Topic: BTC is missing from Blockchain.info wallet (Read 393 times)

Regarding WPA2-PSK, I doubt that it take months to crack - if firmware of all devices is not updated after that exploit was found, there is definitely a vulnerability which can be used for attack. People always suspect on neighbors with such things, but these days you can crack someone wireless even on few km with pretty cheap equipment.


With hardware wallet user need to pay attention to a few things which can pose a danger. Seed should be stored in safe place, and all words need to be checked (backup is most important). Any address we see on Ledger Live or any other UI should be checked on hardware wallet because of possible clipboard malware which can change address. Last thing is to never type seed anywhere except in hardware wallet.

This way of keeping cryptocurrency is far more secure then any online or desktop wallet.

Hello alastori.

You made the correct decision, and you are using now a safer wallet.

However, we are all humans, and we are susceptible of making mistakes. If you make a mistake, such as using a not updated browser or clicking in a phishing or virus or whatever, your funds will be compromised using Electrum.
There are various sophisticated phishing, such as asking for update inside the electrum software with a phishing link.

Hardware Wallets are a cheap solution. Ledger nano s costs about 60 USD (buy only from ledger.com, never from any third party, because it may be compromised).
A hardware wallet is like 99.9% safe, the risks are minimum and you will basically only lose money if a hacker has physical access to the device. It is worth. I use it, and I recommend it to everyone.

Yeah I understand how this attack works, the thing is i never open blockchain wallet from a link or something like that, i always type the URL key by key, the WPA2 password on my wireless network would take probably months to crack, no neighbours who are into this field, so I am ruling that out too.


Nope, no reply yet.

Okay that means that there's nothing wrong if you have verified it on the email that I'm talking. I don't have anything to add anymore since you have validated most of it and you're sure that you have done you part.

And there's no negligence on your side, did they replied already to the support report that you did?

alastori, i recently find interesting article how 2FA can be bypass in combination with phishing attack, and although this does not have to be something that has happened to you, it is possible that you are a victim of a similar attack.


Regarding error you see, this is something I never see in time I use blockchain wallet. Whatever happened with your account, there is a probability that some trace has remained and that blockchain will find something.

Are you check your home wirelles network for intruders? All protection can be hacked, and everything depends on your modem / router firmware.

https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-80211-networks/

I have the email verification, that's 2FA. It never showed any login attempt for me to verify, I have 2FA in my email too, no suspicious log-in attempts.

Does your account don't have that email verification each time you log in? they display IP address everytime you log in. Check your email because it also includes the browser used, operating system and the time of accessing.

The title of that email should be 'Authorize log-in attempt'.

I understand your frustration especially if you are a techie guy and you are technically into cybersecurity. With the screenshot, IIRC it never happened to me but there were times that the app itself isn't working but it stops you from sending too.

And about the support through email, I've contacted them before and they seem to be good in replying with those concerns. I think their ticket has been flooded and they have to look over each of it that's why they haven't replied to your concern.

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

I have already reported it to blockchain but i have not received a response yet.
What hurts the most is that everybody thinks it's always the clients fault, I am highly educated in cybersecurity and it is in my nature to not fall for stupid phishing attacks or to install suspicious malware.
Every time I have to deal with a file that comes from an unverified source, I view it on a virtual machine or when a VM is not available i use sandboxes to open it. It's very hard to get the usual malware on Linux, especially when you are educated on cybersecurity, because most hackers target their malware to Windows users because they are the majority, not Linux users. Everything is regularly updated on my PC and I only use 2 or 3 browser add-ons that are among the most popular ones. Plus they are all disabled on incognito mode by default, unless you SPECIFICALLY go and enable them in incognito, which is a thing I have not done. My wireless network was a home one, not a cafe or a restaurant etc., so I am excluding a MITM attack. Even if someone was theoretically sniffing my traffic, the traffic is already encrypted by SSL. If it was a non-secure wallet with other circumstances, I would not even open this thread. If I had a malware on my device, they would steal the funds from the other blockchain.info wallet too, not just this one. Plus, the weird error that i screenshotted, what's that ? I never encountered an error like that in my 3 years or so experience of Blockchain.info.

mocacinno, I agree that we can not be 100% sure that OP did not do something wrong, maybe he will find out later what wrong step he made. But during the years we see too many people complain that they lost bitcoins by using this wallet, and we have solid evidence (on link I posted), that it was possible to  get user private key / seed without any notification on e-mail of mobile phone in case of 2FA.

Some user is post few threads below that he and some other victims preparing are lawsuit against this company, they all lost significant amounts of coins in a very similar way, regardless of all security measures they taken.

Maybe I am wrong, but I do not see complaints from Coinbase or Binance users who lost coins, it is always blockchain wallet. I know they have big number of users, but still they should make a detailed review of their system and fix security vulnerabilities if they exist.

Op really seems to be knowledgeable about cyber security and knows where he should place himself. The fault should really be on blockchain.com's end.

alastori, you should report this to them on https://support.blockchain.com/hc/en-us/requests/new though I doubt that they will compensate your loss but let's see if they can stand and will figure out this faulty issue on their end.

As usual where we would hear out those common lines that this incident was always on users side/fault.Majority is on infected PC but there are instances
where i do able to read up that users are pretty aware with their security which you can really think or say in mind that there were something behind on Blockchains service.

Well... In my previous job I had to handle helpdesk calls one day a week in an environment with educated, but non-it personel (it was a rotating shift in which every IT team member was responsible for first line support one day a week). I've heared hundreds of people falsely claim to have done/not have done stuff, even when i confronted them with evidence.

My point is, there is no way to prove the OP didn't mess up... And there is no shame in this either... I have allmost fallen for a phising scam in the not so distant past, i've installed infected files on my "sandbox" pc unwillingly, i've even fallen for a ponzi a long, long time ago. Everybody makes mistakes, sometimes even without realising you made a mistake.

Now let me be clear, i'm not inplying the OP made a mistake and fell for a phising attack or got his system compromised, i'm just saying that i don't think anybody (including me) should be taken at face value when saying they 100% certainly didn't make a certain mistake. I really don't like web wallets, but i would never go as far as implying it was blockchain's fault without seeing any real evidence.

In my opinion, the odds of OP's system being compromised, or the OP being victim of a phising or a social engineering attack still seem more likely than blockchain being exploited... It's all about odds tough, there's no way to know for sure.

This is another mysterious disappearance of user coins from blockchain wallet, and I doubt that the cause will be revealed any time soon. This service is have bad history of very strange hacks, and by reading how careful OP was with this site, I could agree that this is some exploit on blockchain.com.

It would be interesting to see what will support say, but I doubt they will say anything which can cause them any damage, and at the end they will say it was user error.

https://bitcointalksearch.org/topic/thoughts-on-this-private-key-stealing-mystery-2488493

Regardless of who's at fault, it doesn't change the fact that web wallets are one of the least safe ways to store funds as it is more susceptible to attacks. The amount of time you've used it without issues doesn't change anything, no one should wait until a problem has occurred.

@op, note that securing funds doesn't end in picking a wallet as none provides 100% safety. Your wallet won't protect you in case of human error which is why adopting healthy practices helps in increasing your security. Take this as a reference https://bitcoin.org/en/secure-your-wallet

Lastly, don't forget to verify your electrum files to make sure what you've got isn't compromised

It was my money I lost, I have no reason to lie. I would never fall victim to a phishing attack, my 12 word seed was not stored anywhere online.
If I had no idea around hacking or cybersecurity, I would understand that it is my fault and I wouldn't even open this thread. The only logical explanation is that there is some kind of zero day exploit that the public doesn't know about yet, or that the blockchain.info wallet is not as secure as you think.
I would recommend everybody to use another wallet, I'm already using Electrum, my BTC there is safe. Stop giving web wallets a chance, I knew i was probably making a mistake but i thought that since the blockchain.info wallet is probably the oldest it is probably safe. It is not.

Blockchain info is also a secured wallet. At least I have used it for over two years without any issues. Except he exposed his 12 passphrase words online or someone around the OP got hold of them, I still don't know how it could be hacked. To even say that the 2FA authenticator was beaten in this case is really surprising to me to say the lest.

I'd been reading the replied post above and I had the same thought with them, compromising your system will be one of the main reason or you are in a phishing link. I saw that there are no chances that your bitcoin back(just move on of your loss) take this scenario as a lesson to learn. And bitmover was right, clean your computer or use a clean gadget that might use as an intended for wallet only(separate your working PC for daily use). Never trust web wallet they are easy to compromise by hackers.

Strongly agree, Reliable and safe to use if your computer is clean. https://electrum.org/#download, Link to download for safer.

If you had 2fa on both email and blockchain.info , the attacker somehow got access to your browser or seed. Theoretically, your seed in blockchain.jnfo is always compromised because you received it from your browser (someone could be watching)

I would format everything, as I already said. And review your online habits.

Also , try a more secure wallet next time, such as Electrum.org

Well... Like others have already said, your system is compromised...

Either reinstall your os, or at least continue digging untill you find the problem. Here's a starting point: https://upcloud.com/community/tutorials/scan-ubuntu-server-malware/ (in your previous post you mentioned you ran ubuntu).

You do have to realise exentions *can* be enabled, even in incognito mode... As a matter of fact, if you only installed packages from the official repo's and you're 100% sure you didn't fall for a (phising) scam, i'd say browser extensions are the most probably cause of infection, especially sine you indicate the funds were lost after you opened your wallet using your browser (what are the odds somebody having physical access to the seed decides to rob you at the exact moment you're using your browser).