Author

Topic: Beware blockchain.info (Read 3740 times)

sr. member
Activity: 1097
Merit: 310
Seabet.io | Crypto-Casino
March 09, 2014, 10:51:46 AM
#17
Beware blockchain.info just stole almost 0.36 btc

Overall, a thief stole btc. blockchain.info did not steal them right  Huh Was mislead, although you are right to be careful for using online wallet.
member
Activity: 93
Merit: 10
March 08, 2014, 09:11:32 PM
#16
I encrypted it using an offline sha256 encrypter.

A 12-character password with double SHA256 is not secure.    348 billion SHA256 hashes per second achievable back in 2012.    http://hackaday.com/2012/12/06/25-gpus-brute-force-348-billion-hashes-per-second-to-crack-your-passwords/

If you want to use a key generated from a passphrase;  I recommend a minimum of 15 characters.

Use Scrypt, Bcrypt, or PBKDF2  with 10000 rounds,  not SHA256.

And rotate to new sets of wallets with a new set of passphrases at least once a year.

Make sure the cost to crack is at LEAST a few orders of magnitude greater than any funds available in the wallet ----   obviously,  if there are 100BTCs in a wallet,  and a hacker suspects a brain wallet,   they could justify  spending half a million$$ or more on hardware  to attempt a brute force of the passphrase.
newbie
Activity: 1
Merit: 0
March 08, 2014, 08:12:28 PM
#15
A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

Hi Wolf Rainer,

Please read carefully the following article: http://www.palkeo.com/code/stealing-bitcoin.html

We can see how they were able to find many active wallets by generating addresses with a dictionnary. They actually found your address by using the passphrase "alfanumerico".

I hope this answers your questions!
sr. member
Activity: 462
Merit: 250
November 26, 2013, 05:04:12 PM
#14
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isn´t encrypted twice.

Sorry but you are mistaking hash algorithms with encryption.

If I hash that password twice, it doesn't make it any more secure.
legendary
Activity: 1092
Merit: 1016
760930
November 26, 2013, 05:01:19 PM
#13
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isn´t encrypted twice.

Sorry but you are mistaking hash algorithms with encryption.
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 04:52:28 PM
#12
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isn´t encrypted twice.
sr. member
Activity: 462
Merit: 250
November 26, 2013, 04:19:14 PM
#11
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 04:12:39 PM
#10
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.
legendary
Activity: 1092
Merit: 1016
760930
November 26, 2013, 04:05:38 PM
#9
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 03:50:12 PM
#8
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasn´t a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...
hero member
Activity: 910
Merit: 1005
November 26, 2013, 03:18:59 PM
#7
is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 02:45:32 PM
#6
By "12-digit key" do you really mean it's only digits [0-9] or does that include letters and symbols too? If it's only digits, 12 is really weak.

Also, did you generate your address using brainwallet.org, by any chance?

I encrypted it using an offline sha256 encrypter.
legendary
Activity: 1092
Merit: 1016
760930
November 26, 2013, 02:36:19 PM
#5
By "12-digit key" do you really mean it's only digits [0-9] or does that include letters and symbols too? If it's only digits, 12 is really weak.

Also, did you generate your address using brainwallet.org, by any chance?
legendary
Activity: 1036
Merit: 1000
November 26, 2013, 01:41:32 PM
#4
Your final balance is 0.36875 BTC.You didnt loose the BTC.


The address 1brain7kAZxPagLt2HRLxqyc3VgGSa1GR its not mine, its the address of the thief. My address was 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M.

Sorry about misspeled, im using the google translator.

Sorry then,i lost 0.2445 BTC on inputs.io and i know how its filling when you lost your BTC.But i bought some after that.Dont use online wallets use offline its more secure.

Edit: This is they support email ---> [email protected]

Or visit they support website ---> https://blockchain.zendesk.com/anonymous_requests/new
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 01:36:41 PM
#3
Your final balance is 0.36875 BTC.You didnt loose the BTC.


The address 1brain7kAZxPagLt2HRLxqyc3VgGSa1GR its not mine, its the address of the thief. My address was 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M.

Sorry about misspeled, im using the google translator.
legendary
Activity: 1036
Merit: 1000
November 26, 2013, 01:29:59 PM
#2
Your final balance is 0.36875 BTC.You didnt loose the BTC.
legendary
Activity: 1960
Merit: 1022
November 26, 2013, 01:25:35 PM
#1
Beware blockchain.info just stole almost 0.36 btc with the address https://blockchain.info/address/1brain7kAZxPagLt2HRLxqyc3VgGSa1GR , I was logged in my wallet using my btc address generated from a 12-digit code and encryptado twice with sha256 ( 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M ) , and while trying to send funds to an account to sell , the wallet frozed and not synchronized ( indicator spinning but never updated the balance), then close and re-open and I find that my funds were stolen and emptied my wallet ...

How can allow blockchain that if I go into my wallet with my ip I'm always using, someone else can come after me and send my funds while away ?

In the pc have no trojan or virus , or I use rare pages. 5 days ago before traveling i sold 0.15 btc to pay the travel , and since then the pc was not used because it has password and left it in my house off, today I go to sell a little more in the same way I did before and this happens.

The original key that was later twice sha256 encrypted to generate the address is the same that I use in my account blockchain.info of 12 characters , so the only ones who are able to remove them, because neither the most powerful pc the world can guess a 12-digit key and then know that it was sha256 encryptada 2 times in minutes , just knowing the original password you can reach that conclusion and after several attempts.

So this leads to the consideration that there is a big vulnerability , either because you can´t you trust the online wallets or because the bots have generated many private keys (billion ) than any one uses at risk of losing their funds.

I need someone to please help me , this money was to pay the rent and I have 2 months late and now expires earlier this month , is there any way to contact blockchain.info to refund me the money ?

If someone wants to help me 19VXtNbJK2TAssSGfEXGJyoZvCCmQ42kbt promise that if i ever get out of this shitty situation or somehow blockchain finally refunded me the btc , I 'll return every thousandth of btc to who has collaborated with me.

Jump to: