Hacked

fible1

Well-known Member
Dash Core Team
Masternode Owner/Operator
May 11, 2014
710
722
163
Well it happened again, my personal laptop was hacked. Not going into details, but I want to warn everyone that there are some very sophisticated spearfishing emails going around. I got one over the weekend (unfortunately deleted) that addressed me personally over a crypto related matter. This isn't weird as I get a decent amount of mail from random people, but it went downhill from there.

Thankfully my Dash and other cryptos are safe, and it looks like nothing serious was looted; but heads up everyone, this could happen to you.

Pablo.
 
  • Like
Reactions: tungfa

TheDashGuy

Well-known Member
Dec 16, 2015
1,228
1,010
183
Well it happened again, my personal laptop was hacked. Not going into details, but I want to warn everyone that there are some very sophisticated spearfishing emails going around. I got one over the weekend (unfortunately deleted) that addressed me personally over a crypto related matter. This isn't weird as I get a decent amount of mail from random people, but it went downhill from there.

Thankfully my Dash and other cryptos are safe, and it looks like nothing serious was looted; but heads up everyone, this could happen to you.

Pablo.
Care to share an edited version of said email?
 

fible1

Well-known Member
Dash Core Team
Masternode Owner/Operator
May 11, 2014
710
722
163
Care to share an edited version of said email?
Unfortunately I deleted it after reading it; as I thought it was a bit weird and decided not to bother. Wish I had it to do some counterintelligence; I actually don't remember much about it, but that's when my computer started behaving weirdly, and today a bunch of my files were mucked about with and terminal and other tools I use were supplanted by clone software. It's pretty involved but stupidly pulled off imho. I'm a little bothered I didn't do anything about it earlier as I attributed it to my computer being old-ish and that was stupid.

Anyway, the reason I posted is because these spearfishing emails are probably going around. I'm not sure how I popped into the hackers radar but I spend most of my time here so I thought I'd let you guys know. Aside from that, it's not my first hack and I'm already on a clean comp; I'm pretty sure damage was highly limited.

Pablo.
 
  • Like
Reactions: TheDashGuy

Jeztah

Active Member
Oct 9, 2014
181
145
103
I can confirm, a few of my customers have encountered several very targeted and specific requests that were quite convincing. All of my customers use Office 365.

Only minor details were off.... like an Android email signature when one KNOWS that the sender has an iPhone. Always sent to the proper people using convincing language. It's as though someone tapped into a live stream of email somewhere and are looking for certain business language/relationships. The two I was lucky enough to be able to look at the headers both originated in .ru.
 
  • Like
Reactions: fible1

fible1

Well-known Member
Dash Core Team
Masternode Owner/Operator
May 11, 2014
710
722
163
Did you click on something or was just viewing the email enough to get you infected? And, if so, which email client are you using?
Just viewing the email, GMail.

Pablo.
 

Jeztah

Active Member
Oct 9, 2014
181
145
103
This is scary... I receive tons of weird emails daily. I don't even open it if I don't know the sender :eek:
You never should open those, but if you do...... don't ever blindly click a link without seeing where it's actually sending you first.
 

splawik21

Moderator
Dash Core Team
Foundation Member
Dash Support Group
Apr 8, 2014
1,937
1,294
1,283
Yeah I`ve received some emails too, did the filter to remove them form the server instantly.
Got the email from kraken too.
--------------------------------------------------------------------------------

We know that some of you have accounts on bitcointalk.org and we wanted to let you know that a phishing attempt was made on bitcointalk email addresses earlier today.

If you received an email with the subject Mtgox.Claim assessment process, delete it and do not click on the link it contains! This email did not come from Kraken, but was spoofed to look as though it came from our support email ([email protected]).

For more information about the email, see this post on reddit:
https://www.reddit.com/r/Bitcoin/comments/4m3op0/psa_phishing_attempts_reported_today_kraken_re/

We do not know how the bitcointalk email addresses were obtained, however the bitcointalk database has been compromised in the past. You can be assured that this incident was not the result of any breach in Kraken’s database and your personal information with Kraken is safe.

Even if you did receive the email, you are safe so long as you do not click on the link (just delete the email and you will be fine). If you did click on the link and are concerned about it, please contact us at: [email protected].

Stay safe,

The Kraken Team
 

jpr

Active Member
May 11, 2014
493
393
133
Well it happened again, my personal laptop was hacked. Not going into details, but I want to warn everyone that there are some very sophisticated spearfishing emails going around. I got one over the weekend (unfortunately deleted) that addressed me personally over a crypto related matter. This isn't weird as I get a decent amount of mail from random people, but it went downhill from there.

Thankfully my Dash and other cryptos are safe, and it looks like nothing serious was looted; but heads up everyone, this could happen to you.

Pablo.
What OS you're on? Can't see how viewing email without clicking on a dangerous link gets one hacked.
 

fible1

Well-known Member
Dash Core Team
Masternode Owner/Operator
May 11, 2014
710
722
163
I'm not very technical so the minutia of it eludes me, but I know it can be done through vulnerabilities in the browser.

Pablo.
 

rustycase

Active Member
Apr 19, 2016
495
116
113
Just viewing the email, GMail.

Pablo.
All this is beyond my capability and it usually takes me two or three days to recover from malware problems.
Quite some time ago a forum owner told me the larger percentage of scams originate from gmail accounts.
...which is, of course, my preference... go figger !

As described above, it's probably wise to conduct various activities from different machines, if at all possible.

Best
rc
 

Bridgewater

Well-known Member
Foundation Member
Dec 14, 2014
183
164
203
@fible1 , Although nothing was looted now, it does not mean that malicious entities are 100% not in possession of encrypted password databases, wallet.dats, or encrypted zip files with private keys/passwords inside. If they think they stumbled on a gold mine, they can rent sufficient processing power to break your encryption eventually.

If you stored any crypto stuff on that computer, it might be a good idea to re-do your setup; create new wallets and passwords on new computer/fresh install and spend to new addresses. If your money is all on the Trezor, you're safe because there is no way a virus can sniff your PIN which uses the scrambled numberpad input from your Trezor screen (but you should always double-check the recipient address on the Trezor screen is the same one that you're trying to spend to--a virus can change the spending address so you accidentally spend to the hacker instead!).

Anyway, just a heads-up. I think we're all anxiously waiting the offline( or Trezor) masternode start capabilities of the new release. Some more than others :D
 

fible1

Well-known Member
Dash Core Team
Masternode Owner/Operator
May 11, 2014
710
722
163
Thank you for your concern :),
My wallets are in cold storage and not linked in any way to my hacked laptop, which has already been wiped and overwritten. Purchased new router and modem just to be safe as well.

:)

Pablo.
 
  • Like
Reactions: Bridgewater

Sub-Ether

Well-known Member
Mar 31, 2014
1,516
1,254
183
Thank you for your concern :),
My wallets are in cold storage and not linked in any way to my hacked laptop, which has already been wiped and overwritten. Purchased new router and modem just to be safe as well.
:)
Pablo.
I was under the impression as long as I don't open the attachment I would be safe, although I don't use Gmail as such, what OS and browser were you using at the time ?