$1 000 000 USD

DECEMBER 2018

GLOBAL

NONE

DESCRIPTION OF EVENTS

"Yesterday in the very early hours of the morning Dec 4th I have been hacked and completely robbed out. The total of 1 Mio USD in different coins have been stolen from my system. I am still pissed off from my own shitty security. But things happened and I cannot go back in time."

 

"Basically it was a stupid combination of failures. I use Windows 10 and tried to claim BTCP and BCD. Both with the Electrum version for their blockchains. I used the same long password for different things - especially my password safe had the same pw as the DASH QT wallet. So after I started the Electrum clients (which I tested before with Defender, SuperAntiSpyware and www.virustotal.com) I had to do a little thing in DASHQT - that was it - the one of the wallets, most likely BCD, spied my password through a keylogger and the hacker had access to everything. (there is no need to discuss the stupidity of using Win10, same passwords many times, storing 2FA codes in password safes or testing new software on a vulnerable system)"

 

"Hardware wallet would not have helped.

 

He entered his seed words into a corrupt BCD wallet, which was also probably keylogging to get his password (he used the same password for multiple programs & websites).

 

Once a hacker has your seed words, he can steal all your coins right off the blockchain.

 

And once a hacker has a password that you reuse across multiple programs & websites, he has full access to everything.

 

And in this case, the victim also kept his 2FA backup codes in a password manager, which the hackers were able to access.

 

Basically, you have to be ultra-careful about where you enter your seed words.

 

And for every website & program you use, you should register a different email address/alias & different password. That way, if one password is stolen, the damage is limited."

BitcoinTalk user Valerian77 reported a hacking incident where $1 million USD worth of various cryptocurrencies was stolen. The theft was due to a combination of security failures, including using the same password for different purposes and having the same password for a DASH QT wallet as the password safe. The user was attempting to claim BTCP and BCD using Electrum clients on Windows 10. The hacker likely gained access through a keylogger on a vulnerable system. The victim's mistake of entering seed words into a corrupt BCD wallet exposed the coins. The incident emphasizes the importance of strong, unique passwords, separate email addresses for different accounts, and cautious handling of seed words.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.