Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? (Read 15014 times)
November 27, 2015, 02:17:48 PM
i had 17 Bitcoins disappear last December on blockchain.info and when i reported it to there support they asked for my wallet id and password to investigate same night someone acting as myself asked for my refund giving all my details even going into my back office taking off my 2fa (code to email) and i didn't even know he done it as i didn't receive any notification it was taken off. long and short of the story blockchain.info through there incompetence sent my refund to completely the wrong person because he gave his new BTC address and my wallet id and password
December 10, 2014, 03:32:58 PM
Too bad. They seem to be having serious security issues. I wouldn't store any BTC there given these developments.
Not the same breach or coins, unfortunately.
Hopefully Statdude got his BTC back,
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
Not the same breach or coins, unfortunately.
December 10, 2014, 03:03:32 PM
Hopefully Statdude got his BTC back,
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
Not the same breach or coins, unfortunately.
December 10, 2014, 08:41:42 AM
Hopefully Statdude got his BTC back,
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/
December 09, 2014, 07:13:42 PM
okay, important question, where does one go to find a good paper wallet to print out.
without putting the private keys at risk, etc when printing it. yeah im paranoid.
without putting the private keys at risk, etc when printing it. yeah im paranoid.
Computer offline with a live OS, generate keys with bitcoin-qt, print, and it's done.
December 09, 2014, 07:10:08 PM
okay, important question, where does one go to find a good paper wallet to print out.
without putting the private keys at risk, etc when printing it. yeah im paranoid.
without putting the private keys at risk, etc when printing it. yeah im paranoid.
December 09, 2014, 05:54:22 PM
this is pretty newb question, but what does TOR really hide you?
2fa didn't do shit for me.
When one connects to an https: server over Tor, with which entity does the server establish an ssh-protected session? Is it you, or is it the Tor exit node?
December 08, 2014, 11:41:36 PM
this is pretty newb question, but what does TOR really hide you?
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
2fa didn't do shit for me.
It also appears that blockchain.info has made some changes to their security. They apparently no longer allow people to connect to blockchain.info via a tor exit node, but rather force them to use their .onion address. This will get people out of the habbit of trying to connect to their .info domain via tor and into using their .onion address
December 08, 2014, 11:34:40 PM
no chance of getting this back.
thats beauty (and ugliness) of BTC
thats beauty (and ugliness) of BTC
December 08, 2014, 10:58:19 PM
this is pretty newb question, but what does TOR really hide you?
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
2fa didn't do shit for me.
December 08, 2014, 10:02:56 PM
this is pretty newb question, but what does TOR really hide you?
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
December 08, 2014, 10:52:46 AM
There have been numerous posts on reddit about blockchain.info hacks.
Give us more info, did you access blockchain via TOR ?
Did you click on google adwards for blockchain (phishing attack) ?
More than 1k BTC have been stolen, i am beginning to think their main server has been hacked and user/pass are being sniffed realtime.
Tell us more to make a conclusion..
Give us more info, did you access blockchain via TOR ?
Did you click on google adwards for blockchain (phishing attack) ?
More than 1k BTC have been stolen, i am beginning to think their main server has been hacked and user/pass are being sniffed realtime.
Tell us more to make a conclusion..
I doubt it. People are probably just losing their coins through lack of security or hackers on their own end.
December 08, 2014, 10:32:48 AM
So if Tor isn't a safe patch option....
December 08, 2014, 12:17:04 AM
This to me is an important lesson in sandboxing and compartmentalizing your bitcoins.
Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.
Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.
Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.
The issue was not the lack of physical and/or local security, the issue was that the OP was effectively using tor (via a vpn) and the exit node was able to launch a MITM attack Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.
Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.
Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.
December 07, 2014, 05:43:34 AM
This to me is an important lesson in sandboxing and compartmentalizing your bitcoins.
Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.
Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.
Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.
Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.
Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.
Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.
December 07, 2014, 04:42:50 AM
Thanks man.
To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.
All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward.
If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.
By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/
Regards
To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.
All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward.
If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.
By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/
Regards
I think this is great that you are turning this negative experience around into the start of something new.
Good luck with your project, and who knows maybe you will make much more than the coins lost if your project takes off (of course I hope you may yet still recover the coins lost too).
December 07, 2014, 04:22:29 AM
Um I'm not too familiar with teamviewer but that might have been not so smart, as teamviewer would give access to your computer to the person so who knows what they could do.
I'm glad I didnt go the blockchain.info route as I seen too many probs there, I only use electrum the best light pc wallet around
I'm glad I didnt go the blockchain.info route as I seen too many probs there, I only use electrum the best light pc wallet around
December 06, 2014, 06:53:43 PM
After selling all of my BTC and deciding to get back into the crypto realm... I am seeing many more breach stories. Really makes you realize the importance of taking any large amount of coinage you have 'offline' and onto paper secured in your private possession. Sorry for your loss OP. Valuble lessons and whatnot.
December 06, 2014, 04:33:30 PM
Thanks man.
To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.
All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward.
If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.
By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/
Regards
To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.
All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward.
If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.
By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/
Regards
December 05, 2014, 09:26:09 PM
damn, i feel for the op. being gutted like a fish is not cool..
i hope something good happens to you.
i hope something good happens to you.
Jump to: