Blockchain.info wallet hacked & emptied. Warning!

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,293
Reaction score
1,458
Just want to warn everyone here to be VERY careful if you have crypto's in any online wallets.

I thought Blockchain.info was very secure - but I found out to huge cost that they are not :(

On Wednesday I discovered that my Blockchain.Info wallet was hacked and emptied last week.
I can't figure out how they did it: even if they somehow got my password, how did they get round the authorisation e-mail required every time users log in???
I'm can only conclude that it was Bloackchain's system which was hacked - not my computer.

The bastards took all my Bitcoins, Ethereum and most of my Bitcoin Cash that I had built up over the last year or so.
Apparently I have zero hope of getting anything back: Just a shade under $30,000 - poof, gone :mad:

I advise everyone to make sure your crypto-currency accounts are as secure as possible, and only keep minimal amounts in them.

KK
 

awesamko

Affiliate Guard Dog Member
Joined
Jun 12, 2018
Messages
154
Reaction score
57
I'm sorry about your situation...

If it was Bloackchain's system that was hacked there is not much a person can do, right?

From my experience, it is good to secure account with very long and hard password. Not saving it on the computer or remembering it in the browser. The good idea is having a LastPass and using it.
 

abc

Affiliate Guard Dog Member
Joined
May 20, 2015
Messages
231
Reaction score
94
Just want to warn everyone here to be VERY careful if you have crypto's in any online wallets.

I thought Blockchain.info was very secure - but I found out to huge cost that they are not :(

On Wednesday I discovered that my Blockchain.Info wallet was hacked and emptied last week.
I can't figure out how they did it: even if they somehow got my password, how did they get round the authorisation e-mail required every time users log in???
I'm can only conclude that it was Bloackchain's system which was hacked - not my computer.

The bastards took all my Bitcoins, Ethereum and most of my Bitcoin Cash that I had built up over the last year or so.
Apparently I have zero hope of getting anything back: Just a shade under $30,000 - poof, gone :mad:

I advise everyone to make sure your crypto-currency accounts are as secure as possible, and only keep minimal amounts in them.

KK

BettingPartners payment is coming today, watch that you dont have it going to the same hacked wallet
 

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,293
Reaction score
1,458
BettingPartners payment is coming today, watch that you dont have it going to the same hacked wallet
Thanks for the heads-up.
It IS going to the same wallet - but hasn't arrived yet.

I had pay from someone else 2 days after the hack - and that was still there 5 days later.
Not there now of course, cos I cashed it out!

KK
 

abc

Affiliate Guard Dog Member
Joined
May 20, 2015
Messages
231
Reaction score
94
Thanks for the heads-up.
It IS going to the same wallet - but hasn't arrived yet.

I had pay from someone else 2 days after the hack - and that was still there 5 days later.
Not there now of course, cos I cashed it out!

KK

Even thou they stated the 15th seems they havent gone out yet, you should contact them and maybe change to a different wallet till you find out if your hacked..

Greenaddress.it
is pretty good. lot of safeguards. 2fa,email,text and have to confirm every transaction from another source
 

RyanWeb

Affiliate Guard Dog Member
Joined
Apr 9, 2015
Messages
973
Reaction score
412
Oh man, I'm really sorry to hear that, thats horrible!

Did you try to trace the funds on blockchain explorer and figure out where it may have gone? Not that it would help you get it back, but maybe give some clues as to how it was hacked.

I have always kept the majority of my funds in an offline wallet, in an encrypted USB stick. Adding some extra security this weekend for sure.
 

Vargoso

Affiliate Guard Dog Member
Joined
Mar 15, 2018
Messages
592
Reaction score
48
What does Blockchain.info says to you? Any comment from them?

Just for information, what kind of security offers the site? 2-Step verification? Offline wallet?
 

CL-Ed

Affiliate Guard Dog Member
Joined
Oct 9, 2017
Messages
240
Reaction score
360
Once again the standard warning against using online wallets... not your keys, not your Bitcoin.

However although I only briefly used them for one or two minor transactions when I first was learning about Bitcoin, I was under the impression that Blockchain.info have non custodial wallets. i.e. they don't have the decrypted private keys to the wallet, only you do via your password which is used to decrypt the private key. Yep...

CLIENT SIDE ENCRYPTION MEANS ONLY YOU HAVE ACCESS TO YOUR WALLET

We do not store your bitcoins, we only provide you with the software you need to store them yourself. Your wallet is encrypted on your device with your personal password. Your password acts as your decryption key to both lock and unlock your wallet — your wallet cannot be accessed without it. Because we don’t know or store your password (we can’t even reset it), only you are able to unlock and decrypt your wallet.

So if it was drained and you had email authentication set up then it is most likely that it was either your email that was hacked or your PC/device itself so that the thief had access to your email. The thief uses your email account to gain access to blockchain then deletes all traces of the emails used to get in.

We all here probably have many accounts at affiliate programs and the like. Any chance you re-used your email and password from another site? That's a big no-no.

You also could have had 2 factor authentication set up with your phone or other hardware device which would have saved you even if the thief got into your account. I remember for sure that Blockchain has it.

Security on your primary email account needs to be extreme, using a long randomly generated password and 2 factor auth at a minimum. If your email is hacked you open the door to "forgot password" attacks on all your accounts that you associated with your email address. But as I say if you have malware on your device like a RAT or similar the thief can just use your local device's access to your email without having to know or hack the password. You should do a comprehensive scan for malware on your computer, change the password to your email account and check every other account that you have associated with your email address. I realise that could be tedious in the extreme.
 

RyanWeb

Affiliate Guard Dog Member
Joined
Apr 9, 2015
Messages
973
Reaction score
412
CL-Ed is correct, if they offer 2FA, that is a huge help for security. But otherwise, if you just had email conformation, any simple keylogger or trojan could have picked up your passwords.

While not totally open source, I like Exodus because they encrypt your wallet.dat file on your hard drive, making it much harder for a hacker to gain access. They also allow you to store multiple crypto assets, and your private keys stay local (and encrypted). Exodus I would call medium security, where as web wallets I would call low security. High security would be a hardware wallet, or simply paper (offline) wallets.
 

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,293
Reaction score
1,458
What does Blockchain.info says to you? Any comment from them?
They said...

Hello,

I'm very sorry to hear about this. You may have some type of malware on your computer that resulted in your funds being stolen because your private information was somehow obtained. One of the most common types of these are browser extensions posing as bitcoin price tickers that are actually stealing your account information. There's also the possibility that you visited a phishing site posing as Blockchain. We've also heard of computer viruses that detect when an address is in your clipboard, and replace the one you wanted to use with an address controlled by this malicious party.

By design, Blockchain never has access to users' accounts or funds. If you keep your password and private key backups secure, then your funds are always safe with us. Since this information has been compromised, be sure to never use this wallet or any addresses contained within it. I'd also highly advise against using the same password again. I'm truly sorry that you had funds stolen from you. That certainly is an extremely frustrating experience.

If you’d like to learn more about how our wallet works, please visit: https://blockchain.info/wallet/how-it-works.
 

LandofOz

Affiliate Guard Dog Member
Joined
Mar 25, 2009
Messages
710
Reaction score
280
I'm so sorry to hear that KK.
 

NDG

Affiliate Guard Dog Member
Joined
Sep 19, 2013
Messages
643
Reaction score
456
Very sorry to hear about what has happened. It does sound like you had something
on your computer or mobile device that somebody was able to hack into. If you have
a large amount of any online currency, you definitely need to store it on a device that
is not connected to the Internet and you need to have a good anti-virus and malware
software to detect trojans, malware or anything else that might be lurking on the computer
from software that you installed, sites that you visited, browser extensions, e-mail attachments, etc..
There are so many ways that hackers can get into your system nowadays.. that it is way too risky online.
 

casinonewbie

Affiliate Guard Dog Member
Joined
Jul 7, 2014
Messages
447
Reaction score
261
They said...

Hello,

I'm very sorry to hear about this. You may have some type of malware on your computer that resulted in your funds being stolen because your private information was somehow obtained. One of the most common types of these are browser extensions posing as bitcoin price tickers that are actually stealing your account information. There's also the possibility that you visited a phishing site posing as Blockchain. We've also heard of computer viruses that detect when an address is in your clipboard, and replace the one you wanted to use with an address controlled by this malicious party.

By design, Blockchain never has access to users' accounts or funds. If you keep your password and private key backups secure, then your funds are always safe with us. Since this information has been compromised, be sure to never use this wallet or any addresses contained within it. I'd also highly advise against using the same password again. I'm truly sorry that you had funds stolen from you. That certainly is an extremely frustrating experience.

If you’d like to learn more about how our wallet works, please visit: https://blockchain.info/wallet/how-it-works.
Typical BS reply, my vote is they were hacked and your paying for it, all the other "why it happened" possibles are CRAP. They will never admit they had a breach or someone at blockchain.info has a "special access back door" that they can use too steal from accounts............
 
Last edited:

BetOnlineUK

Affiliate Guard Dog Member
Joined
Jun 8, 2016
Messages
431
Reaction score
202
Typical BS reply, my vote is they were hacked and your paying for it, all the other "why it happened" possibles are CRAP.

When I read it I thought that straight away pass the blame onto you BS, nothing to do with us. They must think we are stupid
 

ocportal

Affiliate Guard Dog Member
Joined
Aug 20, 2010
Messages
197
Reaction score
19
Just want to warn everyone here to be VERY careful if you have crypto's in any online wallets.

I thought Blockchain.info was very secure - but I found out to huge cost that they are not :(

On Wednesday I discovered that my Blockchain.Info wallet was hacked and emptied last week.
I can't figure out how they did it: even if they somehow got my password, how did they get round the authorisation e-mail required every time users log in???
I'm can only conclude that it was Bloackchain's system which was hacked - not my computer.

The bastards took all my Bitcoins, Ethereum and most of my Bitcoin Cash that I had built up over the last year or so.
Apparently I have zero hope of getting anything back: Just a shade under $30,000 - poof, gone :mad:

I advise everyone to make sure your crypto-currency accounts are as secure as possible, and only keep minimal amounts in them.

KK


I'd say at the moment the only way to keep it real safe is cold storage, did you have 2fa enabled when it happened?
 

KasinoKing

Player turned affiliate.
Joined
Aug 10, 2009
Messages
3,293
Reaction score
1,458
I'd say at the moment the only way to keep it real safe is cold storage, did you have 2fa enabled when it happened?
Yes, I did. Had to click a link in a verification e-mail to get access to my account.

How can anyone be 100% sure your "cold storage" device is legit and Trojan free?
There's still a small risk, isn't there?

KK
 

ocportal

Affiliate Guard Dog Member
Joined
Aug 20, 2010
Messages
197
Reaction score
19
Yes, I did. Had to click a link in a verification e-mail to get access to my account.

How can anyone be 100% sure your "cold storage" device is legit and Trojan free?
There's still a small risk, isn't there?

KK
Email verification is not "google authenticator" verification = 2fa. You should turn it on and print its code, destroy the file and safe the printed code somewhere "like a key to your gold box".
Blockchain.info - now .com is a very good wallet and they do advise to turn on google authenticator verification.
Regarding cold storage, have a look at trezor for example. Thats the best one in my opinion.
 
Top