Topic: Will Blockchain.info ever get hacked? (Read 2849 times)
no one dared guarantee that it is free of the hack. chances are greater than we use offline wallet. thinking realistically and do not ever underestimate the security problems.
Can maybe be done but I think that it will not happen, there is of course a small chance but I do not honestly that it will.
I do not think that it will be hacked, it can get ddosed but that is not something that we should care about because its temporary and its not that they than will get any information from the users.
I think nothing is impossible, don't ever feel safe using the wallet from everywhere like Blockchain.info, there is always a weakness, and to boost security was do not keep bitcoin wallet, the one we use also features comprehensive 2FA, but once again not guarantee will can't hack. 
Every centralized service can be DDOSed don't confuse it with hack (as in getting backdoor access to bitcoin/accounts of users).
The only problem with Blockchain.info was when hackers hijacked their domain.
Whois and DNS records changed from CloudFlare to some random cheap host, effectively making blockchain.info inaccessible for couple hours.
The only problem with Blockchain.info was when hackers hijacked their domain.
Whois and DNS records changed from CloudFlare to some random cheap host, effectively making blockchain.info inaccessible for couple hours.
I do not think that it will be hacked, it can get ddosed but that is not something that we should care about because its temporary and its not that they than will get any information from the users.
I used to be one of those who used services like Blockchain.info for transactions but realized to step out when it was still early.
Nowadays I don't understand why people hold their coins on a site like that knowing there's a risk that something could happen while there's options to stay much safer with a very minimal effort.
I don't say online wallets are something aweful or dangerous. They are infact quite handy in some cases but I see it as a way too big risk considering what has been going on. All these "hacks" bring certain kind of doubt with them.
Nowadays I don't understand why people hold their coins on a site like that knowing there's a risk that something could happen while there's options to stay much safer with a very minimal effort.
I don't say online wallets are something aweful or dangerous. They are infact quite handy in some cases but I see it as a way too big risk considering what has been going on. All these "hacks" bring certain kind of doubt with them.
People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.
Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.
Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.
Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).
Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"? What if the site were to disappear, you're saying people wouldn't lose their coins?
Yeah its still considered an online wallet, they also allow you to export private keys, import bitcoin-core files, and a couple of other ways to be able to use your Bitcoins even if the website ever goes offline, including wallet seeds such as BIP39 Mnemonics.
Well most of the people who has been around for a while knows that centralized services like these are ideal targets for hackers. Just a while
ago someone managed to social engineer their way into fooling the domain administrators and then re-directed users to a spoofed address. I
do not know if any bitcoins were actually lost, because it was picked up early on and warnings were send out early. So never leave large
amounts of bitcoins on these "online" wallets.
ago someone managed to social engineer their way into fooling the domain administrators and then re-directed users to a spoofed address. I
do not know if any bitcoins were actually lost, because it was picked up early on and warnings were send out early. So never leave large
amounts of bitcoins on these "online" wallets.
Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"?
Blockchain.info is definitely a web wallet, regardless of whether the operator has access to private keys or not. If they were to be completely compromised then users' Bitcoins would be at risk, even if not immediately. They also suffer many of the same problems that other web wallets suffer, e.g. DNS hijacking and phishing.
What if the site were to disappear, you're saying people wouldn't lose their coins?
They allow users to export their wallet seed as a BIP39 mnemonic and they seem to follow BIP44 when deriving the individual addresses, so users should be able to restore their wallet in any compliant wallet in case Blockchain.info were to disappear.
People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.
Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.
Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.
Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).
Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"? What if the site were to disappear, you're saying people wouldn't lose their coins?
People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.
Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.
Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.
I am unsure if they meet your criteria, but blockchain.info has already been compromised on at least two occasions:
- A bug in blockchain.info's random number generator led to more than 250 BTC being stolen from wallets. Luckily the attacker was benevolent and returned the funds.
- blockchain.info's domain name was hijacked. This allowed the attacker to serve arbitrary code to users and potentially steal funds, though I don't know if it happened in this case.
Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).
People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.
There is no denying that blockchain.info has been ddosed before, but ddos dosen't mean hack, they are two different things, and just about every online service is vulernable to a ddos attack if its strong enough.
If you define "getting hacked" as an attacker gaining full access to their systems, then perhaps they haven't been hacked. Nevertheless, blockchain.info has been compromised in a manner that could have and did result in a theft of Bitcoins in the past. See my comment in this thread here for details.
There is no denying that blockchain.info has been ddosed before, but ddos dosen't mean hack, they are two different things, and just about every online service is vulernable to a ddos attack if its strong enough.
Don't get me wrong, I love using Blockchain.info for an easy online wallet. But it's still an online wallet and NOT Bitcoin.
I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
In my opinion there are no chance of hack of wallet if we are have with wallet of strong password . And don't forget that if we forget own password than we will loss our wallet for lifetime , if we have not exported our private key .I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
But I think if we don't use blockchain but we are using only private key at another wallet , then there is chance of hacking because in the Bitcoin we can trust most at only official wallet . Other wallet may give some doubt of ddos attack .
nope that doesn't guarantee at all that we can make sure that we are safety if we just used strong password since there are some sort of vulnerabilities to our accounts eventhoug we do that thats why we need to secure it properly and used some sort of security measure, and as far as i remember they have been attack for those back days and blockchain been hit by series of ddos attack.,
Don't get me wrong, I love using Blockchain.info for an easy online wallet. But it's still an online wallet and NOT Bitcoin.
I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
Shouldn't this be moved to Service Discussion ? I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
On Topic,the short answer is Yes! They've been ddosd a several times that shows their servers are prone to remote bots.But hey,what could the hackers have access to ? They don't store private keys on their servers I think.Without having the login identifiers,there isn't much hackers can do.Passwords can be leaked but login identifiers are only generated and sent once making the system less vulnerable.
Don't get me wrong, I love using Blockchain.info for an easy online wallet. But it's still an online wallet and NOT Bitcoin.
I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
In my opinion there are no chance of hack of wallet if we are have with wallet of strong password . And don't forget that if we forget own password than we will loss our wallet for lifetime , if we have not exported our private key .I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?
But I think if we don't use blockchain but we are using only private key at another wallet , then there is chance of hacking because in the Bitcoin we can trust most at only official wallet . Other wallet may give some doubt of ddos attack .
the wallets are stored in their servers, but they are all encrypted by the passwords people choose when they make said wallets.
I also think most of the wallets will be safer even if hacker become able to steal wallets stored in their servers because of encryption however they may brute force wallets with lots of bitcoin and may get success in decrypting it. So it is always advised not to put high amount of bitcoin in any online wallet or exchange also make proper backup of privatekeys of all the addresses you have in blockchain.info wallet to become able to use those bitcoins if they go offline. Gaining access and gaining bitcoins in Blockchain.info's case are two different scenarios, unlike exchanges which usually store both the password and the in-many-cases (unencrypted wallet) that you only login to your account with a password while the wallet itself is unencrypted or all money is moved into one massive wallet which seriously increases the risk of everyone losing their coins.
In blockchain.info, even if the service itself gets hacked completly and taken over, they still wouldn't be able to take any bitcoins without first figuring out the password through bruteforce (terrible way unless the password is part of the dictionary!) or waiting for the users to enter their password (likely scenario)
If blockchain.info gets hacked by smart people they would probably keep a low profile until get accumulate enough passwords and then run with the wallets in that 1 week span of low-profile or around that time.
I can see it now....
lol
Quote
You trusted millions of dollars on a website with a .INFO extension!?
lol
Not if they constantly monitor their systems and keep their firewalls and anti viruses up to date, if no one from the inside leaks anything.
You should know that everything is somehow vulnerable to hacks and unauthorized access no matter if it is a bitcoin web wallet or NSA database
.
You should know that everything is somehow vulnerable to hacks and unauthorized access no matter if it is a bitcoin web wallet or NSA database
. Jump to: