My coins just got stolen from blockchain.info

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: enmaku on April 26, 2013, 11:22:37 PM

Two passwords, each unique to the site and a yubikey. Only device attached to the account was my cellphone - which was in my pocket while I was driving to work as this heist occurred.

https://blockchain.info/tx/1826f610d9dea7698d906da8f874974240204f42500fa621f1581c7023c6cc61

I think I'm going to vomit...

Have you previously accessed this wallet from a computer or only from your phone? Was this wallet initially established from a computer or from your phone? If you've used a computer to access/set up this wallet in the past, does this computer have Java installed/enabled? Have you ever visited the BTC-e website?

https://bitcointalksearch.org/topic/m.1947257

scintill

sr. member

Activity: 448

Merit: 254

Quote from: enmaku on April 27, 2013, 01:20:03 AM

Apparently it's some kind of Android-based malware, so my phone was probably the culprit.

Can we get it analyzed? Like, if you know enough, maybe see if you can find the malware and post copies; or if you don't, is there someone you could trust to image your phone and extract any malware?

zebedee

donator

Activity: 668

Merit: 500

Quote from: enmaku on April 27, 2013, 01:20:03 AM

Quote from: zebedee on April 27, 2013, 01:16:00 AM

Wow, no end to the number of these Sad

I feel something undetected has happened to the site itself.

Apparently it's some kind of Android-based malware, so my phone was probably the culprit. What's really embarrassing is that I'm one of the "Ease of Use" panelists at the Bitcoin 2013 conference next month and I was about to sing their praises for how much easier they've made things.

It's always embarrassing to be the victim of theft I suppose, but everyone will lose some coins eventually, it's all about minimizing your losses. Thankfully I do keep the bulk of my coins in cold storage, I'd just taken a few too many coins in and hadn't sent them off to cold storage in way too long - an oversight I doubt I'll repeat after learning a $1,000 lesson.

My friend lost 7 coins a few days ago. She doesn't use android, doesn't do anything else bitcoin related, and hadn't visited the site in 6 months since she set up her wallet in October.

So how did she lose her coins? I have no idea, but something very odd is going on.

enmaku

hero member

Activity: 742

Merit: 500

Quote from: zebedee on April 27, 2013, 01:16:00 AM

Wow, no end to the number of these Sad

I feel something undetected has happened to the site itself.

Apparently it's some kind of Android-based malware, so my phone was probably the culprit. What's really embarrassing is that I'm one of the "Ease of Use" panelists at the Bitcoin 2013 conference next month and I was about to sing their praises for how much easier they've made things.

It's always embarrassing to be the victim of theft I suppose, but everyone will lose some coins eventually, it's all about minimizing your losses. Thankfully I do keep the bulk of my coins in cold storage, I'd just taken a few too many coins in and hadn't sent them off to cold storage in way too long - an oversight I doubt I'll repeat after learning a $1,000 lesson.

jubalix

legendary

Activity: 2618

Merit: 1022

Quote from: enmaku on April 26, 2013, 11:22:37 PM

Two passwords, each unique to the site and a yubikey. Only device attached to the account was my cellphone - which was in my pocket while I was driving to work as this heist occurred.

https://blockchain.info/tx/1826f610d9dea7698d906da8f874974240204f42500fa621f1581c7023c6cc61

I think I'm going to vomit...

how does it get past yubi key and 2 passwords....did it inject a redirect???

zebedee

donator

Activity: 668

Merit: 500

Wow, no end to the number of these Sad

I feel something undetected has happened to the site itself.

enmaku

hero member

Activity: 742

Merit: 500

Live and learn I guess. I've washed my pants with my physical leather wallet in them plenty of times, it was only a matter of time before I did the digital equivalent. I kind of wish I'd been more vigilant about keeping less cash in said wallet, but it happens. I've updated all my posted addresses, informed those who had the old ones saved, etc. Time to start being more careful about moving to cold storage again.

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: wingsuit on April 27, 2013, 12:22:06 AM

Quote from: hiltonizer on April 27, 2013, 12:09:31 AM

Quote from: proudhon on April 26, 2013, 11:46:25 PM

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

IIRC, so far it's only been android devices.

If you're savvy enough to use bitcoin, i'd hope your savvy enough to avoid iOS devices period. That said, I don't know of any bitcoin wallets for non-jailbroken iPhones (i may be wrong of course as I no longer use one)

The blockchain info app is a fully functional wallet

Straight from https://blockchain.info/wallet/iphone-app:

"Where can I download it?
Due to restrictions from Apple the bitcoin wallet functionaility is not available in the app store version. However it is still available for free download with limited features.

For Jailbroken iphones the app is also available in TheBigBoss.org Cydia Repository"

wingsuit

member

Activity: 64

Merit: 10

2100 trillion sats baby

Quote from: hiltonizer on April 27, 2013, 12:09:31 AM

Quote from: proudhon on April 26, 2013, 11:46:25 PM

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

IIRC, so far it's only been android devices.

If you're savvy enough to use bitcoin, i'd hope your savvy enough to avoid iOS devices period. That said, I don't know of any bitcoin wallets for non-jailbroken iPhones (i may be wrong of course as I no longer use one)

The blockchain info app is a fully functional wallet

hiltonizer

member

Activity: 104

Merit: 10

Quote from: proudhon on April 26, 2013, 11:46:25 PM

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

IIRC, so far it's only been android devices.

If you're savvy enough to use bitcoin, i'd hope your savvy enough to avoid iOS devices period. That said, I don't know of any bitcoin wallets for non-jailbroken iPhones (i may be wrong of course as I no longer use one)

hiltonizer

member

Activity: 104

Merit: 10

Quote from: cypherdoc on April 26, 2013, 11:54:42 PM

this is why you don't use online wallets.

Armory is your safest bet.

I don't think this is the fault of blockchain.info, well... maybe their mobile app... but this is why you don't use phone wallets.... which is a bit of a problem if its ever expected to be used for POS payments. Some enterprising genius better got on the stick.

meowmeowbrowncow

sr. member

Activity: 322

Merit: 250

Sorry to hear. I have also experience massive online theft.

I have been experiencing an odd behavior with blockchain.info for the past few days. It no longer accepts my alias - and email alerts me that my browser user-agent string is unidentified (and it's indeed my real user-agent and IP.)

*shrugs*

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: proudhon on April 26, 2013, 11:46:25 PM

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

IIRC, so far it's only been android devices.

If that's the case, I guess the reduced functionality of the iPhone version of the blockchain.info app ended up being a good thing. I have the blockchain.info app installed on my non-jailbroken iPhone and linked to a wallet that does not use 2FA, or a second password, and I haven't had any coins stolen....knock on wood.

enmaku

hero member

Activity: 742

Merit: 500

Quote from: cypherdoc on April 26, 2013, 11:54:42 PM

this is why you don't use online wallets.

Armory is your safest bet.

I usually only keep a little in there for convenience and keep the bulk of my coins in cold storage etc, but I got way too busy and ended up letting too much coin pile up. Keeping that many coins there was my error, but it still shouldn't happen. Maybe where bc.info is a service that stores peoples coins they could have an optional feature requiring email confirmation before sending more than a configurable amount? I won't feel bad if someone steals $50 because I screwed up, but this is too much.

datafish

donator

Activity: 129

Merit: 100

Swimming in a sea of data

Were you using the Blockchain app or a browser to access your account?

I worry every time I update an app that one of these software authors got greedy.

cypherdoc

legendary

Activity: 1764

Merit: 1002

this is why you don't use online wallets.

Armory is your safest bet.

enmaku

hero member

Activity: 742

Merit: 500

Quote from: Fiyasko on April 26, 2013, 11:50:07 PM

Mother.... fucking...... thieves....
We really need to identify how the hell this is happening to people!

Well if it came from my phone, then I can tell you exactly where the malware came from, the only app I've installed in months is BitCare, because I needed a mining widget. I don't do much on my phone but make calls and such, I have a tablet for games et al and the blockchain app wasn't installed on the tablet.

Fiyasko

legendary

Activity: 1428

Merit: 1001

Okey Dokey Lokey

Mother.... fucking...... thieves....
We really need to identify how the hell this is happening to people!

proudhon

legendary

Activity: 2198

Merit: 1311

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

IIRC, so far it's only been android devices.

enmaku

hero member

Activity: 742

Merit: 500

Quote from: hiltonizer on April 26, 2013, 11:40:13 PM

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

Well that's just lovely. Nice to know that memorizing those ridiculous passwords and buying a yubikey was worth it. Time to go print myself a paper wallet.

proudhon

legendary

Activity: 2198

Merit: 1311

Assuming this is legitimate, I'm very sorry. So far it seems what's common among all these blockchain.info heists are linked mobile devices. In any event, I no longer trust blockchain.info with any amount, whether my phone is linked or not.

hiltonizer

member

Activity: 104

Merit: 10

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

enmaku

hero member

Activity: 742

Merit: 500

Two passwords, each unique to the site and a yubikey. Only device attached to the account was my cellphone - which was in my pocket while I was driving to work as this heist occurred.

https://blockchain.info/tx/1826f610d9dea7698d906da8f874974240204f42500fa621f1581c7023c6cc61

I think I'm going to vomit...

Topic: My coins just got stolen from blockchain.info (Read 3975 times)