63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 5.

HYPERfuture

hero member

Activity: 686

Merit: 500

HYPER project manager and PR + GoldPieces [GP]

Quote from: Addition on November 28, 2014, 10:12:08 AM

Quote from: HYPERfuture on November 28, 2014, 10:00:08 AM

I've made a quick guide to fully securing coins on Blockchain.info as these horror stories really upset me: https://bitcointalksearch.org/topic/psa-email-is-not-2fa-on-blockchaininfo-learn-how-to-secure-bitcoin-properly-876492

Thanks for sharing!

Your thoughts on 3rd party devices, such as Trezor? I'm worried about losing the device if I buy a few.

(Though sure they would have considered that) Just wondering in the event of losing device, how quickly Stored BTC funds would be recoverable and the process involved?

You can back up to paper wallet easily with their tool so even if you lose the Trezor the coins are safe. Also the Trezor is password protected so as long as your password is in your HEAD only they cannot steal your coins. This is just my understanding of it and I can't make any guarantees.

Addition

full member

Activity: 238

Merit: 100

Quote from: HYPERfuture on November 28, 2014, 10:00:08 AM

I've made a quick guide to fully securing coins on Blockchain.info as these horror stories really upset me: https://bitcointalksearch.org/topic/psa-email-is-not-2fa-on-blockchaininfo-learn-how-to-secure-bitcoin-properly-876492

Thanks for sharing!

Your thoughts on 3rd party devices, such as Trezor? I'm worried about losing the device if I buy a few.

(Though sure they would have considered that) Just wondering in the event of losing device, how quickly Stored BTC funds would be recoverable and the process involved?

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: statdude on November 27, 2014, 06:42:24 PM

Help...
I am not sure if someone accessed a backup of my wallet somewhere... All my BTC was stolen via a single blockchain transaction

43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

sent to here

https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857

if anyone has help or can apply any forensics... i am more than willing to pay a bounty to recover some of these funds... thank you...

skype me at "thestatdude"

many of these coins were purchased via credit card and i have hardly afford to lose them... please help..

Man im so sorry for you, who would have know that using TOR is security risk.
Im feeling your pain.

Addition

full member

Activity: 238

Merit: 100

Quote from: ethought on November 28, 2014, 09:43:59 AM

Quote from: Addition on November 28, 2014, 09:40:13 AM

Are Mac users (OSX) better protected in this case or just as susceptible as Windows/Linux users?

Umm, Linux is in no way as susceptible as Windows.

Linux and Mac have similarly strong security - Windows is a joke.

Have there ever been any cases where Microsoft were held accountable/compensated for security flaws in their OS?

HYPERfuture

hero member

Activity: 686

Merit: 500

HYPER project manager and PR + GoldPieces [GP]

I've made a quick guide to fully securing coins on Blockchain.info for beginners as these horror stories really upset me: https://bitcointalksearch.org/topic/psa-email-is-not-2fa-on-blockchaininfo-learn-how-to-secure-bitcoin-properly-876492

ethought

legendary

Activity: 1316

Merit: 1000

If you have a Keylogger on your computer the only thing that will stop unauthorised withdrawals is SMS 2fa - which I understand blockchain.info offers.

If you only have email 2fa the hacker just needs to wait until you login to your email service and they have the password. Then they wait until you log into your blockchain.info account and they have all they need. They could even delete the email from your email account after authorising the transaction.

Note, a keylogger will also give someone access to your local wallet passphrase too. It happened to someone I know and they lost a couple hundred thousand dollars worth. Keyloggers are very very dangerous.

What I am not sure about is if a malicious user gets your blockchain.info login details and you have SMS 2Fa activated can they still grab the private key. That would totally defy the purpose of SMS 2fa so I assume not but I am not sure.

Q7

sr. member

Activity: 448

Merit: 250

Seen before similar incidence when other guy also has 2fa authentication enabled but still lost the coin. Keeping in armory and hope for best

ethought

legendary

Activity: 1316

Merit: 1000

Quote from: Addition on November 28, 2014, 09:40:13 AM

Are Mac users (OSX) better protected in this case or just as susceptible as Windows/Linux users?

Umm, Linux is in no way as susceptible as Windows.

Linux and Mac have similarly strong security - Windows is a joke.

Addition

full member

Activity: 238

Merit: 100

Quote from: statdude on November 28, 2014, 12:57:25 AM

fact is, i treated my blockchain.info as a WEB wallet, trusting them it was SECURE with 2FA alone.

it was not.

All someone needs can be found by hacking your PC and installing a keylogger.

they need no 2FA whatsoever if they then have your password.

Sorry for loss man!

Is it worth contacting Blockchain Support, if you haven't already done so? Seems like your not the only bitcoiner to fall victim to unauthorised 3rd party applications. Perhaps there's a way for the Blockchain web wallets to run a keylogging sweep?

Are Mac users (OSX) better protected in this case or just as susceptible as Windows/Linux users?

Hiraga

full member

Activity: 178

Merit: 100

Anyone you remember got in the house with your computer unattended?

wpalczynski

legendary

Activity: 1456

Merit: 1000

Thats horrible, sorry to hear that dude. WTF

Quote from: statdude on November 27, 2014, 06:42:24 PM

Help...
I am not sure if someone accessed a backup of my wallet somewhere... All my BTC was stolen via a single blockchain transaction

43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

sent to here

https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857

if anyone has help or can apply any forensics... i am more than willing to pay a bounty to recover some of these funds... thank you...

skype me at "thestatdude"

many of these coins were purchased via credit card and i have hardly afford to lose them... please help..

inBitweTrust

hero member

Activity: 658

Merit: 501

I wrote a detailed article on the secure ways to store ones Bitcoin:

https://bitcointalksearch.org/topic/options-for-securing-your-bitcoin-wallet-858604

Puppet

legendary

Activity: 980

Merit: 1040

Quote from: jbreher on November 28, 2014, 05:24:35 AM

Please let me make sure I understand you. Are you saying that just because you use Linux, your Bitcoin are positively secure?

Linux alone isnt enough obviously, but using windows makes your PC positively insecure.

bitkilo

legendary

Activity: 1638

Merit: 1010

https://www.bitcoin.com/

I have multible wallets, 3 hot wallets and off line cold storage. I also have signed up for the coinbase vault but yet to use it.
Funny thing is the only wallet i had which got hacked was blockchain but it was a very small amount and i didnt have 2fa back then.
I would advise like many other members already have is to look into cold storage, usb or paper wallet.
If you dont think you know enough about btc security yet then sign up for coinbase vault till you learn more. I know many members won't agree with me on this but its safer from hackers.

jbreher

legendary

Activity: 3038

Merit: 1660

lose: unfind ... loose: untight

Quote from: Business on November 28, 2014, 12:31:45 AM

, i use linux and i know my bitcoins are safe this way. i will never found a trojan or a keylogger on my computer

Please let me make sure I understand you. Are you saying that just because you use Linux, your Bitcoin are positively secure?

BitCoinNutJob

legendary

Activity: 1316

Merit: 1000

Bank are also scammers and the fees go to a lot of needless jobs now we have blockchain tech

turvarya

hero member

Activity: 714

Merit: 500

Damn, that is really hard.
I am glad, I finally managed to put most of my coins in paper wallets. For me it was just laziness that I postponed that for months.

Do make something clear, since so many people don't seem to understand that. The difference between bitcoin and fiat is, that with bitcoin it is your responsibility how secure they are. That is one reason why banks have hefty fees: They use part of it to ensure security and insurance. You can't have both: no fees and someone else takes care of the security

So, yes, bitcoins are much more secure than a bank, if YOU make them that secure. But it is not that hard to store them securily: Printing out paper wallets is really easy. Protect them with bip38, store one copy at home and one copy at another secure place and you are done with the security.

inBitweTrust

hero member

Activity: 658

Merit: 501

Quote from: BigBertie on November 28, 2014, 04:04:48 AM

I don't want to f about with Trezors and such, i want to use my wallet like a bank

why is this so difficult ??

Its not difficult. Just get a coinbase or circle wallet with sms 2FA and they provide the security you need from hackers and insurance as well.

What they will not protect you from, in actuality they will expose you to, is theft from the state in the form of capital gains taxes when your Bitcoins go up in value.

BigBertie

newbie

Activity: 14

Merit: 0

Quote from: Kprawn on November 28, 2014, 01:21:58 AM

Well, you can improve your security, by doing this :

https://blog.blockchain.com/2014/11/13/quick-bit-boost-your-password-security-in-one-easy-step/

But, when you a service provider with +/- 2 000 000 wallets, it should have been set by default, to the highest level.

I am truely dissapointed, but VERY happy all my money is stored in paper wallets. Grin

I am a new bitcoin user that uses blockchain as a wallet. I have used the above advice and gone from the default of 500 iterations to the 20,000 maximum.

What makes Bitcoin wallets different to typical online banking ?- And if your on-line bank account is hacked the bank is responsible for the loss.

Why is this not the case for bitcoin wallets?

I really feel for the stat guy and deplore some of the responses on this read saying he was to blame.

Bitcoin will never reach its potential if a newbee has to go through a raft of additional measures to keep their wallets safe.

I don't want to f about with Trezors and such, i want to use my wallet like a bank

why is this so difficult ??

uvt9

sr. member

Activity: 300

Merit: 250

Quote from: Remember remember the 5th of November on November 27, 2014, 08:32:56 PM

Honestly, not sure what to think. If BC.I was compromised even with 2FA, then this means that there is some exploit going on in BC.I and piuk owes statdude 63btc.

if blockchain.info could be hacked, there would be A LOT more users and bitcoin got stolen. Total number of user reported is only about 20 i think.

Quote from: statdude on November 28, 2014, 12:57:25 AM

All someone needs can be found by hacking your PC and installing a keylogger.

they need no 2FA whatsoever if they then have your password.

Hacker still need 2FA (as second password) because knowing password only isn't enough to login (unless you turned off 2FA). In your case you have 2FA sending to your email, so it's obvious to guess the hacker also got access to your email. Why don't you use 2FA on your phone ?

Furthermore, if your PC got infected with trojan/keylogger then clearly we can't blame Blockchain.info

This is also the reason i laugh at everyone saying Bitcoin is safer than bank. Hacking to a personal computer is much easier than hacking into the bank !!!

Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 5. (Read 15021 times)