So before I begin, the machine I am referring to is on a corporate level network. Hardware firewall, software firewall and endpoint protection with ADVANCED configuration has been implemented. I trade daily on this machine, and only two functions are ever used. Google Chrome with two windows- Coinbase, and Poloniex. Second, is my hardware wallet of choice. This machine receives updates only, and all other HTTP/S traffic from anything not listed above is blocked.
Yesterday: 210PM EST- I'm watching "Alive" the Standing Rock documentary while doing some mid-day trades during a dip. I place a trade and then send myself ALL OF MY BTC, amounting to about .52 BTC. Minutes later, I watched as my machine's mouse was taken over and someone was trying to control the withdraw function. Weirdly enough, this was just a ruse because in all actuality (verified by RAT .log file) they were already logged in on another machine with a cloned IP and ACTUALLY withdrawing the coins there. My mouse movement overrode the RAT user's, so when I exited out of Chrome I thought I was safe. An hour later I got an email that my wallet balance was 0 and asking if I'd like my normal auto top-up to take place. They had taken it all.
I never leave my funds in CB, and always move to my hardware wallet when done. I was waiting for my trade to come back and then move all back into my wallet.
Coinbase support is non-existent. During my inquiry, I found 6 other reports of the EXACT SAME ACTION taking place as we speak. After tracking things down, the final bounce point was in Russia, and the RAT was the RAT.IMMINENT (named after its appdata/IMMINENT folder creation) variant which is sent through emails etc. Things that have never taken place on the computer. More interestingly, I had a verified log which showed ALL CONNECTIONS I/O being blocked that were not to coinbase or poloniex, except for my wallet TX's.
Just wanted to get the warning out there! And if this helps someone, maybe they'll feel nice enough to help donate and get somewhere back towards where I was before.
LTC 398VKmPLBLwJ5pAmHxekht3ufwoRogprun
BTC 3FiCWY1Ue4DdcssEHQe1TicjqasTfgGQSJ
DOGE A2G2QXCjoZCqaH6CMgQ2cLtUVr32yYrron
ETH 0xef75d17542CF9F1530326a1FF3CBc7b4D2264bD1
Thanks for reading: Debate is the beginning of innovation, feel free to comment and I'll be sure to reply!
-jgr33nwood
Check out my posts in vape vaping cryptocurrency and bitcoin !
Trying to learn the stock market and get started for free? https://robinhood.com/referral/jong89
Thanks for the information!
More than happy to pass it on and prevent the same. That was 5 years old saving and trading. I never invested a cent but
Very helpful info that makes us more careful in safety of our wallets.
man cant believe your still using polo man, there has been fishy stuff on that site big time, i would be surprised they gained access through polo bro
No for me it's CB not Polo
Yea i know im just saying u using polo and there has been some fishy stuff going on with that exchange