Started Wallet to find 207 DRK sent to unknown address

MaxFangX

Active Member
Foundation Member
Jun 30, 2014
26
10
103
Hello, I've been reading through some other threads, but I haven't seen anyone with a problem like this. Please forgive me if this is just some new feature that I'm not aware of.

This is the sequence of events just now:
-Have a need to access my Darkcoin, although I generally don't touch it
-Notice that my Darkcoin wallet isn't running (I have Darkcoin-qt running by default on startup)
-Open up my 10.15 version QT wallet, it's behind for ~6 hours, it starts synchronizing
-A new popup notification immediately appears indicating that I have sent the entirety of my wallet contents to XpVL3YXqRST8NSCoo6pjRNSSsHq5anqw5C (see TxID 85922445a1a1778cccec3ec9217583408ff46014316f88d85bc4ef6b79d0eeb1), at a time 6 hours before when I opened my wallet
-I reckon that this is Darksend mixing or the result of me being on the wrong wallet version, so I update to the 10.17 wallet. However, no coins show up.

A few other maybe-relevant details:
-It doesn't say that it is mixing; it is only labeled as a "Sent To" type transaction on the transactions page.
-I'm always connected to my password-protected school wifi network. However, there are some instances where I must connect to a public, unsecured network.
-My wallet is not password-protected.
-My wallet file only exists on the current computer that I'm using.

Any ideas what may have happened?
Thanks,
~Max


 

UdjinM6

Official Dash Dev
Core Developer
Dash Core Group
May 20, 2014
3,639
3,537
1,183
...
-It doesn't say that it is mixing; it is only labeled as a "Sent To" type transaction on the transactions page.
......
-My wallet is not password-protected.
.....
Any ideas what may have happened?
Thanks,
~Max
Few thoughts:
- I highly doubt it was a mixing - mixing would give you lots of smaller outputs or at least there must be another output of someone you mixed with but you have only single one there
- running unprotected wallet on windows is not a good idea at all - check if your machine is virus-free, there were messages on Internet about trojans stealing crypto-coins
- find out who might had physical access to you computer at that time (15:02) - could be some "smart" guy
 

MaxFangX

Active Member
Foundation Member
Jun 30, 2014
26
10
103
Hey Udjin, thanks for the response.

I know it wasn't someone who had physical access to my computer, because I was on my computer the whole day, but you're probably right. I'm going to go through the necessary steps to see if there is possibly a trojan on my computer - my existing antiviruses didn't detect it. I'll just have to accept that I've lost ~$500 worth of crypto.

Meanwhile, to anyone else reading this, please learn from my mistakes and password protect your wallet! Don't be fooled - I'm kinda a freak about enabling 2FA on any important websites that I use, using strong passwords, ensuring the protected access and physical security of my phone and computer and what not. I'm also very careful about what I download/install, and about antiviruses software. However, I was stupid to assume that something couldn't have gotten on to my computer anyway, and was too lazy to add a simple password to my Darkcoin wallet, a simple last resort. And now, as a poor college student, I just lost about a quarter of my net worth :p Who knows how pissed I'll be at myself years later if Darkcoin shoots up like Bitcoin did - $500 in DRK now may be a fortune years from now.

Please use me as an example of what not to do!

Regards,
~Max
 

vertoe

Three of Nine
Mar 28, 2014
2,573
1,652
1,283
Unimatrix Zero One

UdjinM6

Official Dash Dev
Core Developer
Dash Core Group
May 20, 2014
3,639
3,537
1,183
Hey Udjin, thanks for the response.

I know it wasn't someone who had physical access to my computer, because I was on my computer the whole day, but you're probably right. I'm going to go through the necessary steps to see if there is possibly a trojan on my computer - my existing antiviruses didn't detect it. I'll just have to accept that I've lost ~$500 worth of crypto.

Meanwhile, to anyone else reading this, please learn from my mistakes and password protect your wallet! Don't be fooled - I'm kinda a freak about enabling 2FA on any important websites that I use, using strong passwords, ensuring the protected access and physical security of my phone and computer and what not. I'm also very careful about what I download/install, and about antiviruses software. However, I was stupid to assume that something couldn't have gotten on to my computer anyway, and was too lazy to add a simple password to my Darkcoin wallet, a simple last resort. And now, as a poor college student, I just lost about a quarter of my net worth :p Who knows how pissed I'll be at myself years later if Darkcoin shoots up like Bitcoin did - $500 in DRK now may be a fortune years from now.

Please use me as an example of what not to do!

Regards,
~Max
Sorry for your loss... :sad: but that's what all crypto is about - making people realize their responsibility for their money - you must make sure you control your money and if you don't it's not completely yours...
I just thought of another possible scenario - while you don't have passphrase on you wallet it's not really necessary to gain physical access at exact that time! Wallet could have been stolen a lot earlier and once you got some valuable funds in it (and the person who stoled it noticed this running his copy of your wallet or by simply monitoring blockchain) - it just triggered thief's intentions to steal. He might stole it from your machine or from your backup (and you make backups, right?). Think of someone IT/crypto relative maybe.
 

MaxFangX

Active Member
Foundation Member
Jun 30, 2014
26
10
103
Update: I know for sure that this was an attack, since my coins moved:
https://chainz.cryptoid.info/drk/address.dws?XpVL3YXqRST8NSCoo6pjRNSSsHq5anqw5C.htm

Also, I think my computer is still infected, because when I checked on my wallet again today, it had a prompt open "This operation needs your wallet passphrase to unlock the wallet." A little worrisome if this program is still trying to get at my funds and the only thing I have protecting them is my password, which would easily be compromised through a keylogger.

Any idea how I can find this threat?
 

acidburn

Active Member
May 26, 2014
467
175
113
Rather than finding it, I'd backup your wallet and format your hard drive.

Warning: this will destroy all data on the disk but it can be retrieved by specialist software.
 
  • Like
Reactions: MaxFangX

Sub-Ether

Well-known Member
Mar 31, 2014
1,516
1,256
183
Heres my 2 cents:
Firstly I agree with acidburn that you will never be sure that you have deleted the virus totally, and safest way is copy the wallet, delete it from machine and then try something like the following to get your other data off. Do NOT run any other wallets on the machine either!

Install,
malwarebytes (download.com)
iobit (download.com)
comodo anitvirus,

update all, go off line and scan each.
Reason for selection is all 3 will run at the same time and not conflict (much) with each other and make more likely catching something, and they're free to update and scan.
Warnings:
1) comodo will delete mining exe files like sgminer everywhere and report as trojans, over zealous but may get it!
2) if you have a start up program that you keep disabling(even in services) and it comes back, suspect it.
3) beware rolling back the registry, not a good solution, virus's love to hang out there

After getting your info off, it may be format time, do you want to risk it ? :(:)
 
  • Like
Reactions: MaxFangX

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
Update: I know for sure that this was an attack, since my coins moved:
https://chainz.cryptoid.info/drk/address.dws?XpVL3YXqRST8NSCoo6pjRNSSsHq5anqw5C.htm

Also, I think my computer is still infected, because when I checked on my wallet again today, it had a prompt open "This operation needs your wallet passphrase to unlock the wallet." A little worrisome if this program is still trying to get at my funds and the only thing I have protecting them is my password, which would easily be compromised through a keylogger.
Maybe a bit unrelated and not a solution for everyone, but I use Windows only for my day-to-day pocket-money. The wallets with serious money in it are all on Linux systems.

Linux is more secure by design, less targeted by virus/trojan programmers, and there are "read-only" versions available which are run from a non-writable medium (e.g. a DVD) and your personal data is written to a thumb-drive. Especially the last feature guaranties a virus/trojan free system after boot.

And it's the better OS anyway :tongue:
 
  • Like
Reactions: MaxFangX

MaxFangX

Active Member
Foundation Member
Jun 30, 2014
26
10
103
To date, the antiviruses have not worked, and I have way too many programs and configured settings on this computer that I will have to change if I did a clean install. Maybe someday. I will probably end up making a Linux partition and try out those read-only versions.

Thank you all for all your advice!
 
  • Like
Reactions: Sub-Ether

Dr.Crypto

Member
Jul 9, 2014
46
32
58
To date, the antiviruses have not worked, and I have way too many programs and configured settings on this computer that I will have to change if I did a clean install. Maybe someday. I will probably end up making a Linux partition and try out those read-only versions.
Do like me: start with the intent of just making a Linux partition, fuck up somewhere and end up wiping Windows.
This was three years ago and I haven't been anything but happy ever since!
 

Ignition75

Active Member
May 25, 2014
332
216
113
Australia
Heres my 2 cents:
Firstly I agree with acidburn that you will never be sure that you have deleted the virus totally, and safest way is copy the wallet, delete it from machine and then try something like the following to get your other data off. Do NOT run any other wallets on the machine either!

Install,
malwarebytes (download.com)
iobit (download.com)
comodo anitvirus,

update all, go off line and scan each.
Reason for selection is all 3 will run at the same time and not conflict (much) with each other and make more likely catching something, and they're free to update and scan.
Warnings:
1) comodo will delete mining exe files like sgminer everywhere and report as trojans, over zealous but may get it!
2) if you have a start up program that you keep disabling(even in services) and it comes back, suspect it.
3) beware rolling back the registry, not a good solution, virus's love to hang out there

After getting your info off, it may be format time, do you want to risk it ? :(:)
I have a paid for license of BitDefender... Will that cut it?
 

splawik21

Yeah, it's me....
Dash Core Group
Foundation Member
Dash Support Group
Apr 8, 2014
1,950
1,312
1,283
I hope dev team will implement 2FA quickly...
Check AWDcleaner too.
 

stonehedge

Well-known Member
Foundation Member
Jul 31, 2014
696
333
233
Many of my more security conscious clients use Eset on their corporate endpoints (used to be called nod32).

If you do want to use windows, I can vouch for the fact that I have seen it used environments of anything up to 40,000 windows PCs over a period of years with very impressive low infection statistics. Updates come two or three times a day but of course, nothing is going to protect you against a new threat if you are one of the first to get hit! It isn't a resource hog either.

For me, Eset is the gold standard for Windows AV.
 

Lukas_Jackson

Member
Nov 9, 2014
160
70
88
Many of my more security conscious clients use Eset on their corporate endpoints (used to be called nod32).

If you do want to use windows, I can vouch for the fact that I have seen it used environments of anything up to 40,000 windows PCs over a period of years with very impressive low infection statistics. Updates come two or three times a day but of course, nothing is going to protect you against a new threat if you are one of the first to get hit! It isn't a resource hog either.

For me, Eset is the gold standard for Windows AV.
Eset has been the best AV for me for years until started to block my ''true true'' sites. It blacklisted many of them and I decided to leave this corporate shit
 

stan.distortion

Well-known Member
Oct 30, 2014
928
547
163
Even the ideal AV still has a delay between threats appearing and defending against them. I'd suggest getting an old laptop (a P4 is plenty), installing a reputable linux distro with a bias towards security and only connecting to perform transactions and even then only use it for amounts you can afford to lose with paper wallets for larger amounts. This is the biggest issue for cryptos at the mo imho and 2FA could well be the game changer, you could spend a lifetime studying security and still be vulnerable so most PC users stand no chance.