Hurts so good: Hacked for $30,000 USD
This post was written by a community member. ADSactly was not hacked. The post is purely educational in value and to let the crypto community know the importance of their privacy, cyber security and serves as a reminder of how vulnerable we are to nefarious individuals.
100% of this post payout will go to the user who was victim of this hack!
Let's get straight to The Cryptocurrency Carnage
Here is a rundown of the $30,000 (that's right: thirty-thousand dollars) that the hacker relieved me of:
.25 BTC Stolen from my 1Broker account ($1,250 USD)
was sent to
20 BCC Stolen ($1,600 USD)
was sent to:
10,990 Pura Stolen ($5,000 USD)
was sent to:
Exodus wallet for 1 BTC, 187 Salt, and 45 LTC (USD 8,000)
I am unable to get into my Windows VPS and take this screenshot. The
hacker removed RDP access for the account.
Say Sayonara to 117,000 OKCash (USD 16,000)
was sent to PTY47KXWfcJisiJwMuacGUSc4pwKPY9sLg
and losing the OKCash was the most painful. Because I had been buying OKCash for the last 2 years.
How was I found?
I still recall logging into my Windows VPS and seeing someone moving the mouse around and then I began to move the mouse around as well... imagine that - almost like walking in on a thief who has robbed your home, virtual-style.
I don't know how the hacker did his dirty deed. I can only guess.
The hack occurred a few hours after I sent this message sent to a Discord channel:
I sent bitcoin from my Exodus wallet 2 hours ago and it still has not arrived at Bittrex. It shows as pending with 0/2 confirmations there... why is it taking so long... here is the transaction - https://blockchain.info/tx/a18f06e5f59b5b3840c208e22c5007a7ecc643ccb58ab865166498a2d8810876
(i'm trying to get into this IOP trade and good ol' bitcoin is taking it's jolly sweet time going from point A to point B)
Since this hack, I altered the default settings of Monosnap to remove the option of showing the window title.
In preparation for the 2 coming hard forks, and only 1 day before this hack, I downloaded a few desktop
wallets. Exodus was kind enough to prompt me to back up my wallet. But oddly enough, it did not prompt me to "encrypt my wallet" - which is a fancy term for requiring a password before making any transactions.
Random port scanning?
While IP addresses are not stored in the blockchain, there are some
ways to locate the IP that a transaction originated from. This, and/or random port scanning was a definite part of the hack, because I changed my password for my Windows VPS to something very simple about 3 days ago:
That's right. Once someone had my IP, all they had to do was guess a username of "Administrator" and a password of "money1" and they had access to $30,000 in funds. No, I don't enjoy looking like an idiot in public, but if it will snap even one person out of the delusion that this is all fun-and-games, then I have done my job.
Centralized security isnt so bad
I have all the addresses that my coins were sent to. But
because crypto can be sent anonymously and there is no central
authority, there is no registry connecting identities to addresses.
I guess if you want total freedom and autonomy you better be ready to
defend against those who want to misuse it.
Back up your wallet frequently
Apparently when you restore from a wallet file, the wallet needs to
reply the blockchain from that point to present. So, presumably, the
more recent your wallet backup, the less time it takes to recover your
funds? Please correct me if I'm wrong here.
Suggestions for Security
I'm a firm believer in not putting all your eggs in one basket. But I
did get caught with quite a few of my funds in one place in the
interest in having all of my desktop wallets in one place.... and
saving on monthly server costs.
If I had used 4 remote servers and distributed my wallets to those 4
places, then I would be reporting a loss of just 6 or 7 grand
instead of this major setback.
ENCRYPT YOUR WALLET
If you take nothing else from this post remember to encrypt your
wallet ... don't be intimidated by that term. It simply means that a
password is needed before you can access funds or see the transaction
None of these wallets require a passcode to withdraw funds. No bank or
ATM on this planet would allow funds to move without verifying the
identity of the mover in at least 2 ways.
Don't wait for the crypto-world to upgrade to bank-level security. Do
as much as you can TODAY!
Harden your Windows remote server
I had all my funds on a Windows VPS (Virtual Private Server). I am
lucky that the server farm that I use has 24/7 customer support. They
were very responsive via live chat. That being said, I will never use them for cryptobanking because they dont have an an easy way for me to harden my VPS server in the ways I discuss below.
Idle Timeout Screen Lock
Do you want to wake up in the morning to all your funds gone? Me
either. Having to enter your password every time you see an idle
screen timeout may be a pain, but I can tell you: waking up to losing
$27,000 is way more painful.
2-Factor Authentication is a MUST
2-Factor Authentication, 2FA for short, just means that there are additional layers of security besides just your username and password. Notice how you have to have a debit card AND your PIN before you can withdraw money from an ATM? Just having your debit card is not enough. Unfortuntely, my windows server did not have 2FA enabled.
Once the hacker guessed username/password combination of
Administrator/money1, he (or she!) was in. No need to enter a code from my cell phone, nothing. And this drag-ass security model that is what you need to change if you do decide to use a remote windows server to store your funds. Speaking of drag-ass, why was Windows Server 2012 so adamant that it was time to change my password yet not so adamant about enforcing some rigor on the difficulty of the password?
While it does seem tortuous to setup 2-Factor Authentication on Windows certain
VPS providers have made it easy. For instance, you can be done with the process in
a few easy steps at ServerIntellect. And if I return to using a remote Windows server for cryptobanking, I will require at the very least what ServerIntellect is offering and will never accept anything less as legitimate for cryptobanking.
Restrict IP access
If you are the only one accessing your machine, do not allow any and all IP addresses to access your machine
Change the administrator username
That's right. A measly wordpress site with a bunch of meaningless posts. So if there is that much interest in wrongdoing for a measly wordpress site, imagine how many more bad guys must be out for my money! Actually they are out for my currency, not my money, but we dont need to get into the differences now.
So yes, change the username from
You are running your own bank. Treat it like one. Seriously. Whenever you login to your online banking service, take note of the hoops of fire they require you to burn your ass on before you get access to your funds. And then make sure you have just as many hoops of fire on your funds. Either that or you may be the next guest star on "Cryptocurrency Carnage: How Much Money Did The Next Fool Lose and How?!".
There are no mistakes in this universe. Everyone gets what they deserve. At least I would like to think so. What do you feel? Do you think this is karmic retribution for something I did in the past? Please share in the comments whether I am a poor innocent victim of a ruthless thief. Or whether I am getting what I deserve for past violations of The Golden Rule.