Pages:
Author

Topic: Someone hacked into our Blockchain.com wallet - page 2. (Read 668 times)

sr. member
Activity: 1877
Merit: 389
November 28, 2018, 05:07:07 PM
#4

Were you logged on blockchain.com wallet when you installed the add-on?

Yes.


Did you do all the security steps in blockchain.com wallet? Did you use 2fa, for example?


Did not use 2FA.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
November 28, 2018, 04:56:32 PM
#3
Well, first thing change your browser to a more reliable one, such as Firefox.

Were you logged on blockchain.com wallet when you installed the add-on?
Did you do all the security steps in blockchain.com wallet? Did you use 2fa, for example?

Often people don't follow basic security steps which are recommend by the services...maybe a 2fa could have avoided this.

Answering yohr questions:

1- blockchain.com wallet is not the safest, however its not a scam, and it is a nice initiative for newbies. It is easy to use and if you all follow all recommended security steps, you are *somehow* safe, but you should never use it for high amounts.
The add-on probably installed some kind of malware and , if you were already logged, easy to get...or if you had no 2fa and password was saved in browser?

2-i would definitely format it. Additionally, I would buy a ledger nano from the official retailer. https://www.ledger.com

3 -i am not familiar, but ledger nano allows you to use it safely in any infected computer.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
November 28, 2018, 04:40:04 PM
#2
1. Chrome addons allow access to a lot of things. I'm assuming it asks you by giving you a menu of permissions as to what the site is allowed to access. I think you should format chrome (if they use user profiles, just delete that and start afresh). Maybe be clever and don't give him access to your wallet if he can't browse the internet without damaging your companies reputation/finances.
2. I don't think chrome addons have access to anything but google chrome and stuff that's put on it (switching out chrome for a better browser such as firefox is also what I'd suggest Grin).



You ought to go here and log exactly what happened to them: https://chrome.google.com/webstore/report/joofmeiidadomccpmeaoagdogmbifhlh

Also give them a 1 star review and explain what happened, at the moment others are still at risk and you have a responsibility to inform them.





EDIT: blockchain.com isn't as secure as a wallet on your computers either (such as an encrypted electrum wallet). 
sr. member
Activity: 1877
Merit: 389
November 28, 2018, 04:31:32 PM
#1
Someone posted here a scam (Crypton-Exchange.net), one of our admins was naive to try it, and the site told him to install an addon in order to withdraw the funds, naively he installed it and now we realized someone withdrew $2,300 from our Blockchain.com account (money that we intended to use to pay publishers, sadly is gone now).

The money was sent to 16EegrNMdZ9Rxku6Za5neEFjMW57wkQr1S
https://www.blockchain.com/btc/tx/0fe187e55c07772d47d1c588c80195f5977aa139d814feb39bdab968253c8f60

The addon was:
https://chrome.google.com/webstore/detail/cr-cash-plugin/joofmeiidadomccpmeaoagdogmbifhlh/related
From CryptoDraw.org

Few questions:

1) How did the Chrome addon allowed someone to withdraw funds from Blockchain.com? Isn't Blockchain.com safe?
2) Does this admin of ours need to format his laptop and change all passwords? He did remove that Chrome extension from his laptop.
3) Is anyone familiar with these types of scams? Can you provide more info about this Google Chrome extension etc.?



Pages:
Jump to: