Topic: Blockchain.info Unauthorized Withdraw (Read 3356 times)

As stated in above responce,  java is running on computer

Right, gotcha

it would be good to understand how the hacker got to copy the private keys in the first place. maybe blockchain can add implement a fix.
obviously these 2 guys are not the only people that lost coins this way... 500BTC in total was taken this way.

the blockchain wallet runs client side (JS) right?
when that wallet is running, is it possible to have some other client side app hack the JS wallet somehow?

@elrodvoss

Does your browser have Java enabled?  click here and find out-> http://isjavaenabled.com

Well i guess what Ill have to do is

• Remake a new blockchain.info wallet.
• Use a unique PW vs any other site.
• Enable IP restriction so it can only be used at my home location

I would think that with those three, esp the IP restriction, at account creation, there should be no way a thief could access my account and view my private key.  Of course I have been wrong before.  Blockchain even states that the app will work, as long as its "synced" with account.  So that should be secure as well.  In my mind, that tells me that even if they got my password, they couldn't access my account due to IP restriction.

A:  I have several bitcoin apps.  Nothing new in last several months.  Blockchain, bitcoin calculator, miner status.
B:  I posted above the wallet that was used today.   Unsure of that was same one only cause I havent looked and compared at the moment.
C:  Same name on blockchain and bitcointalk
D:  I mine at bitcoin.cz (slush)
E:  Sadly same password, though it was a strong 10+ character using capital and lowercase letters, numbers, and symbols
F:   Do not read the BTC-e chat box (dont even know what it is)
G:  Java is enabled on this computer.

For myself this only started in the last 14 days.

4/13 was withdraw, but though it was from email hack. 
Wallet address was:  1Nr8BbTNTYutpdHKYzDJpAUcuo2wToL1C2
That only had 5.2 Coins removed from various accounts.

The one from today was over 500 coins in their attack, though my loss was only 1.


I have ordered a "rasberry pi" rig that I will be using as my solo bitcoin interface.  So that should take care of most issues.  Ill have to come up with unique passwords for rest of my bitcoin accounts.  Of course only fear is that with multiple passwords I will forget/lose them and writing them down defeats the purpose on some level.

I could go back to a two wallet system.  But if they get into my slush account or blockchain they could see the address (public not private).

no log means they didnt log into your acount to send the funds.

it means they got your private key previously. and then added it to their own client/wallet and decided today was the day to empty you out.

so if elrodvoss only had the private key in blockchain.info and not a electrum or qt client. then obviously someone at some point got into his and silvereagles blockchain.info account at an earlier date and copied the private keys.. and just waited a few days/week before sweeping them.

Blockchain.info is only a client. It doesn't store bitcoins itself, it only stores credentials needed to send bitcoins from your addresses (that is private keys for your bitcoin addresses). If his computer/phone has been compromised, these credentials might be logged/copied during one of his legitimate logins to blockchain.info and sent to the attacker. The attacker could then use these stolen credentials with any other bitcoin client (like Bitcoin-Qt, Armory, Multibit, etc) to send bitcoins - and that's why blockchain.info didn't have any suspicious logins.

Agreed, this is the main worry in all this I think...

Ive placed a ticket with blockchain.info site.  No word from them yet other then confirmation email.

I have never imported any other keys or wallets into blockchain.  I was using blockchain since I could easily transfer funds from blockchain -> mt. gox -> bitinstant.  

As mentioned before I was hit week ago and just though someone got into my email.  Though that just changing all my passwords would do trick.  Shows that it didn't sadly.

its just bad practice giving your phone access to your main hoard of bitcoin. blockchain.info wallet stores password in plaintext afaik. its not a problem because the app is sandboxed so no other apps should have access to it (unless the phone is rooted or modded). however the phone is just another way for a keylogger or malware. its a potential backdoor if you give it acces to your main hoard.

Which?
Blockchains app
or
Mt. Gox mobile site?

And phone it not rooted.

if you are using their phone app dont. it makes you vulnerable. especially if you have a rooted/modded phone.

My email was possiblely hacked. I had coins removed from my account last week (1 coin) and that's when I changed all my passowords for everything.  Bank,  google, credit cards, etc

I have main computer and laptop.  Both with antivirus and malware protection.  Nothing new installed other then dls for linux distros for new rig.

Have several apps on  gs3, but nothing new.

I have no idea how I could have been a victom esp in last 2-3 weeks. 

I do use slush pool and know that has been attacked over last 3 weeks.  But it was stated that everything was secure.  Pw changed there and wallet address checked as well.

Still on phone but may be more detailed when I get home. 

Only other thing was I been looking for new ways to cash coins since mt gox changed,  but that was after first issue a week ago.  So doubt that was the issue.

On phone I use mt gox mobile and blockchain app.

Use two rigs with main computer running slush's proxy program for straium.  That been running for 2 months.

Been using blockchain for 6-8months without issue.

elrodvoss

please answer these question too.


Maybe we can figure out what's going on,
I suspect  BTC-e has some flaw that allows hackers to run some custom JS...
have you ever use  BTC-e?

Just interacted with PIUK on the other thread we've been discussing this in - the one I started.  Ideally just looking to determine which apps I can trust again.

Blockchain.info really needs to start forcing 2 factor on all new accounts. Otherwise this will keep happening.

In addition it would be helpful if they provided information like in DeathAndTaxes' post to users after having their passwords stolen.

silvereagle

elrodvoss

have both of you contacted PIUK (the guy behind blockchain.info) he might be able to help you out more
https://bitcointalksearch.org/user/piuk-17928

also is there any other places that you BOTH imported your private keys into.

maybe you both downloaded a rogue program that keylogged you both and decided today was the day to take some funds.
as the transaction reveals that someone somewhere has both of your private keys in one wallet. so check with each other if you both use any other mobile app wallets or other things, even check where you both downloaded your miners or qt clients from.

i think silvereagle said in another thread he had his email hacked and had his blockchain compromised ages ago before this loss, has elrodvoss had previous losses?

seems strange 2 "noobs" have had losses due to this same attack and no key/long established member's have claimed losses.(yet)

That's the same address mine went to.

This is the address that is listed in my transactions as to where my coins were sent to the second time:
1JKJdYSZNrWSca1b9ajejdmjuqooE7TLFr


Details of transaction:
You Sent
1.00779078 BTC ($ 142.60)

Value at time of transaction $ 146.94
Hash
89f8223bc1d9140889496dea8...
Sent Time
2013-04-25 22:22:48 (+26 minutes to confirm)
Confirmations
8 Confirmations
Double Spend
No Double Spend Detected
Transaction Fee
0.0155 BTC


Not sure if this will show but here is the detailed info of that address:
https://blockchain.info/address/1JKJdYSZNrWSca1b9ajejdmjuqooE7TLFr
So if im reading that right, that person just made 542 coins in less then 5 mins from several dozen account.



My wallet is 1J71jWZqvoK6n9TLvuQjy3kgxctx9QbpQ8, and is at zero coins and in 5 hours will be defunct.

So you're saying your address is in the same transaction as this one?

https://bitcointalksearch.org/topic/wallet-hack-on-425-187822