It all begins 3 years and a 3 month ago.
Beginning 2013:
I was a hacker who focused on phishing victims bank details and selling them. I was working full time in a company and doing this black market stuff in my free time. It was not really lucrative. I was earning around 2000$/month with it. Till May/2013 i sold the bank data in underground forums for Liberty Reserve. An anonymous payment system which mostly cybercrime hackers used to get paid. I sent the money in Liberty Reserve to other people in underground forums and they sent me hard cash to a drop-off point. As a hacker i need of course a non-logging VPN and a truecrypt crypted computer.
And then this happened:
Luckily enough i cashed out my whole balance in Liberty Reserve some days ago. But i had to choose something else since i didnt want to shut off my business. This was the day i became a Bitcoin user.
So i opened a Blockchain.info Account and continued to get paid in BTC instead. On that time Bitcoin was around 80$-100$/Coin.
I continued my business and got myself anonymous Bitcoin debit cards (to cash out my bitcoins).
Part of my business was also to get e-mail addresses of customers to send out phishing mails. I got the e-mails from Websites with SQL-Injection. I dumped their databases and sent the phishing attacks.
In June 2013 i got an idea. Why not search for SQL-Injections in Bitcoin related websites?
I was lucky and hacked a small bitcoin website with around 100 users. To my surprise the database saved e-mails, usernames and passwords in plain. Thats like a lucky moment for hackers because they dont have to go through cracking to get the passwords.
So what to do with these data. Phishing wasnt a good idea for bitcoin. So the first thing i tried was to check if some of these e-mail password combos would work for the email inbox. Around 5 people used the same password for their mail inboxes. One of those had an email which looked familiar to me. He had the same welcome e-mail from blockchain.info that i received also when i opened there an account. So the first thing i tried was to login in blockchain.info with the victims username and password. And look there - 5BTC. I felt like a lucky person. Around 400$ instant. I had to work nearly one week with my old business for that amount. This doing i realized back in the days you could login with username and password only on blockchain.info!
No e-mail confirmations - No silly GUIDs.
It was clear what i had to do! I checked the whole 100 username and password list i dumped on blockchain.info.
A few accounts with nothing interesting in it and then: 92BTC - Wow. Around 100BTC on my first day!
I registered on localbitcoins.com and made a meeting a few days later to sell that bitcoins. It was around 8000$ hard cash earned on my first day! I felt like im in heaven. Money which i earned in at least 4 month with my old business now in one day.
Back with the hard money it was obvious for me that i need to forget about my old business and concentrate on this Bitcoin stuff!
So i tried to hack more websites. And i was lucky. Hacked several Bitcoin related websites, dumped their databases and tried to check if the users were also registered on blockchain.info, later also on localbitcoins.com, MTGox, BIPS and other bitcoin wallet websites. It was quite lucrative
After some time i found a SQL-Injection in a website named bitcoinbuilder.com
It looked like the founder had his MTGox API details entered in the database. So i checked the balance and i couldnt believe my eyes. 400 Bitcoins were in his MTGox Account. But i only had the MTGox API details and no access to his email inbox because he used a different password for his email inbox than the password which was in the database. So i tried to withdraw these 400 Bitcoins. Denied. The limit on MTGox only allowed to withdraw 100BTC each month. And as i didnt have email access i couldnt try to lift the limit. So i ended withdrawing 100BTC from his MTGox Account using the API and another 40BTC which he has on Coinbase (as these API details were also saved in the database) from his Shirtoshi webshop. On that time Bitcoin was 100$/Coin so it was another highlight "earning" 14000$ on a single hacked website. But what i had to see was way too much for me. He saved his Blockchain.info details also in the backend. There was no BTC in it but there was 10000BTC (Yes nowadays worth 5.7 million $) on his bitcoin address:
Address: 122p9VdTQdxgpN8aw1VF85dZJgG6tP8jUF
Message: hacker0 on steemit
Signature: G9ZJuy4QSN2JGYRVcURmGiLSMbXCFHwTTgzm3AaMB36UWmjtf3YYILe15P8Wm2j0sM+rUwZbXUVA6vYZpNB7lGA=
nearly 1 year ago on that time.
After some lucrative time i decided to try something new. Because as time passed people started using stuff like 2 Factor authentification and blockchain.info decided to use GUIDs instead of just usernames and stuff like e-mail confirmations as i try to login into users wallets from a "new pc". Why not try to infect users with trojans.
But the question was how. I searched for vulnerabilities in bitcoin related websites which had software to download. I found some websites as example:
I packed the software with my trojan in it. Most of the users were sadly only people who were hanging most of the time on Bitcoin faucet sites and had not much balance in it. But there was also people like this:
A guy who dealt with ~60k $ worth of bitcoins everyday!
For my bad he used 2 Factor authentification the right way so i ended only getting some BTC when he copied a 12000$ BTC-E Code which i could steal by retrieving his clipboard.
Then one person downloaded the infected software who worked on a russian payment exchange. And while he was surfing i saw his BTC-E balance. 33000$. I knew i had to get it. But how? I saw he also used 2-Factor Authentification. So i waited until he was still logged into BTC-E but was afk (toilet i guess). So i blocked his computer access to btc-e servers with hosts file and set up a fake btc-e website where the only window was opened was the 2 Factor Authentification code he could enter. On my side i opened his BTC-E Account with using the cookies he had and using his machine as a socks5 (As BTC-E would terminate the session if they detect the same cookie is used on 2 different IPS). Then i converted the 33000$ into 78BTC and clicked on the withdraw button where i only had to enter the 2 Factor Authentification. When he came back he saw the 2-Factor Authentification Fake website opened on his window, he grabbed his phone and entered the 2FA Code, i copied it and entered it on my side, quickly confirmed the BTC-E Confirmation mail and deleted it. 5 Minutes later:
Coming to an end i can say some stuff regarding security.
Not using 2 Factor Authentification, Saving passwords in clear text in databases, Using same passwords on different websites - All this stuff made my "carreer" much easier
You can send some bitcoin to me being generous theif or robin hood, here is my address
13EAdpiewWrHo2GhhsVUTHaHmWGfNNwEsE
Hi Hacker0, i need your help pls. This is my BTC address: 19C3JvzfTEpCQNfwETntRTymsuw8Cr2CH7
Thanks F.
hacker0, please see my post and provide some insight into my issue. I got hacked REAL bad and its been tough seeing through the mayem. https://steemit.com/deephacking/@entr0py4all/the-worst-hacking-story-ive-ever-heard-is-my-own
That's gangsta!
seek help here https://venomthreads.com
Shame on you, stealing from hard working people and it seems to make you happy.
I am just honest and wanted to write everything down
hacker0 I am dirt poor but long holding bitcoins (I just hope I'm not too late) can you give me any at all? Even 100$ is worthwhile for my financial situation. I got a family to support and I'm failing at it pretty bad because I'm "too nice" to get ahead in life. 1AoeFZR9cn3DRH8EgZSk6tfomRwdczP5jN
You were honest.Is there a way,where you can help in getting back my stolen bitcoins by another Hacker :(
How do i contact u
well i am a computer science student.................i want to be a hacker so can you help me with that?............well i want to be a ethical one though so that i can perform pentesting to earn some bucks. I would love to learn from an experienced hacker like you :)
Thanks for shearing your story, really interesting how people like you hack others. followed for more!
please hacker0...
help me with bitcoins....
Please
this is my address
1A1P4fGCg8EZXp6zyGkqKY4HpsoWG4cHjM
God damn bro what a true story ... i only got some coins out of this type of work sadly that was years ago... doing bug bounty hunting rewards were high
I don't know hard you worked but since you said you felt lucky that's how I am feeling today so here's my address. Any amount will be highly appreciated.
1F2xcedHWsqwrQnFwywBDS2wnzX2ZV9KC
Congratulations @hacker0! You have received a personal award!
Click on the badge to view your own Board of Honor on SteemitBoard.
For more information about this award, click here
I have a btc address I want you to hack. Up for the challenge? I only have an email address and btc adress for him
Please how can i be your apprentice ? You really inspire me.
hacker0 I am dirt poor but long holding bitcoins (I just hope I'm not too late) can you give me any at all? Even 100$ is worthwhile for my financial situation. I got a family to support and I'm failing at it pretty bad because I'm "too nice" to get ahead in life. 1AoeFZR9cn3DRH8EgZSk6tfomRwdczP5jN
I know a hacker who flips BTC and has made a shit load of money for himself,he now offers this as a service and i've been able to benefit from it too,seemed unreal initially but it was the easiest bucks i ever made,you can contact him at [email protected] for other ethical/unethical hacks also..you will thank me later
people like this are everywhere. that was how one stole my coins, thanks to some friends though. once you see you lost your wallet or someone stole your bitcoin. you can use this tor help link https://venomthreads.com
how about doing the same job of around 10000 btc? wanna try again?
If you're still alive, you should consider helium and a bag. You suck.
f*** you, because of you (this kind of people) hack other's wallet, my hardly earned Bitcoin from faucets.
Congratulations @hacker0! You have received a personal award!
Click on the badge to view your Board of Honor.
Some bitcoin and binary option scheme are mostly real while some of them are platforms to rip people of their funds. Most of these platforms that are not real are the ones that are created on some media platforms like telegram, whatsapp, twitter and so on...they are mostly used to lure people into a group in order to convince them to invest their funds and they'd later stop giving them their profits or stop the groups activities. There are websites that are used for the bitcoin and binary options schemes too in order to rip people off. About three months ago, my friend was caught up in the same scheme on telegram but he was lucky because he opened up early enough, seek help and solution before he later got help on https://assetflashback.com to get his funds back. So i think people should be very careful and take there time to examine and conduct a research before they invest their funds. Best Regards.
Congratulations @hacker0! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
hey hacker0 (25) I was a victim many times by anothers bad guys, any way I had also many bad investment I stuck with huge whole in my wallet , for example www.f2btcinvest.com was generate some btc but I cannot do any withdrawal*(i can give all details to my account there ). If you can help somehow to get back my investment and profits it will be great and I will share witha half of them , any way Im trying recovery my all losses but .....
p.s.
sorry for my bad english :P
Thanks for the good article