Topic: [Information Request]Someone tried to login into my blockchain wallet (Read 1630 times)
February 28, 2016, 11:16:09 PM
Stingers: I got similar email on Feb 12 2016. Had my blockchain wallet for maybe 2 years now, haven't signed in there in a long time. Just FYI
February 18, 2016, 07:10:17 AM
I am wondering why are everyone not using Blockchain's Chrome extension app and not enabling more layers of security when they have such options available?
Try to add 2 factor with your email so whenever you send payments you will have to verify from your email. Also increase PBKDF2 Iterations to 20000 which will stretch your password to an extreme level.
Add a second password which must not be same as your login password and must be a harder one to brute force.
But do not set that password hint since anyone will get that hint if they knows the wallet identifier.
Block all TOR IP addresses by clicking that check-box and whitelist your IP for better protection. If possible try to restrict access to your whitelisted IP addresses only but you will not be able to open your wallet at all if you have a dynamic IP so be careful to check with your ISP for possible dynamic IPs before enabling this option.
I have taken all these secure measures and now my wallet is having 4 layers of security: Primary password + Secondary password + Email authentication + Block TOR IPs. I invite all the professional hackers to hack my wallet
Chrome extention : No. I am using mobile most of the times. Also yes, these passwords can be used but it then kinda mixed up. Anyways what you said is correct for improving security. Thanks. Try to add 2 factor with your email so whenever you send payments you will have to verify from your email. Also increase PBKDF2 Iterations to 20000 which will stretch your password to an extreme level.
Add a second password which must not be same as your login password and must be a harder one to brute force.
But do not set that password hint since anyone will get that hint if they knows the wallet identifier.
Block all TOR IP addresses by clicking that check-box and whitelist your IP for better protection. If possible try to restrict access to your whitelisted IP addresses only but you will not be able to open your wallet at all if you have a dynamic IP so be careful to check with your ISP for possible dynamic IPs before enabling this option.
I have taken all these secure measures and now my wallet is having 4 layers of security: Primary password + Secondary password + Email authentication + Block TOR IPs. I invite all the professional hackers to hack my wallet
February 18, 2016, 05:13:56 AM
I am wondering why are everyone not using Blockchain's Chrome extension app and not enabling more layers of security when they have such options available?
Try to add 2 factor with your email so whenever you send payments you will have to verify from your email. Also increase PBKDF2 Iterations to 20000 which will stretch your password to an extreme level.
Add a second password which must not be same as your login password and must be a harder one to brute force.
But do not set that password hint since anyone will get that hint if they knows the wallet identifier.
Block all TOR IP addresses by clicking that check-box and whitelist your IP for better protection. If possible try to restrict access to your whitelisted IP addresses only but you will not be able to open your wallet at all if you have a dynamic IP so be careful to check with your ISP for possible dynamic IPs before enabling this option.
I have taken all these secure measures and now my wallet is having 4 layers of security: Primary password + Secondary password + Email authentication + Block TOR IPs. I invite all the professional hackers to hack my wallet
Try to add 2 factor with your email so whenever you send payments you will have to verify from your email. Also increase PBKDF2 Iterations to 20000 which will stretch your password to an extreme level.
Add a second password which must not be same as your login password and must be a harder one to brute force.
But do not set that password hint since anyone will get that hint if they knows the wallet identifier.
Block all TOR IP addresses by clicking that check-box and whitelist your IP for better protection. If possible try to restrict access to your whitelisted IP addresses only but you will not be able to open your wallet at all if you have a dynamic IP so be careful to check with your ISP for possible dynamic IPs before enabling this option.
I have taken all these secure measures and now my wallet is having 4 layers of security: Primary password + Secondary password + Email authentication + Block TOR IPs. I invite all the professional hackers to hack my wallet
February 16, 2016, 09:41:43 PM
Good to know. Moved my blockchain wallet's coins to my breadwallet app. Deleting my blockchain app now.
February 16, 2016, 08:48:05 PM
I received a few of these emails just the other day as well.
I'm in the opinion that an identifier list was leaked somehow.
I'm in the opinion that an identifier list was leaked somehow.
Thought the same, could be an inside job for all we know
February 16, 2016, 03:26:40 PM
I received a few of these emails just the other day as well.
I'm in the opinion that an identifier list was leaked somehow.
I'm in the opinion that an identifier list was leaked somehow.
February 15, 2016, 03:51:03 PM
Yes but the hacker can have keylogger, so they check when OP logs in and get his private keys. In this scenario, nor 2FA nor EMail confirmation helps you out cause he can do whatever he likes with OP account. I thought OP was hacked, if not then I am very happy for him.
If you read the previous posts, its highly likely someone is bruteforcing the passwords. Which if you don't know if not in anyway similar to keylogging, what you're saying does not even make sense. You mean to say email accounts of dozens of members have been compromised and the hackers haven't used them, stupid FFS February 15, 2016, 03:35:59 PM
If hackers brute forces it, he probably have the private keys, the best practice to follow is to create a new wallet, after you format your PC if you don't have any important documents there.
Yes but the hacker can have keylogger, so they check when OP logs in and get his private keys. In this scenario, nor 2FA nor EMail confirmation helps you out cause he can do whatever he likes with OP account. I thought OP was hacked, if not then I am very happy for him.
February 15, 2016, 02:48:58 PM
If hackers brute forces it, he probably have the private keys, the best practice to follow is to create a new wallet, after you format your PC if you don't have any important documents there.
February 15, 2016, 02:46:50 PM
Did any of you have your alias as your username here or some sort of simple dictionary word? Wouldn't surprise me if hackers were using bots to try get hits on usernames and then focusing on the ones they find.
If you can't keep your funds safe then using a desktop wallet wont be any good either. At least blockchain.info has several security features that prevent a hacker getting in. Even if they had your password and identifyer they wouldnt be able to get in without confirming via email and 2-factor if you have that set up which you should have and even then they wouldn't be able to spend the funds if you had a second password on.
Doesn't it feel strange that all these strange things happens to one and only one online wallet, 99% of the cases is blockchain.info . Well after reading other stories here, I raise a reasonable doubt, why people should continue using it 
If you can't keep your funds safe then using a desktop wallet wont be any good either. At least blockchain.info has several security features that prevent a hacker getting in. Even if they had your password and identifyer they wouldnt be able to get in without confirming via email and 2-factor if you have that set up which you should have and even then they wouldn't be able to spend the funds if you had a second password on.
If hackers brute forces it, he probably have the private keys, the best practice to follow is to create a new wallet, after you format your PC if you don't have any important documents there. If so create a new wallet straight after you have installed windows. Keep a copy of the private keys in a safe place, enable 2fa and email confirmation. And don't share your identifier in any other pc rather than this. Keep this as secure as you can with antivirus and antispyware.
Above all this, a wallet like Electrum is easy to maintain. Suppose you have just installed windows. Save electrum seed in a document in some safe place like USB or external HDD. Put a strong password to it, then start using it, chances of you getting hacked are very very small this way.
Never open that USB or external HDD in a infected PC. You can do more than this, but this is pretty basic things you need to know to have above normal security.
February 15, 2016, 11:35:38 AM
Did any of you have your alias as your username here or some sort of simple dictionary word? Wouldn't surprise me if hackers were using bots to try get hits on usernames and then focusing on the ones they find.
If you can't keep your funds safe then using a desktop wallet wont be any good either. At least blockchain.info has several security features that prevent a hacker getting in. Even if they had your password and identifyer they wouldnt be able to get in without confirming via email and 2-factor if you have that set up which you should have and even then they wouldn't be able to spend the funds if you had a second password on.
Doesn't it feel strange that all these strange things happens to one and only one online wallet, 99% of the cases is blockchain.info . Well after reading other stories here, I raise a reasonable doubt, why people should continue using it
If you can't keep your funds safe then using a desktop wallet wont be any good either. At least blockchain.info has several security features that prevent a hacker getting in. Even if they had your password and identifyer they wouldnt be able to get in without confirming via email and 2-factor if you have that set up which you should have and even then they wouldn't be able to spend the funds if you had a second password on.
February 14, 2016, 09:46:57 AM
i just got some email that there was a login attempt to my wallet and this wallet is just 1 week old because i did try out blockchain.info
February 14, 2016, 09:35:03 AM
Okay great! Now everyone is being targeted(relieved to hear that I wasn't the only one being targeted). Blockchain guys should do something about it. They need to somehow stop the guys from brute forcing usernames, why can't they have some captchas if a users is acting in a fishy manner?
There is no need, they cant do anything with just our identifiers, they would need to hack the password and they would also need to hack into our email to validate the login attempt February 14, 2016, 09:24:49 AM
Okay great! Now everyone is being targeted(relieved to hear that I wasn't the only one being targeted). Blockchain guys should do something about it. They need to somehow stop the guys from brute forcing usernames, why can't they have some captchas if a users is acting in a fishy manner?
There must be a blockchain identifier dump somewhere on the deep web, gotta do some searching later. It's better to change all your email passwords too. No more blockchain wallets for me thats for sure.
February 14, 2016, 08:57:23 AM
Okay great! Now everyone is being targeted(relieved to hear that I wasn't the only one being targeted). Blockchain guys should do something about it. They need to somehow stop the guys from brute forcing usernames, why can't they have some captchas if a users is acting in a fishy manner?
February 14, 2016, 08:50:55 AM
Just google up that IP. Its already showing that IP belongs to a hacker and also, that IP has IIS 7 running. So maybe someone can get out more info out of IIS7 thing?
February 14, 2016, 07:22:25 AM
Same thing just happened to me :
[img ]https://i.imgur.com/0QjNx2x.png?1[/img]
Damn KGBs
Same here too, didn't use blockchain anyway. @QS it seems the hacker only knows the wallet-identifiers and is just brute-forcing as I did get an email only to confirm the login.[img ]https://i.imgur.com/0QjNx2x.png?1[/img]
Damn KGBs
Yeah i wonder how did they get the wallet-identifiers. I rarely use blockchain though. Been using localbitcoins for some years now
February 14, 2016, 07:20:00 AM
Same thing just happened to me :
[img ]https://i.imgur.com/0QjNx2x.png?1[/img]
Damn KGBs
Same here too, didn't use blockchain anyway. @QS it seems the hacker only knows the wallet-identifiers and is just brute-forcing as I did get an email only to confirm the login. [img ]https://i.imgur.com/0QjNx2x.png?1[/img]
Damn KGBs
February 14, 2016, 07:16:10 AM
Same thing just happened to me :
Damn KGBs
Damn KGBs
February 14, 2016, 06:42:56 AM
Doesn't it feel strange that all these strange things happens to one and only one online wallet, 99% of the cases is blockchain.info . Well after reading other stories here, I raise a reasonable doubt, why people should continue using it
if 99% of people use blockchain.info then 99% of the time issues raised are going to be about them OP just save your private keys, create a new wallet and import the keys to the new wallet, the hacker probably has your identifier
Good point but I'm not sure it's the real ratio. We should have a ledger somewhere to note all those kind of attacks to be sure on which is the most targeted.
Jump to: