Author Topic: All Bitshares, Protoshares, and DNS stolen from my wallet -- at the same time  (Read 10050 times)

0 Members and 1 Guest are viewing this topic.

Offline toast

  • Administrator
  • Hero Member
  • *****
  • Posts: 4002
    • View Profile
  • BitShares: nikolai
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my PTS and AGS now.

 
« Last Edit: November 03, 2014, 11:50:23 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Did you use the password more than one p lace?

Did you leave your wallet open?

Bytemaster, are you suggesting if a person uses their password in more than one place ... if a hacker can get their wallet file and password, mission complete for hacking?  Just want to make sure I'm clear what you are suggesting.

Also if a person gets the wallet file, they could do a bruteforce to discover the password, no?

yes to both

If this is the case it appears the key is not to allow anyone or anything to get access to the wallet file.      Also, create a complex wallet password that makes a brute force attack difficult to do. 

I'm sure Bitcoin has experience the same issues and have various solutions.
« Last Edit: November 03, 2014, 11:47:05 pm by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline toast

  • Administrator
  • Hero Member
  • *****
  • Posts: 4002
    • View Profile
  • BitShares: nikolai
Here are a couple questions I can answer now.


Did you use a password manager or did you type in your password each time you loaded the wallet?   No ... any suggestions

Have you made an inventory of your wallet change addresses and compared them with the suspect address?   I'm sorry, I'm unfamiliar with what you mean by change addresses..   Could you explain?

Has bytemaster or anyone else with technical expertise contacted you to start a forensic investigation?    No

Here is a FAQ on the concept of the CHANGE ADDRESS:

http://www1.agsexplorer.com/ags101


In short, a change address is generated automatically in your wallet.

To find the change addresses in your wallet, in debug console of PTS, type:   listaddressgroupings

This will show all the change addresses. Compare these addresses with the suspect address. Is there a match?

And to confirm: I presume the funds are missing from your PTS (not BTSX) wallet. True?

Werneo , the funds are missing from my PTS wallet and my BTSX wallet and my DNS wallet.  When the notes wallet comes out I'll have to race to move it out of the genesis block before it is stolen, since they probably have control of my AGS now.

 

Vesting AGS will probably eventually have to have a key update feature - watch for that too
Do not use this post as information for making any important decisions. The only agreements I ever make are informal and non-binding. Take the same precautions as when dealing with a compromised account, scammer, sockpuppet, etc.

Offline godzirra

  • Full Member
  • ***
  • Posts: 90
    • View Profile
Sorry to hear about this man.

This sounds like a nightmare. I worry about this all the time. Until there is an easy way to safely store funds for the average user I don't know if we can expect any significant adoption.

I haven't seen a best practices thread for safe storage either. I would think this is a huge priority.

Is there something like 2FA where the thief has to get a hold of something physically as well?

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
Re: All Bitshares and Protoshares stolen from my wallet -- at the same time
« Reply #50 on: November 04, 2014, 12:23:18 am »
So.. have you formatted yet?

Nothing else was stolen?

Hi roadkill, thanks for asking.   I created new account "delegate.educatedwarrior" to accept donations and nothing else has been stolen.   However, I'm still having issues making transfers from on wallet to another... error posted above.

Your other coins are safe? Do you suspect BTS was the sole target?

Roadkill, they wipe out my PTS, BTS, and DNS.  Probably have control of  my AGS now too.   These bastards knew what the hell they were doing.

I think a "BTS" Armory software and a hardware wallet would go a long way in the future.

You mentioned the funds were extracted to a particular address. Have the funds moved from that address?


Here is the history of what happened so far... all transactions below.

PTS
-   10/31 9:36:22pm (UTC) 2080 PTS moved to address PqwaEkunbDFBweRdNQdKPLWWSEbmXH7jrU and are still there - https://coinplorer.com/PTS/Transactions/87677618d6c2f243ea1f35b86825c565f99c166be4b58ac8445b04c1505c1ab5

DNS
-   10/31 3:58 PM http://dns.bitsharesblocks.com/blocks?top=256541 (1,021,791.78 DNS stolen, can’t tell if funds moved)
BTSX
–10/31 3:59 PM http://www.bitsharesblocks.com/blocks/block?id=887769  (440,000.50 BTS  stolen, can’t tell if funds moved)
-10/31/4:00 PM http://www.bitsharesblocks.com/blocks/block?id=887777 (559,999.38 BTS stolen, can’t tell if funds moved)

AGS
- compromised.

Why does the destination address for the transactions have  UNKNOWN as a name and how is that possible?   ... doesn't a name have to be registered with a public address, how could that be?  Looks very fishy 
« Last Edit: November 04, 2014, 12:38:25 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

Until then I think it is a bad idea to store any significant amount of funds on a Windows machine. If you want to keep using Windows fine, but I recommend buying a new laptop, install Linux on it, and use it only for cryptocurrency purposes. This should at least reduce the risk of hacks a little bit until we have proper security features built into the client.

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

zerosum

  • Guest
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Offline werneo

  • Sr. Member
  • ****
  • Posts: 305
    • View Profile
    • chronicle of the precession of simulacra
  • BitShares: werneo
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Thank you!  :D

Offline Kenof

  • Full Member
  • ***
  • Posts: 72
    • View Profile
There should be a keyfile option implemented in next versions of the wallet.

Using classical password in parallel with keyfile stored on usb stick could prevent this type of theft. Small separate stick with many similar files to keyfile used only when accessing wallet is cheap and fast method to at least double security. Wallet file and keyfile must be in different locations (and not on the same usb stick).

Also there is possibility of using 2FA. I know that is pain in the ass, but that could improve security too.

Good luck, I hope this resolves positively for educatedwarrior as well as for BitShares.
Making life easier.

Offline roadscape

So is this confirmation of a virus specifically attacking BitShares software on the Windows platform? If so that is not good.

Zero confirmable claims have been made, nothing can be concluded just yet

This is why we need multisig and cold storage with offline transaction signing as soon as possible.

We need it yesterday :)
http://cryptofresh.com  |  witness: roadscape

Offline liondani

  • Hero Member
  • *****
  • Posts: 3694
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
  Also, create a complex wallet password that makes a brute force attack difficult to do. 

There should be a keyfile option implemented in next versions of the wallet.

Using classical password in parallel with keyfile stored on usb stick could prevent this type of theft. Small separate stick with many similar files to keyfile used only when accessing wallet is cheap and fast method to at least double security. Wallet file and keyfile must be in different locations (and not on the same usb stick).

Also there is possibility of using 2FA. I know that is pain in the ass, but that could improve security too.

Good luck, I hope this resolves positively for educatedwarrior as well as for BitShares.

 +5%

A good solution for now also is a combination of:

1.yubikey+keepass (password manager) or
2.yubikey+lastpass (password manager)

yuibikey: https://www.yubico.com/
keepass: http://keepass.info/index.html
lastpass: https://lastpass.com/

PS ... with a very strong master-password for the password-manager (created from yubikey) combined with a One-Time Passwords (OATH HOTP)
« Last Edit: January 06, 2015, 08:57:29 pm by liondani »
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |  

Offline educatedwarrior

  • Full Member
  • ***
  • Posts: 78
    • View Profile
educatedwarrior: did you check your change addresses against the suspect addresses? That would really answer a lot of questions.

One question I have for anyone: Is it possible to change my BTSX and/or PTS wallet password? If so, how?

Code: [Select]
wallet_change_passphrase <passphrase>

Thank you!  :D

I checked the change address in PTS wallet, and the destination address did not match any of the them.   

About changing the wallet password ... If a user has access to an older version of the wallet file the private keys compromised in that file would still be compromised.   Wouldn't the best solution be to make a new wallet instead of changing the password on the old wallet so you do not mistakenly use the compromised private keys?   

OR are you changing the password on your wallet now just to beef up security?
« Last Edit: November 04, 2014, 07:49:33 am by educatedwarrior »
BTSX: codeblooded   |   PTS: PiiQ6ZECCRYawcZFc8ZGbvjuCjCnBVuPjA
BTSX delegate: wallet_approve_delegate codeblooded true

Offline liondani

  • Hero Member
  • *****
  • Posts: 3694
  • Inch by inch, play by play
    • View Profile
    • My detailed info
  • BitShares: liondani
  • GitHub: liondani
@bytemaster
"We provide the YubiKey OTP Validation server for developers looking to integrate the YubiKey OTP Validation with an existing web site or service."
https://www.yubico.com/develop/open-source-software/validation-server/

What about the idea to integrate the YubiKey OTP Validation with our BTS client ?
I am sure the most delegates would be positive to fund such a integration, or not? Am I missing something?
« Last Edit: November 04, 2014, 07:42:57 am by liondani »
  https://bitshares.OPENLEDGER.info/?r=GREECE  | You are in Control | BUY | SELL | SHORT | SWAP | LOAN | TRADE |