!!!! FTC just heisted out of wallet on Mac OSX
-
So would this most likely have been 1) someone that learned of my IP from post on this site for example, or 2) someone who would have got my IP/address (address doesn’t make sense) from BTCE for example? I’m still dumbfounded how someone pulled this off!
-
Really gutted for you mate, that is a shocker. Would of thought though with that many coins in one wallet you would at the very least had it encrypted. Maybe even put the bulk of them in a physical offline wallet …
-
Most likely is that you computer is infected with a coin stealing virus. Do you have anti virus and have you run a full scan?
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Do you have any backups of you wallet online and could these have been compromised?
What version of OS X are you running?
-
[quote name=“Bushstar” post=“56322” timestamp=“1391193990”]
Most likely is that you computer is infected with a coin stealing virus. Do you have anti virus and have you run a full scan?http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Do you have any backups of you wallet online and could these have been compromised?
What version of OS X are you running?
[/quote]Thanks, running 10.9.
So, going forward, advice to encrypt of course but should I go ahead and delete current clients and wallet files and create new wallets with new keys and encrypt?
-
I’m so sorry Trav, this is not how things are supposed to work. With the raise in value, so comes the rise in those willing to break rules to help themselves.
Security regarding all of this is paramount, I’m curious to hear the end result of how it happened.
-
was your client online?
-
Sorry to hear about this it really sucks to have all the effort from mining all of those coins just stolen from you, its a hard lesson and it’s a shame you had to learn it in this way.
I keep most of my coins in cold wallets and I’d suggest you do the same, just generate 10 or 20 address and key pairs and then print a hard copy and keep it safe and also burn a copy to a CD and keep it safe, then just keep a list of the addresses only on your computer and use these to distribute your coins evenly across them.if you want to be ultra paranoid you can use a virtual machine to create the keys and then destroy the VM when you have your hard copy and CD saved. The result is your machine can be compromised but there is nothing on it that will allow them to steal your coins as your private keys are all kept offline, using multiple cold wallets just mitigates against anyone being lucky enough to generate your key which is almost impossible but if it did happen you would only lose a small percentage of your holdings, it also means you don’t have to take 100% of your coins out of cold storage if you only need a smaller amount.
Treat your coins as if they are worth a $1000 dollars each because someday they just might be.
-
Before generating a new wallet for your computer you need to make sure that you do not have an infection. Even with an encrypted wallet the coins may not be safe if there is a keylogger on your computer.
If you just store your coins long term you could always generate a paper wallet. Ideally you do this on a computer that has never been connected to the Internet. You install the client, generate a key and get the private key from the client. You then take a copy of the public key and print your private key to store safely, then you wipe the drive and reinstall the OS. There are plenty of guides online for generating a paper wallet.
This may be a bit over the top, especially if you spend Feathercoins on a regular basis. Make sure that you have good anti-virus, your operating system is fully up-to-date and always encrypt your wallet. Personally I have my wallets encrypted on an Oracle VirtualBox VM. I like to live dangerously and back my encrypted wallets up to Google Drive in a passworded RAR but do have two factor authentication on my Google account.
-
[quote name=“Bushstar” post=“56333” timestamp=“1391198504”]
Before generating a new wallet for your computer you need to make sure that you do not have an infection. Even with an encrypted wallet the coins may not be safe if there is a keylogger on your computer.If you just store your coins long term you could always generate a paper wallet. Ideally you do this on a computer that has never been connected to the Internet. You install the client, generate a key and get the private key from the client. You then take a copy of the public key and print your private key to store safely, then you wipe the drive and reinstall the OS. There are plenty of guides online for generating a paper wallet.
This may be a bit over the top, especially if you spend Feathercoins on a regular basis. Make sure that you have good anti-virus, your operating system is fully up-to-date and always encrypt your wallet. Personally I have my wallets encrypted on an Oracle VirtualBox VM. I like to live dangerously and back my encrypted wallets up to Google Drive in a passworded RAR but do have two factor authentication on my Google account.
[/quote]Thanks again. Doing full scan, killed old wallet files and generated new ones, encrypted, and hope to move forward ok.
-
[quote name=“travwill” post=“56336” timestamp=“1391199436”]
[quote author=Bushstar link=topic=7346.msg56333#msg56333 date=1391198504]
Before generating a new wallet for your computer you need to make sure that you do not have an infection. Even with an encrypted wallet the coins may not be safe if there is a keylogger on your computer.If you just store your coins long term you could always generate a paper wallet. Ideally you do this on a computer that has never been connected to the Internet. You install the client, generate a key and get the private key from the client. You then take a copy of the public key and print your private key to store safely, then you wipe the drive and reinstall the OS. There are plenty of guides online for generating a paper wallet.
This may be a bit over the top, especially if you spend Feathercoins on a regular basis. Make sure that you have good anti-virus, your operating system is fully up-to-date and always encrypt your wallet. Personally I have my wallets encrypted on an Oracle VirtualBox VM. I like to live dangerously and back my encrypted wallets up to Google Drive in a passworded RAR but do have two factor authentication on my Google account.
[/quote]Thanks again. Doing full scan, killed old wallet files and generated new ones, encrypted, and hope to move forward ok.
[/quote]Do nothing on the same machine with same configuration until you find the reason how your coins were lost.
-
After reading this thought would double check mine, just noticed when updating your wallet to a newer software it’s takes the encryption off and need to re encrypt.
-
[quote name=“Drjones” post=“56345” timestamp=“1391202764”]
After reading this thought would double check mine, just noticed when updating your wallet to a newer software it’s takes the encryption off and need to re encrypt.
[/quote]It should not take the encryption off. This would be a neat trick for unencrypting wallets without a password :)
-
As I see that’s strange i encrypted litecoin wallet same time as feather but now checking and for some reason encryption padlock logo has gone off litecoin wallet after last update?
-
Is there an option to unencrypt anywhere, just re done and got my padlock :D
Very strange how it went as didn’t send any coins out of the wallet so didn’t type pass phrase in or anything hmmz
-
[quote name=“MrFeathers” post=“56348” timestamp=“1391203346”]
[quote author=mharrison link=topic=7346.msg56328#msg56328 date=1391196285]
[quote]Also it is impossible that anyone generated your private key by random.[/quote]Not impossible. I have been lucky enough to generate private keys to addresses that has had activity before. Very highly unlikely… Yes. Impossibly … No. It is the luck of the draw.
[/quote]I’m sorry but you are mistaken. The probability of what you claim to have accomplished is so small that it is essentially impossible. you would have to be the first person on this earth that has accomplished this. The probability is 2^160. There have never been any cases of address collision among ANY of the coins ever created.
read: [url=https://bitcointalk.org/index.php?topic=52569.0]https://bitcointalk.org/index.php?topic=52569.0[/url]
[url=https://bitcointalk.org/index.php?topic=104461.0]https://bitcointalk.org/index.php?topic=104461.0[/url]
[/quote]it can happen. especially if anyone figures out how to weaponize all those ASICs by making them do partial work.
-
Well, Mac is clean after multiple scans and wallets are now encrypted, my very dumb mistake. I believe I had an unknown replication of my wallet data file backups back themselves up to my Dropbox account while I was copying some other work files also :-( Had to be it.
So the address below is where the their sent my 11721 FTC coins. There is no way to get these back?
Kinda stinks that in crypto if this is the case, there is no way to reverse a transaction or remove it from block chain if it is truly criminal activity - maybe that is one pro of banks!
1 Not yet redeemed 11721 6tRgpmcXzBZD6kuybJzDjeMgXnJXFEAwZ7 DUP HASH160 20:a12e…445e EQUALVERIFY CHECKSIG
-
[quote name=“travwill” post=“56767” timestamp=“1391403450”]
…
Kinda stinks that in crypto if this is the case, there is no way to reverse a transaction or remove it from block chain if it is truly criminal activity - maybe that is one pro of banks!1 Not yet redeemed 11721 6tRgpmcXzBZD6kuybJzDjeMgXnJXFEAwZ7 DUP HASH160 20:a12e…445e EQUALVERIFY CHECKSIG
[/quote]It’s a feature of all cryptos, that transactions are non-reverse and of course there are drawbacks, like in your case.
Just deem your Crypto-wallet like a normal wallet full of $$$$$$$.
If that is lost or stolen the chance to get the money back is comparable to the chance you get your cryptos back, that’s life.And yes, it’s a pro for the banks to have reverse transactions and also this has drawbacks, as many sellers on Ebay can proove. ;)
-
[quote name=“zerodrama” post=“56354” timestamp=“1391208867”]
[quote author=MrFeathers link=topic=7346.msg56348#msg56348 date=1391203346]
[quote author=mharrison link=topic=7346.msg56328#msg56328 date=1391196285]
[quote]Also it is impossible that anyone generated your private key by random.[/quote]Not impossible. I have been lucky enough to generate private keys to addresses that has had activity before. Very highly unlikely… Yes. Impossibly … No. It is the luck of the draw.
[/quote]I’m sorry but you are mistaken. The probability of what you claim to have accomplished is so small that it is essentially impossible. you would have to be the first person on this earth that has accomplished this. The probability is 2^160. There have never been any cases of address collision among ANY of the coins ever created.
read: [url=https://bitcointalk.org/index.php?topic=52569.0]https://bitcointalk.org/index.php?topic=52569.0[/url]
[url=https://bitcointalk.org/index.php?topic=104461.0]https://bitcointalk.org/index.php?topic=104461.0[/url]
[/quote]it can happen. especially if anyone figures out how to weaponize all those ASICs by making them do partial work.
[/quote]If you could figure that out, you could break all of Bitcoin rather trivially by zeroing in on a key. Hash function are purposefully designed to make partial work irrelevant, because a different start work state will always result in a radically different intermediate work state making any partial work inherently useless. It’s like saying, “If anyone figures out how to make waffles by replicating infinite batter using zero energy and a waffle iron plugged into the wall.” It doesn’t work that way because it violates the laws of physics, or in the case of partial work hashes, of math… specifically the SHA family of hash functions. Break that one, and Bitcoin is the least of your concern.
-
If you insist on keeping a wallet on the computer, at least move the .dat file to a TrueCrypt drive - you can even install the client under the TrueCrypt drive. Or install it under a Virtual machine with TrueCrypt that has limited scope. Make sure the wallet is encrypted. Before opening make sure PC is clean.
-
travwill: I am very sorry for your loss of coins.
Even though your loss might be from the dropbox account. I would not trust your Mac. Anti-virus are definitely not a guaranty that your computer is virus free.
You can either re-install OS X after backup up your wallets to re-import them later. (Assuming there are no EFI rootkits installed on the Mac).
Better move your money to other wallets either on paper or on another computer dedicated to coins (always keeping a minimum of coins on a running computer).The recommendations for VMs are valid, they increase the difficulty of getting access to the wallets from a backdoor, but they remain exposed.
For encrypted partitions, they are essentially accessible from the backdoor when they are mounted (software is running). It is of use only when your computer is powered off.