Quote
complained to 8btc.com that he lost 633 btc
Virtual Wallet.
Deal with it ... like usual.
Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 2. (Read 14334 times)
Virtual Wallet.
Deal with it ... like usual.
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.
Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.
I'm just looking for answers.
Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.
I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.
Damn, I'm stumped. Sorry I wasn't a help at all. This is Mission Impossible type shit.
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.
Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.
I'm just looking for answers.
Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.
I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.
Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.
I'm just looking for answers.
Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically.Maybe not
I just replied to your pm. legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically. first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
Sorry mate I'm actually looking to hear from people who know what they're talking about.
1. I don't store coins there. I was just using the service primarily for the shared coin feature.
2. I did use 2FA - read back.
3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack.
4. Blockchain.info employs https.
Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.
first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
Exactly, granted not fair that it was jacket - but still, have to be more careful!!!
first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.
Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.
I'm just looking for answers.
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
The exact same thing happened to me (on Oct 16) with a similarly horrific amount of coins except for a couple of differences.
1. I am fairly confident I did not log in on the day of the theft.
2. I am 100% certain I never, ever accepted any untrusted security certificate. (If I get a cloudfare notice, I immediately change identity and start again)
1. I am fairly confident I did not log in on the day of the theft.
2. I am 100% certain I never, ever accepted any untrusted security certificate. (If I get a cloudfare notice, I immediately change identity and start again)
Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
I would disagree. I think you need to be sure that you are dealing with the correct website when using tor. I agree that it is very difficult to know for sure you have in fact accessed the correct website. Although one way around this kind of attack is to access a hidden service (I don't think blockchain.info has a hidden service that people can access using tor). Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
This^
Just to clarify, I'm not the guy who lost 633 BTC
I've just lost 1 BTC using blockchain + TOR and I lost 2 BTC 6 months ago using Coinbase + TOR
I use a cold wallet from Armory and now I'm using hot wallets for small amounts with Armory as well.
I'm going to do some more research, but I don't feel like using Armory + TOR after my bad experiences...
I've just lost 1 BTC using blockchain + TOR and I lost 2 BTC 6 months ago using Coinbase + TOR
I use a cold wallet from Armory and now I'm using hot wallets for small amounts with Armory as well.
I'm going to do some more research, but I don't feel like using Armory + TOR after my bad experiences...
Tor is fine for anonymity but not security.
No it isn't, Not anymore. TOR is pretty much useless these days.
Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
The consensus so far is the pc is compromised and not tor protocol and exit node?
633 btc is a lot. But why were you using TOR?
and why 633 btc in one wallet...on your computer with a hot wallet....with old, crappy antivirus and no anti-maleware?
i guess you installed also bunch of "addons" and "mining-progs" on the pc...
Jump to: