Ask HN: $10k in cryptos stolen off my desktop from an encrypted folder, how?
I kept 500 Ether, 1,000 Litecoin and 500 PPC (and a little btc) in cold wallets in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.
I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
The other day I noticed a program running in the Task Manager called, "Wool Department", there was no google results for it, so I closed it but it kept coming back up (on Windows). Next I got an e-mail from Microsoft about verification, then a few other sites I have not used for a long time. My email was hacked years ago, so I changed my password and did not connect the two events at all.
My Ether address: 0xea13bae3f4d94b43d2224bb8a1abb0f4e7e0e24d My Litecoin address: LhfSd3ZzJMrWawrFimQcTnCx8rYQ3XYiVG *My PPC address: PPM4tkGmx9f4LMchhCqQAn6j843KDU3ELk
I assume I will never see any of it again, but would like to offer 1/2 of any recovered funds as a reward to anyone that can help to find the criminal(s) responsible/return the funds.
24 comments
[ 3.1 ms ] story [ 30.3 ms ] threadJust following the transactions I can see that 125 ether were sent to Poloniex so I'd contact them to see if they can help you.
b) check Teamviewer and remote desktop viewers. Especially the ports those programs would typically use. It is a common attack vector to come in through those and view your machine, install key loggers as you, etc. Which leads to the next part:
c) How was the 12 character password stored? Only in your head? In a password manager? in gmail? used in other areas?
They certainly aren't paper. They also aren't cold, being on a networked computer.
I don't like victim-blaming, especially because this is really a usability issue for crypto, but I have never heard anyone say that a pw protected .rar file is appropriate security. If you're going to make a significant investment into crypto, I just don't understand how you can ignore all the security advice.
If the crackers knows the archive contains coins, then bruteforcing is worth it.
If even someone that is technical savvy (I don't know much about the OP but someone that uses RAR, knows how to make crypto wallets and knows how to check the processes running in his computer is much ahead of the average person in terms of IT knowledge) can't be safe with their Crypto coins, you really can't expect that the average person ever trusts Bitcoin and company for anything.
I'm sorry for your loss, but there is nothing you can do really. Try and contact Poloniex for the Ether, but unless you have some prof those coins actually belong to you, it will be next to impossible to have them do anything.
third parties offer USD denominated checking accounts, that don't fluctuate in value. They offer visa debit cards, I think there is a credit card but not sure.
Credit-card sized, NFC-powered, tiny embedded devices could be a very practical, very secure, very easy to use hardware wallets.
The only limitation I see is that I could not see them work securely without a screen and I can't imagine a screen as thin as a credit card... :(
a) Your machine was already compromised when you made the rar
b) The attacker logged your password, either when you entered the archive or into another service which shares the same password
c) perhaps WinRAR encrypted archives have a cyptographic flaw making them easily broken by software
d) perhaps the attacker has been bruteforcing for a while
Culprit: >> (1) I download a lot from Torrent sites
Solution:
1. Wipe out computer / reinstall everything from clean sources.
2. Don't download crap!