Be careful using Blockchain as your wallet... - page 2.

jbreher

legendary

Activity: 3038

Merit: 1660

lose: unfind ... loose: untight

Quote from: ErebusBat on October 12, 2012, 04:47:32 PM

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

Ironic or not?:

While your link provides a ready means of buying your new book, it lists no option to do so in bitcoin.

(sorry for the thread derail)

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ErebusBat on October 18, 2012, 08:42:09 AM

Agreeded. Are you using another wallet? Or perhaps a service like one of the dice? You normally shouldn't get double spends unless something out of the ordinary is going on.

Aye. I was playing SatoshiDice with the coins in Blockchain wallet.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: Come-from-Beyond on October 18, 2012, 02:50:59 AM

Quote from: ErebusBat on October 17, 2012, 08:44:38 PM

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

Agreeded. Are you using another wallet? Or perhaps a service like one of the dice? You normally shouldn't get double spends unless something out of the ordinary is going on.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

Quote from: ErebusBat on October 17, 2012, 08:44:38 PM

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

It's good news. But those double-spends r so annoying.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: Come-from-Beyond on October 17, 2012, 02:50:20 PM

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

You didn't lose your coins. Wait until the transaction fall off and you will have them back.

Come-from-Beyond

legendary

Activity: 2142

Merit: 1009

Newbie

I'd like to add other issue.
I sent some bitcoins from my Blockchain wallet to an exchange, but the transaction is unconfirmed for 24 hours. I found that it contains a double-spent coins. I would send less coins (minus double-spent ones) but I can't cancel the transaction. It seems I lost my bitcoins.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well.

Password re-use is never a good idea.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this.

What 'funny feeling'? That is a pretty strong accusation coming from a low post forum account against piuk. Something tells me that there would be many more 'interesting' account for them to 'steal' if he were so inclined.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

I am pretty sure that you don't understand how the service works given that this is near impossible (as others have pointed out).

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password.

Knowing and communicating the password to the server are two entirely different things (also as others have pointed out). Why would they risk their reputation to steel random piddly accounts?

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is a little ironic that they don't store your password on their server and can't help me. Strange.

I think you need to re-educate yourself with the meaning of irony: http://theoatmeal.com/comics/irony

Quote from: opentoe on October 09, 2012, 10:41:44 PM

So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

This is of course a personal decision and there is no right way for 100% of the people. Personally I have like BCI because an un-encrypted version of my wallet never hits my disk.

Sorry to be so negative, but attacks on long standing services / members irritate the hell out of me, especially when done from sock/low count accounts.

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

Quote from: julz on October 10, 2012, 01:28:42 AM

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit: ^^ what he said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Thanks (and thanks to Stephen Gornick as well). I'll go do that tonight.

kokojie

legendary

Activity: 1806

Merit: 1003

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I've been using Blockchain for a couple of months now. I've sent/received bitcoin on many occassions with no problems. All of sudden today I an unable to log in with my password. I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe. It is the same password I use on several of my banking sites, so I know the password well. For some reason I'm unable to log into my Blockchain account and there is no way they are able to help me!! I have this funny little feeling that they maybe have something to do with this. Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually. Maybe they do this on purpose for random accounts? I'm %100 sure that I know my password. It is a little ironic that they don't store your password on their server and can't help me. Strange. So, if you have a lot of money tied up on Blockchain I would send it to your local wallet instead. I'm finding out that the best place to keep your bitcoin is your local wallet and NONE of these online places.

Sounds like your fault for not properly backing up your wallet, both on paper and in encrypted form (it's impossible for blockchain.info or anyone else to change your password on your backups). Plus since you re-use your password, how do you know if your password has not been compromised somewhere else, and the hacker simply went into your blockchain.info account. It can be pretty useless to hack into online banking, so you might not notice your online banking has been hacked. If your coin hasn't been moved, then if you have properly backed up, you would not have lost anything.

piuk

hero member

Activity: 910

Merit: 1005

Quote from: opentoe on October 09, 2012, 10:41:44 PM

I am aware that Blockchain does not store your password locally so I wrote my password down on paper and put it in my safe.

Try opening notepad or another simple text editor and writing the password in plaintext exactly how you think it should appear. Then copy and paste it into the password field.

Keeping you own paper backup or .aes.json backup is the always recommended. Then you can restore the wallet using a desktop client if need be.

julz

legendary

Activity: 1092

Merit: 1001

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

For the android app - you can put on a second password which is required when spending. (edit: ^^ what he (Stephen Gornick) said!)

I believe when you 'pair' a device - the QR code contains the main decryption password, which I suppose may be somewhat vulnerable when stored in your phone.

I find it annoying that the QR code even contains this password - as otherwise I'd carry around a printout of various pairing QRs in my wallet and scan them as necessary.
The second password still wouldn't make this safe as with the decryption password they can still go to the website and change all the account settings... I guess 'two factor' is the way to stop that.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: ralree on October 10, 2012, 12:58:47 AM

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it).

Account details -> Secuirty

You can enabled two-factor authentication. This can be an e-mail, SMS text message, Yubikey, or Google Authenticator.

Quote from: ralree on October 10, 2012, 12:58:47 AM

no reason to risk losing it if I lose my phone.

As long as you have it save backups (or send them to you), you are protected from lost. You can also set up a second password that is required only for spending. So even if the phone is stolen and someone tries to send funds, they can't without the second password.

Account details -> Passwords

- http://www.Blockchain.info/wallet

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

I'm cool with blockchain, but their app doesn't have any sort of authentication (or at least I haven't seen it). I think my hard limit on what I keep in there is going to be 10BTC for the moment - no reason to risk losing it if I lose my phone.

dancupid

hero member

Activity: 955

Merit: 1002

If you have a backup of the wallet just open another account and import it to it - or import it into multibit.
I would also just use a watch address for the bulk of your bitcoins with the private key stored offline.

edit - just realised you'd still have the same password problem though. But blockchain do not store any bitcoins they just store an encrypted wallet that is decrypted in the browser. They can't steal these bitcoins.
I suggest you keep trying the same password - perhaps try it on a different computer

allthingsluxury

legendary

Activity: 1540

Merit: 1029

Wow hopefully it is just something simple like a keyboard error. Hopefully you get access to your cash soon.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

This is good reading:

Caution: Do You Bank Online?
- http://market-ticker.org/post=212456

by Karl Denninger, Ticker Guy

[Update:
And also:

Quote

[Project Blitzkrieg is] a collaborative effort designed to exploit the U.S. banking industry’s lack of anti-fraud mechanisms relative to European financial institutions, which generally require two-factor authentication for all wire transfers.

Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks
- http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks ]

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: opentoe on October 09, 2012, 10:41:44 PM

It is the same password I use on several of my banking sites, so I know the password well.

Well, that could be one explanation as to what happened. I'ld first be worried that my system has been compromised and then only after being able to rule that out would I continue to use it. From a secure system, then I'ld change my bank passwords after this. Again -- password reuse is not recommended.

Quote from: opentoe on October 09, 2012, 10:41:44 PM

Since I'm unable to get to my money now and that account will just go stale I'm pretty sure that Blockchain will get that money eventually.

No, they won't. They don't have access to the unecrypted keys.

Now did you have a previous backup of your wallet from prior to having any trouble?

But if a thief got access to it, even with an older copy of the wallet the funds are likely spent.

The login page shows three backup methods ... Dropbox, Google Drive, and Email.

You can configure it so that a copy of the encrypted wallet is sent to your e-mail after each change.

Also, setting it up with a second password (required for spending) is a good recommendation.

Atlas

jr. member

Activity: 56

Merit: 1

OP, all they store is your public keys/private keys in a encrypted JSON with a linked identifier. That's it. There's no way they can alter it unless they are storing your passwords which would ruin them.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Number of times I've typed a password again and again and again and SWORE I did it right but it clearly isn't working... only to discover that my keyboard is set in a foreign language, and I'm either typing "ραςςωορδ", or it's AZERTY and I'm really typing the equivalent of "pqssword" or whatever.

julz

legendary

Activity: 1092

Merit: 1001

That they don't store the password on their server is a good feature. I don't see how Blockchain can get that money eventually - unless you used a pretty simple password and they run a brute force against it.
Highly unlikely anyone external could brute force any but the simplest of passwords - as blockchain seems to do IP lockouts (though perhaps via botnet?)

Also - check your keyboard isn't damaged.

..and - look for keyloggers. Perhaps someone got in via your system and changed the pass.

Topic: Be careful using Blockchain as your wallet... - page 2. (Read 16498 times)