How to report stolen Ethereum?

ztcsdtxztcsdtx Member Posts: 4
Despite the fact that I never saved my password anywhere or ran Geth with ports open to the internet, I saw that another account had taken all of the Ethereum out of my wallet and transferred it to his. I know the destination account and when it happened last night. I know it is someone hacking because I got a payout from Nanopool before I could switch accounts over and that got transferred a little while later. How do I report the unauthorized transactions? Also is there somewhere to report the thief so that others can be on the lookout? Geth was not running and the blockchain was not synchronized on my computer when this happened.


  • erstwealerstweal MidwestMember Posts: 122 ✭✭
    @ztcsdtx I don't know the answer to your question, but I have some for you. What account are you talking about, an account on your local machine or a coinbase (or something similar) account? The reason I ask is that it looks to me that coinbase doesn't actually leave ETH in your account when you store it to them, they accept the ETH in your behalf and move it to their accounts. But, if you go into your coinbase account through their site, they show your balance. I'm not sure if that is what is happening here, but it's good to know. If you look up your coinbase account on or something like that, it shows the transfer into your account and then a transfer out right afterwards, but like I said, on coinbase, your balance is shown.
  • ztcsdtxztcsdtx Member Posts: 4
    @erstweal Thanks for responding. When I first started mining I created a wallet with GETH and put in a password. I was having my Nanopool mining rewards sent there. When it came time to cash out I created a Coinbase account. I would synchronize my blockchain, unlock my wallet, transfer to Coinbase, then re-lock the wallet. I never kept GETH running or my blockchain synchronized. I've only transferred to Coinbase twice. I'm aware of how Coinbase moves your ETH around. Last night, my ETH was transferred to someone else's wallet that I'm unfamiliar with. On Etherscan it looked like he was an ordinary miner who made about 0.5 a day on Dwarfpool. I got a payout after that and he stole that too. I created a new GETH wallet on a computer that can't be remotely accessed in any way and I'm mining to it now. Hope this explanation clarifies things.
  • erstwealerstweal MidwestMember Posts: 122 ✭✭
    @ztcsdtx post his account number or the transaction here so that we can all check this out! I'm very curious as to how easy it would be for someone to get away with something like that.
  • ztcsdtxztcsdtx Member Posts: 4

    e8459a is my GETH wallet.

    eda471 is the thief's wallet.

    You can see 2 transactions:

    I could not have made these transactions myself. GETH was not running and my blockchain was not synchronized at the time. I was unable to get my blockchain synchronized in time to transfer my payout of 0.2 and he stole that too!
  • erstwealerstweal MidwestMember Posts: 122 ✭✭
    Theoretically, if a hacker were to gain access to your machine, they could just copy your keystore to their own machine and it wouldn't matter if you were running Geth at the time. But, they would also need to know your password. Maybe a keylogger?

    You are wise to switch to another machine without knowing how they gained access. I wish I could be more help, but I don't think there is anyone to report it to. If they stole directly from nanopool, you could report to them, but they took it from you after you had it in your account. Good luck and let me know if you ever figure out what happened.
  • ztcsdtxztcsdtx Member Posts: 4
    @erstweal I checked for keyloggers. There was nothing. Also, this happened several weeks after the last time I ever typed that password in. The folks at Nanopool are investigating for me. They asked for the information so they could try and figure out what happened. I would still like to know how to get in touch with the GETH programmers so they could track down by IP address or whatever where the transaction was initiated. I'm sure they would be interested in knowing what security holes exist.

    Thanks for the discussion!
  • o0ragman0oo0ragman0o Member, Moderator Posts: 1,291 mod
    The only evidence you have is that transactions were made from an account you say you own to an account you say you don't own. There is nothing here to point to insecurity in the platform, only that your wallet has been compromised. As you say that you own the account, there is nothing that Nanopool can investigate so why are you asking them to? Neither does it make sense to look for 'IP' addresses as they aren't stored on the chain which is the whole point of the anonymity of Ethereum.
Sign In or Register to comment.