Pages:
Author

Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? (Read 15021 times)

newbie
Activity: 20
Merit: 0
i had 17 Bitcoins disappear last December  on blockchain.info and when i reported it to there support they asked for my wallet id and password to investigate same night someone acting as myself asked for my refund giving all my details even going into my back office taking off my 2fa (code to email)   and i didn't even know he done it as i didn't receive any notification it was taken off.  long and short of the story blockchain.info through there incompetence sent my refund to completely the wrong person because he gave his new BTC address and my wallet id and password Sad
legendary
Activity: 1456
Merit: 1000
Too bad.  They seem to be having serious security issues.  I wouldn't store any BTC there given these developments.

legendary
Activity: 1498
Merit: 1000
legendary
Activity: 2786
Merit: 1031
okay, important question, where does one go to find a good paper wallet to print out.

without putting the private keys at risk, etc when printing it. yeah im paranoid.

Computer offline with a live OS, generate keys with bitcoin-qt, print, and it's done.
newbie
Activity: 41
Merit: 0
okay, important question, where does one go to find a good paper wallet to print out.

without putting the private keys at risk, etc when printing it. yeah im paranoid.
legendary
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
this is pretty newb question, but what does TOR really hide you?

2fa didn't do shit for me.

When one connects to an https: server over Tor, with which entity does the server establish an ssh-protected session? Is it you, or is it the Tor exit node?
hero member
Activity: 658
Merit: 500
this is pretty newb question, but what does TOR really hide you?

some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..

2fa didn't do shit for me.
All that 2fa will do with a blockchain.info wallet is prevent an attacker from accessing your identifier. If they have a copy of a backup then 2fa will do nothing for you. If they successfully launch a MITM attack then then they could trick you into giving your 2fa code along with your password, which would allow them to download a copy of a backup.

It also appears that blockchain.info has made some changes to their security. They apparently no longer allow people to connect to blockchain.info via a tor exit node, but rather force them to use their .onion address. This will get people out of the habbit of trying to connect to their .info domain via tor and into using their .onion address
sr. member
Activity: 280
Merit: 250
scams hunter!
no chance of getting this back.

thats beauty (and ugliness) of BTC
legendary
Activity: 1498
Merit: 1000
this is pretty newb question, but what does TOR really hide you?

some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..

2fa didn't do shit for me.
newbie
Activity: 42
Merit: 0
this is pretty newb question, but what does TOR really hide you?

some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..
member
Activity: 66
Merit: 10
You just lost
There have been numerous posts on reddit about blockchain.info hacks.

Give us more info, did you access blockchain via TOR ?
Did you click on google adwards for blockchain (phishing attack) ?

More than 1k BTC have been stolen, i am beginning to think their main server has been hacked and user/pass are being sniffed realtime.
Tell us more to make a conclusion..

I doubt it. People are probably just losing their coins through lack of security or hackers on their own end.
hero member
Activity: 798
Merit: 531
Crypto is King.
So if Tor isn't a safe patch option....
sr. member
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
This to me is an important lesson in sandboxing and compartmentalizing your bitcoins.

Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.

Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.


Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.


The issue was not the lack of physical and/or local security, the issue was that the OP was effectively using tor (via a vpn) and the exit node was able to launch a MITM attack
full member
Activity: 179
Merit: 100
This to me is an important lesson in sandboxing and compartmentalizing your bitcoins.

Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.

Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.


Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.

hero member
Activity: 686
Merit: 500
HYPER project manager and PR + GoldPieces [GP]
Thanks man.

To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.

All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward. 

If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.

By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/

Regards

I think this is great that you are turning this negative experience around into the start of something new.

Good luck with your project, and who knows maybe you will make much more than the coins lost if your project takes off (of course I hope you may yet still recover the coins lost too).
member
Activity: 63
Merit: 10
Um I'm not too familiar with teamviewer but that might have been not so smart, as teamviewer would give access to your computer to the person so who knows what they could do.

I'm glad I didnt go the blockchain.info route as I seen too many probs there, I only use electrum the best light pc wallet around
hero member
Activity: 798
Merit: 531
Crypto is King.
After selling all of my BTC and deciding to get back into the crypto realm... I am seeing many more breach stories. Really makes you realize the importance of taking any large amount of coinage you have 'offline' and onto paper secured in your private possession. Sorry for your loss OP. Valuble lessons and whatnot.
legendary
Activity: 1498
Merit: 1000
Thanks man.

To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.

All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward. 

If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.

By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/

Regards
full member
Activity: 135
Merit: 100
damn, i feel for the op. being gutted like a fish is not cool..

i hope something good happens to you.
Pages:
Jump to: