Pages:
Author

Topic: 40 BTC Gone - Please Help Me Understand What Happened - page 2. (Read 3638 times)

donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Have you ever imported a private key that could have been seen by anyone other than hackers?
newbie
Activity: 27
Merit: 0
If someone had managed to gain access to your private keys then you'd not have been sent the 2 factor code so someone has gained access to your phone, either when you're not looking or via a virus. I'd think back to that date to see if any techy 'friends' were playing with your phone. A virus you can't do much about but at least you could confront a friend.

Just so I can understand, if the thief did not actually have access to my phone (physically or remotely) to get the 2 factor code, would he still have been able to send the money from my wallet?

On Blockchain, it says the following: "Lost Two-factor Authentication Details.  If you have lost your two factor authentication details your wallet is still fully recoverable. All we need is reasonable proof you are the account owner which can be provided by completing the form linked below."

It then asks for information that could have been gleaned from emails in my Gmail such as wallet identifier, secret passhprase, email address, etc.

If that 2 factor code would still be necessary under those circumstances, I would venture to guess that somebody gained access to my phone through a virus of some kind as you suggested.  I don't have any tech savy friends who were with me at the time that would have the first clue about doing something like this (and my phone was with me in my room that I'd barely left all day because of a surgery recovery.
full member
Activity: 211
Merit: 100
You are not special.
If someone had managed to gain access to your private keys then you'd not have been sent the 2 factor code so someone has gained access to your phone, either when you're not looking or via a virus. I'd think back to that date to see if any techy 'friends' were playing with your phone. A virus you can't do much about but at least you could confront a friend.
newbie
Activity: 28
Merit: 12
If you got an SMS txt before the theft, that means the two factor authentication kicked in... So how was your wallet stolen? Perhaps it was the encrypted wallet backup and password in your email?
hero member
Activity: 630
Merit: 500
Bitgoblin
And would this explain why I recieved an SMS text from Blockchain 3 minutes before the theft?
For this situation, it would be super-useful to have a "panic-lock" feature, that allowed you to "one click – no questions asked" to lock your account for a set period of time (say, 12h).

Sure, you would kind of risk denial of service, but if your wallet id is already compromised, you're going to lose your wallet anyway sooner or later.
newbie
Activity: 27
Merit: 0
Thanks for the help everyone. After doing further investigation and digging through old emails, I've learned the following.

When I first signed up to Blockchain, I stupidly emailed myself my Blockchain username, password, mnemonic/security phrase, and wallet address.

Later on Blockchain emailed me an encrypted wallet backup.

After reviewing the IP addresses that have accessed my Gmail, I noticed one that appeared to access from an iPhone that I did not recognize. It was also a Verizon network iPhone and the IP address was mapped to about 30 minutes outside my city. This was on July 18th (and the theft happened on August 2nd).  Potentially also of note, I used public wifi at a hospital on July 30th.

Is this the likely scenario? That my Gmail and/or iPhone was compromised?  And would this explain why I recieved an SMS text from Blockchain 3 minutes before the theft?  If so, is it possible to locate the person who accessed my Gmail from that IP address?


To answer another question above. When I imported my paper wallet back to Blockchain, it was to my original wallet address that I'd used from the beginning.
hero member
Activity: 531
Merit: 505
The 2FA for Blockchain is just a "gimmick" and prevents only to steal your funds using your password. If someone got access to your private keys, he does not need to log in into Blockchain at all.

Even when you imported private keys from paper wallet, anyone with the access to private keys can ANYTIME transfer the funds from that address.

If your password is trivial (like less than 10 alphanums with both case), one can restore your private keys from your AES encrypted backup of Blockchain info.

hero member
Activity: 518
Merit: 500
This is definitely troubling and I'm seeing this happen more and more lately it seems.  And it sounds like you even had the two factor authentication enabled.

I've read a couple of threads about people who have the blockchain app on a rooted phone and that's how it got hacked into. I uninstalled the app from my Android phone after reading that.

But the SMS verification doesnt' even work that well. It's telling me that I can't even log into my wallet because it won't send another SMS code..say:

Reached daily limit for medium priority sms messages

How is it just "medium priority" for me to even get into my wallet?   Ok don't mean to hijack your thread and I will start a new one.

But thank you for sharing this issue with us and you have my sincere sympathies...bitcoin is still a dangerous world in a lot of ways.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Have you imported any publicly known addresses into your wallet rather than sweep them? I lost 45 BTC once due to that mistake.

I'm sorry, can you explain what that means?  I've tried to learn as much as I can about this stuff, but I'm still effectively a beginner.
If someone gives you a private key and you import it into your wallet, the wallet may use it as a change address. If you gave someone a private key from your wallet it would have the same effect.
legendary
Activity: 1274
Merit: 1004
Have you imported any publicly known addresses into your wallet rather than sweep them? I lost 45 BTC once due to that mistake.

I'm sorry, can you explain what that means?  I've tried to learn as much as I can about this stuff, but I'm still effectively a beginner.

He means, did you used some old wallet address by importing private key or sweeped your funds to new address on blockchain.info.

Ps: did you downloaded some app on your pc, or given access to someone else?
or did you sent backup to your email?
Maybe your email etc got compromised.
newbie
Activity: 27
Merit: 0
Have you imported any publicly known addresses into your wallet rather than sweep them? I lost 45 BTC once due to that mistake.

I'm sorry, can you explain what that means?  I've tried to learn as much as I can about this stuff, but I'm still effectively a beginner.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
Have you imported any publicly known addresses into your wallet rather than sweep them? I lost 45 BTC once due to that mistake.
newbie
Activity: 27
Merit: 0
It is an iPhone 4s.  I have not modified it by rooting it or jailbreaking it.  

I've got quite a few apps installed.  Are there any that may be of concern?  Ones I used for Bitcoin are the blockchain app and Authy.

It is an iPhone 4s and it looks like the version is 6.1.3.  I have not modified it by rooting it or jailbreaking it.  

I've got quite a few apps installed.  Are there any that may be of concern?  Ones I used for Bitcoin are the blockchain app and Authy.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
What is your phone model and OS version? Android? Iphone? Is it rooted or jailbroken? What apps are installed? The answers to those questions may give you clues.
legendary
Activity: 1498
Merit: 1000
if possible, how I can get the BTC back.

Nope.
newbie
Activity: 27
Merit: 0
When you exchanged your paper wallet in. Did you see the amount immediately reflect in your wallet after the alloted amount of confirmations?

Yes, and when I transferred money back to Blockchain, it was mid-May.
full member
Activity: 175
Merit: 100
When you exchanged your paper wallet in. Did you see the amount immediately reflect in your wallet after the alloted amount of confirmations?
full member
Activity: 175
Merit: 100
It would be highly unlikely although possible you had some kind of remote-host trojan.
newbie
Activity: 27
Merit: 0
Have you scanned your computer for viruses?

I'm running virus scans with Symantec and McAfee now.  Would it be possible for them to get to my wallet with a virus because of the two factor authentication?  Again, sorry I know very little about computer technology.
full member
Activity: 175
Merit: 100
Have you scanned your computer for viruses?
Pages:
Jump to: