Topic: How safe is my wallet at blockchain.info (Read 358 times)

This thread created on June 15, 2018, 03:51:07 PM , at that time blockchain still using .info instead of .com.

FTFY, you can't see your private keys directly on blockchain site, you must using 3rd party such as https://iancoleman.io/bip39/ or just import the seeds to electrum.

what is blockchain.info ? maybe you mean blockchain.com ,  blockchain recently moved into a new domain but the site's gui and features are still the same as the old one .

Blockchain is pretty safe since it is one of the old and trusted wallet by most crypto users especially bitcoin .

Just only make sure that you hold your private keys and your password on safe place , so that you will still recover your account if there is a problem on the site it self .

Antivirus producer do not update any vulnerabilities (or any databse for vulnerabilities).
They do only update signatures of malicious programs.

A vulnerability in a program/interface/.. is not related to anti virus software in any way.

An AV does recognize malicoius actions on your PC by checking the signature of the executable with their database.
Additionally they analyze the behaviour of such programs (e.g. creating sockets, http requests, ... ).

But this is irrelevant from any vulnerabilities found.

Thank you for the link! After all these years i dont even know or aware that web wallets can be easily exploited like that which this thing should really be read up and a warning thing for those people who are fan on using up web wallets. Its clear they are vulnerable anytime to be attacked. Malwares can really bypass any antivirus in the market if it wont be updated.I do even believe that those companies are the ones who do made up those malware and viruses for business purposes and been taken advantage on any blackhat hackers in the net.

Although blockchain.info is considered an unsafe wallet, it is an easy to use wallet and it's a good option for newbies who lack of knowledge about computers in general. So it's good for bitcoin adoption.

I think it could be made safer somehow, but online wallets have too many attack vectores...

Blockchain.info is probably the most popular, but the most unsafe wallet. You have to be careful with its use. My recommendation is to not set up their app on the phone and not to use it on a public wi-fi.

Online wallet platform can be exploited from their vulnerabilities as well and do note that antivirus adds updates on the basis of vulnerabilities known . What if in the case of unknown vulnerability found by black hat hacker first? Ofc antivirus will not detect such as malware.

Thus it is normally advised to not to keep your coins at online wallet or if you even want to use then keep only the amount of coins that you plan to spend over a time and use paperwallet to hold the remaining. 

Check this : https://bitcointalksearch.org/topic/m.6354731 (White hat hacker discovered the vulnerability and hacked bitcoins from blockchain.info and returned those coins back)4

I think he is talking about without notice of login to his account so if someone recorded all of your keystrokes there are still possibilities that you can be still notice that someone login into your blockchain account via email unless if you turn off the email notification.

I suggest for those who wanted to keep safe their online wallets or PC use Kaspersky total security because it supports cryptocurrency and protect all of your browser.

The malware come as Key-Loggers which record all your keyboard strikes and mail it periodically to the host. On scanning the data, it becomes very easy to find blockchain.info's unique identifier following the password.

the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!

- Verifying your email or phone number is not the accepted way of creating your own wallets. Your data should be anonymous.You don't really need those details to create a bitcoin wallet anyway.
 - People just want to go the easy way thereby sacrificing their personal details. I agree Bitcoin Core is meant for tech savvy people but an alternative like Electrum should be used as much as possible.
 - I'm not saying blockchain.info isn't safe but if you deal with a good volume of bitcoins on a daily basis, it's a wise choice to store them in a more secure environment like Electrum or Bitcoin-Core.

It doesn't matter what's wallet it is an online wallet or hardware wallet ( offline ) as long as you know how to keep a private key it is always safe. Easy to access blockchain.info and easy to use no need for a KYC, not like other wallets that were asking for your personal data.
https://blockchain.info it needs Gmail verification and phone number verification that's it, easy as that.
If you used that wallet I suggest you for short-term holding but if you want long-term hardware wallet is the best like trexor and ledger nano.

I agreed on this I must prefer into this wallet too.

For sure he dont have any idea about the word "decentralized" which had been used into the sentence he do made  

Blockchain does provide phrases which do acts as a recovery when you lost up such wallet or simply a key that would used for you to access your wallet incase you lost it. These information shouldnt be shared out even into your family members  

But the best suggestion is to stick with Wallet which you do have the full control like Electrum or Bitcoin core.

"Decentralized wallet". What does that even means?
What are you talking about?

Anyway, Hackers don't break keys,they steal them..

Verification of email and your phone number I think that's enough for you to say a guaranteed word that your fund was safe, I used that wallet before but so far I don't have any trouble while I am using that wallet. That is decentralized wallet I think hackers don't know your profile did not easily break your private key.
Well, online wallet as a high tendency of hacking and scamming your fund but you are the one who is the responsibility to keep your private key safe.

The Two Factor Authentication is not really safe because it also can be Bypass by the hackers so the paper wallet is the best for the long term holding but the wallet like Ledger Nano S is better for holding the multiple crypto currencies in long term.

if you anable Two-factor Authentication (2FA) on blockchain.info then your wallet there is really safe .

But the safest wallet ever will be a paper wallet that you lock in any tresor (allö offline)



regards

That's not true.
The website can go down and you still have access to your funds, since blockchain.info provides the seed phrase to restore in another wallet.

Last time I checked, you can request in the UI of blockchain(dot)info for the private key of any of your addresses.
Doing this will remove that address to the list, but it's still best to send all the funds to a new address to be safe.
Given that, the logical solution when shifting to a different wallet is to just send all of your funds to the new wallet (ex. Electrum) via transaction.

<I'll verify this later> Edit
Nah, Export private key is only available for their Ethereum Addresses.

Also, this should be moved to Service Discussion > Web Wallets.

---

As for the thread question:
For newbies, it is safe in the sense that you don't have to take care of the backups and private key managements and the fees to use bitcoin, all you need is the backup seed or your key+passphrase and your email address.
But not safe in sense of security, on that website, your bitcoins aren't totally under your control.

This was due to the fact that you had installed a full node (needs to download/sync/process the whole blockchain).
Light-weight clients (electrum) do connect to a server which does provide the relevant information (balance / transactions of your addresses).





Even if you know how to protect your device, and even if you do know a lot about networks it is not guaranteed that an online wallet is safe.

The thing with online wallets is that at one point you have to rely on the web wallets server.

Imagine the following case:
Your PC is completely secured from any malware (not possible, but lets assume it).
You visit blockchain.info or any other web wallet, check whether you have entered the URL correctly (maybe use a bookmark) and verify the SSL certificate.
You then enter your credentials. A few seconds later.. everything gone.

What happened? Were you not cautious enough? No. An attacker just had a valid SSL certificate for this site issued by a CA which had a security breach.
While you were thinking you were on the online wallets server, you got directed to the attackers server (which does show a valid certificate for the online-wallets URL). You basically just got phished.
There is not a lot you could have done in this case. You might have checked whether the CA from the SSL certificate does match the previously mentioned CA and keep a list.. But that would be a really paranoid way.


Thats just one example. Online wallets do have way more attack vectors than traditional desktop-/mobile- wallets have.
You can be the most security-concerned person, but you won't never be able to keep an online wallet fully secured with no possibility of theft, ever.