as i seen blockchain protect with email / sms code for every transaction.
if you disable this. it is your fault.
but by your case, its seems you got catch by virus bot.
and its look strange that your money is stuck in this address. and nothing action after by the thief.
1HYeQCcAjoHqFwwofBxiurjTqCkMn7a4N6
Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast? - page 6. (Read 15021 times)
November 28, 2014, 03:34:15 AM
November 28, 2014, 03:13:21 AM
Your name on here is statdude, so I assume you are into learning about statistics. Did you ever do a risk assessment on your storage options? Why would you use something where if they know your actual password from a keylogger they get it? Why wouldn't you use a true 2 factor and tie it into your phone also? It also helps to use things that prompt you saying things like "we noticed you haven't logged in from this ip before please verify yourself" which can turn 2fa into 3fa if that question gets sent to another email address just to prove the first challenge question.
November 28, 2014, 02:55:39 AM
Sorry about your loss 
Did you use any remotedesktop SW like TeamViewer? With email as username?
Did you use any remotedesktop SW like TeamViewer? With email as username?
November 28, 2014, 02:07:05 AM
So sorry for your loss. Its easy to say: why havn´t you done this and this.
Humans just make mistakes sometimes.
Regarding Keyloggers, i use "Keyscrambler" and "Spyshelter", which asks me everytime, when any process wants to start in the background, to confirm. It remembers all my decisions, so its a bit a pain in the ass only in the first 2 weeks, after that its mostly quiet, unless there are new unknown processes. This way it is not only dependent on database-updates and should alert "0-days" also. I used that in addition to my antivirus for a long time, never had a problem.
And whenever theres the possibility for 2FA to the phone, certainly i use that.
Hopefully this never happens to you again. Good luck.
Oh, and i knock a lot on wood . . .
November 28, 2014, 01:21:58 AM
Well, you can improve your security, by doing this :
https://blog.blockchain.com/2014/11/13/quick-bit-boost-your-password-security-in-one-easy-step/
But, when you a service provider with +/- 2 000 000 wallets, it should have been set by default, to the highest level.
I am truely dissapointed, but VERY happy all my money is stored in paper wallets.
https://blog.blockchain.com/2014/11/13/quick-bit-boost-your-password-security-in-one-easy-step/
But, when you a service provider with +/- 2 000 000 wallets, it should have been set by default, to the highest level.
I am truely dissapointed, but VERY happy all my money is stored in paper wallets.
November 28, 2014, 12:57:25 AM
fact is, i treated my blockchain.info as a WEB wallet, trusting them it was SECURE with 2FA alone.
it was not.
All someone needs can be found by hacking your PC and installing a keylogger.
they need no 2FA whatsoever if they then have your password.
it was not.
All someone needs can be found by hacking your PC and installing a keylogger.
they need no 2FA whatsoever if they then have your password.
November 28, 2014, 12:38:56 AM
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
think this guy ended up doing a deal with the thief to split the coins
http://www.reddit.com/r/Bitcoin/comments/2af2e1/500_btc_bounty_for_the_return_of_androklis/
November 28, 2014, 12:35:09 AM
I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!
November 28, 2014, 12:31:45 AM
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Sorry about your lost.
I recomend you to use Linux, i use linux and i know my bitcoins are safe this way. i will never found a trojan or a keylogger on my computer, i recomend you to give a chance to linux.
You can keep tracing the transactions, maybe that whay you will find who did it.
Good luck.
November 28, 2014, 12:25:47 AM
What the fuck do you want us to do about it faggot? You dun goofed son.
This isn't reddit, we don't upvote faggots for being retards here.
This isn't reddit, we don't upvote faggots for being retards here.
this post does not represent the majority, security is a learning process, our time is finite
November 28, 2014, 12:16:56 AM
sorry man...
Sorry as well, I hope your able to get it back
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
November 28, 2014, 12:12:25 AM
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
LOL, anti-virus do only so much, to truly know if software is safe or not, you need to learn reverse engineering and check out every software. But really, you likely got infected by a Java or Flash applet. Is is possible my IP Vanish software which uses Tor was compromised?
November 28, 2014, 12:08:26 AM
Why the hell doesn't blockchain info have sms verification for withdrawals? Does anyone? Seems it would save a lot of thievery.
Lots of apps for sms. Google phone number on another device should be pretty effective if one does not have a smart phone.
I cleared out my blockchain account a while back. Might keep a small amount there in the future if they revamp their security.
I would steer clear of Tor for anything sensitive like accessing your email or banking. Its ok for cruising piratebay and flashyourrack if you are at work.
Sorry for the OP's loss.
Lots of apps for sms. Google phone number on another device should be pretty effective if one does not have a smart phone.
I cleared out my blockchain account a while back. Might keep a small amount there in the future if they revamp their security.
I would steer clear of Tor for anything sensitive like accessing your email or banking. Its ok for cruising piratebay and flashyourrack if you are at work.
Sorry for the OP's loss.
November 27, 2014, 11:57:35 PM
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
Is is possible my IP Vanish software which uses Tor was compromised?
What's the name of this software. Is it created by someone trusted? Let us know.
November 27, 2014, 11:50:05 PM
How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.
Is is possible my IP Vanish software which uses Tor was compromised?
Is is possible my IP Vanish software which uses Tor was compromised?
November 27, 2014, 11:27:21 PM
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
I think Trezor is the easiest secure solution right now.
Multiple 2FA (2FA emails, Yubikeys, google auth, etc) is the way if storing coins online.
November 27, 2014, 11:22:03 PM
2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist
November 27, 2014, 11:18:15 PM
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Sorry to say your email was probably breached combined with keylogger.
Email isn't true 2FA (unless your email itself has 2FA with google auth or something like that) as it is very easy for an email to become compromised.
Even then you should also use other 2FA.
Sorry for your loss again and good luck.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
November 27, 2014, 11:04:52 PM
2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
Well there is your problem. A keylogger. I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.
November 27, 2014, 10:30:07 PM
why didn't you use cold storage ?
Humans in general suck at security from what I have seen. We all are constantly making mistakes and only realize and or acknowledge them after an attack has occurred.
Everyone desperately needs to start using secure hardware wallets and multisig paperwallets - http://mycelium.com/entropy can help.
Jump to: