Author

Topic: How safe is my wallet at blockchain.info (Read 409 times)

sr. member
Activity: 1218
Merit: 410
Secure your crypto : https://notyourkeys.org
September 09, 2018, 05:38:41 AM
#26
what is blockchain.info ? maybe you mean blockchain.com ,  blockchain recently moved into a new domain but the site's gui and features are still the same as the old one .
This thread created on June 15, 2018, 03:51:07 PM , at that time blockchain still using .info instead of .com.

Just only make sure that you hold your private keys seeds and your password on safe place , so that you will still recover your account if there is a problem on the site it self .
FTFY, you can't see your private keys directly on blockchain site, you must using 3rd party such as https://iancoleman.io/bip39/ or just import the seeds to electrum.
full member
Activity: 714
Merit: 100
September 09, 2018, 01:11:31 AM
#25

what is blockchain.info ? maybe you mean blockchain.com ,  blockchain recently moved into a new domain but the site's gui and features are still the same as the old one .

Blockchain is pretty safe since it is one of the old and trusted wallet by most crypto users especially bitcoin .

Just only make sure that you hold your private keys and your password on safe place , so that you will still recover your account if there is a problem on the site it self .
legendary
Activity: 1624
Merit: 2481
Online wallet platform can be exploited from their vulnerabilities as well and do note that antivirus adds updates on the basis of vulnerabilities known.
What if in the case of unknown vulnerability found by black hat hacker first? Ofc antivirus will not detect such as malware.

Antivirus producer do not update any vulnerabilities (or any databse for vulnerabilities).
They do only update signatures of malicious programs.

A vulnerability in a program/interface/.. is not related to anti virus software in any way.

An AV does recognize malicoius actions on your PC by checking the signature of the executable with their database.
Additionally they analyze the behaviour of such programs (e.g. creating sockets, http requests, ... ).

But this is irrelevant from any vulnerabilities found.
sr. member
Activity: 2604
Merit: 338
Vave.com - Crypto Casino

I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!
The malware come as Key-Loggers which record all your keyboard strikes and mail it periodically to the host. On scanning the data, it becomes very easy to find blockchain.info's unique identifier following the password.
I think he is talking about without notice of login to his account so if someone recorded all of your keystrokes there are still possibilities that you can be still notice that someone login into your blockchain account via email unless if you turn off the email notification.

I suggest for those who wanted to keep safe their online wallets or PC use Kaspersky total security because it supports cryptocurrency and protect all of your browser.

Online wallet platform can be exploited from their vulnerabilities as well and do note that antivirus adds updates on the basis of vulnerabilities known . What if in the case of unknown vulnerability found by black hat hacker first? Ofc antivirus will not detect such as malware.

Thus it is normally advised to not to keep your coins at online wallet or if you even want to use then keep only the amount of coins that you plan to spend over a time and use paperwallet to hold the remaining. 

Check this : https://bitcointalksearch.org/topic/m.6354731 (White hat hacker discovered the vulnerability and hacked bitcoins from blockchain.info and returned those coins back)4
Thank you for the link! After all these years i dont even know or aware that web wallets can be easily exploited like that which this thing should really be read up and a warning thing for those people who are fan on using up web wallets. Its clear they are vulnerable anytime to be attacked. Malwares can really bypass any antivirus in the market if it wont be updated.I do even believe that those companies are the ones who do made up those malware and viruses for business purposes and been taken advantage on any blackhat hackers in the net.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Although blockchain.info is considered an unsafe wallet, it is an easy to use wallet and it's a good option for newbies who lack of knowledge about computers in general. So it's good for bitcoin adoption.

I think it could be made safer somehow, but online wallets have too many attack vectores...
hero member
Activity: 1078
Merit: 514
Blockchain.info is probably the most popular, but the most unsafe wallet. You have to be careful with its use. My recommendation is to not set up their app on the phone and not to use it on a public wi-fi.
legendary
Activity: 3094
Merit: 1472

I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!
The malware come as Key-Loggers which record all your keyboard strikes and mail it periodically to the host. On scanning the data, it becomes very easy to find blockchain.info's unique identifier following the password.
I think he is talking about without notice of login to his account so if someone recorded all of your keystrokes there are still possibilities that you can be still notice that someone login into your blockchain account via email unless if you turn off the email notification.

I suggest for those who wanted to keep safe their online wallets or PC use Kaspersky total security because it supports cryptocurrency and protect all of your browser.

Online wallet platform can be exploited from their vulnerabilities as well and do note that antivirus adds updates on the basis of vulnerabilities known . What if in the case of unknown vulnerability found by black hat hacker first? Ofc antivirus will not detect such as malware.

Thus it is normally advised to not to keep your coins at online wallet or if you even want to use then keep only the amount of coins that you plan to spend over a time and use paperwallet to hold the remaining. 

Check this : https://bitcointalksearch.org/topic/m.6354731 (White hat hacker discovered the vulnerability and hacked bitcoins from blockchain.info and returned those coins back)4
legendary
Activity: 2058
Merit: 1030
I'm looking for free spin.

I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!
The malware come as Key-Loggers which record all your keyboard strikes and mail it periodically to the host. On scanning the data, it becomes very easy to find blockchain.info's unique identifier following the password.
I think he is talking about without notice of login to his account so if someone recorded all of your keystrokes there are still possibilities that you can be still notice that someone login into your blockchain account via email unless if you turn off the email notification.

I suggest for those who wanted to keep safe their online wallets or PC use Kaspersky total security because it supports cryptocurrency and protect all of your browser.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!

I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!
The malware come as Key-Loggers which record all your keyboard strikes and mail it periodically to the host. On scanning the data, it becomes very easy to find blockchain.info's unique identifier following the password.
hero member
Activity: 672
Merit: 500

I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
the funds on that wallet is lost from a large number of users and when these users complaint then they say that they do not know and if the user lost their bitcoin then it is the malware on their PC. How is it possible that a malware comes to the PCs of thousands of users at a time and that remove their funds within a minutes from these wallets without login to the accounts!!!
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
it needs Gmail verification and phone number verification that's it, easy as that.
- Verifying your email or phone number is not the accepted way of creating your own wallets. Your data should be anonymous.You don't really need those details to create a bitcoin wallet anyway.
 - People just want to go the easy way thereby sacrificing their personal details. I agree Bitcoin Core is meant for tech savvy people but an alternative like Electrum should be used as much as possible.
 - I'm not saying blockchain.info isn't safe but if you deal with a good volume of bitcoins on a daily basis, it's a wise choice to store them in a more secure environment like Electrum or Bitcoin-Core.
full member
Activity: 798
Merit: 109
https://bmy.guide
It doesn't matter what's wallet it is an online wallet or hardware wallet ( offline ) as long as you know how to keep a private key it is always safe. Easy to access blockchain.info and easy to use no need for a KYC, not like other wallets that were asking for your personal data.
https://blockchain.info it needs Gmail verification and phone number verification that's it, easy as that.
If you used that wallet I suggest you for short-term holding but if you want long-term hardware wallet is the best like trexor and ledger nano.

But the best suggestion is to stick with Wallet which you do have the full control like Electrum or Bitcoin core.
I agreed on this I must prefer into this wallet too.
hero member
Activity: 3010
Merit: 794
That is decentralized wallet I think hackers don't know your profile did not easily break your private key.

"Decentralized wallet". What does that even means?
What are you talking about?

Anyway, Hackers don't break keys,they steal them..
For sure he dont have any idea about the word "decentralized" which had been used into the sentence he do made  Grin


Is I am missing something or these online wallet do not provide private keys to users ?
Blockchain does provide phrases which do acts as a recovery when you lost up such wallet or simply a key that would used for you to access your wallet incase you lost it. These information shouldnt be shared out even into your family members  Wink

But the best suggestion is to stick with Wallet which you do have the full control like Electrum or Bitcoin core.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
That is decentralized wallet I think hackers don't know your profile did not easily break your private key.

"Decentralized wallet". What does that even means?
What are you talking about?

Anyway, Hackers don't break keys,they steal them..
legendary
Activity: 2492
Merit: 1232
if you anable Two-factor Authentication (2FA) on blockchain.info then your wallet there is really safe .

But the safest wallet ever will be a paper wallet that you lock in any tresor (allö offline) Wink



regards
The Two Factor Authentication is not really safe because it also can be Bypass by the hackers so the paper wallet is the best for the long term holding but the wallet like Ledger Nano S is better for holding the multiple crypto currencies in long term.
Verification of email and your phone number I think that's enough for you to say a guaranteed word that your fund was safe, I used that wallet before but so far I don't have any trouble while I am using that wallet. That is decentralized wallet I think hackers don't know your profile did not easily break your private key.
Well, online wallet as a high tendency of hacking and scamming your fund but you are the one who is the responsibility to keep your private key safe.
sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
if you anable Two-factor Authentication (2FA) on blockchain.info then your wallet there is really safe .

But the safest wallet ever will be a paper wallet that you lock in any tresor (allö offline) Wink



regards
The Two Factor Authentication is not really safe because it also can be Bypass by the hackers so the paper wallet is the best for the long term holding but the wallet like Ledger Nano S is better for holding the multiple crypto currencies in long term.
legendary
Activity: 1582
Merit: 1031
if you anable Two-factor Authentication (2FA) on blockchain.info then your wallet there is really safe .

But the safest wallet ever will be a paper wallet that you lock in any tresor (allö offline) Wink



regards
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Your funds are safe as long as the website or wallet continues to function without major hack. Cry

That's not true.
The website can go down and you still have access to your funds, since blockchain.info provides the seed phrase to restore in another wallet.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Did you receive the backup seed? AFAIK, the backup seed is compliant with BIP39. If you want to extract it, go to https://iancoleman.io/bip39/ and key in your seed. You can find the account number (ie derivation path) from settings>addresses.
Last time I checked, you can request in the UI of blockchain(dot)info for the private key of any of your addresses.
Doing this will remove that address to the list, but it's still best to send all the funds to a new address to be safe.
Given that, the logical solution when shifting to a different wallet is to just send all of your funds to the new wallet (ex. Electrum) via transaction.

<I'll verify this later> Edit
Nah, Export private key is only available for their Ethereum Addresses.

Also, this should be moved to Service Discussion > Web Wallets.
As for the thread question:
For newbies, it is safe in the sense that you don't have to take care of the backups and private key managements and the fees to use bitcoin, all you need is the backup seed or your key+passphrase and your email address.
But not safe in sense of security, on that website, your bitcoins aren't totally under your control.
legendary
Activity: 1624
Merit: 2481
I was looking for an online wallet because last time I installed a altcoin wallet, it took month to sync and killed my system performance altogether.

This was due to the fact that you had installed a full node (needs to download/sync/process the whole blockchain).
Light-weight clients (electrum) do connect to a server which does provide the relevant information (balance / transactions of your addresses).



If there is any other safe option online? 

Also, unless you really know how to protect your device/connection, there aren't any safe online wallet.

Even if you know how to protect your device, and even if you do know a lot about networks it is not guaranteed that an online wallet is safe.

The thing with online wallets is that at one point you have to rely on the web wallets server.

Imagine the following case:
Your PC is completely secured from any malware (not possible, but lets assume it).
You visit blockchain.info or any other web wallet, check whether you have entered the URL correctly (maybe use a bookmark) and verify the SSL certificate.
You then enter your credentials. A few seconds later.. everything gone.

What happened? Were you not cautious enough? No. An attacker just had a valid SSL certificate for this site issued by a CA which had a security breach.
While you were thinking you were on the online wallets server, you got directed to the attackers server (which does show a valid certificate for the online-wallets URL). You basically just got phished.
There is not a lot you could have done in this case. You might have checked whether the CA from the SSL certificate does match the previously mentioned CA and keep a list.. But that would be a really paranoid way.


Thats just one example. Online wallets do have way more attack vectors than traditional desktop-/mobile- wallets have.
You can be the most security-concerned person, but you won't never be able to keep an online wallet fully secured with no possibility of theft, ever.
 
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Thank you all.

For Electrum I am getting  below 3 options under heading of easy install. I am using a windows laptop.

Standalone Executable (signature)
Windows Installer (signature)
Portable version (signature) (security advice)
Note: Some old versions of Windows might need to install the KB2999226 Windows update.

Which option I should use to install?


All of these electrum wallets are the same, just different installing methods for different uses. If you don't know which one you need, just download the Standalone Executable. It has no installation.

I was looking for an online wallet because last time I installed a altcoin wallet, it took month to sync and killed my system performance altogether.
If there is any other safe option online?  Is Green address ,segwit wallets looks safe bet.

Blockchain.info the best online wallet out there. But have in mind that all online wallets are unsafe.
Desktop wallets are unsafe too if you have bad navigation habits on that computer..

Avoid going to porn websites, avoid downloading piracy programs and cracks, avoid any shady website and do not click on phishing links and sites.

Also, download an adblock, it can help you avoid many phishing sites. I created a tutorial here: https://bitcointalk.org/index.php?topic=3210982.0;topicseen

Everyone can make a mistake and get infected, this is why desktop wallets are unsafe.

Mobile wallets such as Coinomi/samourai are the same too.

The only safe option for a newbie like you is a hardware wallet.

You can also try to make an airgrapped computer, if you have one old computer 100% offline. You need to research about how to make one properly.
member
Activity: 169
Merit: 18
Thank you all.

For Electrum I am getting  below 3 options under heading of easy install. I am using a windows laptop.

Standalone Executable (signature)
Windows Installer (signature)
Portable version (signature) (security advice)
Note: Some old versions of Windows might need to install the KB2999226 Windows update.

Which option I should use to install?

I was looking for an online wallet because last time I installed a altcoin wallet, it took month to sync and killed my system performance altogether.
If there is any other safe option online?  Is Green address ,segwit wallets looks safe bet.

legendary
Activity: 1624
Merit: 2481
You can export the seed from blockchain.info. AFAIK it is not possible to export single private keys (but i am not sure with this).

To export the seed, go to the 'security center' and clicking on'phrase backup'. You can do what ranochigo proposed to get your private keys. You might also import the seed into a BIP39 compatible wallet.
If you do this make sure to run https://iancoleman.io/bip39/ offline.


But regardless of the option to backup your seed, web wallets are the least-secure wallets.

If you want to be better secured, download a desktop wallet (e.g. a lightweight one which doesn't need the blockchain, https://electrum.org/#home.
Or, a better option is a hardware wallet. Unfortunately they are not that cheap. But definitely worth it if your investment can absorb the purchase.

Another way of securely storing your coins (which is not that convinient and 'easy' to spend from) is a cold wallet setup with a computer which is dedicated to store the private keys without any internet connection.

Or you can print a paper wallet to store them long term. But to spend from a paper wallet you have to import it into another wallet. Paper wallets are fine for long-term storage, but very unconvinient for regular usage.


Regardless, all of these wallet types are more secure than an online wallet.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Not safe at all. Blockchain.info is notorious for messing up the funds of their user and they shouldn't be trusted with any Bitcoins.

Did you receive the backup seed? AFAIK, the backup seed is compliant with BIP39. If you want to extract it, go to https://iancoleman.io/bip39/ and key in your seed. You can find the account number (ie derivation path) from settings>addresses.
member
Activity: 169
Merit: 18
 
I created my wallet at blockchain.info
https://blockchain.info

  I get my wallet id ( for login) and I created my password too. After login I got my wallet address id to receive the funds (or public key for sharing)
as "1NXnzET4nk2Jkn6ySZfBZALV5eJyNJXBRk".  But  I am not finding any private key in that account.

Is I am missing something or these online wallet do not provide private keys to users ?
Jump to: