Blockchain.info Possibly Exploited. Coins Stolen.

marcelus

sr. member

Activity: 297

Merit: 250

Quote from: Sutters Mill on November 06, 2014, 06:35:08 AM

Quote from: Divinespark on November 06, 2014, 03:57:37 AM

Sounds like a tall tale to me
That said, would love to hear if there is an update/sequel to this story

Sounds like bullshit to me too. Obviously bitcoin can be stolen from blockchain but when it is it's usually the users fault for being lax on security someway. I don't buy this being in contact with the hacker bs unless you can provide more proof of it.

If I was reading this I'd say bullshit straight up too. I don't blame you. Thing is, this happened to me. I've lost a lot of coins and this guy told me what he told me. The only way I can make sense of it is that I was attacked in ways alluded to here and the guy I spoke to is talking shit. I guess I did feed him with answers in some sense since I suspected him of thieving from me but other info he volunteered. He did also show me a wallet with 867 BTC in it.

Sutters Mill

hero member

Activity: 976

Merit: 575

Cryptophile at large

Quote from: Divinespark on November 06, 2014, 03:57:37 AM

Sounds like a tall tale to me
That said, would love to hear if there is an update/sequel to this story

Sounds like bullshit to me too. Obviously bitcoin can be stolen from blockchain but when it is it's usually the users fault for being lax on security someway. I don't buy this being in contact with the hacker bs unless you can provide more proof of it.

Divinespark

hero member

Activity: 938

Merit: 501

Sounds like a tall tale to me
That said, would love to hear if there is an update/sequel to this story

bryant.coleman

legendary

Activity: 3752

Merit: 1217

I don't think that coins can be stolen from Blockchain.info. The site is designed against any possible coin theft. Also, they just raised $30 million a few days ago, to improve the security issues.

bornil267645

sr. member

Activity: 406

Merit: 250

AltoCenter.com

this is Mt.gox all over again. At first some users faced some problem, all of a sudden the whole site goes dark. Fellow BTC users, stay sharp.

onemorebtc

sr. member

Activity: 266

Merit: 250

afaik when using blockchain.info they never have your private key?
did they change that (havent used them for a while)?

Soros Shorts

donator

Activity: 1617

Merit: 1012

Quote from: evansearle42 on November 05, 2014, 10:18:13 PM

The OP mentioned that he would use shred send while "keeping his IP concealed", this implies that he was either using tor or a no-log proxy, and it is possible that someone used a MITM attack to capture his password and 2FA code, then logged into his wallet, downloaded a backup, then loaded the backup to a new wallet (without 2FA enabled) and sent the coins to an address the attacker controlled

If this were the case then the attacker had at most a 1-minute window to log in since the same 2FA code was used. I would think that some security feature could be easily implemented on the website to prevent the same code from being used back-to-back in 2 consecutive logins.

segvec

full member

Activity: 196

Merit: 100

The cheddar breed jealousy

Interesting.
More to the story...not smart accessing via TOR.

Ron~Popeil

sr. member

Activity: 406

Merit: 250

Quote from: evansearle42 on November 05, 2014, 10:18:13 PM

Quote from: Ron~Popeil on November 05, 2014, 05:02:46 PM

PSA: If you don't control your private keys you don't have any bitcoin.

Sorry for your situation and I hope you get your bitcoin back. That is a pretty surreal story to say the least.

blockchain.info actually does not control your private keys. If you are actually connected to their site then you will generate, encrypt and decrypt the keys locally.

The OP mentioned that he would use shred send while "keeping his IP concealed", this implies that he was either using tor or a no-log proxy, and it is possible that someone used a MITM attack to capture his password and 2FA code, then logged into his wallet, downloaded a backup, then loaded the backup to a new wallet (without 2FA enabled) and sent the coins to an address the attacker controlled

At the risk of exposing my ignorance on this stuff that post went completely over my head. That is exactly why I don't keep bitcoin anywhere but in a paper wallet. Thanks for the correction though. I need an occasional reminder about how little I know about internet security.

So is this only a threat when using tor or is that kind of attack possible with all browsers?

evansearle42

sr. member

Activity: 366

Merit: 250

Quote from: Ron~Popeil on November 05, 2014, 05:02:46 PM

PSA: If you don't control your private keys you don't have any bitcoin.

Sorry for your situation and I hope you get your bitcoin back. That is a pretty surreal story to say the least.

blockchain.info actually does not control your private keys. If you are actually connected to their site then you will generate, encrypt and decrypt the keys locally.

The OP mentioned that he would use shred send while "keeping his IP concealed", this implies that he was either using tor or a no-log proxy, and it is possible that someone used a MITM attack to capture his password and 2FA code, then logged into his wallet, downloaded a backup, then loaded the backup to a new wallet (without 2FA enabled) and sent the coins to an address the attacker controlled

Ron~Popeil

sr. member

Activity: 406

Merit: 250

PSA: If you don't control your private keys you don't have any bitcoin.

Sorry for your situation and I hope you get your bitcoin back. That is a pretty surreal story to say the least.

marcelus

sr. member

Activity: 297

Merit: 250

Quote from: 21coin on November 05, 2014, 02:26:08 PM

Quote from: marcelus on November 05, 2014, 02:01:13 PM

Quote from: 21coin on November 05, 2014, 01:35:56 PM

a lot of members are facing problem with blockchain.info
you should report this issue and stay away from this untill this issue is resolved

Do you have links to these threads?

here is one of them
https://bitcointalksearch.org/topic/funds-stolen-from-blockchaininfo-843228

Thanks. Malicious exit node (I have accessed it through TOR once - stupidly), man-in-the-middle is what I thought from day one. It's the only thing that made sense. It's the only thing that still makes sense. However, how is it that this guy has stolen an identical amount recently and is making these claims about accessing blockchain.info? Maybe it's just an insane coincidence but the number he quoted is the correct one right down to the bitcoin.

ibminer

legendary

Activity: 1789

Merit: 2535

Goonies never say die.

Did your coins end up at this address?

Quote from: kruhft on November 04, 2014, 02:20:56 AM

Quote from: lonari on November 01, 2014, 01:14:05 PM

Was accessing my wallet from Tor and then suddenly, 1.84100102 BTC was transferred to 1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

2FA was always enabled. Using google auth.

Do I have any recourse?

Looks like whoever it is has been pretty active: https://blockchain.info/address/1FJxeqyAAkxjbV5ijh3CnNkbgdu8zCVsY7

21coin

hero member

Activity: 493

Merit: 500