Author

Topic: Heads up! Someone is trying to hack into Blockchain.info wallets (Read 3034 times)

hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
I just tried it out, somewhere along the way it redirected me to blockchain.info. 

Now it is using an iframe. 
 serialsforyou (dot) info (slash) securelog32

I'm not sure what the applet and/or windows executables are doing (view source) but definitely not anything you want.
Nasty. Isn't this something Piuk should take down? Copyright, if nothing else.
legendary
Activity: 2506
Merit: 1010
I just tried it out, somewhere along the way it redirected me to blockchain.info. 

Now it is using an iframe. 
 serialsforyou (dot) info (slash) securelog32

I'm not sure what the applet and/or windows executables are doing (view source) but definitely not anything you want.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
There is a blockchain.info phishing site on a .info misspell domain, watch out. I almost fell for it once,

Wow, yes there is.  Omit the c in block,  i.e.,  Blok*

I just tried it out, somewhere along the way it redirected me to blockchain.info. 
vip
Activity: 1316
Merit: 1043
👻
After some discussion with Steve it appears someone may have attempted to login to his wallet however they were unable to pass the two factor authentication test. I believe he has moved the coins elsewhere now anyway.

I had previously downloaded and installed the browser plug-in that checks the script so I suspect this was its way of notifying me of a script problem.

Sometimes the verifier can throw erroneous warnings if there is a problem downloading any of the scripts. If an error is displayed try refreshing the page, if it keeps appearing there may be a problem but otherwise the error can be ignored.

The verifier is essentially ineffective.
legendary
Activity: 2506
Merit: 1010
There is a blockchain.info phishing site on a .info misspell domain, watch out. I almost fell for it once,

Wow, yes there is.  Omit the c in block,  i.e.,  Blok*
full member
Activity: 163
Merit: 100
There is a blockchain.info phishing site on a .info misspell domain, watch out. I almost fell for it once, it's fairly well done and looks almost exactly like the real site, but the form looks slightly different and it's not on https. I will try to find the exact domain. If you typed in your identifier and password there once without noticing, they may have tried to get in to your account but were foiled by the 2-factor auth.
sr. member
Activity: 322
Merit: 250
FYI: I tried logging into my blockchain account from my desktop (Mac) the other day and received a message that my account was locked for 4 hours due to too many login attempts. I knew something was amiss as I had not tried to access my account in days (I then accessed my Blockchain wallet from my mobile app and transferred the funds to an offline wallet).

Yesterday, after closing my desktop browser and attempting to open my blockchain wallet again, I received the following script notification:

*** Serious Error - Javascript inconsistencies found. Maybe malicious -
Do not Login! Please contact [email protected]


I had previously downloaded and installed the browser plug-in that checks the script so I suspect this was its way of notifying me of a script problem. I had also previously set up my 2-factor authentication so I believe this was able to protect me. I use the Firefox browser.

Now again this morning I received an email notifying me that a login attempt was made at 12:05 AM this morning.

Has anyone else had this issue? Anyway, not sure what to do next. I've emailed piuk on Friday but have not heard anything back yet.



I got a similar error when i first got blockchain wallet. I do not think its a "hacking" attempt, my case was that blockchain didnt mail the 2factor validation, and i tried to login 3-4 times so i stayed locked out of my wallet for some hours, my btc havent been touched by anyone, and after those few hours everything was back to normal
hero member
Activity: 910
Merit: 1005
After some discussion with Steve it appears someone may have attempted to login to his wallet however they were unable to pass the two factor authentication test. I believe he has moved the coins elsewhere now anyway.

I had previously downloaded and installed the browser plug-in that checks the script so I suspect this was its way of notifying me of a script problem.

Sometimes the verifier can throw erroneous warnings if there is a problem downloading any of the scripts. If an error is displayed try refreshing the page, if it keeps appearing there may be a problem but otherwise the error can be ignored.

------

There are currently no known specific threats to any wallet or the site in general.
hero member
Activity: 910
Merit: 1005
I've emailed piuk on Friday but have not heard anything back yet.

I cannot find your email, please send me your wallet identifier to [email protected]
sr. member
Activity: 322
Merit: 251
FYI: I tried logging into my blockchain account from my desktop (Mac) the other day and received a message that my account was locked for 4 hours due to too many login attempts. I knew something was amiss as I had not tried to access my account in days (I then accessed my Blockchain wallet from my mobile app and transferred the funds to an offline wallet).

Yesterday, after closing my desktop browser and attempting to open my blockchain wallet again, I received the following script notification:

*** Serious Error - Javascript inconsistencies found. Maybe malicious -
Do not Login! Please contact [email protected]


I had previously downloaded and installed the browser plug-in that checks the script so I suspect this was its way of notifying me of a script problem. I had also previously set up my 2-factor authentication so I believe this was able to protect me. I use the Firefox browser.

Now again this morning I received an email notifying me that a login attempt was made at 12:05 AM this morning.

Has anyone else had this issue? Anyway, not sure what to do next. I've emailed piuk on Friday but have not heard anything back yet.



I tried logging on from my phone last night and was getting a few messages about my IP being banned due to invalid login attempts. It definitely wasn't me. Switched to wifi and it worked fine.
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
legendary
Activity: 1764
Merit: 1002
Steve, use Armory!
hero member
Activity: 836
Merit: 1007
"How do you eat an elephant? One bit at a time..."
FYI: I tried logging into my blockchain account from my desktop (Mac) the other day and received a message that my account was locked for 4 hours due to too many login attempts. I knew something was amiss as I had not tried to access my account in days (I then accessed my Blockchain wallet from my mobile app and transferred the funds to an offline wallet).

Yesterday, after closing my desktop browser and attempting to open my blockchain wallet again, I received the following script notification:

*** Serious Error - Javascript inconsistencies found. Maybe malicious -
Do not Login! Please contact [email protected]


I had previously downloaded and installed the browser plug-in that checks the script so I suspect this was its way of notifying me of a script problem. I had also previously set up my 2-factor authentication so I believe this was able to protect me. I use the Firefox browser.

Now again this morning I received an email notifying me that a login attempt was made at 12:05 AM this morning.

Has anyone else had this issue? Anyway, not sure what to do next. I've emailed piuk on Friday but have not heard anything back yet.

Jump to: