I kept 500 Ether, 1,000 Litecoin and 500 PPC (and a little btc) in cold wallets in a password protected .rar file on my desktop, when I happened to check my watch address yesterday all the balances were emptied two days ago.
I made two mistakes (1) I download a lot from Torrent sites, (2) I kept ALL my "cold" storage paper wallets in one encrypted WinRar file with a 12 character password. I thought this security was enough and am still at a loss as to what happened.
The other day I noticed a program running in the Task Manager called, "Wool Department", there was no google results for it, so I closed it but it kept coming back up (on Windows). Next I got an e-mail from Microsoft about verification, then a few other sites I have not used for a long time. My email was hacked years ago, so I changed my password and did not connect the two events at all.
<i>My Ether address: 0xea13bae3f4d94b43d2224bb8a1abb0f4e7e0e24d </i>My Litecoin address: LhfSd3ZzJMrWawrFimQcTnCx8rYQ3XYiVG *My PPC address: PPM4tkGmx9f4LMchhCqQAn6j843KDU3ELk
I assume I will never see any of it again, but would like to offer 1/2 of any recovered funds as a reward to anyone that can help to find the criminal(s) responsible/return the funds.
How are they cold storage paper wallets?<p>They certainly aren't paper. They also aren't cold, being on a networked computer.<p>I don't like victim-blaming, especially because this is really a usability issue for crypto, but I have never heard anyone say that a pw protected .rar file is appropriate security. If you're going to make a significant investment into crypto, I just don't understand how you can ignore all the security advice.
a) thats not how cold wallets work, they weren't supposed to be on a networked computer at all.<p>b) check Teamviewer and remote desktop viewers. Especially the ports those programs would typically use. It is a common attack vector to come in through those and view your machine, install key loggers as you, etc. Which leads to the next part:<p>c) How was the 12 character password stored? Only in your head? In a password manager? in gmail? used in other areas?
This story illustrates perfectly one of the big reasons why Bitcoin and company aren't and will probably never be used by the general population for anything really.<p>If even someone that is technical savvy (I don't know much about the OP but someone that uses RAR, knows how to make crypto wallets and knows how to check the processes running in his computer is much ahead of the average person in terms of IT knowledge) can't be safe with their Crypto coins, you really can't expect that the average person ever trusts Bitcoin and company for anything.<p>I'm sorry for your loss, but there is nothing you can do really. Try and contact Poloniex for the Ether, but unless you have some prof those coins actually belong to you, it will be next to impossible to have them do anything.
My best guesses:<p>a) Your machine was already compromised when you made the rar<p>b) The attacker logged your password, either when you entered the archive or into another service which shares the same password<p>c) perhaps WinRAR encrypted archives have a cyptographic flaw making them easily broken by software<p>d) perhaps the attacker has been bruteforcing for a while
Well I'd start by sweeping out whatever is left. Your ether address still has 5 ether left in it...<p>Just following the transactions I can see that 125 ether were sent to Poloniex so I'd contact them to see if they can help you.
Yeah... The moment you see a windows process called "Wool department" that restarts itself you unplug your computer and rebuild it from scratch.
Keylogger likely was installed on your computer and everything you was doing been monitored.<p>Culprit:
>> (1) I download a lot from Torrent sites<p>Solution:<p>1. Wipe out computer / reinstall everything from clean sources.<p>2. Don't download crap!
Was your password based on a phrase that's in a book TV show or movie? It could have been guessed by a dictionary attack. Even a phrase from urban dictionary could be guessed for example.