Topic: Bitcoin stolen from blockchain account! (Read 173 times)

If an attacker had access to your account at this time, they could have marked them as read, deleted them, archived them, hidden them, etc., before you saw them.

Could be either. Logging in to anything on a public computer is always a risk, since you have no idea if there is malware or keyloggers on the device you are using, what their security is, who is in control of the WiFi, who is watching your traffic, etc. Google have also had a number of password leaks and security issues in the past, including storing passwords in plain text for 14 years, so it might not have been anything you did at all.

There's no reason to suspect it was the same attacker. These lists of username and passwords circulate around on various forums and message boards. More likely someone else picked up the list more recently and started trying accounts. Or perhaps you linked your email address to crypto activities in some other way - signing up for an airdrop or ICO, subscribing to some crypto site or newsletter, etc. - which then flagged up your email account as a potential target for crypto thieves.

Do you use Google Chrome? Was the password saved in your browser? If it was, then it was uploaded to your Google Account so you could access it from all your devices. So it wasn't your email being hacked per se that allowed the attacker to access your blockchain wallet, but rather your Google Account being hacked.

How about your recovery phrase, did you keep it in any of your online accounts or device?

There's also malware that could come in the form of a keylogger or a malicious browser extension that could steal your login credentials without you knowing. So however unique your password was, the hacker always received a copy of it and perhaps used the details to gain access to your accounts.

My blockchain password was totally unique, I never used it on any other site. The only thing they could have gotten from my email was my wallet ID?

If your email was leaked, then it's very likely your password got leaked too. I am assuming you used the same login credentials for various sites. So someone probably tried various sites and due to the recent Bitcoin boom, tried his luck with your different web wallets.

If I may ask

1. Did you have the same login credentials for multiple sites, including your email?

I typed my email in haveibeenpwned.com and it says my email/password got leaked in 2019.

https://imgur.com/GUO8OTl

I'm not sure how but I guess I'll never know! I searched "security alert" in my gmail and it seems I had a string of security alerts throughout 2019 which I somehow missed!  

I'm guessing either the google chrome password manager screwed me or logging into gmail in my college campus?

I guess the only questions I have now are why did they wait until 3 days ago when they had my details since 2019? Also why didn't they touch any of my other accounts when they had access to my email and could basically get into everything?

Are you sure you haven't used the password anywhere else? Have you written it down anywhere that could have been accessed? Have you stored it online or on a poorly secured password manager where it could have been accessed? This includes the password manager built in to Google Chrome, since it uploads your passwords to Google servers so you can access them on any device, which is wildly insecure. Could you have entered it in to a phishing site? Did you ever log in from a public computer? Could an attacker have reset your password using answers to your secret questions or by performing a SIM swap attack on your phone? Could an attacker have accessed your computer or phone?

The number of ways online accounts can be hacked is massive. This is part of the reason why web wallets are such a bad choice for storing your funds. As mentioned by other users above, moving forward you would do well to set up your own wallet and store your coins yourself.

Here you should find the history, View & control activity in your account. You should find all of your histories there. I think you had used a common password and the attacker gained both of your passwords Google and blockchain or you save all passwords on Google. Web wallets are quite risky always. I hope you already realized that. Although Blockchain is claimed as a noncustodial wallet, I doubt it isn't truly a noncustodial wallet. For the future use the wallet where you will have all the control like seeds and private keys.


Anyway, I second that what was said by @o_e_l_e_o. These all are the possible reason of losing your funds.

After doing some investigating I think someone may have gotten into my gmail account. I have no idea how as my password was completely unique and I didn't use it on any other websites? Is there any way to get an entire login history from google? It seems I can only get the past months activity?

If you have other wallets, I suggest you move all of your balance to a new wallet such as Electrum, after making sure that your pc is not infected with any malware, virus, etc, and store your seed offline. Since it is difficult to find out how exactly that happens, securing all your assets should be a priority.

Anyway, stop using a wallet like Blockchain.com. There are dozens of alternatives out there with better security and easier to use than them.

There are three possibilities for how you lost your coins here. The first is the attacker gained access to your seed phrase, as nc50lc has suggested above. Did you back this up, and how did you do so? Did you save it electronically, upload it to an email address or cloud server, take a screenshot of it, etc? Lots of people have lost funds this way.

The second is that the attacker gained access to your email address and your password, allowing them to block or delete any confirmation emails from blockchain.com before you could see them. Check if your email address has been part of any data breaches recently. Do you reuse the same password across multiple accounts and services? Was your blockchain.com password the same password you used elsewhere? You would do well to change your passwords.

The final possibility is that this was an inside job by blockchain.com. Given just how frequently people seem to have their coins stolen from this platform (exponentially more than any other wallet or exchange), we can't rule this out.

Receiving no email login confirmation from blockchain.com is known issue of them, people complains left and right I guess even still on late 2017. Seems there's no improvement from their side knowing that it still happens today.

As for the lost funds, I hope it's not that much for you. You can't recover it either since bitcoin transactions are irreversible, even you message their support, they just tell you that "it's the users responsibility to secure their account and we can't do anything about it and blabla".

What you can do now, is forget what happens even it takes time, and move on. Don't ever use/suggest their service wallet/exchange etc. to anyone, coz if you will check this board Web wallet you can see that most complains are for blockchain.com they become shittier and shittier.

I don't, only one of them on the list is mine. Looking at other posts on here it seems blockchain has been acting weird in the past week or so, freezing people out of wallets and not sending verification emails when logging in etc. I wonder if they got hacked and are keeping it hush hush or they have a rogue employee or something?

I bet you own all the address on that 1 received transaction of that address, if not, then that's weird, you can't send bitcoin from multiple wallets in 1 transaction (at least
 to my knowledge), not unless the hacker got access the master private key of that multiple wallet which only blockchain.com has the access, only if that's possible.

Have you created a back-up of your "Recovery Phrase"? The 12-words from security settings.

The hacker must have gained access to that backup and imported it to a client then did the transaction from there.
He doesn't need to access your Blockchain account to make a transaction if he has the Recovery Phrase aka "BIP39 seed".

Not necessarily 141 wallets, but 141 addresses.
Those could belong to very few wallets, because one wallet can generate unlimited addresses.

There might be only 2 wallets  , or 5, 10, maybe 20... hardly much more than  that imo.

Anyway  that's very weird.


About your bitcoin cash, or any other altcoin, I would move it straight away before he steals it too.

Yeah it's definitely a weird one. So this guy gained access to 141 wallets(one of them mine) and transferred their combined contents in a single transaction, is that right?

0.48870459 BTC total so that's nearly £21,000 worth!

At least he left me with $10 of bitcoin cash when he stole my BTC! 

There was only one transaction, to one address 34FAKLZ52xb5FZR14pde9Pcs8qgcWQDZXN. Not all of those addresses are yours?

This thief was able to steal a lot of blockchain.com wallets, and made just one transaction? This is weird. Looks even like an internal job.

Blockchain.com is a very unsafe wallet, and a lot of people lose money with it. Certainly a  wallet to be avoided...

If you are going to buy btc again, I would suggest downloading electrum from Electrum.org
It is the best wallet out there.

I just logged onto my blockchain to check on my BTC and discovered my bitcoin had been sent to another address three days ago...

The last time I logged in before today was in January.

Whenever I try to log into blockchain they send me an email confirming the login, but on the day my BTC was stolen I received no email?

Any ideas on how he might have got into my account? Receiving no login email on the day I was robbed is certainly a strange one...

It wasn't a massive amount that was stolen but I've had it and been following it since 2013 so it definitely stings a bit!

Here is the address my BTC was sent to. Looks like he's robbed a few people!

https://www.blockchain.com/btc/address/34FAKLZ52xb5FZR14pde9Pcs8qgcWQDZXN


Here's my history...

https://i.imgur.com/oQtq1zi.png

It's been a good run!