Pages:
Author

Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 6. (Read 15021 times)

sr. member
Activity: 826
Merit: 250
as i seen blockchain protect with email / sms code for every transaction.

if you disable this. it is your fault.

but by your case, its seems you got catch by virus bot.
and its look strange that your money is stuck in this address. and nothing action after by the thief.
1HYeQCcAjoHqFwwofBxiurjTqCkMn7a4N6
hero member
Activity: 700
Merit: 500
Your name on here is statdude, so I assume you are into learning about statistics. Did you ever do a risk assessment on your storage options? Why would you use something where if they know your actual password from a keylogger they get it? Why wouldn't you use a true 2 factor and tie it into your phone also? It also helps to use things that prompt you saying things like "we noticed you haven't logged in from this ip before please verify yourself" which can turn 2fa into 3fa if that question gets sent to another email address just to prove the first challenge question.
sr. member
Activity: 374
Merit: 250
Sorry about your loss  Angry
Did you use any remotedesktop SW like TeamViewer? With email as username?
full member
Activity: 175
Merit: 100

So sorry for your loss. Its easy to say: why havn´t you done this and this.
Humans just make mistakes sometimes.
Regarding Keyloggers, i use "Keyscrambler" and "Spyshelter", which asks me everytime, when any process wants to start in the background, to confirm. It remembers all my decisions, so its a bit a pain in the ass only in the first 2 weeks, after that its mostly quiet, unless there are new unknown processes. This way it is not only dependent on database-updates and should alert "0-days" also. I used that in addition to my antivirus for a long time, never had a problem.
And whenever theres the possibility for 2FA to the phone, certainly i use that.
Hopefully this never happens to you again. Good luck.

Oh, and i knock a lot on wood . . .


legendary
Activity: 1904
Merit: 1074
Well, you can improve your security, by doing this :

https://blog.blockchain.com/2014/11/13/quick-bit-boost-your-password-security-in-one-easy-step/

But, when you a service provider with +/- 2 000 000 wallets, it should have been set by default, to the highest level.

I am truely dissapointed, but VERY happy all my money is stored in paper wallets.  Grin
legendary
Activity: 1498
Merit: 1000
fact is, i treated my blockchain.info as a WEB wallet, trusting them it was SECURE with 2FA alone.

it was not.

All someone needs can be found by hacking your PC and installing a keylogger.

they need no 2FA whatsoever if they then have your password.
legendary
Activity: 1330
Merit: 1000
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.

Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!

think this guy ended up doing a deal with the thief to split the coins

http://www.reddit.com/r/Bitcoin/comments/2af2e1/500_btc_bounty_for_the_return_of_androklis/
legendary
Activity: 1456
Merit: 1010
Ad maiora!
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.

Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
newbie
Activity: 37
Merit: 0
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.

Sorry about your lost.

I recomend you to use Linux, i use linux and i know my bitcoins are safe this way. i will never found a trojan or a keylogger on my computer, i recomend you to give a chance to linux.

You can keep tracing the transactions, maybe that whay you will find who did it.

Good luck.
legendary
Activity: 1330
Merit: 1000
What the fuck do you want us to do about it faggot?  You dun goofed son.

This isn't reddit, we don't upvote faggots for being retards here.

this post does not represent the majority, security is a learning process, our time is finite
legendary
Activity: 1834
Merit: 1094
Learning the troll avoidance button :)
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.

Is is possible my IP Vanish software which uses Tor was compromised?
LOL, anti-virus do only so much, to truly know if software is safe or not, you need to learn reverse engineering and check out every software. But really, you likely got infected by a Java or Flash applet.
legendary
Activity: 1090
Merit: 1000
Why the hell doesn't blockchain info have sms verification for withdrawals? Does anyone? Seems it would save a lot of thievery.

Lots of apps for sms. Google phone number on another device should be pretty effective if one does not have a smart phone.

I cleared out my blockchain account a while back. Might keep a small amount there in the future if they revamp their security.

I would steer clear of Tor for anything sensitive like accessing your email or banking. Its ok for cruising piratebay and flashyourrack if you are at work.

Sorry for the OP's loss.

legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.

Is is possible my IP Vanish software which uses Tor was compromised?

What's the name of this software. Is it created by someone trusted? Let us know.
legendary
Activity: 1498
Merit: 1000
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.

Is is possible my IP Vanish software which uses Tor was compromised?
hero member
Activity: 686
Merit: 500
HYPER project manager and PR + GoldPieces [GP]
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet

But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist

I think Trezor is the easiest secure solution right now.

Multiple 2FA (2FA emails, Yubikeys, google auth, etc) is the way if storing coins online.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet

But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
hero member
Activity: 686
Merit: 500
HYPER project manager and PR + GoldPieces [GP]
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.


Sorry to say your email was probably breached combined with keylogger.

Email isn't true 2FA (unless your email itself has 2FA with google auth or something like that) as it is very easy for an email to become compromised.

Even then you should also use other 2FA.

Sorry for your loss again and good luck.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.



Well there is your problem. A keylogger.
hero member
Activity: 658
Merit: 501
why didn't you use cold storage ?

Humans in general suck at security from what I have seen. We all are constantly making mistakes and only realize and or acknowledge them after an attack has occurred.

Everyone desperately needs to start using secure hardware wallets and multisig paperwallets - http://mycelium.com/entropy can help.
Pages:
Jump to: