Call to action: let's catch the thief


Author
Message
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
jromfo - 20 Jun 2018
Hello,
I purchased 230Mi back in March, and just tried to open with my seed and it says 0 balance.
in the transfer history, a day after the funds were deposited to
DDZMFSOKQQDOAWOBBRTWXQMWGPNBBSZJKZXPIRGRKDBWHNBPJGTJZTMTSQANUTQTCKAOLBYFUFYAMTJMZUNHTTBZOW
it shows they were sent to:
LDTBGXN9KXLNWFJNEJQFSKCWESOBWXUOIHIZEVGRLRQZQOSSRMDZHOVFQN9SXICZRHXGFJQCXZGXZGKPWTID9RJVXW
Hash:
VRTLGAC9PHFQLTVYJSMSFAZCMURPAYOZUPUXGGBRQUXBLAIVMSJGBBACPUPHWAVBF9DNPKIZPBBPZ9999
Following this trail, it seems like the IOTA’s were moved around and eventually converted to USD.
Any help or direction would be appreciated

@jromfo
I just replied to your first post in the other thread. Please avoid double postings in the future. Thanks! Smile


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
xussain
x
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K

Hi xussain,
welcome to Hello IOTA!

Unfortunately this does look very much like the other thefts that started end of January.

I'm really sorry, but your funds have probably been stolen because you used a malicious website to create your seed. You can read more about it here: 
https://medium.com/iota-demystified/what-happened-last-night-on-iota-b6157ade1e03

There's not much you can do now, except report this to you local (cybercrime) police. Please do so.

If this thief ever gets caught, you will have to provide proof that those stolen coins belong to you. Please make sure to keep your seed and all evidence of where your bought your coins from and where you sent them to afterwards. For example save your trade history and your withdrawal history from your Bitnex account or wherever you bought your coins.

I'm sorry that you've lost your funds. 


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Edited 2 Years Ago by Alexa
xussain
x
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
Alexa - 27 Jul 2018

Unfortunately this does look very much like the other thefts that started end of January.


 It's a pity. So, I should not try to restore the balance, as described here https://medium.com/iota-demystified/help-my-iota-balance-is-zero-579b75f35f2c
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
xussain - 27 Jul 2018
Alexa - 27 Jul 2018

Unfortunately this does look very much like the other thefts that started end of January.


 It's a pity. So, I should not try to restore the balance, as described here https://medium.com/iota-demystified/help-my-iota-balance-is-zero-579b75f35f2c

Unfortunately, there's no way to restore any balance after a theft transaction has been confirmed.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
xussain
x
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
[Цитата]
[Ь] Alexa - 27 июля 2018 года [/ b]
[Цитата]
[Ь] xussain - 27 июля 2018 года [/ b]
[Цитата]
[Ь] Alexa - 27 июля 2018 года [/ b]
[Цитата]
[Ь] xussain - 27 июля 2018 года [/ b]

[/ Цитата]

[/ Цитата]
[/ Цитата]
[/ Цитата]

  IOTA is so confusing. I could not understand. Is it a theft or unenviable balance. Probably, I do not want to believe in loss
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
xussain - 27 Jul 2018
[Цитата]
[Ь] Alexa - 27 июля 2018 года [/ b]
[Цитата]
[Ь] xussain - 27 июля 2018 года [/ b]
[Цитата]
[Ь] Alexa - 27 июля 2018 года [/ b]
[Цитата]
[Ь] xussain - 27 июля 2018 года [/ b]

[/ Цитата]

[/ Цитата]
[/ Цитата]
[/ Цитата]

  IOTA is so confusing. I could not understand. Is it a theft or unenviable balance. Probably, I do not want to believe in loss

If you did not make the outgoing transaction on January 27th, it is definitely a theft. I'm sorry. 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
xussain
x
Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)Attaching to Tangle (4 reputation)
Group: Forum Members
Posts: 4, Visits: 0
дорогой опыт expensive experience
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K

Hey @kraut,
so sorry to see this!
What happened? These transactions occurred long before the big seed generator theft that started on January 19th 2018.
Did you use any website to generate your seed back then or do you have a different explanation?

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
The problem is, I can not remember exactly. The only explanation leads to the admission to have used a supposed offline generator.
As a Hodler, I thought for a long time that the Iota were stuck in one of the reclaim processes and did not look into the tangle.
But the child had fallen into the well for a long time.
Had been better communicated at that time, that the generation of a seed can be accomplished quite simply with the command line and it requires no special algorithm, it would not have come to this disaster.


kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
Another victim of the hacker: https://forum.helloiota.com/Topic2321.aspx
same tags: ANDROID9WALLET9TRANSFER and KZDROID9WALLET9TRANSFER
what generates the tags in a transaction?

Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
[quote]
kraut - 5 Aug 2018
The problem is, I can not remember exactly. The only explanation leads to the admission to have used a supposed offline generator.
As a Hodler, I thought for a long time that the Iota were stuck in one of the reclaim processes and did not look into the tangle.
But the child had fallen into the well for a long time.
Had been better communicated at that time, that the generation of a seed can be accomplished quite simply with the command line and it requires no special algorithm, it would not have come to this disaster.

@kraut
It did happened really long ago, I guess it's hard to remember. I wasn't around when you made your seed, so I don't know which options were available back then.
But you are sure that you never made any transactions whatsoever?

I'm asking because the bundles from the transactions you've posted look a little bit different than what we're used to from the seed generator theft.
It appears like only a part of the funds got sent somewhere else and the remainder went to the next address of your own wallet.
But it could very well be that the thief is just mimicking this behaviour to make it look like regular transactions.

What you could do is try and find more addresses from your seed. So far, we only know that these two are yours: 
https://thetangle.org/address/YDONGDRNGTBMERWRWSOAMCDLMBRBABPQJKR9WYIRGLQIQCHLASLHS9TPBTABXDBYAIHKHXL9MVLJRIUFR
https://thetangle.org/address/FPUX9BKUABOTYXMRTNGNPFIHAUNUKLDBMXNNIBOT9IOTQUV9KHTCETDPBAVLVEBWWTVKMLTPOBXJAL99Q

These are "old" Curl addresses and you won't be able to generate them with any of the current wallets.
But you should be able to get them from this tool: https://github.com/domschiener/iota-address-generator. I'm not 100% sure though.
Security Level needs to be set to "2". You can work your way up from Key Index 0 and see if they appear.
If they do, generate some more addresses.
I'd like to know if you can also generate these two:
ZHFGXFMGITHEAWGPXDOCBOJPKRVSREOCEPTNH99ZGBNMANRJUY9LDDQRSDHDJUXZPPFYXVYETIQWTEJDQDREOIQYJB
GQCVJUUXHUORVPDNGFTEJAXSBNTUDUHXZ9YZOPQYQSUU9ZE9VYXOLFDMKAYGWKOJED9NIKJTCEYMDDCUWHRCJBAAUC

If you can't, the thief is just very good at making things look legit.
If you can generate them, we'll have to see what conclusions we can get from this. 

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
Edited 2 Years Ago by Alexa
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
Thank you for your quick reply. Even if I do not know what you're aiming for, I'll test it tomorrow.
Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
kraut - 5 Aug 2018
Thank you for your quick reply. Even if I do not know what you're aiming for, I'll test it tomorrow.

Well, I don't know what I'm aiming for myself yet. And I don't want to get your hopes up at this point either.
It's just a quite unusual pattern and I'd like to really confirm that what we see here is a theft case and not anything else.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
Thanks, that is understandable. I have no great hopes, if it comes differently, with pleasure.

But you are sure that you never made any transactions whatsoever?

Not 100%.

Again, what generates the tags in a transaction? For understandable reasons, I have not dealt with the technology for a long time.


Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
kraut - 5 Aug 2018
Another victim of the hacker: https://forum.helloiota.com/Topic2321.aspx
same tags: ANDROID9WALLET9TRANSFER and KZDROID9WALLET9TRANSFER
what generates the tags in a transaction?
@kraut
Sorry, I somehow missed this post yesterday.

The tag is just a little user defined message. You can see the Optional Tag field in Send tab of the Lightwallet.
It contains 27 trytes (=uppercase A-Z and the number 9)
If you enter "MY9CUSTOM9TAG" the actual tag will be MY9CUSTOM9TAG99999999999999
If you leave the field empty, the tag will be 999999999999999999999999999

Trinity and the old Android wallet seem to have a default setting for the tag, but it's not affecting the actual transaction.
It just just allows you to search for the tags on the IOTA explorers and find all transactions that have it.

I can't see any tag in the transactions from your wallet that you've linked. Maybe you see one in the wallet, but it doesn't mean anything.
The theft case from the other post is also a totally different story.
Apparently it happened because of the reuse of the addresse's private key which always affects security.
I can't see any sign of you having reused your private key and I don't think that this has anything to do with your case.


I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313


I'd like to know if you can also generate these two:
ZHFGXFMGITHEAWGPXDOCBOJPKRVSREOCEPTNH99ZGBNMANRJUY9LDDQRSDHDJUXZPPFYXVYETIQWTEJDQDREOIQYJB
GQCVJUUXHUORVPDNGFTEJAXSBNTUDUHXZ9YZOPQYQSUU9ZE9VYXOLFDMKAYGWKOJED9NIKJTCEYMDDCUWHRCJBAAUC


Yes, i can generate both (and other old adresses), but without the last 9 characters.

Alexa
Alexa
True IOTAn (9.6K reputation)
Group: Moderators
Posts: 733, Visits: 1.4K
kraut - 9 Aug 2018


I'd like to know if you can also generate these two:
ZHFGXFMGITHEAWGPXDOCBOJPKRVSREOCEPTNH99ZGBNMANRJUY9LDDQRSDHDJUXZPPFYXVYETIQWTEJDQDREOIQYJB
GQCVJUUXHUORVPDNGFTEJAXSBNTUDUHXZ9YZOPQYQSUU9ZE9VYXOLFDMKAYGWKOJED9NIKJTCEYMDDCUWHRCJBAAUC


Yes, i can generate both (and other old adresses), but without the last 9 characters.

Alright, the last 9 characters are are a checksum, they don't matter right now. 

But what this means is that the transactions you've posted are not theft transactions but your own. Your funds could still have been stolen, but not at this point.

Now, I'd like you to generate more addresses. Maybe ten more and post them. Best would be that you open a new thread just for your case alone here on the help subforum so we have all your info in one place.

I wouldn't be able to help anyone without thetangle.org-explorer. If you feel like you want to support its developer Mathieu Viossat in maintaining his service, please consider a donation to the address shown here: https://thetangle.org/about. Thank you!
kraut
k
Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)Attached to Tangle (404 reputation)
Group: Forum Members
Posts: 15, Visits: 313
Ok, now I'm a little bit confused. With "show bundle" you can see step for step, how the thief distributes the loot to several addresses. If I follow the big amounts, sometime the tags ANDROID9WALLET9TRANSFER and KZDROID9WALLET9TRANSFER will appear.

Here are more adresses:
WHLGKOOASMQWUWWNA9YJCWJIOJMQXWBMAWYFMBHSJBXXNSTQYHDRGNXYQTPZ9SIUJNZVOEXFHGZSXXNYG
ENCEKBOBCEJIQHBUJZLZFZQABMXKAEBGLGRWGUPMLQOQQYWNZWBWIKZBDZMSMBJUIIYGAW9QAXGPLUQEORXMAYCNTH
EKPRUGEGVENYDPCFFDJ9STVUGYISYXQGZIXYOHSKVLVEJRFUOVM9Z9VDXMHXFMASJTTXQWOVVNZDDPM9OCDJ9VLJQU
DVKQSKVLU99JJAWIIPDXJAJEITIXE9KBRAOPWMAFD9JPWAGNFXDCAQEGEJIGYTFLYND9JNPLIWQNOYPKQTQP9ZHYDN
YDONGDRNGTBMERWRWSOAMCDLMBRBABPQJKR9WYIRGLQIQCHLASLHS9TPBTABXDBYAIHKHXL9MVLJRIUFR
FPUX9BKUABOTYXMRTNGNPFIHAUNUKLDBMXNNIBOT9IOTQUV9KHTCETDPBAVLVEBWWTVKMLTPOBXJAL99Q
VG9VFMKIGOTTMPNKDBVZSXYVV9TWINHEAMRMEMOVWZZSBEOIVPRTVTVGEW9ZPWIQYBBWUBBRGITCHJOIN
SC9YROVAW9OJVUCJHSCKAPMNSWWJ9ZULZCQFYIWPEDCVKBGPZLLAIGKTF9ZJJ9BWGLTMEYOGZPOYRUYWU
AMWFICT9QIVOYWBGMOLLYRAGNKSNHDDVGUQIKHDVOQLSLVGZVBWPRTNSAESRVKUNURLAWISXNVQSXRUFG
EWJYGKTYWFANWHZEAJCTXREEWOBKDYDOJOQQNIGARFIQUDHYLEIYHDGOEBNBCJASEZKQHNBH9TAIHASKW
TKVFOBMGFFRADSWQOJSVFXXAFROCGIORACUH9CAIVTLKWTLZYECCXEMQWQDPSWZNBPNZMXONZAPAUACDK

You are welcome to outsource the discussion to a new thread.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Login

Explore
Messages
Mentions
Search