63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 2.

statdude

legendary

Activity: 1498

Merit: 1000

Quote from: sangaman on December 05, 2014, 12:11:52 AM

Sorry OP about the loss. I hope you catch the hacker and make him pay. It would be useful to know how your computer was compromised, if you ever find out.

And just a heads up for people talking about online wallets, Blockchain.info being online isn't what made it hackable in this case. If your computer is compromised - as appears to have been the case here - then any bitcoins that computer has access to, either on local wallets or online wallets, are in jeopardy.

Trust me, I would love to catch them.

The most frustrating thing is I have NO idea how I got a keylogger. That has never happened before, and I wonder if I was targeted somehow by someone I know. The only explanation for that, would be somehow my TeamViewer had a password I used somewhere else that was leaked, but it's impossible to verify now.

I had no idea you could use 2FA for Teamviewer or I would have. I also should have had a stronger and more unique password there obviously.
I also would have used the On-Screen keyboard for blockchain.info or any sensitive passwords, and turned off blockchain email backups of my wallet, which they stupidly had on in default settings.

I would even consider restricting login to certain IP addresses. I thought about this many times but was worried I'd lock myself out somehow.

Any of those things may have saved me. I am still not sure if Tor use had anything to do with it, but if it did, that's even more upsetting.

And NEVER have trusted Google to protect my account in any way shape or form.

The irony I just put all my BTC there for safekeeping the week before is what really astounds me.

Google 2FA = total failure.

MemoryShock

hero member

Activity: 728

Merit: 500

Quote from: ScryptAsic on December 04, 2014, 11:39:02 PM

Edit - I have no idea if it works or not but I type in my password and then hit five random keys (anywhere in the middle) followed by hitting the backspace five times). Even if it is placebo, I have always thought that was a way I could defeat any potential keyloggers. Note - I am not the most tech savvy individual in the world.

Quote

This would not foil any potential keylogging attempts of stealing your password to your wallet. A keylogger can see all the keys that you press so if they attempt to decrypt your wallet with your password, they can simply delete the last 5 letters and then would have access to your wallet. A keylogger would not even know that you entered them in the middle of your password so it would not affect it.

Also blockchain.info allows the 2nd password that is optional and will allow you to send funds can be entered via a "screen" keyboard which prevents most keyloggers from capturing your password

Thank you for the post. I can appreciate my bubble being burst as it does help. Not sarcasm at all.

I pretty much don't touch that computer outside of work and three websites. I'm on a different computer for this forum and other BTC related activity...

sangaman

sr. member

Activity: 342

Merit: 250

Sorry OP about the loss. I hope you catch the hacker and make him pay. It would be useful to know how your computer was compromised, if you ever find out.

And just a heads up for people talking about online wallets, Blockchain.info being online isn't what made it hackable in this case. If your computer is compromised - as appears to have been the case here - then any bitcoins that computer has access to, either on local wallets or online wallets, are in jeopardy.

v0yager

hero member

Activity: 518

Merit: 500

Sorry bro.....
Are you link your email to your Blockchain account? Maybe there is a private key backup file that sent by Blockchain in your email. The hacker get access to your email, he got your privet key, he got everything.

ScryptAsic

hero member

Activity: 647

Merit: 501

GainerCoin.com 🔥 Masternode coin 🔥

Quote from: MemoryShock on December 04, 2014, 04:39:28 PM

Quote from: Martijnvdc on December 01, 2014, 01:01:45 PM

Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...

I wouldn't think of using anything but Bitcoin-QT. It is intensive but once the blockchain is downloaded there is minimal effect on my computer experience if I leave it open. I'm not even terribly confident that it is secure and I have a pass code that takes minutes to input (random phrases from Ulysses).

I finally broke down and installed a phone wallet but only for the novelty. There is never more than fifty bucks in it.

These stories kind of scare me. I don't have nearly the amount that OP had but I don't want to lose anything that I have. 2FA on an email account might seem like an inconvenience but is necessary in my opinion.

I feel for you, OP. I hope that there is a way to bet your BTC back...

Edit - I have no idea if it works or not but I type in my password and then hit five random keys (anywhere in the middle) followed by hitting the backspace five times). Even if it is placebo, I have always thought that was a way I could defeat any potential keyloggers. Note - I am not the most tech savvy individual in the world.

This would not foil any potential keylogging attempts of stealing your password to your wallet. A keylogger can see all the keys that you press so if they attempt to decrypt your wallet with your password, they can simply delete the last 5 letters and then would have access to your wallet. A keylogger would not even know that you entered them in the middle of your password so it would not affect it.

Also blockchain.info allows the 2nd password that is optional and will allow you to send funds can be entered via a "screen" keyboard which prevents most keyloggers from capturing your password

wpalczynski

legendary

Activity: 1456

Merit: 1000

made me LOL

Quote from: Ziggs on December 04, 2014, 07:11:11 PM

wait how the heck is that even possible though..someone stealing wallet.dat file?

or however online wallets back up work.. fuk thats gotta suck..esp when they mixed coins.

Ziggs

member

Activity: 67

Merit: 10

wait how the heck is that even possible though..someone stealing wallet.dat file?

or however online wallets back up work.. fuk thats gotta suck..esp when they mixed coins.

Adamcheek

sr. member

Activity: 304

Merit: 250

Holly crap!

I don't know how to react.

Most I can tell you is check with the addresses he sent them to are coming from. For example if he sent it to a gambling website, perhaps you can then ask the admin for his username or IP or something that can help you better.

Good luck mate!

wpalczynski

legendary

Activity: 1456

Merit: 1000

Quote from: statdude on December 04, 2014, 04:22:52 PM

https://www.cryptocoinsnews.com/tor-users-can-now-connect-blockchain-infos-onion-address-securely-ssl/

I've certainly gained a lot of lessons about trust dealing with bitcoin. don't trust people, don't trust any form of security, & anything bad that can happen to you, most certainly can and will happen.

Certainly words to live by in general and even more so in the realm of unregulated crypto currencies.

MemoryShock

hero member

Activity: 728

Merit: 500

Quote from: Martijnvdc on December 01, 2014, 01:01:45 PM

Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...

I wouldn't think of using anything but Bitcoin-QT. It is intensive but once the blockchain is downloaded there is minimal effect on my computer experience if I leave it open. I'm not even terribly confident that it is secure and I have a pass code that takes minutes to input (random phrases from Ulysses).

I finally broke down and installed a phone wallet but only for the novelty. There is never more than fifty bucks in it.

These stories kind of scare me. I don't have nearly the amount that OP had but I don't want to lose anything that I have. 2FA on an email account might seem like an inconvenience but is necessary in my opinion.

I feel for you, OP. I hope that there is a way to bet your BTC back...

Edit - I have no idea if it works or not but I type in my password and then hit five random keys (anywhere in the middle) followed by hitting the backspace five times). Even if it is placebo, I have always thought that was a way I could defeat any potential keyloggers. Note - I am not the most tech savvy individual in the world.

statdude

legendary

Activity: 1498

Merit: 1000

https://www.cryptocoinsnews.com/tor-users-can-now-connect-blockchain-infos-onion-address-securely-ssl/

How nice, I get to be the martyr and foot the bill for blockchain.info to beef up their security.

Still ironic google 2fa protected everything except my gmail (I'm assuming), which gave up nothing except the wonderfully backed up copy of my wallet sent right to my email (thanks blockchain.info for your genius default settings, very secure).

I'm guessing keylogger did the rest by hacking my application specific password to Mozilla Thunderbird and using that to breach Google with 2FA.

I still don't understand the supposed MITM Tor Exit node attack but it may be possible. I just have no idea how to confirm if that's what happened. I do know my Google and Blockchain accounts were maliciously logged into from a strange IP address and neither sent me any sort of security alert (google was supposed to via SMS)

thanks to those with kind words.

I've certainly gained a lot of lessons about trust dealing with bitcoin. don't trust people, don't trust any form of security, & anything bad that can happen to you, most certainly can and will happen.

sifter

hero member

Activity: 574

Merit: 500

CoinBooster Rep

Quote from: statdude on December 01, 2014, 11:13:53 AM

Update - Coins have been moved to these addresses, any ideas?

1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received   1,009.127 BTC

1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received   41.74661948 BTC

1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received   745.6897046 BTC
Final Balance   745.6897046 BTC

14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received   43.7795 BTC
Final Balance   43.7795 BTC

Seems to be have been mixed.

funtotry

sr. member

Activity: 420

Merit: 250

Ever wanted to run your own casino? PM me for info

Quote from: statdude on December 01, 2014, 11:13:53 AM

Update - Coins have been moved to these addresses, any ideas?

1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received   1,009.127 BTC

1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received   41.74661948 BTC

1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received   745.6897046 BTC
Final Balance   745.6897046 BTC

14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received   43.7795 BTC
Final Balance   43.7795 BTC

Any attempt to track your stolen bitcoin via the blockchain will likely be fruitless. The fact that bitcoin is fungible means that anyone can potentially trade bitcoin for other bitcoin (or bitcoin for various altcoins), and/or potentially send the stolen bitcoin to a mixer and someone completely unrelated to your thief could not be in possession of inputs that can be traced to the outputs of your stolen coins.

IMO the best bet of finding the thief is via IP tracking of the person who logged into your blockchain.info wallet. I think this would likely also be fruitless if your VPN was connecting to the internet via tor exit nodes as you seem to think they were.

Martijnvdc

sr. member

Activity: 322

Merit: 250

Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...

This horror story reminds me of the whole inputs.io scam. I remember the first time i heard people saying their money got stolen all of a sudden. And i knew it had to have been an inside job, since it wasn't possible for all those 2FA-protected accounts to be cracked... When i read the thread title, i immediatly logged into my blockchain.info account to see if mine wasn't stolen either.

Bitcoin transactions are not reversible. That's the whole point of bitcoin anyway. So i'm afraid your 63.73 BTC is lost for sure. There simply is no way of ever getting it back. Unless ofcourse you could track the money to some casino or whatever, and report it to them as stolen money. You would be able to prove you are the owner of that address...
Sadly, it's extremely hard to track down those funds.

tsaroz

legendary

Activity: 3094

Merit: 1069

DGbet.fun - Crypto Sportsbook

Please 1 BTC should be everyones maximum limit on online wallets. Mine coins were too stolen from android wallet so I stopped using it.

sifter

hero member

Activity: 574

Merit: 500

CoinBooster Rep

The chances of you getting it back now bud are really slim.

Sorry.

statdude

legendary

Activity: 1498

Merit: 1000

Update - Coins have been moved to these addresses, any ideas?

1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received   1,009.127 BTC

1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received   41.74661948 BTC

1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received   745.6897046 BTC
Final Balance   745.6897046 BTC

14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received   43.7795 BTC
Final Balance   43.7795 BTC

statdude

legendary

Activity: 1498

Merit: 1000

it's called IP Vanish and connected thru Tor, although I did not know that.

Hash72

sr. member

Activity: 294

Merit: 250

★YoBit.Net★ 350+ Coins Exchange & Dice

Quote from: Puppet on November 30, 2014, 04:51:41 AM

Which VPN service?

HMA PPTP connection

Puppet

legendary

Activity: 980

Merit: 1040

Which VPN service?

Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 2. (Read 15021 times)