Jump to content

Desktop Wallet, unauthorized transactions, all XRP gone..


ThePowerOfOne

Recommended Posts

Dear community,

in June/July I bought some XRP and sent them to my desktop wallet. I obviously never shared my addresses, the wallet was password encrypted, etc. However yesterday I had a look at my balance and was completely shocked to see that all my XRP had been sent to some xrp-address on the 8th of August (in two transactions). I was on holidays between the 29th of July and 10th of August, so my computer was offline during that time. All my XRPs are gone now (except the minimum of 20). I'm a newbie but I think I did everything to secure my wallet. So I really cannot understand how somebody could get access to my wallet and make those unauthorized transactions...really a litte bit devastated and unsure now about what to do in the future to avoid this...

Is there anybody, who might have had a smiliar problem or who can share somw hinte/tips on what could have happened? I would really appreciate it! Because honestly.. I don't really have a clue.. It somehow feels like somebody just robbed my house..

Thank you very much for your help!

Regards
Rafa

Link to comment
Share on other sites

Sorry to hear that Pof1.   :(      There has been a bit of a ripple in the market recently so folks have probably missed your post in the hubub. 

There are a couple of possibilities....    if its not someone close to you who has done it,  then the most likely thing is that your PC was compromised with malware of some sort and that the owner of the malware saw the ripple secret password and used it to create a wallet elsewhere and then transacted with it.

Your secret key is usable anywhere in the world irrespective of whether the PC that you use is online or not.  Someone who sees a photo of it can steal your xrp.  A laptop camera can pick it up even if the laptop appeared off and then the crook can steal your XRP in moments. 

I am not an expert, but given the transparent nature of Ripple transactions,  I wonder if its possible to track down the recipient.  Hopefully someone with more knowledge than me can advise.

Anyone?  Is there anyone here who isn't currently obsessed with price?   :) 

Link to comment
Share on other sites

@ThePowerOfOne sorry to hear that.. 

There are so many possibilities that it is difficult to help you. But here are some suggestions (also to make others aware). The most probable is that someone got a hold of your secret key. How did you store it? Writing on paper (if so, who could have access to it?). Or electronically, and if so how? In a document on your PC or mobile (both could have been comprimised) or for example by making a photo? The latter is a very common error and reason for loss of cryptofunds, as photo's are often stored automatically in ICloud/DropBox/Drive, and such storages are comprimised easily.

Also, consider the source where you downloaded your wallet. Not only  the type/name of the wallet, but more importantly the url you downloaded it from. 

What you could do, is to Google the address(es) the funds were send to. This could very well be a dead end, but when I helped some people in the past and did so, it appeared that the same hacker was involved in previous losses of funds. There are posts on some of the malicious addresses that you will find by using Google, also on this forum, and from these posts you perhaps could also learn how the hacker operated (especially in case the same addresses are involved).

Link to comment
Share on other sites

Sorry to hear that.

Many possibilities like others said here. Most obvious would be someone you know who got access or malware/keylogger.

Scan your whole computer and if you find some suspicious things then reinstall everything (fresh windows or whatever you use) and make sure to install a good antivirus before creating a new wallet.

That's really bad... I hope it wasn't a huge sum and even then, keep your head up.

Edited by SGoldstein
Link to comment
Share on other sites

Hi guys,

first of all, thank you for all your responses and for your help so far! First thing I did was to send a Ripple Theft Report (https://ripple.com/ripple-theft-report/)

@zero-2-9

I didn' take a picture nor did I have my address on a piece of paper. What I can surely say is that nobody used my PC or get the infos by getting into my home.. However I had some sensible information on Evernote.. and I just had a look at my Evernote access log and there indeed was a suspicious login via evernote web from the Netherlands exactly the same day.. so this might be the source.. thank you zero-2-9 for this tip!!

@DarthTrader

My public address is: https://bithomp.com/explorer/rn9A7TUpWKFStS6KEd88Ras4nzTu2rMiBL
The public address of the "thief" is: https://bithomp.com/explorer/rKDW6cnbSRDHPmTaXHJijcMLR3mCQcSaCY

Do you think that there might be a chance to track him down?

@adimitrache sorry if it might appear like that to you. I'm not questioning the wallet's security at all. I know it was my fault, I just don't want to make same mistakes again, that's why I try to find out what happend and get some tips.. so I think the problem has been solved..

Link to comment
Share on other sites

48 minutes ago, ThePowerOfOne said:

Hi guys,

first of all, thank you for all your responses and for your help so far! First thing I did was to send a Ripple Theft Report (https://ripple.com/ripple-theft-report/)

@zero-2-9

I didn' take a picture nor did I have my address on a piece of paper. What I can surely say is that nobody used my PC or get the infos by getting into my home.. However I had some sensible information on Evernote.. and I just had a look at my Evernote access log and there indeed was a suspicious login via evernote web from the Netherlands exactly the same day.. so this might be the source.. thank you zero-2-9 for this tip!!

@DarthTrader

My public address is: https://bithomp.com/explorer/rn9A7TUpWKFStS6KEd88Ras4nzTu2rMiBL
The public address of the "thief" is: https://bithomp.com/explorer/rKDW6cnbSRDHPmTaXHJijcMLR3mCQcSaCY

Do you think that there might be a chance to track him down?

@adimitrache sorry if it might appear like that to you. I'm not questioning the wallet's security at all. I know it was my fault, I just don't want to make same mistakes again, that's why I try to find out what happend and get some tips.. so I think the problem has been solved..


An encrypted desktop wallet is arguably the best security after cold storage. I think you did solve the mystery. 

One thing I wanted to say was. The thief sent the funds to poloniex exchange. Poloniex would have their ip address. They might be able to freeze the account until it can be sorted out

Link to comment
Share on other sites

56 minutes ago, ThePowerOfOne said:

I just had a look at my Evernote access log and there indeed was a suspicious login via evernote web from the Netherlands exactly the same day.. so this might be the source..

Thanks for sharing. It doesn't bring your funds back, but it could definitely help/inform others!

57 minutes ago, ThePowerOfOne said:

Do you think that there might be a chance to track him down?

I think I just did. I'll PM you.

Link to comment
Share on other sites

File a claim with police. Scan the claim. Send email with it to Ripple and Bitstamp. Your thief is KYC'd on bitstamp. bitstamp.net, user: 47059936

Though I find it peculiar that the addresses established in May of 2013(!) which has similar ripple-names would go on and steal things. 

Link to comment
Share on other sites

Hello

I noticed that the person who hacked my account on 27. 4. 2016 and stole almost 16000 xrp an 7 bitcoins is on work again. 


@Graine

Your investigations are surely incorrect, because those leads lead to me, but this hacker opened new ripple account when he sent xrp from all of my accounts and then later to polonex exhange.

-> All transactions sent on day 27.04.2016 from my accounts (names: ~lukson,~tradelukaripple,~tradelukaripple2....) to address https://bithomp.com/explorer/rKDW6cnbSRDHPmTaXHJijcMLR3mCQcSaCY was stolen from me.

I can't find on ripplechart > account explorer what destination tag he used when he send xrp to polonex exchange.
(Can somebody help me getting destination tag from next transfer?)
14.  2016-04-27 23:54
 poloniex.com
XRP
-15 659.90
Ripple-15 659.90 XRP

I think that also my stolen bitcoin were sent to polonex exchange too. Here is blockchain link :
https://blockchain.info/address/12usUVnoDWkEWdQ5fvEKxEPhdxf2BVpSDx

I checked all my teamviewer logs and got following data :
He used next IP addresses : 188.165.242.205 ter 94.185.84.142

If you check which persons use that IP on skype you get :
188.165.242.205
kattika83
reserved.1x
sicily.cardew   

94.185.84.142
alallssy
alsyshamaeva
reserved.1x
kriiasna

The person that i suspect the most ( because of skype info - he knows crypto) is :
Username: reserved.1x 
IP: 188.165.242.205
About: in crypt we trust
City: 
Country: Puerto Rico
CountryCode: pr
Full Name: reserved
Language: Russian
Language Code: ru
Gender: usexUnknown


And now the question?
1.) What do we need with @ThePowerOfOne to get info from polonex exchange who this person is?
2.) Is there any way for me and @ThePowerOfOne to ge these stolen XRP/Bitcoins back?

 

Best
Luka

Link to comment
Share on other sites

@Luka thief's account was activated from yours. So the path of least resistance would assume they were related. My apologies. 

Weirdly enough, the txs don't have destination tags. But polo had to know how to credit the correct user.

I would think a scanned copy of a filed police report (if it is in English) or a certified translated copy + a nice letter made by an attorney to Polo's legal email. Not support email, because it's clogged and unresponsive. 

If you happen to be a resident of US, please wreak legal havoc upon that exchange. Theft filings to fbi/secret service/SEC might go a long way, once the critical threshold is reached. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...