All of my XCH Stolen

I’m pretty sure nothing can be done about it, but it seems all my XCH has been stolen.

I have my farmer on a raspberry pi and keep the software open on my windows machine as well to check the balance every few days (on a pool). I checked my balance yesterday, and I only had ~0.05 XCH - I had almost 19 XCH the last time I checked around a week ago.

In looking at the history of the address that the XCH went to, all of the transactions (6 total from 3 of my addresses) happened on 4/11/24. Chia Address - Chia Blockchain Explorer

I’m not sure how this could have happened. I have never joined a non-official pool, or downloaded any chia related stuff from anywhere other than chia.net. I have my 24 words saved as a .jpg screenshot on my computer, but I don’t have any Windows logs of someone remoting in on or around 4/11/24.

If anyone has any ideas on how this could have happened, I would really like to know. I am in the process of changing all of my passwords, including my home wifi and admin passwords. I have also joined NordVPN. I’m not sure if they were able to obtain any other information from me.

Hard to tell, but chances are that your PC is compromised in some way.
Is the Pi running Linux?

Have you checked the other addresses? You joined a pool with hopefully 100’s of plots, which took you more than a couple of weeks to create, and you just joined this forum 14 minutes ago???

The Pi is running the Raspberry Pi OS.

I looked through sudo journalctl _COMM=sshd and there wasn’t anything logged on that day or around it.

“I have my 24 words saved as a .jpg screenshot on my computer”
There we go! You should write it down to a paper. Also you should store your coins in a cold wallet which is not connect 24 to the internet.

Chances are that your Pi is not compromised but having the mnemonic unprotected on your PC is never a good idea. Anyway your wallet is compromised and you will need to make a new wallet and send your farming rewards to the new wallet.

My other addresses? I just recently realized that I had multiple addresses. I only know of the 3 that were included in this.

Yes, I have been reading, but just joined.

I agree, it was not the best way to save it, but how would they gain access to a .jpg on my computer?

And replot, correct?

Edit: Also, is there anyway to redirect the pool to the new address? I joined XCHPool early on and do not have any fees, but if I were to join now I would.

Sorry to hear about your loss.

Yes, you should create a cold wallet. Create that cold wallet via a clean machine. Do not create that cold wallet on any hardware you currently have that had any chance of being compromised.

As to re-plotting, the consensus (based on other threads) is to re-plot. I never understood the need, when your existing plots could still be farmed with everything you currently have, exactly the same way, with the only exception being that your wins will be directed to your cold wallet, via a config.yaml edit.

You could have all manner of malware on your Chia boxes. And still, I do not see how anyone could get to your cold wallet. Of course, you do not want malware on any of your boxes, because someone could change your payout address. My point is that I do not think that you have to re-plot, if your payouts will go to a cold wallet. If I am mistaken, someone please let me know.

On any computer in your network that can access your config.yaml file, you have a potential security risk – where an attacker can tinker with your config.yaml file. In other words, if you have a full node and a couple of harvesters, and all have access to your full node’s config.yaml file, then any of those machines can change your config.yaml’s payout address. And you do not know which of your networked machines got compromised. Or if you have children, with their own PCs, on your network that can reach your Chia boxes, then if their boxes got compromised, then that is a problem.

But as long as you can farm your existing plots with clean code running, I believe that you have no need to re-plot. But you would likely need a fresh OS re-install on every box on your network that can access your config.yaml file (to stop malware from changing your payout address – because you might not realize missed wins, if your payout went elsewhere).

In summary:
– Re-install your OS on any box that has access to your machine with your config.yaml file.
– Create a new, cold wallet, using a clean machine. A fresh OS install is the safest machine to use to create a cold wallet.
– Direct your wins to your cold wallet.
– Save a copy of your blockchain files, before doing anything. That is something you should be doing on a regular basis. Make sure Chia is not running when you make a copy of the blockchain files.

The above might be overkill. I am just trying covering all bases. You pick and choose what is best for your situation.

Also, do not use any of your Chia related boxes for anything other than Chia. On mine, I never even opened my browser. I have a clean OS install, plus Chia installed, and that’s it. I used a different, non Chia computer to download Chia, and then, via a USB drive, copied it to my Chia boxes. No other machines can see my Chia boxes, and nothing other than Chia is installed on my Chia boxes.

I do not trust NordVPN. In general, you are trusting any VPN service with 100% of your on-line activities. They can see everything, and log everything that you do via their service, regardless of any claims that they make. We have no way to verify their “no logs” claim. It is probably safe. But you cannot really know. And how you use your VPN service can expose you to threats. A VPN server is basically a glorified proxy (a system that you somewhat remotely control), that performs actions on your behalf.

The connection between you and the VPN server is encrypted. But then it is 100% decrypted by that VPN server. They see everything in the clear. So depending on what you do via their service, they could be a security risk.

The more computers that your Chia boxes get involved with, then the more risks you are exposing to your Chia boxes.

Lastly, before doing anything, you might want to use Autoruns – if you are running Windows on your Pi or any other boxes networked to your Pi:

Run it with administrator privileges. It will show you every program / service that automatically starts on that box. Some start at boot time, some start at login time, etc. The number of programs that start automatically are numerous.

Autoruns will show you all of them, and allow you to un-check any, which will prevent it from automatically starting (but will not kill what is already running).

You might find malware that is starting. By un-checking it, and re-booting, you could solve your problem. But run Autoruns, again, to make sure the malware did not re-start (something else you missed might enable it).

Note that if you un-check a critical process, you could cripple Windows – perhaps not be able to boot up. So be careful.

I think the reason for replotting was that it may be possible for someone with your plot keys to alter your plot NFT, and thus redirect payments until you noticed, or something along those lines.

Did you verify the hash?

Yes ofcourse a simple .jpg file is not encrypted everybody with access to your computer can read it.

Of course they would. The question is: how did they get access… There are no remote access attempts in the windows event log anywhere around that time.

It doesn’t matter anyway. It’s gone. Time to start over.

Thanks for the reply. I’m going to restart everything from fresh installs and have several cold wallets with xch spread among them. I’ve also decided to just replot everything. It’s too bad I can’t do compressed plots - only 64GB of RAM.

I believe that you can create compressed plots, even more easily than creating non-compressed plots.
Compressed plots are incomplete files. They should require less resources to create.

Harvesting compressed plots is another story. That is where a good GPU factors in.
The GPU completes the plot (not sure if it is all of the plot or just what is needed for a proof), on the fly.

So unless I am mistaken, your 64GB of RAM is more than enough to create compressed plots. But the key is the GPU related harvesting of compressed plots.

GPUs are also used to create compressed plots. The only difference, as I understand it, is that it gets the job done much faster. But a GPU is not required to create compressed plots. Please (anyone) clarify if I am mistaken.

I thought you needed a minimum of 256gb or ram with GPU plotting. I have an AMD GPU though so I would need to do CPU plotting and I think the memory requirements were even higher.

make a test plot with C5 gigahorse that supported amd gpu/igpu and try it

That would be when you are not using an NVMe temp drive (or a disk based temp drive).
But you can still create compressed plots using a temp drive.

There are memory related minimums for plotting, and memory related minimums for harvesting.

I do not think that anything has changed on the plotting end. As long as you have 32GB (maybe even less) of RAM, you should be able to plot via a temp drive. Plotting is not time sensitive. So if you have nothing special hardware, it will simply take you longer to plot.

Harvesting is time sensitive, to provide proofs in time to win rewards. So the harvesting hardware is important.

Harvesting is where we need a chart that shows the minimums for RAM, and VRAM, and GPU speed, which varies for the compression level, number of plots, and upcoming plot filter halvings.

You want your GPU to have enough VRAM to perform the calculations, and a fast enough GPU to handle the number of plots that pass the plot filter. The more plots you have, the more the speed of the GPU matters.

@Ronski has helped others with advice on GPU specs, etc. Others have also, but I cannot recall their names. @Alejandrofm1’s suggestion is also good advice.

@dave333539 I would suggest having a read here GitHub - madMAx43v3r/chia-gigahorse and also chia-gigahorse/cuda-plotter at master · madMAx43v3r/chia-gigahorse · GitHub

I’m not clued up on what AMD cards will work, but you can use some pretty cheap Nvidia cards for plotting and farming, farming side depends how much space you have and what size plots you go for.

You can certainly plot with 64GB of ram, although I have 512GB so am not familiar with what is called partial RAM / disk mode.