Blockchain.info wallet hacked & emptied. Warning!

Discussion in 'Anything Goes' started by KasinoKing, Jun 15, 2018.

  1.  
    KasinoKing

    KasinoKing Player turned affiliate.

    Messages:
    2,904
    Likes Received:
    1,094
    Joined:
    Aug 10, 2009
    Just want to warn everyone here to be VERY careful if you have crypto's in any online wallets.

    I thought Blockchain.info was very secure - but I found out to huge cost that they are not :(

    On Wednesday I discovered that my Blockchain.Info wallet was hacked and emptied last week.
    I can't figure out how they did it: even if they somehow got my password, how did they get round the authorisation e-mail required every time users log in???
    I'm can only conclude that it was Bloackchain's system which was hacked - not my computer.

    The bastards took all my Bitcoins, Ethereum and most of my Bitcoin Cash that I had built up over the last year or so.
    Apparently I have zero hope of getting anything back: Just a shade under $30,000 - poof, gone :mad:

    I advise everyone to make sure your crypto-currency accounts are as secure as possible, and only keep minimal amounts in them.

    KK
     
  2.  
    awesamko

    awesamko Affiliate Guard Dog Member

    Messages:
    89
    Likes Received:
    34
    Joined:
    Jun 12, 2018
    I'm sorry about your situation...

    If it was Bloackchain's system that was hacked there is not much a person can do, right?

    From my experience, it is good to secure account with very long and hard password. Not saving it on the computer or remembering it in the browser. The good idea is having a LastPass and using it.
     
    RazorGamer and KasinoKing like this.
  3.  
    Engineer

    Engineer Super Moderator

    Messages:
    2,721
    Likes Received:
    335
    Joined:
    Dec 14, 2006
    Wow, that really sucks. I'm sorry to hear this, KK. :(
     
    KasinoKing likes this.
  4.  
    BetOnlineUK

    BetOnlineUK Affiliate Guard Dog Member

    Messages:
    252
    Likes Received:
    99
    Joined:
    Jun 8, 2016
    Sorry to hear that KK, this is why I have never delved into the crypto market.
     
  5.  
    abc

    abc Affiliate Guard Dog Member

    Messages:
    130
    Likes Received:
    69
    Joined:
    May 20, 2015
    BettingPartners payment is coming today, watch that you dont have it going to the same hacked wallet
     
    KasinoKing likes this.
  6.  
    KasinoKing

    KasinoKing Player turned affiliate.

    Messages:
    2,904
    Likes Received:
    1,094
    Joined:
    Aug 10, 2009
    Thanks for the heads-up.
    It IS going to the same wallet - but hasn't arrived yet.

    I had pay from someone else 2 days after the hack - and that was still there 5 days later.
    Not there now of course, cos I cashed it out!

    KK
     
  7.  
    abc

    abc Affiliate Guard Dog Member

    Messages:
    130
    Likes Received:
    69
    Joined:
    May 20, 2015
    Even thou they stated the 15th seems they havent gone out yet, you should contact them and maybe change to a different wallet till you find out if your hacked..

    Greenaddress.it
    is pretty good. lot of safeguards. 2fa,email,text and have to confirm every transaction from another source
     
    KasinoKing likes this.
  8.  
    RyanWeb

    RyanWeb Affiliate Guard Dog Member

    Messages:
    892
    Likes Received:
    379
    Joined:
    Apr 9, 2015
    Oh man, I'm really sorry to hear that, thats horrible!

    Did you try to trace the funds on blockchain explorer and figure out where it may have gone? Not that it would help you get it back, but maybe give some clues as to how it was hacked.

    I have always kept the majority of my funds in an offline wallet, in an encrypted USB stick. Adding some extra security this weekend for sure.
     
    KasinoKing likes this.
  9.  
    eenzoo

    eenzoo Affiliate Guard Dog Member

    Messages:
    81
    Likes Received:
    37
    Joined:
    Oct 29, 2015
    Sorry to hear! Too late for you but that's a reason why I prefer a hardware wallet like Ledger!
     
  10.  
    Vargoso

    Vargoso Affiliate Guard Dog Member

    Messages:
    46
    Likes Received:
    11
    Joined:
    Mar 15, 2018
    What does Blockchain.info says to you? Any comment from them?

    Just for information, what kind of security offers the site? 2-Step verification? Offline wallet?
     
  11.  
    CL-Ed

    CL-Ed Affiliate Guard Dog Member

    Messages:
    120
    Likes Received:
    187
    Joined:
    Oct 9, 2017
    Once again the standard warning against using online wallets... not your keys, not your Bitcoin.

    However although I only briefly used them for one or two minor transactions when I first was learning about Bitcoin, I was under the impression that Blockchain.info have non custodial wallets. i.e. they don't have the decrypted private keys to the wallet, only you do via your password which is used to decrypt the private key. Yep...

    So if it was drained and you had email authentication set up then it is most likely that it was either your email that was hacked or your PC/device itself so that the thief had access to your email. The thief uses your email account to gain access to blockchain then deletes all traces of the emails used to get in.

    We all here probably have many accounts at affiliate programs and the like. Any chance you re-used your email and password from another site? That's a big no-no.

    You also could have had 2 factor authentication set up with your phone or other hardware device which would have saved you even if the thief got into your account. I remember for sure that Blockchain has it.

    Security on your primary email account needs to be extreme, using a long randomly generated password and 2 factor auth at a minimum. If your email is hacked you open the door to "forgot password" attacks on all your accounts that you associated with your email address. But as I say if you have malware on your device like a RAT or similar the thief can just use your local device's access to your email without having to know or hack the password. You should do a comprehensive scan for malware on your computer, change the password to your email account and check every other account that you have associated with your email address. I realise that could be tedious in the extreme.
     
    KasinoKing and RyanWeb like this.
  12.  
    RyanWeb

    RyanWeb Affiliate Guard Dog Member

    Messages:
    892
    Likes Received:
    379
    Joined:
    Apr 9, 2015
    CL-Ed is correct, if they offer 2FA, that is a huge help for security. But otherwise, if you just had email conformation, any simple keylogger or trojan could have picked up your passwords.

    While not totally open source, I like Exodus because they encrypt your wallet.dat file on your hard drive, making it much harder for a hacker to gain access. They also allow you to store multiple crypto assets, and your private keys stay local (and encrypted). Exodus I would call medium security, where as web wallets I would call low security. High security would be a hardware wallet, or simply paper (offline) wallets.
     
    BetReels and KasinoKing like this.
  13.  
    KasinoKing

    KasinoKing Player turned affiliate.

    Messages:
    2,904
    Likes Received:
    1,094
    Joined:
    Aug 10, 2009
    They said...

    Hello,

    I'm very sorry to hear about this. You may have some type of malware on your computer that resulted in your funds being stolen because your private information was somehow obtained. One of the most common types of these are browser extensions posing as bitcoin price tickers that are actually stealing your account information. There's also the possibility that you visited a phishing site posing as Blockchain. We've also heard of computer viruses that detect when an address is in your clipboard, and replace the one you wanted to use with an address controlled by this malicious party.

    By design, Blockchain never has access to users' accounts or funds. If you keep your password and private key backups secure, then your funds are always safe with us. Since this information has been compromised, be sure to never use this wallet or any addresses contained within it. I'd also highly advise against using the same password again. I'm truly sorry that you had funds stolen from you. That certainly is an extremely frustrating experience.

    If you’d like to learn more about how our wallet works, please visit: https://blockchain.info/wallet/how-it-works.
     
  14.  
    LandofOz

    LandofOz Affiliate Guard Dog Member

    Messages:
    638
    Likes Received:
    239
    Joined:
    Mar 25, 2009
    I'm so sorry to hear that KK.
     
    KasinoKing likes this.
  15.  
    NDG

    NDG Affiliate Guard Dog Member

    Messages:
    391
    Likes Received:
    239
    Joined:
    Sep 19, 2013
    Very sorry to hear about what has happened. It does sound like you had something
    on your computer or mobile device that somebody was able to hack into. If you have
    a large amount of any online currency, you definitely need to store it on a device that
    is not connected to the Internet and you need to have a good anti-virus and malware
    software to detect trojans, malware or anything else that might be lurking on the computer
    from software that you installed, sites that you visited, browser extensions, e-mail attachments, etc..
    There are so many ways that hackers can get into your system nowadays.. that it is way too risky online.
     
    KasinoKing likes this.
  16.  
    casinonewbie

    casinonewbie Affiliate Guard Dog Member

    Messages:
    432
    Likes Received:
    230
    Joined:
    Jul 7, 2014
    Typical BS reply, my vote is they were hacked and your paying for it, all the other "why it happened" possibles are CRAP. They will never admit they had a breach or someone at blockchain.info has a "special access back door" that they can use too steal from accounts............
     
    Last edited: Jun 20, 2018
    KasinoKing likes this.
  17.  
    BetOnlineUK

    BetOnlineUK Affiliate Guard Dog Member

    Messages:
    252
    Likes Received:
    99
    Joined:
    Jun 8, 2016
    When I read it I thought that straight away pass the blame onto you BS, nothing to do with us. They must think we are stupid
     
  18.  
    ocportal

    ocportal Affiliate Guard Dog Member

    Messages:
    156
    Likes Received:
    6
    Joined:
    Aug 20, 2010

    I'd say at the moment the only way to keep it real safe is cold storage, did you have 2fa enabled when it happened?
     
  19.  
    KasinoKing

    KasinoKing Player turned affiliate.

    Messages:
    2,904
    Likes Received:
    1,094
    Joined:
    Aug 10, 2009
    Yes, I did. Had to click a link in a verification e-mail to get access to my account.

    How can anyone be 100% sure your "cold storage" device is legit and Trojan free?
    There's still a small risk, isn't there?

    KK
     
  20.  
    ocportal

    ocportal Affiliate Guard Dog Member

    Messages:
    156
    Likes Received:
    6
    Joined:
    Aug 20, 2010
    Email verification is not "google authenticator" verification = 2fa. You should turn it on and print its code, destroy the file and safe the printed code somewhere "like a key to your gold box".
    Blockchain.info - now .com is a very good wallet and they do advise to turn on google authenticator verification.
    Regarding cold storage, have a look at trezor for example. Thats the best one in my opinion.
     

Share This Page