Where did my Bitcoin go?? | Bitcointalksearch.org

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: lucaspm98 on November 30, 2013, 02:40:40 PM

My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know.

As I said before when you visit the my wallet page and enter the wallet identifier you are served an encrypted copy of the wallet. Then you can take your sweet time brute forcing it offline using GPU farms. Once you successfully do that you have access to the private keys and can spend the coins sent to the corresponding addresses at will. So a) they brute forced your wallet when you had a weak password on it. Maybe they managed it when you had the 20 character password maybe earlier than that. b) If you reused addresses from when you had a weak password they could spend the coins sent to those addresses because they had the decrypted private keys. Adding a stronger password does not protect you from private keys that were stolen in the past.

Another possibility is that you have a key logger on your system i.e malware.

lucaspm98

sr. member

Activity: 280

Merit: 250

Quote from: Abdussamad on November 30, 2013, 10:24:06 AM

Quote from: lucaspm98 on November 30, 2013, 09:45:33 AM

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.

My password was 20ish random characters - upper case letters, lower case, and numbers. After the first time it was drained I switched it to 120ish characters - random words, numbers, and symbols. Both would have been close to impossible brute force as far as I know. I will definitely research that bug and contact them, thanks for your help.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: lucaspm98 on November 30, 2013, 09:45:33 AM

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Yeah someone did compromise your wallet. They don't need to login to blockchain.info's site to raid your wallet. Basically whenever somebody visits the wallet page and fills in the wallet identifier their browser gets served an encrypted copy of the wallet i.e. encrypted with your pass phrase. The attacker can then deploy GPU farms offline to brute force your wallet. If you used a poor pass phrase your wallet could have been compromised. Then it's just a case of waiting for you to receive some coins before they steal them.

Another possibility is that you suffered from the blockchain.info javascript random number generator bug that affected earlier versions of that site. Search the forum for more info. If this is the bug you suffered from you may be able to get compensation from blockchain.info.

Bottom line is that you should not use web wallets if you can avoid it. Use a desktop client like electrum.

Martijnvdc

sr. member

Activity: 322

Merit: 250

Quote from: lucaspm98 on November 30, 2013, 09:45:33 AM

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

Since when? Did you send those transactions just recently?
This could be quite a serious issue, if you ask me...

cfrm

full member

Activity: 171

Merit: 100

Quote from: escrow.ms on November 30, 2013, 09:51:05 AM

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalksearch.org/user/piuk-17928

Thanks, I'll give it a shot.

escrow.ms

legendary

Activity: 1274

Merit: 1004

Try to contact Blockchain.info owner, maybe he can help you.
https://bitcointalksearch.org/user/piuk-17928

lucaspm98

sr. member

Activity: 280

Merit: 250

This exact thing has happened to me ~3 times using blockchain.info totalling 2+ BTC. At first I thought someone had compromised my wallet, but even after changing my password to 120+ characters and adding 2FA my account was immediately drained with no login logged. This may be a huge problem, I wonder what is happening.

cfrm

full member

Activity: 171

Merit: 100

Quote from: KieranJones1 on November 30, 2013, 09:09:51 AM

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Quote from: KieranJones1 on November 29, 2013, 03:01:48 PM

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.

Nope, that's not it. It's not my address the 0.9 btc was sent to, unfortunately.

KieranJones1

member

Activity: 126

Merit: 10

I think I might know how to solve your problem. Quoted from a post I made yesterday:

Quote from: KieranJones1 on November 29, 2013, 03:01:48 PM

Go to your wallet on blockchain.info. Select the "receive money" tab. Click the "Archived" tab.

There will probably be a wallet in there with the "missing" coins. Click the little blue arrow on the right to un-archive that address and restore your Blockchain balance to normal.

Hope that helps!

ETA: when I say "go to your wallet", I mean go to blockchain.info, choose the "wallet" tab, and log in.

cfrm

full member

Activity: 171

Merit: 100

No, he scanned the QR-code from my wallet on my phone. The address was one I generated in my Blockchain wallet, same as the other addresses I've got in that wallet. Yea, it looks like it was automatically forwarded, but I have no idea who or how this forwarding process was set up. Nor have I any idea to whom the address it was forwarded to belongs.

Martijnvdc

sr. member

Activity: 322

Merit: 250

Looks like it was automatically forwarded...
How did your friend get that address? Just via his bitcoin-qt wallet?

cfrm

full member

Activity: 171

Merit: 100

Tonight I sent 1 BTC to a friends wallet, and sent 0.9 BTC back to the address of my wallet. That means, I have a Windows Phone app with Blockchain.info wallet, which have the address: 1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm As soon as I sent 0.9 Bitcoin back to this address, 10 sec later it sent 0.8995 to 1J6zrabFk55AgPQsUzmu5UBbJefgY5CRW, which is an address I have no knowledge of. So now I have no idea where my 0.9 Bitcoin have gone to, instead of my own Bitcoin wallet. What do I do? The transactions can be seen here: https://blockchain.info/da/address/1CMMBYkiB3AVXbysaYuFEepSJTVRggFaNm

Topic: Where did my Bitcoin go?? (Read 1165 times)