
I'm out with this crypto bullshit.

I've lost like ~4/5 PTS. I was trying to secure my alts, booted live debian @ virtualbox, encrypted drive ok.

Cloned source of protoshare-qt,  compiled.

I've got new adress wow cool. Then shit happend. I've sent 2PTS to test it, it received, cool.

But when i tryed to send it back something weird happend. Transaction was stuck (0 confirms) too long.

I've checked coinplorer = nothing, transaction id, doesnt exist to this day! (it was like +4 days wtf).

I found some help on bitcoin forum that said when you are stuck (with btc) you should resend/reimport keys to new wallet (so did i).


New wallet was created (all on encrypted virtualbox debian) old address imported and what i saw was like this:


Status: 925 confirmations
Date: 12/15/13 19:48
To: something-else-wtf?
Debit: -1.98999999 PTS
To: my-address-
Debit: -0.01 PTS
Transaction fee: -0.00000001 PTS
Net amount: -2.00 PTS
Transaction ID: ----cut----


PTS which should be back to my address was sent to some fucker, and i've received 0.01 and still don't know why.

I'm fucking tired of this shit. I know i will never see my PTS/nobody will/can help me.

Similar thing happend when i've tryed to send PTS to cryptsy, they never make it and network/??? sent it to some other address.

And no i don't have fucking virus in my live debian/encrypted drive.


~peace out
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: luckybit on December 20, 2013, 06:49:59 am
Maybe I can tell you what went wrong.
Under ordinary use they have been times where the wallet.dat becomes corrupted. The way to avoid that situation and loss of coins associated with that risk is to keep multiple backups of the wallet. Keep the wallet encrypted at all times even if the password is unsophisticated. Make sure that your computer itself isn't connected wireless to anything, no blue tooth. Don't make wallet on virtual machines either because random number generation is critically important.

Sometimes it's the network itself or you are not connected to enough nodes. Protoshares is alpha, it's not beta and it's not a finished product. Bitcoin is beta and is not 1.0. Keep that in mind and understand that when Bitcoin was first released the price crashed when hackers looted peoples wallet.dat files which weren't even encrypted because no one knew Bitcoin could make it to $30.

That same environment exists now where people have a false sense of security or think Bitcoin or Protoshares are as safe as their bank account. It's not safer yet, but it has the potential to be if used properly and if the right products are developed.

Before you leave Protoshares please understand what you may be leaving. Invictus Innovations may go down as one of the most important companies in the history of mankind. These shares may be worth several times more than a Bitcoin and you don't want to be the guy who quit because he lost a few shares which probably were worth only $60 at the time but are worth $600,000 in the year 2017.
Title: Re: PTS Stolen ( and i've never been hacked before ).
Post by: latitudeclear on December 23, 2013, 01:14:10 pm
These are high risk investments for a reason. The possibility to make a 8,000-14,000 % profit in a single year isn't without some serious risks and headache.