Pages:
Author

Topic: Blockchain.com responsible for loss of clients funds (Read 335 times)

full member
Activity: 137
Merit: 118
Never store large amounts there, it is better to use the Trezor for this.
newbie
Activity: 6
Merit: 0
Blockchain claimed their service as a noncustodial wallet service. But I doubt it's not a true noncustodial wallet. It's pretty sure blockchain staff could see the wallet id and emails as well. To be more honest, even a site would code like this that staff would directly log in to the user account without a password. If the site isn't open-source we can't verify it and without a web developer expert who can read the code language, no one could detect it. So abusing the system is possible. But if there is an activity log on the admin system, then it's possible to detect who abuses the system. Because if someone scam by blockchain staff, then I think the user will not stay calm and eventually authorities would notice it. Anyway, I believe the story op mentioned on the thread is an issue of hacking. If someone would hack the email, means it's pretty easy to find the wallet id. Then hacker could change the email accordingly.

Blockchain.com openly admits that they see wallet IDs and emails. This is how I was able to change my 2FA email back to previous.

Actually it's quite possible that Blockchain.com found the thief, but did not notify the authorities, because such incident would be terrible PR for the company. They mostly likely only fired him, as they would do everything to hide it.

There's no reason to change 2FA email if the email was hacked, because hacker would have access to the wallet already. And besides 2FA change takes few weeks.
Also I have 2FA on my email and logs that prove that no one else accessed my email.
newbie
Activity: 6
Merit: 0
The whole discussion in the article about 2FA resets is useless.
Blockchain.com wallet clearly states that every user should save their seed (24 worda) in a piece of paper to properly back up your wallet.

How will recovery seed help if the funds are already stolen?
legendary
Activity: 2408
Merit: 2226
Signature space for rent
Blockchain claimed their service as a noncustodial wallet service. But I doubt it's not a true noncustodial wallet. It's pretty sure blockchain staff could see the wallet id and emails as well. To be more honest, even a site would code like this that staff would directly log in to the user account without a password. If the site isn't open-source we can't verify it and without a web developer expert who can read the code language, no one could detect it. So abusing the system is possible. But if there is an activity log on the admin system, then it's possible to detect who abuses the system. Because if someone scam by blockchain staff, then I think the user will not stay calm and eventually authorities would notice it. Anyway, I believe the story op mentioned on the thread is an issue of hacking. If someone would hack the email, means it's pretty easy to find the wallet id. Then hacker could change the email accordingly.
hero member
Activity: 2478
Merit: 695
SecureShift.io | Crypto-Exchange
Better to always have your funds in a wallet you have control of, there have been several similar cases still people haven't learn a thing or two,
if you are not a day trader there is no need to keep your money in an exchange for too long, anything can happen and you can't blame the exchange for that.
legendary
Activity: 4004
Merit: 1250
Owner at AltQuick.com
Blockchain.com has had 2fa issues in the past.

I found a major flaw in their system that would allow a hacker to disable their accounts on their exchange without needing to reauthenticate the 2fa. (Basically, you could turn 2fa off without having your 2fa code or device...)

https://docs.google.com/presentation/d/1B7Edd-fj3wSegL2_JMwKBglPzk3pBG9DUVLuz3HPP-w/edit?usp=sharing

They fixed the problem and offered me $50 because they said they were already aware of the issue.  Which is INSANE because they advertised "Military Grade Security" and were still allowed people to use their website to the tune of millions upon millions of dollars and bitcoins in customer accounts.  (They wanted my social security for the $50 bug bounty for "trying"... lulz)
legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
What is terrible with this history is that someone stolen his funds. The author even suggests blockchain. Com employees.... I wouldn't say it is impossible...

It's a web page. Nobody stops certain employees change its internals conveniently for 10 minutes to something that will also save/steal all that's needed to access the money later.
You have to trust them that this will not happen (to you). Or you use a proper wallet, with much better change to find out in proper time if the version you've installer has problems.
With bitcoin getting more and more expensive, more and more people will try to steal it.

Is blockchain.com responsible? Hard to tell; one would have to undoubtedly prove it.
And without that, their ToS pretty much makes them untouchable; if the user doesn't read nor understand it, too bad.

Exactly! I've had a case before in our company also for one of our clients in the past. Back end guy changes the code for 5 minutes, takes everything in that 5. And then changes back the code. AND deletes the log for the code change (but he was finally caught because he forgot to delete one other log of him entering the system anyway.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
What is terrible with this history is that someone stolen his funds. The author even suggests blockchain. Com employees.... I wouldn't say it is impossible...

It's a web page. Nobody stops certain employees change its internals conveniently for 10 minutes to something that will also save/steal all that's needed to access the money later.
You have to trust them that this will not happen (to you). Or you use a proper wallet, with much better change to find out in proper time if the version you've installer has problems.
With bitcoin getting more and more expensive, more and more people will try to steal it.

Is blockchain.com responsible? Hard to tell; one would have to undoubtedly prove it.
And without that, their ToS pretty much makes them untouchable; if the user doesn't read nor understand it, too bad.
legendary
Activity: 2170
Merit: 1789
let say if the site does not give any right as to recovery keys that means the security of the wallet rely on the user.
That should be the norm in crypto, but due to many users prefer the ease of use over security, things like a third-party to secure your wallet exists. For whatever reason people believe that trusting a third-party is a better idea than saving their own private key in a secure place inside their home, even if it means their funds can be locked without consent. Honestly, I hope people learn and stop using blockchain.com as a wallet, regardless of whether they fuck up or not.

Time to learn and control your own funds.
legendary
Activity: 1652
Merit: 1208
Gamble responsibly
Right from the moment I have known about cryptocurrencies, the most wallet complained about is blockchain wallet, and most of the complains are list funds, but I can not say blockchain wallet official is responsible for this, but it is not a good wallet to use, it is a web wallet, web wallets are the most vulnerable wallet to attacks. Also, I can not say their officials are innocent, they might have a backdoor, but I am not certain about this. But not using the wallet is good, for online wallet, desktop wallets are the best, if not having computer, then going for mobile wallet is better.
hero member
Activity: 3164
Merit: 937
I've had a mixed experience with blockchain.com in the past,so I wouldn't put big amounts on BTC in a blockchain.com wallet anymore.I wasn't scammed and I didn't lost any coins,but the account dashboard was confusing to me and some parts of the website were not functional(the problem wasn't in my browser).
You can get and keep your private keys,but I'm not sure whether or not they have access to my private keys,which makes the whole process of keeping your private keys pointless.
hero member
Activity: 1442
Merit: 775
Blockchain.com has some technical issues (Wallet outage) 18 hours ago and they fixed in 10 hours later.
https://twitter.com/AskBlockchain/status/1369258812885118977
https://twitter.com/AskBlockchain/status/1369382222197907465
https://www.blockchain-status.com/

I would prefer to use Electrum and don't get troubles with web wallets and conpany technical problems
legendary
Activity: 1134
Merit: 1599
Definitely not the first time this happens. I've had my money blocked for an entire year since the password to my account has suddenly changed without me doing so.

Unfortunately, their support is completely useless. All they tell you is they just can't help you out since "they don't own the keys" - although I believe they do. If you lose access to your coins, without the seed they will be of no help..
legendary
Activity: 3080
Merit: 1500

Shit happens when you trust someone with your money for such an asset where reverse transaction isn't possible! For bank, it is still somewhat safer because every banking transaction is reversible but that's not the case with bitcoin. Once a transaction is out of your wallet, there's no way to get back unless the receiver sends it back. Also there's no way to know the identity of that person due to the anonymous nature of bitcoin.

In this case, the 2FA got changed using the form available with blockchain wallet owners only! So author's suspicion may be correct - it's an insider job! But if you have learnt the lesson, you will never use a third party wallet ever again! 
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
It does seem like it could be an inside job. Besides all the Reddit and TrustPilot cases there are similar stories that I have seen on Bitcointalk recently. There is no hard proof but if there has been an increase of similar cases they should really be doing more to look into what is causing this.

It is estimated that around a third of all Bitcoin transactions are made from Blockchain wallets. It is unfortunate that so many people are still using this wallet which has such a poor reputation.
member
Activity: 1120
Merit: 68
I don't think Blockchain.com is always at fault. Most of the losses actually results from user's negligence and there is nothing that they can do.

But, of all the online wallets out there, Blockchain.com is likely one of the worst coded ones. The incident for which they pushed an untested update and resulted in the R values reused inadvertently was an amateurish mistake and unforgivable. If you don't want to lose your funds or suffer any headaches, steer clear of Blockchain.com.
Maybe if they made their services more functional and easy to use, I think that they can prevent such thing, the warning sign is just a fancy excuse that they do not want to take responsibility when their clients loss their wallets. As @ranochigo said, steer clear of Blockchain.com or any other online wallets, they will screw you over and they do not care if you lose your funds, buy a cold wallet and don't be dumb and careless with your credentials to access that wallet.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I don't think Blockchain.com is always at fault. Most of the losses actually results from user's negligence and there is nothing that they can do.

But, of all the online wallets out there, Blockchain.com is likely one of the worst coded ones. The incident for which they pushed an untested update and resulted in the R values reused inadvertently was an amateurish mistake and unforgivable. If you don't want to lose your funds or suffer any headaches, steer clear of Blockchain.com.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

The whole discussion in the article about 2FA resets is useless.
Blockchain.com wallet clearly states that every user should save their seed (24 worda) in a piece of paper to properly back up your wallet.

Saving passwords, 2fa, etc this is all pretty much useless, and the seed is all that someone needs in order to spend your funds.


What is terrible with this history is that someone stolen his funds. The author even suggests blockchain. Com employees.... I wouldn't say it is impossible...
hero member
Activity: 1442
Merit: 775
Blockchain.com gives their users warning that if they lost seed, password, wallet ID, they will not be able to recover their wallets.

Trustpilot is a website with many fake trust feedback. I don't believe in the trust feedback on trustpilot.

walletrecoveryservices.com can help to brute force blockchain wallet and recover it. Use it with risks but that service has good reputation.
You can read more in their announcement thread and their guides.

- Ann thread: Bitcoin Wallet Recovery Services - for forgotten wallet password
- https://github.com/gurnec/btcrecover/blob/master/docs/Extract_Scripts.md
- https://github.com/gurnec/btcrecover/blob/master/docs/Extract_Scripts.md#usage-for-blockchaininfo
Quote

You can import your seeds from blockchain.com wallet to Electrum. Choose BIP39 when you import it. After you finish the import, you can have full control of your bitcoin wallet with Electrum software. You will no longer rely on Blockchain.com and their supports.
https://electrum.org/#home
legendary
Activity: 4228
Merit: 1313
Using a third party service for more than a transaction always is a risk since someone else holds the keys.  Particularly a service that provides no insurance.  That said, it is too bad that they didn't do more to help.
Pages:
Jump to: