my wallets were stolen just now, can any one help me?

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

Quote from: BurtW on December 18, 2013, 11:37:19 AM

If you have the wallet backup all you need to do is decrypt it. That means guessing the password. The 2FA does not matter anymore. There is nothing to slow you down, you can make as many attempts per second as your hardware allows. Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.

Especially if you used the same password as you used on your email account that they already have.

bbit

legendary

Activity: 1330

Merit: 1000

Bitcoin

Sorry to hear that Sad

how did this happen?

bryant.coleman

legendary

Activity: 3724

Merit: 1217

Quote from: BurtW on December 18, 2013, 11:37:19 AM

If you have the wallet backup all you need to do is decrypt it. That means guessing the password. The 2FA does not matter anymore. There is nothing to slow you down, you can make as many attempts per second as your hardware allows. Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.

Well... guessing both the passwords (1st password and 2nd password) will take a hell lot of effort. But if there is a keylogger in the system stealing the passwords, then it is quite easy.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: bitpop on December 18, 2013, 10:42:00 AM

How would they steal from a wallet backup?

If you have the wallet backup all you need to do is decrypt it. That means guessing the password. The 2FA does not matter anymore. There is nothing to slow you down, you can make as many attempts per second as your hardware allows. Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.

bitpop

legendary

Activity: 2912

Merit: 1060

How would they steal from a wallet backup?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: bryant.coleman on December 18, 2013, 05:57:33 AM

Quote from: BurtW on December 17, 2013, 12:22:22 PM

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA. The list goes on. I have been using if for years with no issues. Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?

Yes, but I think it is disabled by default so you must turn it on:

Wallet Home -> Account Settings -> Continue -> Logging

Select the logging level you desire

bryant.coleman

legendary

Activity: 3724

Merit: 1217

Quote from: BurtW on December 17, 2013, 12:22:22 PM

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA. The list goes on. I have been using if for years with no issues. Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?

hilariousandco

global moderator

Activity: 3934

Merit: 2676

Join the world-leading crypto sportsbook NOW!

Quote from: bryant.coleman on December 17, 2013, 12:04:33 PM

Quote from: runam0k on August 20, 2013, 07:41:45 AM

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well.

This is definitely a good idea. Keyloggers are probably the easiest way to get at your password.

Like others have said, I recommend Linux. I moved from windows about a year ago and never looked back. Was getting far too many viruses.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: cp1 on December 17, 2013, 02:08:23 PM

I think the problem usually turns out to be wallet backups sent to your compromised email account.

This may be a possibility in Mark_Twain's case.

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

I think the problem usually turns out to be wallet backups sent to your compromised email account.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: bryant.coleman on December 17, 2013, 12:04:33 PM

Quote from: runam0k on August 20, 2013, 07:41:45 AM

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA. The list goes on. I have been using if for years with no issues. Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

bryant.coleman

legendary

Activity: 3724

Merit: 1217

Quote from: runam0k on August 20, 2013, 07:41:45 AM

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.

Exther

newbie

Activity: 45

Merit: 0

Still trying to figure out how the thief accessed account if you had google authenticator activated?

Mark_Twain

full member

Activity: 180

Merit: 100

Just had 10BTC ripped off from my Blockchain.info wallet without my consent!

Situation explained here:

https://bitcointalksearch.org/topic/m.4004705

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

Oh sorry I misunderstood. I think there was a problem with using it offline with java that gave bad random number generation, but that should be fixed now. But I use armory to do all my offline transaction generation, so I'm not really up to date on web based methods.

MrVivaldi

newbie

Activity: 37

Merit: 0

Thank you for your reply CP1. My question was more specifically wether their way of creating raw transactions was unsecure.

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

Brainwallets are the worst unless you can come up with a really good passphrase (computer generated)

MrVivaldi

newbie

Activity: 37

Merit: 0

What type of level of security does "http://brainwallet.org/#tx" provide?

Do you think it could result in the heist of ones coins?

b!z

legendary

Activity: 1582

Merit: 1010

@tkone, the most secure way is to use an offline cold wallet for sure. using online wallets puts you at risk.

didjaydisteele

member

Activity: 96

Merit: 10

All For Bitcoin!

Quote from: watertech666 on August 23, 2013, 11:37:33 AM

I just changed passphrase for the address 1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn . Let's see what happen.

The address, that's it!

Topic: my wallets were stolen just now, can any one help me? (Read 12204 times)