Ask HN: $10k in cryptos stolen off my desktop from an encrypted folder, how?
I kept 500 Ether, 1,000 Litecoin and 500 PPC (and a little btc) in cold wallets in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.
I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
The other day I noticed a program running in the Task Manager called, "Wool Department", there was no google results for it, so I closed it but it kept coming back up (on Windows). Next I got an e-mail from Microsoft about verification, then a few other sites I have not used for a long time. My email was hacked years ago, so I changed my password and did not connect the two events at all.
My Ether address: 0xea13bae3f4d94b43d2224bb8a1abb0f4e7e0e24d My Litecoin address: LhfSd3ZzJMrWawrFimQcTnCx8rYQ3XYiVG *My PPC address: PPM4tkGmx9f4LMchhCqQAn6j843KDU3ELk
I assume I will never see any of it again, but would like to offer 1/2 of any recovered funds as a reward to anyone that can help to find the criminal(s) responsible/return the funds. How are they cold storage paper wallets? They certainly aren't paper. They also aren't cold, being on a networked computer. I don't like victim-blaming, especially because this is really a usability issue for crypto, but I have never heard anyone say that a pw protected .rar file is appropriate security. If you're going to make a significant investment into crypto, I just don't understand how you can ignore all the security advice. Which is one reason I could never see my parents using a cryptocurrency. So many things can go wrong. It's the reason I don't (seriously) use it. I have 3 bitcoins or so floating about somewhere. The fact that he uses RAR, a non open format makes it even worse. I don't think we need to suspect the RAR encryption is broken. By default, at least on Linux, even if an archive is encrypted a 'rar l <file>' will show a file list though. So if the files had relevant filenames like mybitcoins.txt then it made searching the harddrive for money easier. At least I suspect crackers look for files called creditcards.txt, passwords.txt etc. If the crackers knows the archive contains coins, then bruteforcing is worth it. a) thats not how cold wallets work, they weren't supposed to be on a networked computer at all. b) check Teamviewer and remote desktop viewers. Especially the ports those programs would typically use. It is a common attack vector to come in through those and view your machine, install key loggers as you, etc. Which leads to the next part: c) How was the 12 character password stored? Only in your head? In a password manager? in gmail? used in other areas? This story illustrates perfectly one of the big reasons why Bitcoin and company aren't and will probably never be used by the general population for anything really. If even someone that is technical savvy (I don't know much about the OP but someone that uses RAR, knows how to make crypto wallets and knows how to check the processes running in his computer is much ahead of the average person in terms of IT knowledge) can't be safe with their Crypto coins, you really can't expect that the average person ever trusts Bitcoin and company for anything. I'm sorry for your loss, but there is nothing you can do really. Try and contact Poloniex for the Ether, but unless you have some prof those coins actually belong to you, it will be next to impossible to have them do anything. I see no reason why bitcoin wallets can not be made to work as simple or simpler than a credit card. The fact that, currently, they are not easy, is not an indication usage can not ever be easy. Credit-card sized, NFC-powered, tiny embedded devices could be a very practical, very secure, very easy to use hardware wallets. The only limitation I see is that I could not see them work securely without a screen and I can't imagine a screen as thin as a credit card... :( Coinbase 2-factor auth plus their long-term Vault storage is plenty secure for the general population. Or even better a checking account. Yeah, if you're ok with a third part like Coinbase holding your money, just use a bank. That's what banks are meant for! they exist. third parties offer USD denominated checking accounts, that don't fluctuate in value. They offer visa debit cards, I think there is a credit card but not sure. My best guesses: a) Your machine was already compromised when you made the rar b) The attacker logged your password, either when you entered the archive or into another service which shares the same password c) perhaps WinRAR encrypted archives have a cyptographic flaw making them easily broken by software d) perhaps the attacker has been bruteforcing for a while "Wool Department"? Sounds like you got fleeced. Well I'd start by sweeping out whatever is left. Your ether address still has 5 ether left in it... Just following the transactions I can see that 125 ether were sent to Poloniex so I'd contact them to see if they can help you. Yeah... The moment you see a windows process called "Wool department" that restarts itself you unplug your computer and rebuild it from scratch. Keylogger likely was installed on your computer and everything you was doing been monitored. Culprit:
>> (1) I download a lot from Torrent sites Solution: 1. Wipe out computer / reinstall everything from clean sources. 2. Don't download crap! Was your password based on a phrase that's in a book TV show or movie? It could have been guessed by a dictionary attack. Even a phrase from urban dictionary could be guessed for example. I could to relate to you doing all of what you mentioned (torrents, "cold" wallets", hacked email) up until you mentioned Windows. What if you had an anti-virus? Do you think that would have helped? This is shocking. Let's all donate to the above addresses to try and get this fella back on track Are you serious? You must be joking.