Bitcoin Forum

Someone recently tried to target my blockchain wallet. Here are some of the details. :

Time: 2016-02-13 05:08:13
IP Address: 195.211.192.206 (Russian Federation)
Browser: Chrome 15
User Agent: Mozilla/5.0 (Linux x86_64) AppleWebKit/560.0 (KHTML, like Gecko) Chrome/15.024.208 Safari/560

Cab someone get me more on this?  I have no link with anyone from Russian federation. Does this I.P seem known to anyone else out there?

some info maybe it helps you out

http://www.ip-adress.com/ip_tracer/195.211.192.206

its most likely a proxy/vpn ip addresss

Doesn't it feel strange that all these strange things happens to one and only one online wallet, 99% of the cases is blockchain.info . Well after reading other stories here, I raise a reasonable doubt, why people should continue using it  ???

if 99% of people use blockchain.info then 99% of the time issues raised are going to be about them
OP just save your private keys, create a new wallet and import the keys to the new wallet, the hacker probably has your identifier

No it doesn't feel strange. There are thieves all over the world and this is like a natural thing to happen.

Well yes, I am going to do that. But I was more worried about that how was he able to access my identifier and if he has my password too. Till now I have almost checked all my accounts(gmail etc ), none has been compromised. I wonder why did he try my blockchain.

are you sure that there is no maleware on your computer?

or maybe there is just random identifers on the net and yours was one of them

IMO, it is highly unlikely that this person will ever be found, especially considering the number of hackers that are based in Russia

It does appear however that your blockchain.info identifier has been compromised and you should no longer actively use the identifier, addresses/private keys contained in that wallet, nor any HD seeds contained in that wallet. At an absolute minimum, you should create a new blockchain.info wallet, backup the private keys/seed associated with that wallet and send any BTC in the wallet that had the hacking attempt to your newly created wallet. (A better solution however would be to stop using a web wallet and use a wallet like electrum).

In addition to the possibility of having malware, it is possible that someone was able to access your email address that received an email from blockchain.info with your identifier.

Good point but I'm not sure it's the real ratio. We should have a ledger somewhere to note all those kind of attacks to be sure on which is the most targeted.

Same thing just happened to me :

https://i.imgur.com/0QjNx2x.png?1

Damn KGBs  :-\

Same here too, didn't use blockchain anyway. @QS it seems the hacker only knows the wallet-identifiers and is just brute-forcing as I did get an email only to confirm the login.

Yeah i wonder how did they get the wallet-identifiers. I rarely use blockchain though. Been using localbitcoins for some years now  ;D

Just google up that IP. Its already showing that IP belongs to a hacker and also, that IP has IIS 7 running. So maybe someone can get out more info out of IIS7 thing?

Okay great! Now everyone is being targeted(relieved to hear that I wasn't the only one being targeted). Blockchain guys should do something about it. They need to somehow stop the guys from brute forcing usernames, why can't they have some captchas if a users is acting in a fishy manner?  

There must be a blockchain identifier dump somewhere on the deep web, gotta do some searching later. It's better to change all your email passwords too. No more blockchain wallets for me thats for sure.

There is no need, they cant do anything with just our identifiers, they would need to hack the password and they would also need to hack into our email to validate the login attempt

i just got some email that there was a login attempt to my wallet and this wallet is just 1 week old because i did try out blockchain.info

Did any of you have your alias as your username here or some sort of simple dictionary word? Wouldn't surprise me if hackers were using bots to try get hits on usernames and then focusing on the ones they find.


If you can't keep your funds safe then using a desktop wallet wont be any good either. At least blockchain.info has several security features that prevent a hacker getting in. Even if they had your password and identifyer they wouldnt be able to get in without confirming via email and 2-factor if you have that set up which you should have and even then they wouldn't be able to spend the funds if you had a second password on.

If hackers brute forces it, he probably have the private keys, the best practice to follow is to create a new wallet, after you format your PC if you don't have any important documents there. If so create a new wallet straight after you have installed windows. Keep a copy of the private keys in a safe place, enable 2fa and email confirmation. And don't share your identifier in any other pc rather than this. Keep this as secure as you can with antivirus and antispyware.

Above all this, a wallet like Electrum is easy to maintain. Suppose you have just installed windows. Save electrum seed in a document in some safe place like USB or external HDD. Put a strong password to it, then start using it, chances of you getting hacked are very very small this way.
Never open that USB or external HDD in a infected PC. You can do more than this, but this is pretty basic things you need to know to have above normal security.

The OP is talking about Blockchain.info a web-based wallet service, so you obviously don't enter your priv key rather your password.

Yes but the hacker can have keylogger, so they check when OP logs in and get his private keys. In this scenario, nor 2FA nor EMail confirmation helps you out cause he can do whatever he likes with OP account. I thought OP was hacked, if not then I am very happy for him.

If you read the previous posts, its highly likely someone is bruteforcing the passwords. Which if you don't know if not in anyway similar to keylogging, what you're saying does not even make sense. You mean to say email accounts of dozens of members have been compromised and the hackers haven't used them, stupid FFS

I received a few of these emails just the other day as well.

I'm in the opinion that an identifier list was leaked somehow.

Thought the same, could be an inside job for all we know

Good to know. Moved my blockchain wallet's coins to my breadwallet app. Deleting my blockchain app now.

I am wondering why are everyone not using Blockchain's Chrome extension app and not enabling more layers of security when they have such options available?

http://i65.tinypic.com/2yotiqv.png

Try to add 2 factor with your email so whenever you send payments you will have to verify from your email. Also increase PBKDF2 Iterations to 20000 which will stretch your password to an extreme level.

http://i68.tinypic.com/2gt9s48.png

Add a second password which must not be same as your login password and must be a harder one to brute force.
But do not set that password hint since anyone will get that hint if they knows the wallet identifier.

http://i66.tinypic.com/32znr6r.png

Block all TOR IP addresses by clicking that check-box and whitelist your IP for better protection. If possible try to restrict access to your whitelisted IP addresses only but you will not be able to open your wallet at all if you have a dynamic IP so be careful to check with your ISP for possible dynamic IPs before enabling this option.

I have taken all these secure measures and now my wallet is having 4 layers of security: Primary password + Secondary password + Email authentication + Block TOR IPs. I invite all the professional hackers to hack my wallet 8)

Chrome extention : No. I am using mobile most of the times. Also yes, these passwords can be used but it then kinda mixed up. Anyways what you said is correct for improving security. Thanks.

Stingers:  I got similar email on Feb 12 2016.  Had my blockchain wallet for maybe 2 years now, haven't signed in there in a long time.  Just FYI