Topic: About 20 Bitcoins STOLEN from my Blockchain.info wallet! 5btc reward! (Read 9035 times)

Not really sure which clients allow it. Maybe Bitcoind and maybe Bitcoin-qt with some adjustments. Anyone got any other wallets?

Aww damn it!  Although the thing is that I would not be allowed to do a double spend on the blockchain wallet so I figure that it would have to be somehow done manually, perhaps with the actual bitcoin-qt client but I usually move my coins around web wallets and paper/brain/offline wallets so even if I had started my btc client (which is how I would think I would be able to actually do a double spend) it would have been weeks or months behind in the block chain so by the time I would be synced with the block chain the coins would probably have been confirmed...

Although for future reference how would I do a double spend?  It seems like it would have to be done manually and if this happens and I'm lucky enough to see it in time then I could try to stop it... It was just a fluke that I saw the coins being stolen as I'm sure most people don't notice until it would be way to late...

Thanks

When I followed the trail,the result came up with this: 16hyuu6MQQ1hFcs13Aqow9VKL9ecvJabcc  I'm not sure if this'll help or not but I felt that it was important to tell people and hopefully help out the OP.

The taint analysis comes up with this:https://blockchain.info/taint/16hyuu6MQQ1hFcs13Aqow9VKL9ecvJabcc The two BTC addresses seem to be used more often so maybe start tracking the addressed with '2' in the branch column to find the culprit.

Since my andorid phone is the sole means of accessing my blockchain wallet,how secure is this and should I be worried or not in terms of how safe are my coins on there?

Thanks.

Actually there is. You could've just tried double spending it by simply sending out another transaction using the same funds with a higher fee. If it confirmed first, you would've gotten your funds back.

No one can help you to recover your money, dude

Yeah I will have to do that soon. Do you know any easy ways to spend BTC on a cold wallet without using an offline PC, fresh OS install etc?

I'm using Java 7 update 25.  I've opened other wallets on that computer as well but those were not emptied.  Maybe the hacker is just waiting for me to put more btc in or something.  Along with a MITM attack I would think they would get to my other accounts like my bank, credit cards, etc... but just my btc was stolen...

This sucks...

My guess is that you either have a keylogger on your computer or you were MITM'd with a keylogger on the page. If you have had malware, it is probably still on your computer. Antivirus scans are not good enough.

What version of Java do you have?

Thanks for the link but it looks like my address was not part of that, hopefully I'll be able to figure out how this happened... My other wallet was completely fine.  Does anyone know if you can tell if the thief actually used MY blockchain account to take the funds or if they found the privaete key somehow (or by brute force) and used their own account to move the btc out of my mining address?

It would really help if I knew that so that I could at least not make the same mistake.

There is a slight possibility that you were hit by the bci RNG bug. There is an even smaller chance that you could get compensated for this:

https://bitcointalksearch.org/topic/m.2970668

Note the offer was made a month ago. It might not be available today.

Your not getting the funds back make other plans

Sorry for your loss man, hope someone can track him down for you.

Hi,

No the wallet was not open, I just was checking my balance on blockchain without logging in and saw it was empty, that's when I just about had a heart attack.  I then logged into any and all of my wallets that I may have used and noticed that one of my wallets still had the mining public/private key in there so I assumed that it was a Blockchain hack but the more I look at it, it may not be the case.

Looking into some of other people that had their wallets emptied it was revealed that it was the "Brain wallet" itself that was hacked, as I used dictionary words it would just be a matter of time until someone just brute force hack the address until it matched then they would also have the private key, hind sight is 20/20, I think it would be a lot easier to just hack the btc address offline than trying to crack blockchain.  Then you have all the time in the world to run any brute force hacking without "alerting" someone.

So, I think this is the new or "more recent" way that people are stealing coins "magically' as many people use brain wallets with just dictionary words and maybe a special character or 2 but that is still possible to crack, especially these days with powerful CPUs.  Don't make my mistake!  If you make a brain wallet make sure that it has something else other than just dictionary words, etc.

Lame, over 2 months of mining gone and that is after waiting over a year for my BFL miners which don't pay much anymore.  I'll be lucky to cover power...

Thanks for the comment though.

Yeah, I understand that but who knows maybe at some point it can be traced back to whoever took them as they do have to send them to be used and I plan to watch the transfers and tag each one with a public message by just sending a few cents to that address with a public message.  Maybe when the thief tries to spend them the other party will reject their coins... at least I hope that there are still honest people who would do that...  If others want to add a tag I would think that would help as well, just in case I didn't see when it was moved and tag it myself first.  Also, I would think that if there are a lot of tags saying the coins are stolen it would get more attention and it only takes a few cents to "tag" their address with a public message.

Thanks for the comment though.

@timmah
Was you browser open to your blockchain.info wallet at the time when the theft occured? If so, it is possible that either a browser plugin or the website in another open tab stole the coins.

I've scanned my computer, the public key was never exposed to an open or an unsecured wireless network.  I'm pretty careful when using web wallets but I think I just figured out how my coins were stolen... It was very likely someone who brute force cracked my brain wallet and waited until my account filed up then hit me...

I thought it was a very secure brain wallet as it had a 7 word phrase with a special character as well but I guess it was not secure enough.  Too many regular words and not enough special characters etc...

On another note, I had created a Blockchain.info wallet and made an alias with the account, at that time the site allowed me to use a 4 character account alias and I most likely saved the actual address or recovery words but it was made so long ago that I think that file was lost with a hard drive crash.  Does anyone know how I would be able to regain access to the account?  I did not know that blockchain had changed the security of the site and did not allow short aliases, now I can't open that wallet even though I have the password too.  If I can open that wallet I may be able to have something to pay, so maybe they won't evict me...

Thanks all...

PS.  I have "secured" my brain wallet so that it would be almost impossible to hack.  Funny, I though the brainwallet was going to be safe given it was 7 words and a special character but I was wrong and it actually seems so obvious looking back at the mistake (FACE PALM).

PPS. If you or someone you know "took" my coins and they are returned to me I will still offer the 5btc reward with no questions asked, that way I won't continue to tag each time the coins are moved with the message that the coins were stolen.  Just send them here 1LTLDiacwf3Kt6aVDbT1jd3KhGwv9arhhu minus the 5btc and no questions will be asked... I need these btc that badly, I'm not sure if Starbucks will let me use their store's power and internet connections to mine bitcoins when I'm homeless... ;(

How could anyone help you?

I am sorry for your loss, but btc transactions can not be cancelled.
Your money is gone. Forever.

They are probably still there, but aren't what I would call "safe." Just move them to a new wallet (PLEASE use a new private key) on a hard drive.

and its very difficult to give them all proof that you all bitcoins stolen so now you have to manage some other ways to pay your all dues and no one going to help you with this position

Sorry to hear about this.

Why do you guys use web wallets ?

Why cant you install bitcoin-qt in your system and use thats way much safer than blockchain.info

If you used mobile to access the website this might have happened

The phone app stores your primary password in plain text, relying on the sandboxing mechanism of the phone OS. And it doesn't support 2-factor. Your secondary characters password could be cracked.

My guess: You have a rooted phone disabling whatever sandboxing protections Android has, and another app on your phone grabbed the cached encrypted wallet on your phone along with the primary password and sent it to the attacker. The attacker then bruteforced the secondary password.

If you think i have helped you donate some coins to me address can be found in my sign