Author

Topic: HELP!! Hacked using Blockchain.info! Someone sent my BTC AWAY! (Read 6324 times)

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Hello friends, does anyone have a blockchain.info account from 2014? .
I really need it.
Call me on the telegram: @Xee_Love
 

Mine is much older than that.  Why?
jr. member
Activity: 37
Merit: 1
Hello friends, does anyone have a blockchain.info account from 2014? .
I really need it.
Call me on the telegram: @Xee_Love
 
full member
Activity: 180
Merit: 100
Once your coins have left your wallet and gone into another wallet you do not control or personally know the owner of they are gone. Unless the person fucks up and posts "hey look I stoke this guy's bitcoins! lolololol!" you will never find out who took it by following it on the blockchain.
full member
Activity: 196
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
The thief started spending all the coins he stoled from me! He did lot´s of payments to different adresses, any possibilty to follow anyone of those transactions? https://blockchain.info/pt/address/17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2

Looks like it's  gone through a tumbler.

I'm sorry to say, but without some MAJOR detective work, your coins are essentially gone Sad
full member
Activity: 180
Merit: 100
BTCBTCBTC Don't use online wallets. BTCBTCBTC
full member
Activity: 180
Merit: 100
The thief started spending all the coins he stoled from me! He did lot´s of payments to different adresses, any possibilty to follow anyone of those transactions? https://blockchain.info/pt/address/17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
I was also surprised to learn that. Apparently the default settings for the wallet encryption is rather weak.

Hm? From what I can tell wallets are encrypted with 256-bit aes. That's pretty damn strong.
The encryption used in very strong and not the issue.  The issue is how strong the password is.  If you use a weak password then the wallet can be cracked.
sr. member
Activity: 430
Merit: 250
I was also surprised to learn that. Apparently the default settings for the wallet encryption is rather weak.

Hm? From what I can tell wallets are encrypted with 256-bit aes. That's pretty damn strong.
newbie
Activity: 48
Merit: 0
did you have the backups sent to your email?

if you did then it was possible your email account was compromised and the wallet password was simply brute forced.
member
Activity: 63
Merit: 10
From my understanding the 2FA on blockchain.info only prevents an attacker from retrieving the encrypted wallet file (from blockchain.info directly). If he can get it some other way, for example by compromising the hotmail account, its not impossible to brute the wallet.

I was also surprised to learn that. Apparently the default settings for the wallet encryption is rather weak.

It happened to this guy on reddit:

http://www.reddit.com/r/Bitcoin/comments/1ubv3o/my_blockchaininfo_wallet_hacked_strong_unique/
full member
Activity: 180
Merit: 100
My God, what's happening here? Either with Ubikey hacked? Is the Ubikey used by Blockchain like the one used by MTgox? Because that's all i m relying these days...  Shocked Huh
newbie
Activity: 17
Merit: 0
Quote
i didn't use the 2FA on my account there.

Always use 2FA.
sr. member
Activity: 430
Merit: 250
I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.
The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

This must be the problem.. You may have a RAT\Keylogger installed. What security software you running?

Hey Icey, i use ESET NOD32 Antivirus 4, it looks that it didn t protected, would you have an anti-virus to reccomend? Thanks
No antivirus will protect you. Look into cold wallets and offline transactions, if you're serious about security.
full member
Activity: 180
Merit: 100
I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.
The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

This must be the problem.. You may have a RAT\Keylogger installed. What security software you running?

Hey Icey, i use ESET NOD32 Antivirus 4, it looks that it didn t protected, would you have an anti-virus to reccomend? Thanks
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right? Smiley
Put up or shut up you spineless steaming pile of FUD.

You appear to be lost.  This is not the thread you were looking for.  Try this one:

https://bitcointalksearch.org/topic/2013-12-17-bitcoin-tumbles-after-pboc-rumors-confirmed-374295
legendary
Activity: 1470
Merit: 1004
Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention



Contact the Bitcoin central authority and report the stolen funds. Oh, I forgot, Bitcoin is not reversible and nobody can help you to recover your funds even your account was hacked. "Free Bitcoin", right? Smiley

legendary
Activity: 1578
Merit: 1000
May the coin be with you..
I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.
The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

This must be the problem.. You may have a RAT\Keylogger installed. What security software you running?
full member
Activity: 180
Merit: 100
Hey BuryW, I m sorry for posting in multile threads, i was freaking out, just wanted to have maximun feedback as possible, i am stoping to do that. You are the person who is helping me more anyway with your analisys.

How do i check for Key loggers? Are those the guys that steal passwords that i type in my computer? If that was the case then it would mean that the coins were STOLEN right? But the coins remain there in this adress since the "hack"... then, i don't know. Do you know any coin following service? Or painting coin service (just to prepare in the case the coins will be sent away from there)

And if it was a bad PRNG who is to blame? I know the first one to blame is myself but if i can t do anything about, the least it will be for me a very expensive lesson, i have to learn what was the problem, where did i make a mistake. (i can see during our conversation some mistakes like, do not enablin 2FA, do not enabling IP Logging, Sending the coins to an already used adress, i didnt empty the whole wallet...)

I never did a backup of my blockchain.info wallet, started to do yesterday 1 hour before the hack-system fail.

The only way to someone get ahold of my wallet backups woud be through my e-mail, hotmail, but it is secure with a big password.

Thanks for your attention

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
I noticed you have started posting your problem in multiple theads.  Please stop that.  It will not help your situation and will only piss off those who are here trying to help you.

BTW one of the very first things I checked was whether or not the two transactions from your address had the same R values (a know weakness in ECDSA) and they do not.  That is not your issue.

However, since the key pair was created a pretty long time ago there may have been an issue with the way it was created way back then (possibly a bad PRNG) but I cannot prove that one way or another.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
How often and exactly how do you back up your blockchain.info wallet?  Is it possible someone could have gotten ahold of one of your wallet backups?

I am about out of ideas so, as a last resort, it is time to check your system for a key logger, etc.

Sorry I could not be of more help.
full member
Activity: 180
Merit: 100
Hi, BurtW, just saw the App as i told you it Syncs with the webclient, the adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 where the stolen-lost coins are in "watch only" as the webclient.

I can't see the IPs that used my webclient at the time of the theft because this feature was disabled, i just enabled it but can't see past Logs....  Sad

Just found 2 similar posts with much more coins lost

https://bitcointalk.org/index.php?topic=277595.new#new

and

https://bitcointalk.org/index.php?topic=277601.100
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Also, on your blockchain.info account please go to the home page, then account settings, then logging and see if another IP address besides your own has been logging into your account.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)


Do you still have the ipod ap?  Can you look in there and see if your coins are in the ipod?  They might be there (maybe)
full member
Activity: 180
Merit: 100
Those are the adresses in my receive list:

1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ (this was my first adress from blockchain.info, it was generated automatically by the website, that i remember i never pressed the "new adress" button in the webclient, but i did it at the Ipod client since i did a sync of this wallet with a blockchain app in a Ipod touch, and i used a couple of times)
12dEHPdNVBjByZEZ7kJjLH574FUnZrfStQ
1JPYNFPWvzsthiGZWWKNED2Lgd9dJbUo3K
1NkptN3nBviUED92FqZL4E9EEYTRcfAbDE
1HbnDpDocF9y6hyptnSp2ucUJqh5jzHMnj (imported from a paper wallet)
1A73FmupXc5brwcc9X4uXs7fHJJpu5VUKd (imported from a paper wallet)
1Bc6aYTdzEsGZT2jBDYgL66HV5jyRGSPJf (imported from a paper wallet)
1NY9Z3vcJHpY2WQabRxEK8fxQduKEceYF2 (imported from a paper wallet)
1H4gLKQB1CB7UsEbyBgPH7TheMywRxu6Ra (imported from a paper wallet)
1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo (this adress was imported the paper wallet, here were my funds, there is 2 options of importing private keys at blockchain.info, one is sending the funds to some already existing adress the second one is bringing the adress to inside of your wallet. First i claimed the coins, then the adress in a desperate attempt to get any coin back)

After i saw i was stolen i added the suspicious adress as watch only and added a label like this:
STOLEN COINS PLEASE SEND THEM BACK TO THE ADRESS THEY WERE STOLED FROM - 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 (Watch Only)

All of this happened by using the blockchain.info through the web interface.

My password at blockchain.info has 11 characters, i didn't use the 2FA on my account there.

Hey BurtW thanks for looking at this issue, i apreciate that, just the fact you are listening i can see some of MY security flaws...

But sad.... sad day!!!! Man....


legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Next questions:

In your blockchain.info wallet on the "recieve money" tab how many addresses are show?  Do any or them say (watch only)?  If so how many of them are watch only?

Back to the 1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ address:  was it automatically generated by blockchain.info?  Did you press the "new address" button OR was it imported from somewhere (paper or brain wallet)?  You first used it back in July.  Do you remember if it was imported or generated and how it was generated?   


Have you ever used blockchain.info on your phone using the phone ap?

Are you going to blockchain.info through the web interface or are you using a browswer plug in?  I assume you are just using the web interface.

Finally:  how many characters is your blockchain.info password?  Do you use 2FA on your blockchain.info account?
full member
Activity: 180
Merit: 100
This Adress https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ belongs to my wallet inside of Blockchain.info , i m using as a browser cllient on Mozilla Firefox.

The deposit today of 14.7037 BTC @ 20:19 was done from me when i redeemed a private key from my paper wallet, the public key of my paper wallet was https://blockchain.info/pt/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

The 4.7131 BTC withdrawal today was made from me. The change of 9.9905 went back to this same address AUTOMATICALLY and was sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, BUT IT WAS NOT SENT BY ME! When i wanted to distribute the funds to another wallet my account on Blockchain.info was ripped!


To make this transaction https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b
i just sent the amount i wanted to some other adress of mine. Just pushed the send button at the webclient, it worked.

But the sending to this adress 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 was NOT SEND BY ME! And it was the larger amount of BTC!

I m really sad... there it goes my money so hardly earned! Please if anybody help me to recover those coins i swear i will give a present for you.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Tell me more about this address

https://blockchain.info/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ

Your history with this address shows:

1 BTC deposit on 7/31
1 BTC withdrawal on 8/12 - leaves a zero balance

Later...

14.7037 deposit today @ 20:19
4.7131 withdrawal today, 5 minutes later, change of 9.9905 goes back to this same address

9.9905 sent to 17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2 about 6 minutes later, still unspent as of this post.

Where did this 1NXboo address come from - in other words how was it generated?

Exactly how did you do the transaction

https://blockchain.info/tx/144c397690d441a48a989cc58499b4a761be21f5157c6fa666aeb34eaa52ce0b

What client did you use?  Did you ask for the change to go back to the same address or did the client do that automatically?  Where was the client running (PC, phone, etc.)?
full member
Activity: 180
Merit: 100
Malware? You mean my computer is being watched?
legendary
Activity: 1726
Merit: 1018
The fact that it happened immediately after you did your transaction suggests maybe there is malware on the computer you used.  Something may have recorded your keystrokes to log in to the blockchain wallet. Unless you turned on logging on your blockchain account I don't think you can get the IP of the person who accessed your wallet.
full member
Activity: 180
Merit: 100
full member
Activity: 180
Merit: 100
I know, but how can i track that adress who stole my coins?

Is there any service out there? And how about this flaw in Blockchain.info system? Why they just don't DELETE the adress that has already been used and automatically create a new adress of mine if i m sending not all the coins from one adress?
member
Activity: 80
Merit: 10
There is nothing you can do, your BTCs are lost.
full member
Activity: 180
Merit: 100
I cant believe somebody just stole 10BTC from me, please help
No expert out there? I ve heard before that it is risky to send BTC from the same adress more than 1 time, maybe that was what happened, please someone help... How can i contact Blockchain.info developers??? Why they havent corrected this flaw???
full member
Activity: 180
Merit: 100
Hi friends, help me please, i just imported some BTC from my paper wallet via Blockchain.info this was my paper wallet public adress

https://blockchain.info/address/1FMwAGuSsgSxGJ8g8V8X7QqkZ8tdQLUTTo

It was sent another adress of mine this one: https://blockchain.info/pt/address/1NXbooRgkYe4LyrPTFk6XGwDvPEKvsT4aJ this adress was inside my wallet at Blockchain.info webclient.

Then i ve send 4.7131 to another adress of mine 18hZHGUkLSs9dUMJWQ5jHRVpBLZrKB8G2r

But in my wallet it shows another crazy transaction to an UNKNOWN adress, and this transaction kind of RIPS the rest of my whole funds! The transaction goes to this adress:  https://blockchain.info/pt/address/17sTtj9eZeVY9nJCbL38t1hqzDHkDu5Rz2

This is the UNWANTED TRANSACTION:  10c226cc42d80b11249f304f817397e9a30039134afeb9abca181b38a100c55e

Is that possible to track this IP who ordered that? Is that a chance to protect me from that? Maybe paint the coins, HELP!

This is the unwanted transaction, please somebody tell me what may be happening, if there is some miners over there, please don't accept that one, shit, don't know what to do, please help me, i thought this problem of the private key being stoled was already adressed by Blockchain.info... Why the change from the first transaction was sent to the same adress? Somebody please give me a light...

Thanks,

Mark
Jump to: