A Filthy Darkcoin Heist (and what I learned from it)...

DRKLord

Member
Jun 2, 2014
92
94
68
Louisiana
Hey guys,

I'm going to tell you all a story about something really eff'ed up that happened to me recently, and remind you of how important it is to take your computer and financial security seriously to avoid anything like this happening to you. I was sloppy and careless, and I almost lost a good bit of money and put myself, my name and reputation at grave risk. And I'm lucky that I was able to fix the problem and that it didn't get out of hand. I could've lost soooo much more...

About a week ago I had to suddenly leave in the middle of the night and go to the hospital. It was an emergency, so I took off straight for the hospital without a second thought. I ended up having to stay in about 4 full days/nights until I was well enough to be sent home. When I returned home, the first thing I did was get on my PC to check on Darkcoin and crypto stuff. So I go to Cryptsy.com and try to log in... it says invalid password or username. Uh ohhh... what's going on here, Cryptsy?! I try to login to my email to reset my password... invalid password! Now I know something is SERIOUSLY wrong, and it's obvious I've been hacked or my account was somehow compromised and I'm pretty sure that if/when I regain access to my account I'm going to have zero coins left... :-/

So I start trying to figure out what's happened and what's going on... My passwords are always made up of very long strings of pseudo-random alpha-numeric characters of mixed case. Since there are a lot of lengthy and complicated passwords that I use regularly, I save them embedded in a secret text file on my PC. The file is encrypted, and the only way to read it is to know where to find it, open it, decrypt its contents with an extremely complex key and then run the decrypted output through a special script that strips the passwords and data from the block of text. It's quite an elaborate and robust security measure, so I knew that the odds of someone being able to: 1) steal the file 2) crack the encryption 3) steal the reader script 4) brute-force the script key are virtually null -- they had to have gained access another way. I calculated the odds of someone simply brute-forcing my Cryptsy password and, as I'd suspected, it could take many thousands of years of hashing and permutations to break on a high-end machine. So the odds someone brute-forced my Cryptsy AND email passwords were slim to none as well. So how did they do it?

I went over other possibilities... I suppose I'm now a fairly well-known developer and crypto investor, so I knew it was entirely possible I'd been specifically targeted by hackers from the crypto-currency community -- a possibility I've always taken great precautions to guard against. I checked my system for key-loggers, spyware and anything out of the ordinary. As usual, it was 100% clean... I only download things from trusted sources and before using anything I download I always manually verify checksums and check the files for anything malicious... The only recent modification to my system was a simple Windows update, and it had the right checksum and was clean. So how did this happen?! At this point, I realized that it was probably an "inside job" because my security measures are very strong and difficult to get around and there was no breach to be found. After about 10-15 minutes, I hacked back into my own email and changed my password to lock out whoever had broken in. Then I start reading through my inbox... then I see a withdrawal confirmation from Cryptsy for a withdrawal of 1.40093 BTC which took place the morning after I was admitted to the hospital! :mad:

After a bit more investigation, I noticed that the last login to my Cryptsy account was from my own external IP address... meaning that whoever made this withdrawal did so on MY freakin network and probably on MY damned PC! The only person I could think of who had the knowledge to do something like this was my girlfriend. But she had been with me the ENTIRE time, and I trust her a lot more than that. This girl has held onto $10K+ in cash for me on several occasions and used to keep an eye on my safe full of gold and silver bullion for me in the past... she'd never stolen a single penny, and has always been trustworthy with money. So I knew she didn't do it and wouldn't do it even if she had the chance. The only other person I could think of who knew about my BTC/DRK holdings at Cryptsy was my mother... but she would never steal my coins either, and she's too computer illiterate to do anything with coins even if she did. However, my mother had been at the house while I was gone and when I went to the hospital I asked her to go shut down my PC for me. So I called her over to try to figure out what went wrong. If anyone could give me some clues, it would be her.

So I asked my mother if she or anyone else had gotten on my PC in my absence. She said no, she never got on it or fooled with anything and no one had been around the house. And she told me that not long after I went into the hospital there was a short 2min power outage that shut my PC off and she had left it off since then -- no one could've used it after that point, because only I know the Windows login password. Then I explained to her what happened and that I suspected the thief had gotten on my computer to access my accounts and steal coins. She was shocked, but she said no one had messed with my computer or had the opportunity to do so. Then I asked her: "Did anyone at ANY point in time since I left to go to the hospital touch my computer whatsoever?" ...

She said that a friend of mine, who we will call "Percy", had come over to my house after I'd left for the hospital to help her take care of a few things. And that as far as she knew, Percy had only used my computer to get online and find out some information about the hospital for her. At that point, I knew it had to be Percy. Not only does Percy know how to use Bitcoin and knows that I'm a dev and investor, Percy knew that I traded on Cryptsy and had coins there. Percy has watched me trade before and knows how it works. And interestingly enough, we'd been told that Percy has been struggling with a drug problem and was a Silk Road user. Bingo! Now I knew who did it and why... I only needed to figure out how. But the answer to that was simple enough. When I took off to leave for the hospital, my PC was left on and my web browser was left open. So my Cryptsy session was still logged in. When Percy heard I had just been rushed to the hospital he pretended that he wanted to help my mother take care of my dog and lock down my house and be a "good friend", but he really just wanted a chance to snoop on my PC for coins in my absence. So he got into my house and onto my PC under a false pretense, pretending he was going to help me by helping my mother deal with my loose ends. When he got on my PC and saw my Cryptsy browser tab open he just proceeded to sell all my DRK and withdrew the BTC proceeds from the sales -- it was around 140.00 DRK, and came out to about 1.4009 BTC. To try to "hide his tracks", he withdrew the coins to a previously unused address and then attempted to bounce them around and then mix them. But with a couple minutes of block-chain analysis I was able to find all 1.4009 BTC. Since the power had flickered off/on an hour or two after Percy was in the house, no one else had access to my PC after he did. And I discovered that the place he sent the coins to was a Silk Road wallet address... :rolleyes:

Having figured everything out and found proof Percy was the thief, I called him to confront him... he wasn't aware I was home yet, and I called him from my mother's phone. When he heard my voice on the phone his voice cracked and he got all squeaky and squealy like a little girl -- as I laid out the proof/evidence of his theft to him. I won't go into details, but I got pretty heated and angry during the next minute or two of our conversation and put the fear of God into his ass, lol. I refrained for making any actual threats against him, but made it clear I was going to do whatever it took to bring him down and get my coins back and his thievery would NOT be tolerated! I'm definitely not a Billy Bad-ass UFC fighter type of guy, but I was raised in the hood and I'm a force to be reckoned with... Percy definitely didn't want a physical confrontation over these coins because he knew how that would turn out. So he immediately admitted what he'd done and pleaded with me not to take action against him... he knew I could do a lot of harm to him if I wanted to and I pointed out that I also knew about his illicit purchases online...

About 15 minutes later, I received a Bitcoin-qt notification: Incoming Transaction: 0.70 BTC. He had sent back half of the coin he'd stolen right away. He texted me and said, to paraphrase: "There's half of your coins back. I already spent some of it but please just give me a couple days to pay you back the rest! Please!" So we made some arrangements... He was so afraid of having to see me face-to-face that I had to let him drop money to me by tossing it over my fence or dropping it in a neighbor's mailbox for me, even though I promised to give him temporary ass-whoopin amnesty anytime he was bringing me a payment (I'm a reasonable guy and the DRK Lord is merciful, lol).
 
  • Like
Reactions: buster

DRKLord

Member
Jun 2, 2014
92
94
68
Louisiana
(story continued...)

I'm pleased to say that, as of now, I have been repaid 1.2470 BTC of the total of 1.4009 that he stole from me and he now owes me only $100.00 USD or another 0.1697 BTC (since he stole my money, he has to assume any exchange rate losses). Once this final $100.00 USD or 0.1697 BTC is paid off, he's also going to have to pay me some interest and a little extra to compensate me for damages/inconvenience. I'm not sure how much interest/damages I'm going to charge him for (it needs to be painful but not unreasonable), but I'm thinking he should definitely pay 32% interest or more -- at least more than what a debtor would pay in interest for coins a creditor willingly lent to him/her. In this case, he had no permission to touch my coins and I was not willingly lending him anything -- he tried to knife me in the back while I'm sick in the hospital -- so I think a steeper fee/penalty is called for...

The moral of this story is that the threat to your coins and your wallet isn't always coming from the outside... sometimes, your worst enemy comes into your camp disguised as a friend and tries to hit you from the inside. It could be a friend, a family member, girlfriend, roommate or anyone. And it's also important to remember that the person may not WANT to harm you, but they could have some kind of drug of gambling addiction you're unaware of! It's sad that we live in a world where you have to be paranoid about your own friends and family stealing from you, but this is reality... and we should all take steps to protect ourselves from things like this happening.

Here are some tips to keep your wallets and coins safe at home:
  • Always password-protect / encrypt your Bitcoin and Darkcoin wallets, and make sure it's locked after use
  • Use strong passwords of random alpha-numeric characters (mixing upper & lower case)
  • Never use words, birthdays, lucky numbers or anything someone who knows you can guess in your passwords
  • Never use simple words or phrases for passwords because they can be discovered by simple brute-force attacks
  • Avoid saving your passwords and usernames in your web browser
  • Always log out of your banking, exchange/trading and other financial accounts and email immediately after use
  • Log out of accounts and close sensitive documents anytime you walk away from your computer
  • Always close all sensitive accounts and documents and log out of your user account when guests are coming to your house

You should always remember that if ANYONE knows you have a good bit of coins/money, you could easily be targeted by someone you know who could steal your coins from right under your nose! If someone does steal your coins, it usually doesn't work out as well as it did for me in this particular case. I was fortunate that I was able to identify the culprit and had proof and a witness, and that the thief was so terrified of the ol' DRK Lord that he returned the money right away. :cool:

A reasonable level of paranoia is a good thing. I was sloppy and complacent and left myself exposed. And I thank God that it was only my Cryptsy account I left exposed. I can only image what could've happened if he'd gotten into all my other exchange accounts and my Bitcoin and Darkcoin wallets... if I'd been more careless he could've even gained access to my forum accounts at BitcoinTalk and DarkcoinTalk and used my name/rep to defraud other users -- he could've even taken out loans in my name, or contacted vertoe and cleaned out my masternode investments too. So thank goodness I'd only left open one Cryptsy browser tab and my email, and that he didn't think to try to steal more accounts and money!

Honestly, I'm kinda glad this happened to me to remind me of how important vigilance and over-protectiveness of accounts and wallets is... I'm glad it happened with only a small amount of money (which I was able to recover) to teach me a lesson and ensure that such a thing will never happen again! Since this has happened I'm now being 10,000x's more cautious and locking/closing down everything every time I step out of the room. There's too much at stake for me to be careless or sloppy. So I now take my internal and "at-home" security just as seriously as I take my external/online security! I won't ever let someone use my PC as a key to my digital treasure chests again!

Be careful at home, guys, and remember the lesson I've learned here to ensure nothing like this ever happens to you!

-- The DRK Lord --
 

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,899
6,744
1,283
Holy shit ... good story !
Tx for sharing !!
Last thing you would ever expect that somebody actually is in your house (and NOT just hacking online)
to mess with your Crypto's !
Good you got it sorted !
(and happy you are back from hospital, i hope all well recovered !!)
 

fernando

Powered by Dash
Foundation Member
May 9, 2014
1,527
2,059
283
A friend doing that while you're at the hospital is as sad as it gets. Don't be so hard on yourself, the only thing sadder than treason by a friend is having to doubt a friend without a reason... but I guess that's the world we live in! I'm glad you're back and recovered almost everything. Security is an area where we all need a reminder here and there. The most secure, the less convenient, so it is always going to be a struggle.

One aspect of this I've been thinking lately is what happens if something happens to me. Not death necessarily, maybe I suffer a bad car crash and I have memory issues... I think I have a quite decent security setup, but without me it won't work.
 
  • Like
Reactions: tungfa

tungfa

Grizzled Member
Foundation Member
Masternode Owner/Operator
Apr 9, 2014
8,899
6,744
1,283
A friend doing that while you're at the hospital is as sad as it gets. Don't be so hard on yourself, the only thing sadder than treason by a friend is having to doubt a friend without a reason... but I guess that's the world we live in! I'm glad you're back and recovered almost everything. Security is an area where we all need a reminder here and there. The most secure, the less convenient, so it is always going to be a struggle.

One aspect of this I've been thinking lately is what happens if something happens to me. Not death necessarily, maybe I suffer a bad car crash and I have memory issues... I think I have a quite decent security setup, but without me it won't work.
Exactly
i was just thinking that the other day
god forbid anything would happen (to me)
how would anybody 'normal' figure out my crypto system even if they had all my passwords
... no idea how to solve that one !
 

vertoe

Three of Nine
Mar 28, 2014
2,573
1,652
1,283
Unimatrix Zero One
I read even more conclusions out of that story:
  • Don't use Craptsy. How is that possible they don't end your session after even several hours?
  • If you are the thief, don't steal Bitcoin, go straight for Darkcoin and hide the coins using Darksend+. What a beginner's mistake :)
Glad you get back most of the coins.
 

TurK-FX

New Member
Jul 3, 2014
17
9
3
Man, if you use 3way authentication, he would not able withdraw the funds. Whenever you send the funds to somewhere other than your account, cryptsy will ask for the 3way authentication code from authy app. Unless you also run it on the browser, he would not able to get it.
 

yidakee

Well-known Member
Foundation Member
Apr 16, 2014
1,812
1,168
283
Man, if you use 3way authentication, he would not able withdraw the funds. Whenever you send the funds to somewhere other than your account, cryptsy will ask for the 3way authentication code from authy app. Unless you also run it on the browser, he would not able to get it.
I spilt "fish-juice" over my iphone 2 days ago. (de-frosting fish from the freezer, and stupidly left my iphone next to the plate... rest should be obvious)
I kept on working, but the top button to turn off the phone stopped working. I got freaked!! If I run out of battery, I wont be able to turn the damn phone on!!

Luckily, 2 days later it magically started working again.

I love 2FA, but I with only 1 device for it... arrrg!
 
N

nj47

Guest
I spilt "fish-juice" over my iphone 2 days ago. (de-frosting fish from the freezer, and stupidly left my iphone next to the plate... rest should be obvious)
I kept on working, but the top button to turn off the phone stopped working. I got freaked!! If I run out of battery, I wont be able to turn the damn phone on!!

Luckily, 2 days later it magically started working again.

I love 2FA, but I with only 1 device for it... arrrg!
Consider using a service like authy. It backs up your 2FA details, so if a device goes down, you could put it on a new one without much hastle.
 

mattmct

Member
Mar 13, 2014
259
92
88
Crazyyy story! Cheers for sharing. I don't thnk any method I'd feel 100% safe. Maybe 99.8% safe
 
Jun 11, 2014
138
53
78
112
Prison
I spilt "fish-juice" over my iphone 2 days ago. (de-frosting fish from the freezer, and stupidly left my iphone next to the plate... rest should be obvious)
I kept on working, but the top button to turn off the phone stopped working. I got freaked!! If I run out of battery, I wont be able to turn the damn phone on!!

Luckily, 2 days later it magically started working again.

I love 2FA, but I with only 1 device for it... arrrg!
one night, i realized how fucked, or at least inconvenienced, i'd be if i my phone was lost/stolen/damaged because of all the 2fa i have tied to it. So i went and bought a second droid phone that i keep in a cool, dry, secure place as a backup.

FYI: Authy will let you tie your account to more than 1 device!

everyone should have a backup 2fa plan : )
 

thelonecrouton

Well-known Member
Foundation Member
Apr 15, 2014
1,135
813
283
One aspect of this I've been thinking lately is what happens if something happens to me. Not death necessarily, maybe I suffer a bad car crash and I have memory issues... I think I have a quite decent security setup, but without me it won't work.
I have a some simple instructions and my private keys lodged with my solicitor in my will. Really anyone with a significant crypto portfolio should take steps, because that's a lot of unrecoverable money otherwise.
 

Rado

New Member
Jul 31, 2014
3
1
3
Have you guys heard about Titanium Backup :) It needs root, but there are many that doesn't ;)

i make weekly backup of GoogleAuth with Titanium backup, then rar it with strong pass... and save it on 1 hdd and 1 flash :D
 
  • Like
Reactions: fernando