You are reading a single comment by @cyclotron3k and its replies.
Click here to read the full conversation.
-
Holy shit that's horrifying.
Edit: I'm just thinking through how this would have worked.
So I guess they got your password, then tried it on a bunch of crypto exchanges? But then you would have been protected by 2FA?
Or they would have needed the private key for your wallet - but you never type that in, you unlock it with a password.
Maybe with your password they were able to SSH into your laptop and grab the private keys? But you're on OSX so that's unlikely...
cyclotron3k
CSB warning.
I was speaking at a Blockchain event in a hotel in London in 2015 and had a quantity of cryptocurrency stolen shortly afterwards. After an exhaustive investigation, using a third party security company, it turned out that my macbook had a known Intel vulnerability exploited via the hotel wifi AP and some code was injected into the firmware. This code was used to listen for keystrokes and ultimately used for lifting a private key.
Apart from that, which happened on the road, I receive maybe three attempts a month to get me to click on a malicious link targeted specifically to me as a result of what I do for a living. My security precautions tend to spot two or three attempted remote attacks on my network each month too.