Author

Topic: Blockchain.info Wallet - Unauthroized Transaction (Read 1345 times)

full member
Activity: 162
Merit: 100
Even if the amount is small, if this "hacker" does it enough times to x amount of wallets then he'd be expecting a big payday. 

Strongly agreed to it. It could me millions a day if done several million times.
I wonder what could be behind that Strongcoin.
hero member
Activity: 798
Merit: 500
Time is on our side, yes it is!
Seems like the best thing to do after something like this is to go over your protocols for security and tell someone who would have a good understanding of what may or may not have happened.
edd
donator
Activity: 1414
Merit: 1002
I was thinking about joining blockchain.info but I've read a few of these horror stories lately...how could someone possibly get through a 2FA account?  I thought you would need the mobiel device to withdraw?

You have several options for two factor authentication with blockchain.info. You can use SMS, email, Yubikey or Google authenticator.

Using 2FA just means a hacker has to work that much harder to access your account; it doesn't make it impossible.
hero member
Activity: 546
Merit: 500
Carpe Diem
I was thinking about joining blockchain.info but I've read a few of these horror stories lately...how could someone possibly get through a 2FA account?  I thought you would need the mobiel device to withdraw?
sr. member
Activity: 294
Merit: 250
Someone maybe has generated the same private keys as you? It's extremely unlikely, but not impossible!

When people jump first to "duplicate private key" it makes me wonder if they jump to the least probable explanation in other scenarios as well.

Say you came home from work early, open the door to your house, and saw your wife having sex with the neighbor.  

Now there are two (well probably more but let keep it simple) possibilities:
a) Your wife really is cheating on you, with your neighbor.  The proof is irrefutable and visibly obvious in front of you.  
OR
b) On your way home from work, unbeknownst to you, you were transported into a parallel dimension.  This dimension for the most part is undetectably similar to "your" dimension, except in this world, you never married your wife.  Due to that fact she actually married the man whom you know as your neighbor.  So in reality the man and women who are having sex, are married, don't even know you, and this is their home.  If they haven't seen you yet you should probably leave before you are arrested for breaking and entering.

I have to wonder when faced with that scenario, if the first words from the "duplicate private key" people would be "Hey are you my wife? I just need to rule out the possibility that I accidentally traveled between dimensions before I get really pissed."
I actually presented the more likely scenario in the line under if you didn't see it.
I see your point with the parallel universe thing though.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Someone maybe has generated the same private keys as you? It's extremely unlikely, but not impossible!

When people jump first to "duplicate private key" it makes me wonder if they jump to the least probable explanation in other scenarios as well.

Say you came home from work early, open the door to your house, and saw your wife having sex with the neighbor.  

Now there are two (well probably more but let keep it simple) possibilities:
a) Your wife really is cheating on you, with your neighbor.  The proof is irrefutable and visibly obvious in front of you. 
OR
b) On your way home from work, unbeknownst to you, you were transported into a parallel dimension.  This dimension for the most part is undetectably similar to "your" dimension, except in this world, you never married your wife.  Due to that fact she actually married the man whom you know as your neighbor.  So in reality the man and women who are having sex, are married, don't even know you, and this is their home.  If they haven't seen you yet you should probably leave before you are arrested for breaking and entering.

I have to wonder when faced with that scenario, if the first words from the "duplicate private key" people would be "Hey are you my wife? I just need to rule out the possibility that I accidentally traveled between dimensions before I get really pissed."
hero member
Activity: 672
Merit: 500
There seems to be a lot of theft around blockchain.info in the past couple of days. This is the fourth one I read. I wonder if it has nothing to do with weak passwords, but the browser and phishing sites. I believe blockchain.info admin is already looking into this.

Meanwhile, I personally would refrain from logging into blockchain.info itself unless absolutely necessary, but check balances via a blockexplorer. I might be paranoid, but it is better to be safe than sorry.
sr. member
Activity: 294
Merit: 250
The same private key? That seems awfully unlikely, but never thought of that yet. Thanks for the links shorena too, those occurred yesterday and today. I'll just switch from using an online wallet to a desktop one, however I cannot decide between Bitcoin-qt, Electrum, Multibit, and Amory.
I personally recommend MultiBit. Lightweight, and really east to use and create new wallets and such stuff! Smiley
hero member
Activity: 980
Merit: 1000
www.DonateMedia.org
The same private key? That seems awfully unlikely, but never thought of that yet. Thanks for the links shorena too, those occurred yesterday and today. I'll just switch from using an online wallet to a desktop one, however I cannot decide between Bitcoin-qt, Electrum, Multibit, and Amory.
sr. member
Activity: 294
Merit: 250
Someone maybe has generated the same private keys as you? It's extremely unlikely, but not impossible!
Otherwise someone has probably gained access to your private keys in some other way, maybe through infecting your computer with malware.

Thats like finding a buckyball in the earth. Wink *

But these blockchain incidents seem to happen a lot lately.

https://bitcointalksearch.org/topic/blockchain-account-emptied-589609
https://bitcointalksearch.org/topic/hacker-stole-bitcoins-from-blockchain-wallets-588644
https://bitcointalksearch.org/topic/lost-150-btc-from-this-address-590090

Some had 2fa enable, some hadnt. Anything unusual the last days?


*
https://bitcointalksearch.org/topic/m.6473942
Hmm, maybe blockchain.info is compromised? That would explain the recent hacks. However, they seem a bit random to actually be a full scale hack against them. Maybe a malware attack target against bitcoin users would be more realistic?
full member
Activity: 224
Merit: 100
GOOD Dev
Even if the amount is small, if this "hacker" does it enough times to x amount of wallets then he'd be expecting a big payday. 
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Someone maybe has generated the same private keys as you? It's extremely unlikely, but not impossible!
Otherwise someone has probably gained access to your private keys in some other way, maybe through infecting your computer with malware.

Thats like finding a buckyball in the earth. Wink *

But these blockchain incidents seem to happen a lot lately.

https://bitcointalksearch.org/topic/blockchain-account-emptied-589609
https://bitcointalksearch.org/topic/hacker-stole-bitcoins-from-blockchain-wallets-588644
https://bitcointalksearch.org/topic/lost-150-btc-from-this-address-590090

Some had 2fa enable, some hadnt. Anything unusual the last days?


*
https://bitcointalksearch.org/topic/m.6473942
sr. member
Activity: 294
Merit: 250
Someone maybe has generated the same private keys as you? It's extremely unlikely, but not impossible!
Otherwise someone has probably gained access to your private keys in some other way, maybe through infecting your computer with malware.
hero member
Activity: 980
Merit: 1000
www.DonateMedia.org
This problem is regarding my Blockchain.info wallet. It seems like before a transaction that I did not initiate happened, but I disregarded it as something I forgot I sent. But this happened again today, in the middle of the night, so I know for sure that it was not by me.

https://blockchain.info/tx/c38a788daaff2f646de0ec32c70e2ecc4b9c145b48a59ea9013649757b54fdd2

0.01845303 BTC was sent, and some of it was also sent to 'StrongCoin', as in the last transaction a few months ago. A fee of 0.001 BTC was used, seems like they were in a bit of a rush for it to be confirmed...

I know that that small amount of BTC is lost, and that I should start fresh with a new wallet, but why is it being sent to StrongCoin and how is this happening? I got no emails regarding any confirmation codes required to access my account. I had two-factor authorization enabled on my wallet.
Jump to: