Hello everyone
Unfortunately, when I checked my Chia wallet today, I didn’t find it there. I don’t understand what happened and how someone could have stolen it. What’s really strange is that the money disappeared from two accounts that are on different computers. No one had access to the computer. And I have a million passwords, even if someone had access. On one PC, the one where I mine, someone is constantly withdrawing funds
I tried to look at https://alltheblocks.net/
But I didn’t see anything
this is the address where the main amount was
xch1at7u34dawcd5kq52q5e6pqgt4x8fmyv6h7gr8xpv8ee2j2vjtlgq8eqpzk
and this is the address for mining xch129a54nmcypkwa0fkdyqas8306u6pxh6x2kej66x2kxexcz7ggzzquqrnyn
The most interesting thing is that they stole Chia and forgot about NFT
In the summer I transferred 30 Chia to Gobi (xch19n40kxjfpsqdz9mecst0assekywj307alh4l9vwq6jez3lryqqlsu4hhm6) and forgot about them
Now this is all that is left after so many years of mining and purchases((
If someone can help I would be very grateful. I still don’t know how the scammer did it, whether Windows is hacked or maybe he got access to the keys. I don’t know how to check it … Maybe someone knows and can advise something
also for some reason I can’t find all the transactions at the addresses I wrote above… maybe then everything would become clearer
I understand that the scammer will probably not be found and ordered. But if the funds were not even returned but blocked I would already be happy
Thanks in advance for any help
And I still believe in spite of everything in a bright future chia
I made a post on Twitter and I have already received several messages from scammers who want to solve this problem) I have never been scammed in my life
And this is the first time that cryptocurrency has been stolen from me
On the first mining computer I had a chia wallet installed without a password. So I think it was no problem for scammers to withdraw this money
But on the second one I had a password set when entering the wallet and I used this computer personally and it was not turned on constantly
I can’t find the transactions when they were made
I would be very grateful if someone could at least help me understand when they were stolen
The only suspicious thing I remember is that in the summer someone constantly tried to log into my Windows account. But I have two-factor authentication, so I don’t think there should be a problem with this
I understand that the chances of getting your money back are 0 but I hope my example will be useful to someone and they won’t get into a similar mess after reading this
I do not know what else, if anything, you use your Chia computers for. If you are using your Chia boxes for anything else, I advise against doing so.
For me, I installed Windows onto my Chia boxes, and never installed anything else. They have the OS and Chia. That’s it. I use them for Chia, and nothing else. I also never ran the browser on those boxes.
For my harvesters, they are not on the internet. They connect to my main node, but my harvesters are unable to see the internet.
My main node box, which farms, is set up using Windows public network option, which is less friendly to other machines on my local network (such as my daily driver, non-Chia, box). And that is good, because I want no non-Chia boxes to have access to my main node.
I am neither a networking expert, nor a security expert. But as best I understand Windows boxes, the above is my way of ensuring that nothing can compromise my Chia boxes.
I am sorry about your loss. If you decide to keep farming and harvesting, maybe you will find the above helpful.
Thanks for the info. This will really be useful for me and other people who think their chia is completely safe on their everyday computer.
Only the cold version will save from theft
This is what I am doing now to save the remaining crumbs
As I said, I was lucky, and the thief somehow did not take any NFT
Thieves are strange now
I started mining from day one and I will continue to mine Chia, despite the unfortunate circumstances. And when there is free money, I will buy. I believe in this project
Before, I was waiting for Chia to fly to the moon, now I will hope that it does not rise above 30)
I finally found something really suspicious.
Scammers have been trying to log into my account for several months but Windows says they were unsuccessful.
very strange maybe Microsoft is lying I don’t know
My farm was running on my server, but I always farmed to a cold wallet from the early days, I no longer farm.
Did you have RDP enabled?
Did you download any programs directly for Chia?
I have RDP enabled at work, one day many years ago I discovered someone, or something trying to log in via RDP, there was 32,000 attempts recorded, it was actually over this as the log only records just over 32,000 events in total! I forget the timescale but it was not long. Luckily I had a secure password and non standard username. After that I configured the router to only allow my home IP to connect.
There have been programs released which will steal your keys, one that I remember was a blockchain downloader, no doubt there are others.
It could even be someone that has direct access to your PC, but more likely it was remotely compromised. Where did you store your 24 words?
Never expose RDP or any other type of remote login directly to the internet. They should only be accessible on the local network. To use them over the internet you must first access the local network via VPN. Higher-end routers have this feature. Or you can install a VPN server on a computer that is always online.
Yes, absolutely, I learnt the hard way, although luckily I wasn’t comprised. Another colleague also uses RDP, I setup a VPN for them as their home IP changes, mine rarely does so I went that route.
I farmed on a wallet that was on the same computer that the farmer was installed on(( Now I’m doing the same thing as you.
I use Chrome Remote Desktop to maintain my mining farm
I’m currently farming through No SSD
At the beginning when I started farming I installed a lot of fork programs
but now because I farm on No SSD it doesn’t make sense
Yes, I also have endless attempts to hack my account.
I don’t think I’ve ever downloaded anything like that.
For some reason, it seems to me that in the summer, when they tried to hack me and I received messages on the authenticator, I could have clicked the confirm button instead of rejecting it, but I’m not sure about that.
once it was in the morning when I was sleeping and I could have accidentally pressed it but I’m not 100% sure about that
if that’s the case then this will be the most expensive push of my life)
I kept this information on my main computer but I hid this information in a safe place, at least that’s what I thought.
For some reason I thought it was safe . But now Life has taught me to be more paranoid.
If you used the same keys back when you farmed forks, you downloaded loads of such programs, anyone of them could have been compromised.
If it wasn’t encrypted, it wasn’t safe, chances are though if they’ve gained access to your PC then they likely just used a program to get the keys.
If that was it then that’s a tuff one, but that’s life, nothing you can do about it now except improve your security going forward.
You really shouldn’t have anything exposed to the outside world, I use a VPN to access my internal network when away, and when I was farming Chia I would only open the port for four hours a day.
You should download Malware Bytes and run a scan on your PC’s, do as much as you can to make sure they are not compromised, some would say to reinstall Windows.
Yes. Otherwise, you cannot be sure that you are free from malware.
@StanislavKotov
Sysinternals (now owned by Microsoft) has an “Autoruns” tool.
In order for malware to do anything, something has to start it up. Autoruns shows you everything that starts. But it will not show you an open port that allows someone to get in.
Run it as an administrator, in order to see it all.
If you find anything questionable, you can do web searches to see if it is legit or not.
Autoruns allows you to uncheck anything, and that item will no longer auto start. If it is already running, it will keep running. It just will not start, automatically, the next time you reboot (or login). Autoruns breaks down what kicks off automatically, and from where.
Autoruns will not stop you from crippling your computer. If you stop a critical service from automatically starting, you will be in a world of hurt. So be careful.
I still think these are not forks because I didn’t use the key from the main wallet for forks.
and I think I made a big mistake in the summer, it’s an expensive mistake, but maybe thanks to it I won’t lose any more in the future. And it’s good that it happened now.
I relaxed a little and allowed myself to be safe, but when it comes to assets, it would be better to be a little paranoid and keep them in the most secure places possible.
This is the first time I’ve had anything stolen by scammers in my life, and I hope it’s the last
And to anyone reading this who keeps their assets on a PC, I advise you to move your money to cold wallets as soon as possible.
SO YOU DON’T GET INTO A SIMILAR SITUATION
So I’m checking now in all possible ways, so far I think they don’t have access to the computer right now, but I’m still thinking about reinstalling Windows.
Anyway, thanks for the advice, it really helps.
Check your router, to see if any ports were opened by the thief.
And if you find anything and close those ports, check them again, a few days later. If someone got access to your Chia box, then they would be on your local network, and might have gotten malware onto your other Windows boxes (assuming you have other Windows boxes).
So after you close any router ports that should not be open, one of your other computers might re-open them, or might be able to access your Chia box, since it is probably on the same network.
A clever and persistent thief will spread his malware to any boxes he can access.
The strange thing in your case is that you don’t see the outgoing transactions.
Try installing chia wallet on a different computer (possibly not infected one), run it in a light mode and recover your wallet from the seed phrase and let it sync from scratch.
It should download all the transactions from the blockchain.