Bitcoin Forum

Don't get me wrong, I love using Blockchain.info for an easy online wallet. But it's still an online wallet and NOT Bitcoin.

I try not to keep much on the site and only send/receive with imported addresses that I have the private keys to. What are your thoughts?

No service ever goes unhacked or not shutdown. Blockchain.info will definitely get hacked at some point and all of the (hopefully) encrypted wallet files will be stolen.

No successful business goes without being attacked. Especially fin tech ones!
However they'll most likely find ways to keep it safe and refund or whatever

As far as I am aware the passwords are not stored in their service, instead they are encrypted with the password you chose, and you only decrypt your Blockchain.info wallet when you enter the password, and that's how you unlock your private key.

In this case, the wallets are stored in their servers, but they are all encrypted by the passwords people choose when they make said wallets.


Even in the case of the website having a full security breach - they still wouldn't be able to steal your wallet, unless you enter your password during the takeover, in which case they can take your money, but leaving your wallet there even during a full breach without logging into it would keep your money safe.

Blockchain wallet service is has been hacked since over past 2 years ago, they wallet service has been removed from bitcoin.org wallet list. I have bad experience with their wallet service, so personally I don't like that wallet.
Online wallet is very vulnerable to get hacked.

I think this thread should move to service discussion.

I also think most of the wallets will be safer even if hacker become able to steal wallets stored in their servers because of encryption however they may brute force wallets with lots of bitcoin and may get success in decrypting it. So it is always advised not to put high amount of bitcoin in any online wallet or exchange also make proper backup of privatekeys of all the addresses you have in blockchain.info wallet to become able to use those bitcoins if they go offline.

Nothing is impossible but lets hope it does not happen not only to the millions of users fund on the platform but even to the Bitcoin world generally which might mean the crashing of the price which is even possible not to recover from anytime soon. I am sure blockchain.info is also aware of the threat surrounding them and I am sure they are mitigating against it...

If a hacker successfully hacked blockchain.info then they know already how to decrypt on those wallets because they wouldn't do such action if they know that they cant decrypt those wallet and their effort would come to waste for sure.Its really risky to put huge amounts on online wallet because the chances of being hacked is there.Keeping privates keys and other important informations on said web wallet.

I am unsure if they meet your criteria, but blockchain.info has already been compromised on at least two occasions:

• A bug in blockchain.info's random number generator led to more than 250 BTC being stolen from wallets. (https://bitcointalk.org/index.php?topic=581411.msg9791998#msg9791998) Luckily the attacker was benevolent and returned the funds.
• blockchain.info's domain name was hijacked. (https://www.reddit.com/r/Bitcoin/comments/573lis/it_looks_like_blockchaininfo_has_been_dns_hijacked/) This allowed the attacker to serve arbitrary code to users and potentially steal funds, though I don't know if it happened in this case.

Thanks for this! I didn`t know how everything works with chosen password, you gave me good insight into this. I use blockchain.info from the beginning and except few times when I couldn`t log in on the site (explanation from them was upgrading the system or something similar every time) everything was good.
I still use that wallet for many things, and its good, and their mobile app is simple and easy to use. By the way I hope they will not be hacked ever never.

Some people will make you believe that it's not possible. This is most certainly not true. It's unlikely, but very possible. Look at MtGox for example.
The same goes for all online wallets. You are at risk of big site wide hacks as well as more personalised fishing attempts. The rule is the same for all online wallets. Only keep what you need there. Keep the rest offline and safe :)

I don't think so that it will get hacked because they don't store our passwords and we have full control of our wallets. Only their is one way to hack is the secret sentence. If hacker wants to hack blockchain.info then they will have to hack the private key of the address otherwise Blockchain.info is not going to hack (I Believe) .

Maybe they don't store our passwords in their servers but they definitely store the wallet.dat files and someone who could get to those , could have access to the coins eventually.
Blockchain.info have at the moment over 10 million wallet and the chances that the hacker is not going to be able to crack any of them is very unlikely , he will at least be able to hack a few thousands with weak passwords and get his hands on BTC.

You have a point that wallet.dat could be compromised and the hacker could possibly get thousands of wallets but i dont think they could able to get all of those because we all know there are millions of wallet on blockchain.info has been stored but one thing that bothers me that on how they gonna cracked those wallets? ;D

Not if they constantly monitor their systems and keep their firewalls and anti viruses up to date, if no one from the inside leaks anything.
You should know that everything is somehow vulnerable to hacks and unauthorized access no matter if it is a bitcoin web wallet or NSA database :).

I can see it now....


 :D lol

Web wallets getting hacked are generally from owner/high-level employees being infected, or a 0day exploit being used to gain entry, and no they wouldn't already know.

Gaining access and gaining bitcoins in Blockchain.info's case are two different scenarios, unlike exchanges which usually store both the password and the in-many-cases (unencrypted wallet) that you only login to your account with a password while the wallet itself is unencrypted or all money is moved into one massive wallet which seriously increases the risk of everyone losing their coins.

In blockchain.info, even if the service itself gets hacked completly and taken over, they still wouldn't be able to take any bitcoins without first figuring out the password through bruteforce (terrible way unless the password is part of the dictionary!) or waiting for the users to enter their password (likely scenario)

If blockchain.info gets hacked by smart people they would probably keep a low profile until get accumulate enough passwords and then run with the wallets in that 1 week span of low-profile or around that time.

In my opinion there are no chance of hack of wallet if we are have with wallet of strong password . And don't forget that if we forget own password than we will loss our wallet for lifetime , if we have not exported our private key .
But I think if we don't use blockchain but we are using only private key at another wallet , then there is chance of hacking because in the Bitcoin we can trust most at only official wallet . Other wallet may give some doubt of ddos attack .

Shouldn't this be moved to Service Discussion ?

On Topic,the short answer is Yes! They've been ddosd a several times that shows their servers are prone to remote bots.But hey,what could the hackers have access to ? They don't store private keys on their servers I think.Without having the login identifiers,there isn't much hackers can do.Passwords can be leaked but login identifiers are only generated and sent once making the system less vulnerable.

nope that doesn't guarantee at all that we can make sure that we are safety if we just used strong password since there are some sort of vulnerabilities to our accounts eventhoug we do that thats why we need to secure it properly and used some sort of security measure, and as far as i remember they have been attack for those back days and blockchain been hit by series of ddos attack.,

There is no denying that blockchain.info has been ddosed before, but ddos dosen't mean hack, they are two different things, and just about every online service is vulernable to a ddos attack if its strong enough.

If you define "getting hacked" as an attacker gaining full access to their systems, then perhaps they haven't been hacked. Nevertheless, blockchain.info has been compromised in a manner that could have and did result in a theft of Bitcoins in the past. See my comment in this thread here (https://bitcointalk.org/index.php?topic=1732143.msg17335737#msg17335737) for details.

People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.

Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.

Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.

Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.



Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).

Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"? What if the site were to disappear, you're saying people wouldn't lose their coins?

Blockchain.info is definitely a web wallet, regardless of whether the operator has access to private keys or not. If they were to be completely compromised then users' Bitcoins would be at risk, even if not immediately. They also suffer many of the same problems that other web wallets suffer, e.g. DNS hijacking and phishing.


They allow users to export their wallet seed as a BIP39 mnemonic and they seem to follow BIP44 when deriving the individual addresses, so users should be able to restore their wallet in any compliant wallet in case Blockchain.info were to disappear.

Well most of the people who has been around for a while knows that centralized services like these are ideal targets for hackers. Just a while

ago someone managed to social engineer their way into fooling the domain administrators and then re-directed users to a spoofed address. I

do not know if any bitcoins were actually lost, because it was picked up early on and warnings were send out early. So never leave large

amounts of bitcoins on these "online" wallets.  ;)

Yeah its still considered an online wallet, they also allow you to export private keys, import bitcoin-core files, and a couple of other ways to be able to use your Bitcoins even if the website ever goes offline, including wallet seeds such as BIP39 Mnemonics.

I used to be one of those who used services like Blockchain.info for transactions but realized to step out when it was still early.

Nowadays I don't understand why people hold their coins on a site like that knowing there's a risk that something could happen while there's options to stay much safer with a very minimal effort.

I don't say online wallets are something aweful or dangerous. They are infact quite handy in some cases but I see it as a way too big risk considering what has been going on. All these "hacks" bring certain kind of doubt with them.

I do not think that it will be hacked, it can get ddosed but that is not something that we should care about because its temporary and its not that they than will get any information from the users.

Every centralized service can be DDOSed don't confuse it with hack (as in getting backdoor access to bitcoin/accounts of users).

The only problem with Blockchain.info was when hackers hijacked their domain.
Whois and DNS records changed from CloudFlare to some random cheap host, effectively making blockchain.info inaccessible for couple hours.

I think nothing is impossible, don't ever feel safe using the wallet from everywhere like Blockchain.info, there is always a weakness, and to boost security was do not keep bitcoin wallet, the one we use also features comprehensive 2FA, but once again not guarantee will can't hack.

Can maybe be done but I think that it will not happen, there is of course a small chance but I do not honestly that it will.

no one dared guarantee that it is free of the hack. chances are greater than we use offline wallet. thinking realistically and do not ever underestimate the security problems.