Pages:
Author

Topic: Urgent Beware - My Blockchain.info account was drained! - page 2. (Read 7060 times)

legendary
Activity: 1039
Merit: 1005
IP address 202.60.90.137 traces to
...
Sounds like a hosting facility. Very likely the IP address belongs to a server which has been hacked itself (some outdated CMS software is most often the culprit). If you're very lucky they would be able to provide you with log data for the hacking incident, but since you're not their customer, they will most likely not go through the trouble to do all the forensic work and find out who hacked the server.

Onkel Paul
newbie
Activity: 22
Merit: 0
Quote
1.4 is still a good amount... sorry for your loss.

I'd say inputs.io has a better security, maybe you could check it out. I'm using both services btw Smiley

Thanks, yeh its enough to hurt. I will check out inputs.io

for anyone who's interested the Wallet that took my money was 1MfSeNc7p1cA28e9w7FE48qLJUfQT986MX

IP address 202.60.90.137 traces to

person:         Jon Eaves
nic-hdl:        JE11-AP
e-mail:         [email protected]
address:        Ground Floor
address:        14 Finchley Street
address:        Milton QLD 4064
phone:          +61-7-3412-9582
fax-no:         +61-7-3018-0422
country:        AU
changed:        [email protected] 20090211
notify:         [email protected]
mnt-by:         MAINT-AU-DEDICATEDSERVERS
source:         APNIC

legendary
Activity: 1764
Merit: 1000
1.4 is still a good amount... sorry for your loss.

I'd say inputs.io has a better security, maybe you could check it out. I'm using both services btw Smiley
newbie
Activity: 22
Merit: 0
Quote
what was your blockchain's bitcoin address?

The one that was robbed was : 1Cqfi7gKrbGgQuWNpGrziDzmaNoY2cGGjV

So I opened a new one (in last post) , even though I changed the password and locked the IP address I don't trust using the old one now.

Quote
phishing and/or compromised pc. 100%

Maybe a site from bitvisitor?

How much did you lose?


I installed bitdefender and did a deep scan, no trace of anything. Windows defender didn't pick anything up either. The IP address I listed above came from my Blockchain log file.

Quote
Today 10:31:19   viewed login page   202.60.90.137   Mozilla/5.0 (Windows NT 6.1; rv:22.0) Gecko/20100101 Firefox/22.0
(might be an anon ip of course)

It stood out, as coming from Australia with a different IP address to mine obviously and they viewed my login page at the same time I was logged in to the wallet.

Yes it may be bitvisitor site, some don't load with just a blank screen.

I'm embarrassed to say how much I lost, its not like it was a fortune, luckily, but they were hard earned bitcoin. 1.4 bitcoin got wiped to zero.

The thing that bugs me is, imagine if you had 100 or 1000 bitcoin, you're just as vulnerable as my little pile, I've never had anything stolen from my bank online. This is the first time I've ever been attacked and I'm not a dummy when it comes to computers or guarding my security online. It's very worrying. I'm going to take  escrow.ms advice and go the paper route from now on.
legendary
Activity: 1764
Merit: 1000
phishing and/or compromised pc. 100%

Maybe a site from bitvisitor?

How much did you lose?
legendary
Activity: 1274
Merit: 1004
Hey, whoever sent that little donation. Thanks! very much appreciated. You're a star! Restores my trust a little in humanity  Cool

Still no reply to my support ticket on Blockchain.info  Will let people know if I find out how they stole all my money.

what was your blockchain's bitcoin address?
newbie
Activity: 22
Merit: 0
Hey, whoever sent that little donation. Thanks! very much appreciated. You're a star! Restores my trust a little in humanity  Cool

Still no reply to my support ticket on Blockchain.info  Will let people know if I find out how they stole all my money.
newbie
Activity: 22
Merit: 0
Good idea, but I haven't any bitcoin left now, so it doesn't really matter. Am cleaning the laptop. Deep scan shows nothing at all. no evidence of keylogging either

If anyone wants to donate some bitcoin to my new wallet at another site to get me started again: 1FvbpQt5zREwPJ5CKUX8wH7E1EPCHTduqW


Ok I know its wishful thinking, just depressed to lose everything in front of my eyes, no bitcoin, no happy.  Cry

Still no reply from Bitchain.info on the support ticket either.
legendary
Activity: 1274
Merit: 1004
Ah, right, I'm getting paranoid.

I'll post if I find out anymore, very bummed at having my little bitcoin account robbed so easily. Not very comfortable using bitcoin at all now.

Use offline wallets (Paper wallet,armory cold storage) until you are sure that your pc is clean.
newbie
Activity: 27
Merit: 0
Were you on Windows? Maybe you had a keylogger.
newbie
Activity: 22
Merit: 0
Ah, right, I'm getting paranoid.

I'll post if I find out anymore, very bummed at having my little bitcoin account robbed so easily. Not very comfortable using bitcoin at all now.
legendary
Activity: 1274
Merit: 1004
Now all my account info and transactions history has been zeroed too.  Its like a blank wallet. What's going on with that?

Quote
I've removed that listing
newbie
Activity: 22
Merit: 0
Now all my account info and transactions history has been zeroed too.  Its like a blank wallet. What's going on with that?
legendary
Activity: 1274
Merit: 1004

I did notice that inside Firfore Options>Network  Blockchain.info is listed as 'allowed to store data for offline use'

I've removed that listing, no idea if Blockchain put it there or a hack of some kind.

https://blockchain.info/wallet/security

Local storage

No sensitive data is stored in your browser's local storage. If available the site will cache your wallet identifier, address balances and transactions, in the event of login with a different identifier this data is cleared
newbie
Activity: 22
Merit: 0
@ escrow.ms

Quote
Malware scan does not helps in every case as virus/trojan could be "FUD"(Fully undetectable).

Do you have java on your pc, or visited any suspicious site /downloaded some  app recently ?

Install a firewall and check incoming/outgoing connections.

Java is disabled in firefox

Yes, I am checking incoming and outgoing connections now.

I did notice that inside Firfore Options>Network  Blockchain.info is listed as 'allowed to store data for offline use'

I've removed that listing, no idea if Blockchain put it there or a hack of some kind.
legendary
Activity: 1274
Merit: 1004
Install a firewall and check incoming/outgoing connections.
legendary
Activity: 1274
Merit: 1004

Last scan for malware was yesterday after a defender update. No issues reported.


Malware scan does not helps in every case as virus/trojan could be "FUD"(Fully undetectable).

Do you have java on your pc, or visited any suspicious site /downloaded some  app recently ?
newbie
Activity: 22
Merit: 0
No I never save passwords anywhere, I have a very good memory.

Could someone access my account from gmail? without a password? or Dropbox?

The only way I could see, is that from the logs, the hacker did it while I was actually online and logged to the wallet. Remote desktop access?
legendary
Activity: 3514
Merit: 4895
- snip -
Backups were stored on Dropbox and email

Yes password is very secure multiple 16 chars
- snip -

Did you happen to send a copy of your password to yourself in your email so you wouldn't forget it?
newbie
Activity: 22
Merit: 0
Quote
There are many vectors of attack if you are not careful.

Do you have backups of your blockchain.info wallet? If so, where?  Are they sent to your email? Are they stored on dropbox?

Do you have a complex and secure password?  (AT LEAST 10 characters long, including uppercase, lowercase, numbers, and symbols, with no real words)

Have you imported any private keys or addresses into your wallet that were generated elsewhere?

Have you accessed your wallet from a mobile device or public computer?

How sure are you that you don't have any malware running on your computer?

Did you accidentally access a phishing website that was designed to look like a legitimate site but was actually run by hackers?

thanks for the rundown...

Backups were stored on Dropbox and email

Yes password is very secure multiple 16 chars

No imported keys or addresses

No haven't accessed wallet from anything but this win8 laptop

Last scan for malware was yesterday after a defender update. No issues reported.

Haven't accessed any phising sites that I'm aware of. I used Bitvisitor.com to get extra coin from their services. Wallet address included in URL

Pages:
Jump to: