Pages:
Author

Topic: My (and i think some others) blockchain.info wallet was hacked - page 2. (Read 5547 times)

legendary
Activity: 1367
Merit: 1000
hmm? Was notifications enabled?
No, in my case only security option was password.
newbie
Activity: 33
Merit: 0
I just recently (a week or so ago) wiped and reinstalled Debian, haven't logged into my blockchain wallet on my PC since then... and still got my fraction-of-a-coin swiped. Not sure I buy the XSS explanation.
vip
Activity: 1316
Merit: 1043
👻
A XSS attack on Blockchain.info is possible but would be WAY more serious and so bad to the point of me thinking it shouldn't be possible.

The only other possibility is a compromised browser extension (chrome app) but it's slightly far fetched.
Pretty sure it's Java now.

hmm? Was notifications enabled?
legendary
Activity: 1367
Merit: 1000
You get exploited through a 0 day through Java or Flash in your browser
Flash and java were disabled.
- Never re-use your blockchain password for anything else. That's just silly.
Password was unique.
sr. member
Activity: 315
Merit: 255
A XSS attack on Blockchain.info is possible but would be WAY more serious and so bad to the point of me thinking it shouldn't be possible.

The only other possibility is a compromised browser extension (chrome app) but it's slightly far fetched.
sr. member
Activity: 315
Merit: 255
Nobody has their password 'hacked'. You get exploited through a 0 day through Java or Flash in your browser, or through a file download, and then the program just sits and waits.

- Never re-use your blockchain password for anything else. That's just silly.

- Enable 'click to play' on all browser plugins. There is no pure JavaScript exploit, only browser plugin exploits. Enable browser plugins by default = you're hacked

- Enable one time password 2 factor auth to your PHONE. Not your @#$% email. That's completely redundant. If someone has access to your machine then they have access to the email. No 2 factor to your phone = you're hacked.

If anyone is hit by this then the malware is still going to be on your computer so you need to nuke it from orbit or buy a new computer.
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
Yes, I can confirm being hacked. Well, I have 0.1 BTC in Pyramining, so I just need to hit the owner up for that.
legendary
Activity: 1367
Merit: 1000
No, sure it was original site.
sr. member
Activity: 406
Merit: 250
Perhaps it is also possible that you visited a cloned website with a slightly different Domain? This kind of scam happens all the time with Paypal and even student loan websites.
legendary
Activity: 1367
Merit: 1000
BINGO!  You caught a javascript keylogger, or a script the performed a cross site scripting attack, pulled your wallet out of the jscript running while you had blockchain.info open in another tab.
I guess if it was a script after reloading os and clearing browser cache it must be gone?
vip
Activity: 1316
Merit: 1043
👻
Would have to be XSS [or other malware].
z12
member
Activity: 63
Merit: 10
Now that you mention it, i just checked my browsing history
The suspicious websites i visited in last week:
Code:
Cryptocoinexplorer.com <= i clicked this from btc-e
bitcoin.clarkmoody.com
bitcoinrush.p4o.net
zerohedge.com
xcannabis.com
wallet.litehosting.eu
thebitcoinchannel.com
coinad.com
cryptocoincharts.info
kamikaze.litecoinland.com
litecoin-store.com
litecoingames.com
litefaucet.com
m-obmen.com
medium.com
minecraftcc.com
otn.dsparking.com
weusecoins.com

These are the domains i visited from last week which i don't instantly trust, Some of them are well known btc/ltc services...
Though my blockchain wallet wasn't touched and i still have my 0.0000105 btc (!) but i lost access to my btc-e account ..
Could one of these install a keylogger on my computer? i don't think so
Edit: Also, i'd like to include that i use lastpass autofill feature to login, i don't think a normal keylogger could log lastpass logins.
sr. member
Activity: 364
Merit: 250
when logged into a bitcoin site that contains your balance run FF with NoScript addon installed (set it to bans scripts globally), then "allow" the ones that are needed for gox and blockchain info, all others shall be banned. Bitcointalk.org is safe too.  Your banking site scripts are ok.  google.com is okay and might need to be allowed too.  everything else by default will be banned.

Use that browser only for your financial stuff.  Browse in chrome for everything else.  Consider linux or os x.  you can buy a $50 external usb hdd and install some kind of linux on that (or repartition your boot drive if your good at stuff like that).  Just run bitcoin on that linux install and run all the security patches.  Use FF on that, just like i told you.
sr. member
Activity: 364
Merit: 250
did you click any links in the btc-e chatroom, or other bitcoin chatrooms while logged into blockinfo?
Yes, that could have happened.
BINGO!  You caught a javascript keylogger, or a script the performed a cross site scripting attack, pulled your wallet out of the jscript running while you had blockchain.info open in another tab.
legendary
Activity: 1367
Merit: 1000
did you click any links in the btc-e chatroom, or other bitcoin chatrooms while logged into blockinfo?
Yes, that could have happened.
sr. member
Activity: 364
Merit: 250
did you click any links in the btc-e chatroom, or other bitcoin chatrooms while logged into blockinfo?

use firefox, use noscript
newbie
Activity: 20
Merit: 0
No way the passwords of that many ppl was guessed
legendary
Activity: 1367
Merit: 1000
My passphrase had some short real words, not obvious, with no sense, but arranged in some simple algorithm. Now i think it could be guessed.
Another way could be not hacking password, but something like stealing session cookies, my bad i dont know much about such things.
newbie
Activity: 20
Merit: 0
I'm guessing wallets weren't encrypted
sr. member
Activity: 364
Merit: 250
In my case words were not random, but it was not some recognizable or having some sense phrase.

yeah then its impossible it was hacked cause it sounds random enough.  was it something like   dogpeesinfamilypot?  or samgoestothedrycleaners?

that might as well be as random as it gets.  and 15 char is a lot to brute force.  some one had ur key strokes and clip board with the link to blockinfo.

otherwise we are talking man in the middle, and thats just not very likely.
Pages:
Jump to: