Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. RAF_FenixDziś o 04:04
  2. My Dash was stolen.
  3. Can anyone help me investigate? How to track IP address from which tx was sent?
  4. strophyDziś o 04:06
  5. Hi @RAF_Fenix I'm sorry to hear that. To my knowledge, it is not possible to associate a transaction with an IP address, but you may be able to track the Dash to an exchange. You need to make a report to the police as soon as possible in order to be able to legally request an exchange to freeze your funds.
  6. RAF_FenixDziś o 04:07
  7. The stolen Dash sits at several addresses, not sent to any exchange
  8. strophyDziś o 04:08
  9. @xkcd will be able to help you tracking the Dash, at least until it gets sent to mixing
  10. But I don't think you have any method of tracking the IP that created the transaction, or finding who controls those addresses
  11. RAF_FenixDziś o 04:09
  12. It was 75000 dash. Hard to mix that amount.
  13. strophyDziś o 04:09
  14. How did the theft take place? How did the attacked get control of your private keys? If it was remote control of your computer, there may be logs involved
  15. RAF_FenixDziś o 04:09
  16. 75 MNs
  17. strophyDziś o 04:09
  18. @RAF_Fenix I believe @xkcd is already tracking this
  19. RAF_FenixDziś o 04:09
  20. What " this" ?
  21. How long will it take to mix that amount? I know it's non trivial for such sums
  22. My email is al4321@gmail.com please @xkcd contact me @Tao Of Satoshi maybe Tao can help me investigate
  23. strophyDziś o 04:11
  24. Mixing under Dash 0.13.x mixes much faster, and the attacker has already split it into multiple wallets to mix with himself. Together with multisession mixing, it is going quite fast.
  25. I strongly recommend you get in touch with law enforcement asap. Can you give us more information on the attack vector?
  26. RAF_FenixDziś o 04:12
  27. Then it's game over.
  28. For my crypto
  29. stan.distortionDziś o 04:12
  30. Pretty much, sry
  31. RAF_FenixDziś o 04:12
  32. I dunno, but either a virus or a "friend " planted keylogger
  33. Or remote session
  34. stan.distortionDziś o 04:13
  35. please don't tell me you had it in a wallet live on a windows pc, a hardware wallet is essential
  36. strophyDziś o 04:13
  37. This is your chance to get it back. You need to find someone qualified to do digital forensics on your machine to try and figure out who was connected to your computer and possibly where it went.
  38. xkcdDziś o 04:14
  39. WOW, this is the largest theft I have heard of @Dworf ^^^ We have a winner. Dworf can give you advice on how to deal with LE on this matter, he lost 9K DASH.
  40. @RAF_Fenix I did and do analysis of that DASH in DASH TALK discord in #markets channel, invite sent.
  41. RAF_FenixDziś o 04:16
  42. How did you do? You noticed that MNs left the network?
  43. stan.distortionDziś o 04:16
  44. @RAF_Fenix , like @strophy says, shut down that pc asap and get someone to take a look at it. get it off the net imediately
  45. RAF_FenixDziś o 04:17
  46. Done
  47. xkcdDziś o 04:18
  48. I monitor all the masternodes all the time and track every single movement of collateral.
  49. RAF_FenixDziś o 04:18
  50. Do you monitor IP addresses by chance?
  51. xkcdDziś o 04:19
  52. No, it is not known to me how to determine the IP of the wallet that sent the TX.
  53. RAF_FenixDziś o 04:20
  54. Hmm... you suggest me to do what? Jump off a bridge? Go back and find a job? (Hard after I became a pensioner)... it's absolutely devastating, I wanna die
  55. Like under the belt
  56. Anyway, what can I do now?
  57. I have hired private investigators but not yet called up the cops.
  58. HinnomTXDziś o 04:21
  59. @RAF_Fenix did you tell anyone about your stash?
  60. RAF_FenixDziś o 04:22
  61. Yes, my friends and family
  62. HinnomTXDziś o 04:22
  63. Anyone who might be computer savvy?
  64. RAF_FenixDziś o 04:22
  65. Yes, my friends are computer savvy.
  66. I have some suspect "friend", but no evidence
  67. How do I gather some evidence?
  68. (But it also could be a virus... but more likely a human)
  69. Basically you suggest the "social " way to investigate this.
  70. HinnomTXDziś o 04:25
  71. What OS was the host machine?
  72. RAF_FenixDziś o 04:25
  73. I have 2 suspects actually, but no evidence at all.
  74. Windows 7 + Virtualbox + Windows 7, so he broke into a VM or used keylogger
  75. Actually I looked into this VM. It was turned off at the time of the hack
  76. stan.distortionDziś o 04:26
  77. sorry again but don't get any hopes up, its very unlikely you'll get anything back. It wasn't in one lump which wouldn't have made it an obvious target but how you moved it might have. The best hope is someone targeted you because they heard about it, the chances of tracing that from your pc are slim but they're the best chance of all.
  78. xkcdDziś o 04:28
  79. @RAF_Fenix have you downloaded any other walles, been recovereding split coins eg BCH, BSV, Bitcoin Diamond? Did you setup RVN miner?
  80. Dworf lost his coins due to malware in BTC Diamond or Private wallet when he tried to claim his forked coins.
  81. The malware took all his DASH and about 6 other :poop: coins. I really hate this discord,.
  82. cant have an adult conversation in here, jesus christ @Tao Of Satoshi what is the point of this?
  83. HinnomTXDziś o 04:31
  84. I’m cursing out loud for everyone!!
  85. RAF_FenixDziś o 04:31
  86. Malware or human? How to know?
  87. xkcdDziś o 04:31
  88. Did you install anything recently.
  89. RAF_FenixDziś o 04:32
  90. Can we know exact time of tx sent?
  91. Only new Dash 13.1
  92. xkcdDziś o 04:32
  93. all on blockchain in UTC time.
  94. RAF_FenixDziś o 04:32
  95. But in seconds, or minutes?
  96. Dash Core shows only minutes
  97. xkcdDziś o 04:32
  98. OK, did you check SHA256 and signatures of the 13.1 installer?
  99. RAF_FenixDziś o 04:33
  100. Nope, but they are from dash.org, and I still have that installer
  101. HinnomTXDziś o 04:34
  102. Dumb question but was your wallet.dat encrypted?
  103. RAF_FenixDziś o 04:34
  104. Yes, and with a strong password.
  105. xkcdDziś o 04:34
  106. Cool, so you can check it later. windows7 is not the most insecure OS, that would be windows 10, but it is easy to get it infected. :thinking:
  107. Yeah, so there was a ley logger involved most likely.
  108. HinnomTXDziś o 04:35
  109. Keylogger, right?
  110. RAF_FenixDziś o 04:35
  111. I think it's a human: he still left 0.74 DASH in my wallet. Would a virus leave it? Probably not.
  112. xkcdDziś o 04:35
  113. Key loggers are mostly in software, but there are some hardware ones, could be interesting to check the cables.
  114. HinnomTXDziś o 04:35
  115. Nope, that’s a taunt!!
  116. Definitely human
  117. stan.distortionDziś o 04:36
  118. What country are you based in? might be someone well known can take a look at pc, verify checksums offline etc
  119. RAF_FenixDziś o 04:36
  120. Israel.
  121. Okay, so we can rule out a virus. So a human.
  122. Did dwarf had 0.x Dash left like me?
  123. Or it was 0.000 DASH
  124. Anyway I do have 2 suspect "friends ", whom know crypto and know I had the coins. But no evidence. What are my chances? Pritty nil.
  125. HinnomTXDziś o 04:38
  126. Also, it’s roughly 1/100,000 of your stash. Definitely feels like a malevolent taunt
  127. stan.distortionDziś o 04:39
  128. don't give up altogether
  129. RAF_FenixDziś o 04:39
  130. Anyway: what now? Police or private investigator?
  131. JGCMinerDziś o 04:40
  132. Sorry about the deletions guys, but just to be clear the mods are not actively deleting anything.
  133.  
  134. There is a swear filter bot active that has 0 concept for gravity of this horrible situation.
  135.  
  136. My condolences. Hopefully, you can find some evidence and nail the guy.
  137. HinnomTXDziś o 04:40
  138. Computer forensics
  139. stan.distortionDziś o 04:42
  140. all imo, police asap but you might need to get someone to copy yor hard drive before the police get it, they might even do a copy for you if you ask
  141. RAF_FenixDziś o 04:42
  142. The big philosophical question: Should I just off the bridge? Should I give up on crypto entirely?
  143. The crypto needs to have some safeguards...
  144. HinnomTXDziś o 04:43
  145. Do you have any other crypto or valuable data on the machine? If so, you need to protect it
  146. RAF_FenixDziś o 04:43
  147. Which the banking system has in place. The small sums fly instantly, but for big sums, my banker always calls me up and denies any tx by default over $10,000
  148. No. I have other crypto paper wallets
  149. But not on this comp
  150. You know what? After this hack I start to appreciate traditional banking more...
  151. stan.distortionDziś o 04:45
  152. lol,, give up on crypto? No :smiley: look at the boom-bust cycles, another is inevitable and another wave will jump on it and that's going to keep happening, you're still an early adopter
  153. RAF_FenixDziś o 04:45
  154. In traditional banking it's no so simple to steal $6 million. $6000, yes, maybe.
  155. The very concept of one such disaster can wipe out a human.
  156. And his life savings.
  157. xkcdDziś o 04:46
  158. @RAF_Fenix The crypto needs to have some safeguards...
  159. Be your own Bank does come with some risks, I don't think your security was very good considering the amount of coin you had.
  160. stan.distortionDziś o 04:46
  161. banks have had just the same, billions in digital theft lately. their customers balances are restored but who foots the bill?
  162. RAF_FenixDziś o 04:46
  163. Basically it's like losing a house due to war and enemy bombardment. House is everything that most families have, with small savings in the bank.
  164. House is most wealth that most families have... so I lost my biggest asset. Dash.
  165. xkcdDziś o 04:48
  166. Yes, but it is possible to create 75 wallets offline, print out the private keys and send 1 K DASH to each of them and know those keys are never online, you can and should start masternodes that way, or use a Trezor.
  167. RAF_FenixDziś o 04:50
  168. If never online, then how to start a MN?
  169. xkcdDziś o 04:50
  170. @RAF_Fenix Don't give up hope, there may be ways to recover this DASH if the thief makes a mistake, it will be almost impossible to mix that amount of DASH, much less sell it, we are tracking it all.
  171. HinnomTXDziś o 04:51
  172. One thing I’ll point out. Dash Core keeps a backups folder of old wallet.dat files. You should check to see if any old backup was not encrypted.
  173. RAF_FenixDziś o 04:51
  174. My email is al4321@gmail.com if you find anything. I may be offline, because I feel like a dead sausage.
  175. xkcdDziś o 04:52
  176. You can start the MN from DMT, or core wallet by submitting the protx commands, I believe the masternodekey in <DIP3 MNs was what was needed, not the actual collateral.
  177. RAF_FenixDziś o 04:52
  178. Hinnom: impossibility. It's an old wallet.
  179. stan.distortionDziś o 04:53
  180. @RAF_Fenix ,starting a masternode while keeping the wallet offline works by cryptographic signatures, being able to know for sure a message was sent by a wallet without having a copy of that wallet
  181. RAF_FenixDziś o 04:53
  182. And a new VM
  183. TroyDASHDziś o 04:54
  184. @RAF_Fenix I'm sorry to hear about this, it must be devastating. Please, in all seriousness if you feel like you might be a danger to yourself either now or in the future, do seek help
  185. stan.distortionDziś o 04:55
  186. what time is it over there?
  187. RAF_FenixDziś o 04:55
  188. I don't know if I'm in danger, I think not...
  189. I don't feel danger.
  190. But...
  191. TroyDASHDziś o 04:55
  192. yeah I'm just trained not to take hypothetical questions about jumping off bridges lightly
  193. RAF_FenixDziś o 04:56
  194. 5:55 AM in the morning
  195. stan.distortionDziś o 04:56
  196. If it's morning go and see the cops, needs to be done soon anyway
  197. TroyDASHDziś o 04:56
  198. how recently did the theft occur?
  199. RAF_FenixDziś o 04:56
  200. 1.March, few days ago
  201. stan.distortionDziś o 04:58
  202. do you know when the transactions started moving?
  203. RAF_FenixDziś o 04:58
  204. They didn't.
  205. Coins sit idle
  206. @xkcd what kind of blockchain forensics can I collect?
  207. Dash was the majority of my total wealth.
  208. I still have other coins to boot...
  209. TroyDASHDziś o 05:00
  210. are you sure your other coins are secured?
  211. RAF_FenixDziś o 05:00
  212. No.
  213. But I cannot use a Windows PC to create new wallets anymore
  214. The problem is that I'm unable to manage a 1man bank. I have failed. And faith in crypto reduced.
  215. xkcdDziś o 05:03
  216. * 75 Masternodes rolled up and collected into the below addresses
  217. XmbEiJ18q2ntiqk74fXpUY7m6BmGDrT3NU 31.5K
  218. Xxh1ADFhTuikPQYW69LXChbEHyEyGoXwpp 16K
  219. XcG3dm2sWnkdzDbFgxfa5qw3pjtijmCbVB 15K
  220. XqLEYh2WFAVjvgbLEFdbe5hHhnQYDiDq9g 12.489K
  221.  
  222. Mixing has started on Xxh1ADFhTuikPQYW69LXChbEHyEyGoXwpp it is running multiple sessions. I believe the thief reads DASH TALK discord as after I mentioned you can mix 2K DASH at a time, he started peeling off 2K chunks for mixing.
  223. RAF_FenixDziś o 05:04
  224. I had only 75 MNs
  225. Where did 76 come from?
  226. xkcdDziś o 05:04
  227. Maybe a few rewards, these MNs were nice little money printers. :wink:
  228. RAF_FenixDziś o 05:04
  229. 74+ rewards
  230. It was like 74950+
  231. Less than 75 nodes
  232. xkcdDziś o 05:05
  233. Can you check the addresses and see if he collected someone else's stolem funds too?
  234. RAF_FenixDziś o 05:05
  235. They print, until it's gone.
  236. Good idea.
  237. xkcdDziś o 05:06
  238. If he is stupid enough to mix with two robberies, it might make tracking easier.
  239. RAF_FenixDziś o 05:07
  240. Actually the count is 75k coins
  241. xkcdDziś o 05:07
  242. Also, @Dworf will discuss with you how to track mixed coins, we wont mention in here.
  243. TroyDASHDziś o 05:07
  244. I would hope a thief would have a hard time unloading that many coins without making a mistake somewhere
  245. RAF_FenixDziś o 05:07
  246. Please count stolen coins again . I lost about 74950 coins.
  247. stan.distortionDziś o 05:07
  248. try and get in touch with local crypto communities, if and shops are accepting it near you they're worth asking and meetup groups might have someone to get in touch with:
  249. https://www.meetup.com/bitcoin-il/messages/boards/
  250. EDIT: Chances are the first person you talk to will put you in touch with someone who knows their way around pc's and if they're any good they'll put you in touch with a pro. Before they do anything ask them if they'll stop in for a chat here or the forum, you shouldn't have much difficulty finding someone who go through storing your other offline coins safely and maybe the forensics too.
  251. Israel Bitcoin Meetup Group Message Board -
  252. Israel Bitcoin Meetup...
  253. This group is for Israeli enthusiasts of Bitcoin, the world's first decentralized digital currency.
  254.  
  255. See also:
  256.  
  257. http://bitcoin.org.il/
  258. https://groups.google.com/forum/?fromgroups#!forum/bitcoin-il
  259. htt
  260. xkcdDziś o 05:09
  261. @RAF_Fenix Correct 75K, updated post.
  262. tungfaDziś o 06:05
  263. @RAF_Fenix
  264. that is terrible news
  265. hang in there buddy , so sorry to hear :pray:
  266. RAF_FenixDziś o 06:49
  267. Tungfa and others: is it possible to introduce delay for large transactions?
  268. So that no one can use it, and I could cancel.
  269. But it will not help me anyway, since then money will be locked. He will cancel my tx, he will cancel my
  270. I start to appreciate the banking system more after this crazy hack.
  271. strophyDziś o 06:50
  272. It might be possible to configure timelocks on your own MNO collateral transactions, yes.
  273. RAF_FenixDziś o 06:51
  274. But it will not help for my scenario...
  275. Where hacker got private key
  276. It will still execute, just with delay.
  277. Only multisig... maybe.
  278. strophyDziś o 06:52
  279. Yes, this is something you would have needed to do while setting up your masternodes. It's not something that can be done at the protocol level without affecting all transactions above a certain value. The would require a change in consensus and thereby a hardfork I think. Multisig recently also became possible with DIP3, I believe.
  280. RAF_FenixDziś o 06:54
  281. Bank, being a regulated entity will ask for my passport and documents what I plan to purchase before doing even a $100 k tx
  282. Basically I failed to become my own bank.
  283. LebubarDziś o 06:56
  284. I think it's important to understnad what happened. To know if it's inside job (ie: friend or person with fisical access to your cumputer) or hack from internet...
  285. RAF_FenixDziś o 06:57
  286. Can I figure out which PC or IP sent the tx ?
  287. strophyDziś o 06:57
  288. This is extremely high level stuff that I doubt even major operators like Crowdnode have considered. Don't beat yourself up too much. Focus on forensics, investigators and law enforcement. Talk to Dworf, he will have a boatload of advice about how to handle this.
  289. RAF_FenixDziś o 06:57
  290. I should choose the police or private investigator?
  291. Private are smarter and more dedicated, but police has more ability
  292. Maybe both :smiley:
  293. Anyway money is gone.
  294. strophyDziś o 06:59
  295. I believe Dworf talked to Interpol and private investigators, but please check with him to make a plan on how to report this. In NZ for example we have a digital crimes unit that were involved with the Cryptopia hack, which probably involved a similar amount of currency.
  296. Don't give up or get mad mate :wink: get even!
  297. RAF_FenixDziś o 07:00
  298. I barely could sleep tonight. Only 2 hours.
  299. QuantumexplorerDziś o 07:43
  300. I'm really sorry to hear about this.
  301. pijiupingDziś o 08:13
  302. many mns use only one password?
  303. tungfaDziś o 08:22
  304. @RAF_Fenix
  305. i would go straight to cyber security department of your country + police report (to have it on record - u never know)
  306. private investigators u still can hire , but tbh it will cost u a bunch of $ and i doubt they can recover anyway
  307. check if the state (cyber security department) can take care of that
  308. (isn’t that their job)
  309. but as said , it will be super hard to recover anything , but 100% worth a try , even if it is to protect others (good karma in a bad event)
  310. def have your computer checked by a 100% tech savvy + 200% trusted source (so your other coins do NOT disappear too !!)
  311. PS
  312. i messaged one of our core devs who is from your country if he is there and can help / or has a contact that can)
  313. MoKaDziś o 10:55
  314. @RAF_Fenix where did you store your dash when it was stolen? Trezor ? Ledger ? Core? I'm simply asking to secure my own funds.
  315. tungfaDziś o 10:56
  316. QT wallet on PC he used
  317. fuzzyduckDziś o 11:01
  318. Windows 7 in VM on windows 7