Pages:
Author

Topic: My wallet on blockchain.info hacked even by e-mail comfirmation code !!!!!! (Read 2588 times)

legendary
Activity: 2212
Merit: 1199
at 1st Blockchain ... now Zipcoin ... who will be next?

Can you post any proves of what you are saying or it will remain as a hot air?
hero member
Activity: 615
Merit: 500
Sorry to hear your loss.
While the culprit turns out to be the ZipCoin wallet rather than blockchain.info, it is always a good idea to store your bitcoin in offline wallet.
hero member
Activity: 622
Merit: 500
It is a good idea to disable the backup to email feature and just manually download a backup to an offline disk (USB device or other).  However, make sure you take a backup whenever you use the service, especially when generating new addresses.
hero member
Activity: 546
Merit: 500
Hello all BTC's members Again !!!!


I noticed dev of zipcoin hacked me !!!!!!!!!! and others too


Sorry .


Blockchain is safe



https://bitcointa.lk/threads/ann-zipcoin-x13-pow-pos-no-premine-7-days-pow-ninja.350313/page-11
legendary
Activity: 2212
Merit: 1199
For curiosity's sake, what was your password?  I'm always interested in seeing what passwords were that get hacked.  I think mine is relatively advanced (not a word, uses punctuation and numbers).

His password is not as hard to brake whatever it was as 2FA should be..

As I understand he was using 2FA - which is very, very hard to be compromised...
hero member
Activity: 700
Merit: 500
For curiosity's sake, what was your password?  I'm always interested in seeing what passwords were that get hacked.  I think mine is relatively advanced (not a word, uses punctuation and numbers).
legendary
Activity: 2212
Merit: 1199
We are all sad when someone is losing his coins ...

But in 99% of the cases fault is on the victim's side.

Btw. Online wallets are not recommended to store large amounts of coins.

Desktop wallets are mentioned for that and then a security is up to you.


I hope in this case we can figure out what's happened but we have a lack of information.

Regards.
hero member
Activity: 718
Merit: 545
I'm sorry you lost coins. That's never a pleasant feeling..  Sad

Can I ask the OP what computer he has ?

Windows, Mac or Linux ?

And did you ever access your blockchain.info account from an internet cafe ?


hero member
Activity: 798
Merit: 1000
More detaile ?

Are you serious ?


This is not the first time someone hacked in the site , just search google , before me there were many people .

https://bitcointalksearch.org/topic/blockchaininfo-wallet-hacked-188639
https://bitcointalksearch.org/topic/hacker-stole-bitcoins-from-blockchain-wallets-588644
https://bitcointalksearch.org/topic/blockchaininfo-acount-hacked-while-using-yubikey-120865

When they said we hacked i tought they did not keep security issues but today i reliaze they was right and something is strange !!!!!

Maybe the site itself has a keylogger !!!!!!

I'm using last update Smart security NOD32 and malewarebytes permium !!!!!!!

The stolen BTCs it's not our fault security it's about blockchain.info , i guess the site steals bitoins itself and there aren't any hacker . if there was a hacker Maybe he was very very high IQ and guess my passwrod Smiley))))))

I don't want doubt with you guys and wanna go to bed

Tommorrow this will happen for you and you will understand why the site is not Okay for your bitcoins but that day is late for understand !!!!!

Its your fault and your fault only. Antiviruses don't detect everything. You should stop downloading crap and visiting weird sites.
Also,
His blockchain.info alias matches his forum name, and it has no 2-factor authentication.  Attacker grabs the wallet and performs an offline brute force attack.  Guessing the password wasn't very good either. 

You're right, my password was lazy. Lesson learned.

Have you enabled 2FA?
Have you received some phishing emails and clicked the link?
Have you download some "strange" programs which may contain keylogger?

no,no.and no!


So you don't use 2FA?

I tried out my MtGox YubiKey on the blockchain wallet service, and I noticed the OTP's that it generates are REUSABLE. It seems Blockchain.info is only looking at the first few letters of the OTP, as they are static, you can actually change the end of the OTP and the website will still accept it.

Doesn't sound secure at all to me and is definitely something that needs to be addressed. This is not 2-factor authentication.

As you see, in all cases it was the users' own fault. This case its no different, its your own fault, stop blaming others for your ridiculous mistakes.
sr. member
Activity: 462
Merit: 250
This is concerning, as I have small amounts in blockchain wallet
This may just be the spur I needed to move the coins into safe, offline wallets
hero member
Activity: 528
Merit: 527
hello all ,

I'm very surprise


I can't say anything but my wallet hacked even when i 've use 2FA including email confirmation code !!!

And i surprise that there was no click on confirmation code in my email !!!!!!

Very very intersting bussiness

Please use offline wallet and say goodbye to blockchain

Most likely malware or family/friends with access to your computer and cell phone. Emails can be permanently deleted. You might go online and check your old phone texts, family/friends could have stolen your coins and deleted the texts on your phone and your emails, but the phone texts should still be visible online if you log into your phone account.

There are trusted people on this forum that could do a forensic analysis of your hard drive for you. I would strongly suggest it. You need to find out EXACTLY how those coins were lost.
mkc
hero member
Activity: 517
Merit: 501
I can understand the anger, would the OP please share the details with us?
sr. member
Activity: 420
Merit: 250
guess your pc is full of maleware and your 4 friends also have access to the pc? hmm, strange that all coins are gone   Tongue

i bet he has an altcoin client on his pc or that "bitcoin generator" app from youtube. that seems to be the likely culprits that trojans are coming from


100% !

Man I started seeing these generators, the problem is education. People need to learn you cannot create or generate a bitcoin out of nothing. My bet is these amateurs see BTC as some digital thing , and since mostly everything digital can be copied or pirated or generated. This may work, then realizing it doesn't work and then going on with there day maybe even thinking they have deleted it but really not. Then one of these days there BTC disappears and they fail to link up the cause
member
Activity: 95
Merit: 10
Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.

I have a hard time believing that only a few pairs of keys from Blockchain.info were accessed by hackers, what makes more sense is a that a few customers machines are compromised with key-loggers.

If it was that easy too access the private keys on Blockchain.info, don't you think more people would be having issues storing coins their? It sure seems like alot of people are happy with their service. If this seemed like a widespread problem, I would agree with you but honestly this seems like a failure on the customers behalf. Probably was using Windows and downloading altcoin wallets, miner executables, and visiting links on this board etc.

Blockchain.info and email providers have logs that clearly indicate that those accounts were not accessed in previous hacks.  If it was a keylogger being used then users would also receive e-mail notifications when their blockchain.info account was being accessed.  2FA does not prevent a hacker from accessing the private keys on your computer after they have been decrypted.  Blockchain.info does not store or have access to unencrypted private keys.  The private keys get decrypted on the user's pc.  This is why they never assume fault for the thefts.  The keys are decrypted on your own local computer.  You are responsible for keeping them secure at that point.

That's pretty interesting, I have never actually tried to use Blockchain.info to for storage, I just assumed they dealt with private keys like most other online wallet services. So they actually have you generate an encrypted private key, they then store this encrypted key, and you should be the only one able too decrypt it? If he was actually being keylogged whenever he decrypted the private key perhaps the decryption key was keylogged, or maybe the unencrypted key was taken right after decrypting it?

As for the email trail, without requesting records from the email provider or the service sending the mails, it would be as simple as just logging into their email and removing the auto-generated emails from the inbox, if you had key logged their info this would be easy. This gives the appearance that no mails were sent even though they were just deleted ASAP.

You have the option of having your encrypted keys sent to you via email anytime your wallet changes (a key is added or removed). If an attacker were to use blockchain.info to decrypt his wallet then all they would have to do is create a new wallet with the same password that the OP uses with his wallet. In other words the encrypted backup essentially acts as the identifier.
sr. member
Activity: 381
Merit: 250
Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.

I have a hard time believing that only a few pairs of keys from Blockchain.info were accessed by hackers, what makes more sense is a that a few customers machines are compromised with key-loggers.

If it was that easy too access the private keys on Blockchain.info, don't you think more people would be having issues storing coins their? It sure seems like alot of people are happy with their service. If this seemed like a widespread problem, I would agree with you but honestly this seems like a failure on the customers behalf. Probably was using Windows and downloading altcoin wallets, miner executables, and visiting links on this board etc.

Blockchain.info and email providers have logs that clearly indicate that those accounts were not accessed in previous hacks.  If it was a keylogger being used then users would also receive e-mail notifications when their blockchain.info account was being accessed.  2FA does not prevent a hacker from accessing the private keys on your computer after they have been decrypted.  Blockchain.info does not store or have access to unencrypted private keys.  The private keys get decrypted on the user's pc.  This is why they never assume fault for the thefts.  The keys are decrypted on your own local computer.  You are responsible for keeping them secure at that point.

That's pretty interesting, I have never actually tried to use Blockchain.info to for storage, I just assumed they dealt with private keys like most other online wallet services. So they actually have you generate an encrypted private key, they then store this encrypted key, and you should be the only one able too decrypt it? If he was actually being keylogged whenever he decrypted the private key perhaps the decryption key was keylogged, or maybe the unencrypted key was taken right after decrypting it?

As for the email trail, without requesting records from the email provider or the service sending the mails, it would be as simple as just logging into their email and removing the auto-generated emails from the inbox, if you had key logged their info this would be easy. This gives the appearance that no mails were sent even though they were just deleted ASAP.
full member
Activity: 123
Merit: 100
The love of fiat is the root of all good
Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.

I have a hard time believing that only a few pairs of keys from Blockchain.info were accessed by hackers, what makes more sense is a that a few customers machines are compromised with key-loggers.

If it was that easy too access the private keys on Blockchain.info, don't you think more people would be having issues storing coins their? It sure seems like alot of people are happy with their service. If this seemed like a widespread problem, I would agree with you but honestly this seems like a failure on the customers behalf. Probably was using Windows and downloading altcoin wallets, miner executables, and visiting links on this board etc.

Blockchain.info and email providers have logs that clearly indicate that those accounts were not accessed in previous hacks.  If it was a keylogger being used then users would also receive e-mail notifications when their blockchain.info account was being accessed.  2FA does not prevent a hacker from accessing the private keys on your computer after they have been decrypted.  Blockchain.info does not store or have access to unencrypted private keys.  The private keys get decrypted on the user's pc.  This is why they never assume fault for the thefts.  The keys are decrypted on your own local computer.  You are responsible for keeping them secure at that point.
sr. member
Activity: 381
Merit: 250
hello all ,

I'm very surprise


I can't say anything but my wallet hacked even when i 've use 2FA including email confirmation code !!!

And i surprise that there was no click on confirmation code in my email !!!!!!

Very very intersting bussiness

Please use offline wallet and say goodbye to blockchain

Does your email provider have 2 Factor Authentication enabled? Not just the 2 Factor on the Blockchain.info website, you need it on both your email and Blockchain.info to be safe from logging. If you only had it just on the Blockchain.info website, I can imagine a keylogger in this scenario would allow someone to take your coins. Ex. Log email info and blockchain.info info, they went too blockchain while your sleeping and disabled the 2 factor, went into your email  to confirm emails then deleted them.

Otherwise someone close to you took your phone, logged in and took your coins.

Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.

I have a hard time believing that only a few pairs of keys from Blockchain.info were accessed by hackers, what makes more sense is a that a few customers machines are compromised with key-loggers.

If it was that easy too access the private keys on Blockchain.info, don't you think more people would be having issues storing coins their? It sure seems like alot of people are happy with their service. If this seemed like a widespread problem, I would agree with you but honestly this seems like a failure on the customers behalf. Probably was using Windows and downloading altcoin wallets, miner executables, and visiting links on this board etc.

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
guess your pc is full of maleware and your 4 friends also have access to the pc? hmm, strange that all coins are gone   Tongue

i bet he has an altcoin client on his pc or that "bitcoin generator" app from youtube. that seems to be the likely culprits that trojans are coming from


100% !
full member
Activity: 123
Merit: 100
The love of fiat is the root of all good
hello all ,

I'm very surprise


I can't say anything but my wallet hacked even when i 've use 2FA including email confirmation code !!!

And i surprise that there was no click on confirmation code in my email !!!!!!

Very very intersting bussiness

Please use offline wallet and say goodbye to blockchain

Does your email provider have 2 Factor Authentication enabled? Not just the 2 Factor on the Blockchain.info website, you need it on both your email and Blockchain.info to be safe from logging. If you only had it just on the Blockchain.info website, I can imagine a keylogger in this scenario would allow someone to take your coins. Ex. Log email info and blockchain.info info, they went too blockchain while your sleeping and disabled the 2 factor, went into your email  to confirm emails then deleted them.

Otherwise someone close to you took your phone, logged in and took your coins.

Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.
sr. member
Activity: 381
Merit: 250
hello all ,

I'm very surprise


I can't say anything but my wallet hacked even when i 've use 2FA including email confirmation code !!!

And i surprise that there was no click on confirmation code in my email !!!!!!

Very very intersting bussiness

Please use offline wallet and say goodbye to blockchain

Does your email provider have 2 Factor Authentication enabled? Not just the 2 Factor on the Blockchain.info website, you need it on both your email and Blockchain.info to be safe from logging. If you only had it just on the Blockchain.info website, I can imagine a keylogger in this scenario would allow someone to take your coins. Ex. Log email info and blockchain.info info, they went too blockchain while your sleeping and disabled the 2 factor, went into your email  to confirm emails then deleted them.

Otherwise someone close to you took your phone, logged in and took your coins.

Pages:
Jump to: