Pages:
Author

Topic: my wallets were stolen just now, can any one help me? (Read 12255 times)

cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
If you have the wallet backup all you need to do is decrypt it.  That means guessing the password.  The 2FA does not matter anymore.  There is nothing to slow you down, you can make as many attempts per second as your hardware allows.  Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.

Especially if you used the same password as you used on your email account that they already have.
legendary
Activity: 1330
Merit: 1000
Bitcoin
Sorry to hear that Sad  how did this happen?
legendary
Activity: 3766
Merit: 1217
If you have the wallet backup all you need to do is decrypt it.  That means guessing the password.  The 2FA does not matter anymore.  There is nothing to slow you down, you can make as many attempts per second as your hardware allows.  Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.

Well... guessing both the passwords (1st password and 2nd password) will take a hell lot of effort. But if there is a keylogger in the system stealing the passwords, then it is quite easy.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
How would they steal from a wallet backup?
If you have the wallet backup all you need to do is decrypt it.  That means guessing the password.  The 2FA does not matter anymore.  There is nothing to slow you down, you can make as many attempts per second as your hardware allows.  Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.
legendary
Activity: 2912
Merit: 1060
How would they steal from a wallet backup?
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?

Yes, but I think it is disabled by default so you must turn it on:

Wallet Home -> Account Settings -> Continue -> Logging

Select the logging level you desire
legendary
Activity: 3766
Merit: 1217
Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?
global moderator
Activity: 4018
Merit: 2728
Join the world-leading crypto sportsbook NOW!
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well.

This is definitely a good idea. Keyloggers are probably the easiest way to get at your password.

Like others have said, I recommend Linux. I moved from windows about a year ago and never looked back. Was getting far too many viruses.

legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
I think the problem usually turns out to be wallet backups sent to your compromised email account.
This may be a possibility in Mark_Twain's case.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
I think the problem usually turns out to be wallet backups sent to your compromised email account.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.
Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.
legendary
Activity: 3766
Merit: 1217
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.
newbie
Activity: 45
Merit: 0
Still trying to figure out how the thief accessed account if you had google authenticator activated?
full member
Activity: 180
Merit: 100
Just had 10BTC ripped off from my Blockchain.info wallet without my consent!

Situation explained here:

https://bitcointalksearch.org/topic/m.4004705
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Oh sorry I misunderstood.  I think there was a problem with using it offline with java that gave bad random number generation, but that should be fixed now.  But I use armory to do all my offline transaction generation, so I'm not really up to date on web based methods.
newbie
Activity: 37
Merit: 0
Thank you for your reply CP1. My question was more specifically wether their way of creating raw transactions was unsecure.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Brainwallets are the worst unless you can come up with a really good passphrase (computer generated)
newbie
Activity: 37
Merit: 0
What type of level of security does "http://brainwallet.org/#tx" provide?

Do you think it could result in the heist of ones coins?
b!z
legendary
Activity: 1582
Merit: 1010
@tkone, the most secure way is to use an offline cold wallet for sure. using online wallets puts you at risk.
member
Activity: 96
Merit: 10
All For Bitcoin!
I just changed passphrase for the address  1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn . Let's see what happen.

The address, that's it!
Pages:
Jump to: