Hacker News new | comments | show | ask | jobs | submit login
Bitcoin stolen while laptop was in Apple store
49 points by golubevpavel on Feb 13, 2014 | hide | past | web | favorite | 31 comments
This is a sad story how I got robbed for $8500 while my laptop was in Apple Store.

I dropped my laptop at Apple Store, the Falls in Miami to fix minor cooling system issue on Feb 2. And picked it up on February 4. Cooling system was fine, but when I launched my Bitcoin wallet, I realized that over 10BTC (worth $8500 at that moment) has been transferred from my wallet (https://blockchain.info/tree/111322425) on Feb 3, 20:25, when my laptop was in Apple. It was very stupid, but yes, my wallet was not encrypted.

I checked Mac system logs and it says that my laptop has been booted on Feb 3, 20:36, only 11 minutes after my BTC have been stolen. Looks like someone has connected my laptop as external drive and scanned it before booting it up.

I never used my wallet on other devices. I never download suspicious stuff from the Internet. I never hand my laptop to anyone else. I have not been using my wallet for about a month before I dropped it at Apple.

Nevertheless, I downloaded latest antivirus software and performed full system scan — no viruses.

I filed a police report and talked to the manager at Apple Store. It's been a week and there is no update.

$8500. Nobody cares. I wonder what else people copy from laptops when you drop it for service.

The moral of the story — encrypt your drives.

Moral of the story: don't deal with the Apple Store. The amount of people I know who have had their data trashed (after possibly being cloned) is quite high. The solution to most problems is wipe the machine. They usually come to me after telling them to fuck off. I haven't had to destroy a single machine yet.

We're talking trivial shit like an HP printer driver thrashing the CPU or corrupt mail folders.

Seriously, 11 people so far and I don't repair Macs for a living.

I wouldn't trust them with an etch-a-sketch.

Also treat your computer like a credit card. If it goes out of sight, you're fucked, encrypted or not. FileVault and BitLocker are faulty by design.

Contrasting anecdote: Had to deal with them many times for a variety of issues as have friends and family. Never had an issue that wasn't solved on the spot or with a quick repair turnaround.

The Apple Store service in your area depends on your area. The real moral is to not hand someone a wallet with $8500 in cash inside of it for no reason. Whether or not it's a physical or digital wallet is irrelevant. This is incredibly irresponsible on the part of OP.

Hm. What's wrong with FileVault?

I knew that there could be some issues with my laptop after service it Apple, they informed me about it. But I thought to myself, come on, it's just a minor cooler issue, they won't even need to login to fix it. How could they possible break anything.

FileValult problems: http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-back...

AFAIK they don't login to fix hardware issues -- they netboot diagnostics software but on multiple occasions I was informed by people that Apple had "made a backup of their system" before a reinstall. What that entails and what the retention policy is, I do not know but I suspect unless they're doing a three-pass erase on their temporary storage devices afterwards (which is unlikely) then your data is easy pickings...

My MBP, which is incidentally knackered, is still FileVault encrypted. It will stop a casual theif getting in but not much more

So if I understand what you're saying here, you think that a thief working at the Apple store might have either themselves had access to your Apple ID, or was colluding with someone inside of Apple at Cupertino to get access to your Apple ID, so that they could steal $8500 from you?

Am I missing something about the story here or is that an accurate summary?

So turn off letting your Apple ID unlock your FV volumes. A FV drive, that's locked cannot be unlocked just by having local access.

You authorize Apple to make a backup of your drive if yu're having work done that may cause data loss.

There is an issue with user switching and firewire/DMA that allows remote access as well as cold boot attacks but these are out of reach of most people.

firewire / thunderbolt DMA access was fixed many years ago: if you enabled a firmware password, those buses have DMA disabled.

Are you saying that if I have a firmware password on my MBA that my internal SSD is inaccessible via Thunderbolt externally (until I've entered my password)?

No, but your TB device wouldn't have read access to physical memory (where keys would be)

No - but it means that a device can't read your FileVault keys out of memory so all they can read is the encrypted volume.

They generally do ask for a login on your system when you give them the machine for service. You don't need to provide it.

Also treat your computer like a credit card

That's the best comment in this thread.

Eh, in that case, what OP did was perfectly reasonable. I would hand my credit card to Apple much quickly than I would hand it to a friend of a friend that knows how to fix computers (which is what it sounds like d0 does, fix computers for people). And I certainly don't think you would sit there and watch someone while they work on your computer for a hours. I would just do it myself if I was going to waste that time.

The real moral of the story should be "treat your bitcoin wallet like a wallet.... because it is one".

Moral of the story: don't have more money tied up in BTC than you can afford to lose.

Speak to an attorney. You may have signed something which waives all claims, but even if you don't have a prayer of winning in a court, at the very least an attorney is going to pester the heck out of Apple rather than waiting around by the phone for them to make it their problem.

Well, yes, they informed me that I might lose my data, but they did not inform me, that it might be stolen.

I tried to settle it down, but it looks you are right and I have to hire an attorney to get my money back. I wonder how much it will cost me.

"lose you data" means it might be deleted. This looks like someone might have processed the data itself and moved it. This cannot happen accidentally.

Moral of the story - do not leave your money with others if you want it back.

Might be a good time to backup your drive before logs are rotated... At the time of your writting, you only have kernel.log as a boot time clue, and it will self erase.

Good point. I already saved a copy of system logs.

IANAL but I'd suggest you go further and stop using your computer as soon as possible. Use linux to DD the drive onto a secondary backup drive as a bit for bit archive, put the existing drive in the possession of a third party and then start from scratch. Each time you use the computer you're damaging your credibility in a potential lawsuit.

Sorry to hear about your loss. I hope they catch the thief.

Another very good reason to encrypt your hard drive is to prevent others from placing data on it. If they can access the drive, their motive may be to frame you by placing illegal files on your drive rather than simply taking your files.

Think about it.

Maybe I'm not hearing you right. You are talking about a conspiracy to frame a complete stranger? While it's possible and easily doable, dare I ask, "why would anyone care to do this?". For fun? What financial gain is there in framing a stranger?

My drives are encrypted btw.

Anyone could do it for any reason. Blackmail, revenge, etc.

I never suspected it could happen at Apple. And it's not about $10, you know. It's $8500! I was counting on that money.

Have you thought about trying to track the person down using their wallet address? The blockchain is only as anonymous as someone is careful.

They are using mixer service. I am unable to track them. https://blockchain.info/tree/111322425

inform the FBI that you have reason to believe an apple employee at that location is laundering money. And possibly using it to buy drugs.

I filed a report on IC3.gov website.

Some underpaid employees do like to take matters in their own hands.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact