Silk Road forums

Discussion => Security => Topic started by: AliBabba on January 11, 2013, 03:16 am

Title: BitCoins Stolen??
Post by: AliBabba on January 11, 2013, 03:16 am
Hello, I was hoping to maybe get a little help figuring out what happened to my BTC. I've made about a dozen successful deposits over the last couple of months that went off without a hitch. Until this most recent one.

Just like all the other times I transferred from MtGox to an InstaWallet. Then from there I transferred to my SR Wallet. However, this time it never showed up. I then contacted SR support telling them what happened. They weren't much help, telling me that the blockchain shows that the transfer didn't go to my SR wallet, which I was well aware of.

I tried telling them that when I check the blockchain info from all the successful transfers from my Instawallet to SR, they don't show it going directly to my SR wallet either. They all go to 2 random wallet addresses while they're being tumbled. And even this most recent problem-transfer was sent to 2 random wallet addresses also.

So my question is: did my BTC get hung up in their tumbling feature? Or did someone hack Instawallet and have my coins redirected to their own personal wallet? The blockchain for the wallet that this transfer was sent to only shows 1 transaction, and it was my BTC. And they're still there, from what it's showing.

So, is there any possible way to get these coins transferred back to my wallet? (Dumb question, I know). Is there any way to get this random address that they were transferred to to release them? (Yes, an even dumber question). Or, is there a small chance that they are still in the tumbling feature and may get released at a later date? I apologize for my ignorance in the field of BTC's, and any help understanding what happened or a possible solution would be greatly appreciated.

Take care & be well, all.
Title: Re: BitCoins Stolen??
Post by: Wadozo on January 11, 2013, 07:53 am
Did the bitcoin address of your SR wallet change from when you transferred the coins to now? I'm not sure on the time frame, but periodically, if you don't acquire a new address after a period of time, you are issued with a new one (at least that has been my experience in the past.) You should use a new bitcoin address for each and every transaction. If the address is still the same and your positive the address you sent the coins to is that address, SR should be able to offer you some help on tracking down what has happened to them.
The SR Wiki has more info and in the buyers guide, they in fact write -

Quote
Your deposit will appear in your account once the Bitcoin network confirms your transfer. This can take up to a few hours or more. If for some reason your transfer doesn't come through, just let us know and be sure to include the address you sent the coins to. 

The SR Wiki - http://dkn255hz262ypmii.onion/wiki/index.php/Main_Page
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 13, 2013, 04:32 am
No, it's still has the same address that I had them sent to. I actually did change it 2 transfers ago. I usually use the same wallet twice. The last one went through fine.

This transfer still hasn't showed up in my wallet. I literally copy and pasted the address straight from my SR page to the Instawallet transfer page. This is SR's reply:
On the 18th the coins were first sent directly to your SR wallet, and then when they got credited to your account, they got split up to 2 other tumbler addresses. That is how our system works. This recent transaction was NOT sent to your SR wallet. The coins never once touched it. I get that you think you copied and pasted the address from your account page, but the blockchain proves that simply cannot be true. For whatever reason, you entered in an address to send the coins to that wasn't your own, and its not one of ours either. Sorry but you screwed up somehow and put in some random address, where you got this address I have NO clue, but it wasn't from our website.

So now I have no choice but to think that these coins were redirected (not by SR) but by whomever this wallet that they were sent to belongs to. If anyone else has had a problem like this, please chime in. I'm perplexed by how this could have happened. The two wallets are very different... not just a couple numbers mixed up. So I'm positive I didn't make a mistake copy/ pasting. Lesson learned.....
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 13, 2013, 05:54 am
Support is telling me that my previous transfer on the 18th went through fine. But that this most recent transfer, even though the blockchain shows it being sent to two different wallets as all the other successful ones have done also, was NOT sent to my SR wallet by me. They're saying I'd sent it to this random address instead of my SR wallet.

I'm not sure how this stuff works really, but they've basically said that I was the one that screwed up. I've messaged support 5 or 6 times and that's the conclusion they've come up with.

Hmmm... this is interesting. I just checked the blockchain for the address that I apparently "mistakenly" sent the coins to, and I see this on the page...

Public Note: So long and thanks for all the fish


This just makes me think whomever owns this wallet had my coins redirected. If anyone could check this out, let me know what you think that means?

Here's the blockchain of that wallet (clearnet):  http://blockchain.info/address/1PwV5YTvtC8x6vSdzuuosY7D4FU36Za2Ke

Regardless, I'd be careful out there w/ the BTC transfers. I've done plenty of transfers, so I'm positive I didn't fuck up anything on this one.
Title: Re: BitCoins Stolen??
Post by: nanpa2001 on January 13, 2013, 08:40 am
Strange. Are you sure it isn't a problem with instawallet?
Title: Re: BitCoins Stolen??
Post by: SorryMario on January 13, 2013, 10:29 am
There's usually a "mining reward" (something like 0.001BTC) that's sent to a different address as part of each payment transaction you send  (that's why each payment transaction shows a pair of addresses instead of just one). It's a tiny amount that ensures your transaction is quickly propagated across the Bitcoin network, so part about each transaction showing a pair of addresses is normal.

If the blockchain shows the payment (was it 7BTC?) sent from your wallet to the one you posted the link to, then that's the address the BTC were sent. The message shown on the blockchain info for that wallet basically says you were PHISHED. If I had to guess I'd say it's probably has to do with using InstaWallet, which is the least secure way you can possibly conduct Bitcoin transactions. Anyone who knows the URL can spend your mone, and from the wallets the payment is tumbling through, I'd say you were definitely hacked. Get your computer checked out and don't use IW!
Title: Re: BitCoins Stolen??
Post by: Wadozo on January 13, 2013, 12:17 pm
Totally agree with SM. It's the only logical explanation that makes any sense. An Australian BTC site (https://bitinnovate.com/need-a-wallet/) lists a variety of Bitcoin Wallets available for use. Unfortunately, the InstaWallet review is not a favorable one and perhaps adds credence to SM's theory. Sorry to say but it's not looking good for you IMO.
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 13, 2013, 05:27 pm
If the blockchain shows the payment (was it 7BTC?) sent from your wallet to the one you posted the link to, then that's the address the BTC were sent. The message shown on the blockchain info for that wallet basically says you were PHISHED. If I had to guess I'd say it's probably has to do with using InstaWallet, which is the least secure way you can possibly conduct Bitcoin transactions. Anyone who knows the URL can spend your mone, and from the wallets the payment is tumbling through, I'd say you were definitely hacked. Get your computer checked out and don't use IW!

Yeah, it was around 12BTC, so could have been worse. So how should I proceed from here? What could have been compromised on my actual computer (ie: what should I have checked?) Also, one last question, is there such thing as a safe site that provides wallets, if so, what are they? I'll definitely check out the Australian site listed by Wadozo, but any advice is appreciated.

I've just learned what little I do know about BTC from here, and it seemed as if Instawallet was mentioned a lot and held in high esteem. Wish I would have done some more research. Many thanks SorryMario, Wadozo, and others. Appreciate it.
Title: Re: BitCoins Stolen??
Post by: TalkingHead on January 13, 2013, 08:17 pm
This is why I don't bother with multiple wallets. Moneygram/CVS/WalMart, etc. through Bitinstant straight to your SR bc address. OR start at blockchain.info and initiate a bc purchase there and then transfer it to SR.
Title: Re: BitCoins Stolen??
Post by: SorryMario on January 13, 2013, 11:25 pm
After considering it a bit more I think it's probably the InstaWallet address you used (as opposed to your PC being hacked - but there do exist viruses that allow theives to steal your bitcoins).

Someone else already had access to the wallet address you sent the coins to from MtGox. Wherever you got that wallet address from (website? email?) could have been a scam/forgery by some hacker. Maybe you were on a spoofed InstaWallet site. Maybe the InstaWallet url for spending the coins was leaked.

If I were you I'd avoid using online wallets and just install a "lite" Bitcoin client like ELECTRUM or MULTIBIT. Or do what TalkingHead says and just do BitInstant transfers directly to the wallet address on your SR account. You really don't need to bother with all the tumbling and such prior to putting it in the SR wallet address, since once it's there tumbles plenty before it gets to anyone who's cashing out or doing something LE might notice.
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 13, 2013, 11:33 pm
This is why I don't bother with multiple wallets. Moneygram/CVS/WalMart, etc. through Bitinstant straight to your SR bc address. OR start at blockchain.info and initiate a bc purchase there and then transfer it to SR.

Is that a safe route to take? Being serious here. I was leery of sending coins straight from Bitinstant to my SR address, just not sure why that would be a bad idea.

I'm still wondering how I was compromised. If anyone knows what, if anything, I should be scanning my pc for please let me know. I honestly don't believe I went through a phishing site, because from day 1 I have bookmarked the correct SR address, BitInstant, and InstaWallet addresses and have always used the bookmarks. So, back to the researching, I guess. 
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 13, 2013, 11:39 pm
After considering it a bit more I think it's probably the InstaWallet address you used (as opposed to your PC being hacked - but there do exist viruses that allow theives to steal your bitcoins).

Someone else already had access to the wallet address you sent the coins to from MtGox. Wherever you got that wallet address from (website? email?) could have been a scam/forgery by some hacker. Maybe you were on a spoofed InstaWallet site. Maybe the InstaWallet url for spending the coins was leaked.

If I were you I'd avoid using online wallets and just install a "lite" Bitcoin client like ELECTRUM or MULTIBIT. Or do what TalkingHead says and just do BitInstant transfers directly to the wallet address on your SR account. You really don't need to bother with all the tumbling and such prior to putting it in the SR wallet address, since once it's there tumbles plenty before it gets to anyone who's cashing out or doing something LE might notice.

Great, many thanks, SorryMario. That's what I wanted to know. I believe my problem was using the same instawallet for the last 7 or 8 transfers. I probably should have gotten new ones at SR and Instawallet for each transaction or so. I'll just bypass instawallet from now on and stay on my toes with these URL's. Thanks again for your help.
Title: Re: BitCoins Stolen??
Post by: nanpa2001 on January 14, 2013, 03:56 am
AliBabba,

As another poster stated above, get http://electrum.org/

It has a recovery feature that will prevent you from losing your coins accidentally.
Title: Re: BitCoins Stolen??
Post by: Rowsdower on January 14, 2013, 04:07 pm
I am having the same problem as the OP, for the first time ever I sent bitcoins to SR last night and they haven't showed up in my account even though everything seems correct in the bitcoin client and I didn't do anything differently than usual.  The transaction has plenty of confirmations and I used the same address for the deposit which worked less than a week ago and I'd only used once before.  If they go "missing" permanently I'm not going to bother using this site anymore, I can't trust the site if it's constantly having difficulties of one kind or another and it's not OK for me to lose money through no fault of my own.
Title: Re: BitCoins Stolen??
Post by: SorryMario on January 14, 2013, 10:14 pm
I am having the same problem as the OP, for the first time ever I sent bitcoins to SR last night and they haven't showed up in my account even though everything seems correct in the bitcoin client and I didn't do anything differently than usual.
No, that's not the same problem as the OP. His coins were not even sent to his SR wallet address - as he verified himself by checking the blockchain - but went to some phishing address due to the security vulnerabilities of InstaWallet (where anyone who knows your URL can spend the coins).
Title: Re: BitCoins Stolen??
Post by: AliBabba on January 16, 2013, 03:22 am
Rowsdower, did you happen to be using Instawallet? Also, have you checked the blockchain for the wallet that your coins were sent/ redirected to? When I saw the wallet that my coins were transferred (redirected) to was empty, I knew they were gone for good. The thief also left a snide public note on the blockchain page "So long and thanks for all the fish"... which at least ended all the head-scratching and wondering wtf happened.

I also contacted SR support and they were a little help. But I'd try contacting them just in case there was a rare instance of your coins being hung up in the tumbler or something. Couldn't hurt.

And I'm with you, I think I can find better ways to give money away. I have a feeling there are going to be a lot of instances of coins going missing in the near future. I'm positive that I hadn't gone to any phishing site. And I could tell something was up as soon as I entered my transfer info on instawallet and hit enter, because it never came up with the usual "Your transaction was correctly sent with ID: blah blah blah", the page just reloaded except my coin count went to 0. Shady site, I'd steer clear, personally.

Good luck, and I hope you can find them, man.
Title: Re: BitCoins Stolen??
Post by: nanpa2001 on January 17, 2013, 08:17 am
And I'm with you, I think I can find better ways to give money away. I have a feeling there are going to be a lot of instances of coins going missing in the near future.

Only if you give up your coins by keeping them on a third party website. Get your own wallet. I recommend electrum. http://electrum.org/