Bitcoin-Qt Wallet Hacked

I discovered last evening that my wallet was recently hacked resulting in the theft of a total of approximately 0.5 BTC. I need to securely move my remaining bitcoins and MAID to a more secure wallet. My plan was to export my private key(s) (with internet disconnected) to omniwallet.org so that I can transfer the remaining bitcoins (using omniwallet.org) to my secure Mycellium wallet and then keep the MAID coins on omniwallet.org or move them to my Poloniex MAID wallet without ever running Bitcoin-Qt again. Is this the best approach? I no longer trust Bitcoin-Qt or desire to run it while connected to the internet. When I installed Bitcoin-Qt (while disconnected from the net), I wrote down what I think is the private key. Does this single private key or address secure all of the wallet addresses in Bitcoin-Qt? In other words, can I just type this key into omniwallet.org as the imported key?

It was your OS that got hacked, don’t blame Bitcoin Qt.
It also sounds like you didn’t encrypt your wallet (almost nobody does it, but again, the feature is there, you just didn’t use it).

  1. No, it does not, because that doesn’t sound like it is a private key what you wrote down.
  2. No, you cannot, because it’s not a private key.

Copy your wallet to a clean PC and extract the keys on it. Google the Web for instructions.

1 Like

use Debian Linux, safe and sound

1 Like

Believe it or not, my wallet is encrypted. The thefts only occurred as parts of transactions that I initiated. I guess it was only then that my private keys became visible or vulnerable. I don’t believe that the thief has my private keys or access to them other than when I am making transfers, otherwise the affected wallets would have been zeroed out by now. Does the rest of my plan sound reasonable? I don’t like Bitcoin-Qt and I was planning to stop using it eventually. The block chain is too damn big and it takes forever to keep it updated. Also, as the thefts were occurring, the Bitcoin-Qt balances did not reflect actuals, as reported by omniwallet.org. This was my first indication that something screwy was going on. Whenever I accumulate large balances going forward, I plan to move them to cold storage/paper wallets and lock them in my safe.

Hmm, okay. Then what you wrote down is your wallet password (I suppose, as I don’t use it myself :slight_smile: and I don’t remember being asked to write anything down).

How to get private keys for various addresses:

Fair enough, but you can use Bitcoin Core 0.12 with blockchain trimming which keeps the blockchain down to a reasonable level (few hundred MB, IIRC).

How does Omniwallet know the addresses of your Bitcoin Qt client?

Your plan sounds reasonable, but I don’t think your tokens were stolen the way you think. Once you make a transaction (“Send”) in Bitcoin Qt, there’s no “plain password” being broadcast to some bitcoin server - it’s only a transaction. If your Bitcoin Qt wallet is encrypted, then you either have a key logger (which logged your password and allowed the thief to operate your wallet while you didn’t look - check times of your transactions from the wallet addresses), or the thief maybe got the password and then copied the entire wallet.dat off-site to use it at his convenience.

In any case, yes, get the private keys and import MAID from another wallet that can recognize them, then either guard that properly or send to Polo (hope it doesn’t go bust or get robbed).

I imported the public addresses from my Bitcoin-Qt client into Omniwallet as watch-only addresses. [quote=“janitor, post:5, topic:8887”]
If your Bitcoin Qt wallet is encrypted, then you either have a key logger (which logged your password and allowed the thief to operate your wallet while you didn’t look - check times of your transactions from the wallet addresses), or the thief maybe got the password and then copied the entire wallet.dat off-site to use it at his convenience.
[/quote]

I think that the method of attack is the former, since I still retain most of my tokens. The two types of transactions look something like this:

Bitcoin-Qt address 1 (x+y BTC) ----> Thief’s address (y BTC)
|
|-----------------------------------------------> My external address (x BTC)

In this first example, my Bitcoin-Qt wallet balance only shows a reduction of x BTC following this transaction and exactly x BTCs arrive as intended in my external wallet. However, a simultaneous transfer also occurs to an address that I do not recognize. This can be learned from blockchain.info.

In a second example, two separate transfers from two different wallet addresses occured in the same instant:

Bitcoin-Qt address 1 (x+y BTC) ----> Thief’s address A (y BTC)
|
|-----------------------------------------------> My external address (x BTC)

Bitcoin-Qt address 2 (z BTC) ----> Thief’s address B (z BTC)

In both of these examples, I initiated the “sends” from only Bitcoin-Qt address 1 and the stolen amounts are never reflected in the Bitcoin-Qt balances.

What is the destination of the stolen funds?

This is from Megacoin but it might help to get you familiar with private keys

On Bitcoin QT you can set a password, this password is needed whenever you want to send bitcoins.

On bitcoin QT, you can do this by going to: settings/change passphrase

You can download bitaddress.org for a new bitcoin address
to download it, click CTRL S and after that you downloaded bitaddress.org website disconnect from the internet as shown in the video above.

Goodluck

My current settings require that I use a password whenever I send bitcoins.

Have you changed that password since the theft (maybe it’s a keylogger)? Have you installed an antivirus? Have you gone through how somebody could have taken that 0.5 btc?

It might also be dangerous to got to site like omniwallet.org, things like that might give the hacker the idea, that there is more than just bitcoins.

However, a simultaneous transfer also occurs to an address that I do not recognize. This can be learned from blockchain.info.

You’d have to post links to the blockchain.info tx, this is too speculative as far as I am concerned.
Or just execute your rescue plan.

I did change the Bitcoin-Qt password immediately after discovering the theft. When I ran my antivirus software, it discovered 15 viruses, most of them trojans. I am going to transfer all of my remaining BTC tonight using Omniwallet with my private keys into my Mycellium wallet. I’ll probably park my MAID in my Poloniex account temporarily (also using Omniwallet) until I can exchange them for SAFE. Hopefully, this will not take too long because I don’t necessarily trust Poloniex either (even with 2FA). The stolen funds were BTC/crypto mining pool proceeds representing less than a day’s earnings. This was a rather inexpensive lesson, all things considered, and I am grateful to have learned it before the stakes became significantly greater.

I am planning to do both tonight once I have an opportunity to run MalwareBytes on my computer and export my Bitcoin-Qt private keys and transfer my coins.

Here they are:

From address: 1QBgxyGgMxdQGSL1DeqQTTLwcub24rWMXc to:

1FwQ3prHU9rpwdytNg71P5PXDHLZKvVSi6 0.01005367 BTC 2016-04-23 20:08:45
1MRbpNNamh7w1ioiQ7tdtvqWehFD1hcSLo 0.27198257 BTC 2016-04-17 03:20:44
1Q3XRVRWfYx6Dw5Yaah5abgZVVYTXUdZf9 0.00017485 BTC 2016-04-10 10:20:56
1LBxuz3PbsFsLLuTK43SGfCyXAJHxiiA5D 0.01005334 BTC 2016-03-26 03:21:50

And finally, from address: 1NYx7y1YV3aw3gzNd5wQaRFftyJdonKDyG to:

1PvhmuT87bphLLF3wybF6pTNpgnMZNtcmg 0.02396784 BTC 2016-04-24 14:18:55
1FwQ3prHU9rpwdytNg71P5PXDHLZKvVSi6 0.01005367 BTC 2016-04-23 20:08:45

Also which OS are you on? not sur eif you already mentioned it

I am running OS X 10.9.5.

Please forgive me. This whole issue arose from my misunderstanding of how Bitcoin-Qt operates. My funds were not stolen! Contrary to my original belief, Bitcoin-Qt is not a single-address wallet, meaning that when there are unspent outputs, the “change” is sent to the next available empty address, causing the creation of a new empty address to take its place. However, this new address is still entirely under my control. I found the following link to be extremely informative: http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses. Hopefully this information will benefit others. I have since created paper wallets to securely store large BTC balances and I am really enjoying my Mycelium wallet.

1 Like

No surprise, as I said above the claim was too speculative :slight_smile:
Carry on.

Hey, bro. In this article they write about safe wallets. Maybe it will help you in the future