Pages:
Author

Topic: Tor+Blockchain wallet hacked? 633 btc loss - page 2. (Read 14360 times)

legendary
Activity: 1512
Merit: 1012
November 07, 2014, 02:54:01 PM
Quote
complained to 8btc.com that he lost 633 btc

Virtual Wallet.
Deal with it ... like usual.
member
Activity: 67
Merit: 10
November 07, 2014, 02:45:43 PM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. Wink

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.


Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.

I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.

Damn, I'm stumped. Sorry I wasn't a help at all. This is Mission Impossible type shit.
sr. member
Activity: 297
Merit: 250
November 07, 2014, 02:40:53 PM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. Wink

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.


Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.

I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.
member
Activity: 67
Merit: 10
November 07, 2014, 02:37:09 PM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. Wink

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.


Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.
sr. member
Activity: 297
Merit: 250
November 07, 2014, 02:07:47 PM
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically.

Maybe not Smiley I just replied to your pm.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
November 07, 2014, 02:04:02 PM
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically.
sr. member
Activity: 297
Merit: 250
November 07, 2014, 02:00:53 PM
first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars

Sorry mate I'm actually looking to hear from people who know what they're talking about.

1. I don't store coins there. I was just using the service primarily for the shared coin feature.
2. I did use 2FA - read back.
3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack.
4. Blockchain.info employs https.


Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.
legendary
Activity: 2730
Merit: 1068
Juicin' crypto
November 07, 2014, 01:42:09 PM
first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars

Exactly, granted not fair that it was jacket - but still, have to be more careful!!!
legendary
Activity: 3472
Merit: 10611
November 07, 2014, 12:57:38 PM
first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
sr. member
Activity: 297
Merit: 250
November 07, 2014, 11:43:55 AM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. Wink

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.
legendary
Activity: 4522
Merit: 3426
November 07, 2014, 11:19:15 AM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. Wink
newbie
Activity: 42
Merit: 0
November 07, 2014, 10:22:27 AM
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
sr. member
Activity: 297
Merit: 250
November 07, 2014, 09:33:19 AM
The exact same thing happened to me (on Oct 16) with a similarly horrific amount of coins except for a couple of differences.

1. I am fairly confident I did not log in on the day of the theft.

2. I am 100% certain I never, ever accepted any untrusted security certificate. (If I get a cloudfare notice, I immediately change identity and start again)

 

full member
Activity: 191
Merit: 100
Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.
I would disagree. I think you need to be sure that you are dealing with the correct website when using tor. I agree that it is very difficult to know for sure you have in fact accessed the correct website. Although one way around this kind of attack is to access a hidden service (I don't think blockchain.info has a hidden service that people can access using tor).
full member
Activity: 182
Merit: 100
Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.

This^
hero member
Activity: 980
Merit: 507
Just to clarify, I'm not the guy who lost 633 BTC

I've just lost 1 BTC using blockchain + TOR and I lost 2 BTC 6 months ago using Coinbase + TOR

I use a cold wallet from Armory and now I'm using hot wallets for small amounts with Armory as well.

I'm going to do some more research, but I don't feel like using Armory + TOR after my bad experiences...
hero member
Activity: 525
Merit: 500
Tor is fine for anonymity but not security.

No it isn't, Not anymore. TOR is pretty much useless these days.
sr. member
Activity: 434
Merit: 250
🤖UBEX.COM 🤖
Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.
full member
Activity: 164
Merit: 100
The consensus so far is the pc is compromised and not tor protocol and exit node?
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
October 19, 2014, 04:48:56 AM
#99
633 btc is a lot. But why were you using TOR?

and why 633 btc in one wallet...on your computer with a hot wallet....with old, crappy antivirus and no anti-maleware?
i guess you installed also bunch of "addons" and "mining-progs" on the pc...  Undecided
Pages:
Jump to: