Still reconstructing everything that happened, but it seems that broadband-178-140-220-181.nationalcablenetworks.ru [178.140.220.181] was able to log into my machine:
Same happened a few minutes later on my machine at home (my bash history must have told him were to find it), and from there he must have been able to find my wallet backup (which is really old, but was kept unencrypted, so any key that was in there is compromised).
I'll write everything down and file a report, we'll see how open to technology the swiss police are
Quote
Sep 28 20:45:36 nb-10391 sshd[19170]: reverse mapping checking getaddrinfo for broadband-178-140-220-181.nationalcablenetworks.ru [178.140.220.181] failed - POSSIBLE BREAK-IN ATTEMPT!
Sep 28 20:45:37 nb-10391 sshd[19170]: Accepted publickey for cdecker from 178.140.220.181 port 28384 ssh2
Sep 28 20:45:37 nb-10391 sshd[19173]: subsystem request for sftp by user cdecker
Sep 28 20:45:37 nb-10391 sshd[19170]: Accepted publickey for cdecker from 178.140.220.181 port 28384 ssh2
Sep 28 20:45:37 nb-10391 sshd[19173]: subsystem request for sftp by user cdecker
Same happened a few minutes later on my machine at home (my bash history must have told him were to find it), and from there he must have been able to find my wallet backup (which is really old, but was kept unencrypted, so any key that was in there is compromised).
I'll write everything down and file a report, we'll see how open to technology the swiss police are
Really sorry. The best thing I've ever done is create a bunch of paper wallet backups on a un-networked Linux machine with Armory and then do a military grade wipe of the drive. I suggest everyone holding significant amounts do something similar. I remember when Gavin started talking about wallet encryption and how he made it a point to say that it couldn't fend of attacks such as the one you've unfortunately fallen victim to. Real bummer.