Bitcoin Forum

Twice in two weeks I have had coins removed from my account.  First time I could understand cause my ema may have been comprimized but I changed all my passwords and added the ip address logging to blockchain and did two key on google.

Less then hour ago I get notification via txt that another withdraw was done.
Again only one coin but still that's $130.

I log in and check log and there is no isp entry for anytime for withdraw. Only my entries on phone and computer.

Is therr something else that I should know?  My only other options would be go back to old wallet or restrict the ip address for blockchaiblockchain.

Again I changed my password.  It uses a combo of cap and lowercase letters numbers and symbols.   

I have no virus on home computer. 

Its the no log that really irks me.  How can a withdraw be made without an entry made.?

Did you create a new wallet after the first hack?  The attacker still has access to the private keys of all the addresses from your old wallet, so you would want to immediately discontinue using that wallet, even if you did "resecure" it.

Please tell me after the first compromise you threw away that entire wallet and started fresh?

If not the attacker didn't need to hack anything.  After the first attempt he had a copy of your wallet.  He just waited for you to put funds into it and stole it.  Once attacker has the wallet = has the private keys he doesn't even need access to the website anymore.  If you put more coins in there, once the attacker notices them he will transfer them out.  100 years from now he could still steal coins.

If your wallet is compromised, it is compromised.  Period.  You should assume all private keys connected to that wallet are totally and completely compromised.  Move funds out of the wallet (if any).  Destroy all copies and start fresh.

Sad that it cost me $200 to learn that lesson. 

Didn't relize/remember they would have access due to private keys.

Guess ill have to get new wallet and start fresh.

Such a kick in the balls though.  From what I learned they got over 500 coins in transactionsto the account that it was transfered too.

Grrr. 

Thanks anyways.  Lesson learned hard way.

Fyi parden any bad typing.  On with phone at work. 

So you're saying your address is in the same transaction as this one?

https://bitcointalk.org/index.php?topic=187822.0

This is the address that is listed in my transactions as to where my coins were sent to the second time:
1JKJdYSZNrWSca1b9ajejdmjuqooE7TLFr


Details of transaction:
You Sent
1.00779078 BTC ($ 142.60)

Value at time of transaction $ 146.94
Hash
89f8223bc1d9140889496dea8...
Sent Time
2013-04-25 22:22:48 (+26 minutes to confirm)
Confirmations
8 Confirmations
Double Spend
No Double Spend Detected
Transaction Fee
0.0155 BTC


Not sure if this will show but here is the detailed info of that address:
https://blockchain.info/address/1JKJdYSZNrWSca1b9ajejdmjuqooE7TLFr
So if im reading that right, that person just made 542 coins in less then 5 mins from several dozen account.



My wallet is 1J71jWZqvoK6n9TLvuQjy3kgxctx9QbpQ8, and is at zero coins and in 5 hours will be defunct.

That's the same address mine went to.

silvereagle

elrodvoss

have both of you contacted PIUK (the guy behind blockchain.info) he might be able to help you out more
https://bitcointalk.org/index.php?action=profile;u=17928 (https://bitcointalk.org/index.php?action=profile;u=17928)

also is there any other places that you BOTH imported your private keys into.

maybe you both downloaded a rogue program that keylogged you both and decided today was the day to take some funds.
as the transaction reveals that someone somewhere has both of your private keys in one wallet. so check with each other if you both use any other mobile app wallets or other things, even check where you both downloaded your miners or qt clients from.

i think silvereagle said in another thread he had his email hacked and had his blockchain compromised ages ago before this loss, has elrodvoss had previous losses?

seems strange 2 "noobs" have had losses due to this same attack and no key/long established member's have claimed losses.(yet)

Blockchain.info really needs to start forcing 2 factor on all new accounts. Otherwise this will keep happening.

In addition it would be helpful if they provided information like in DeathAndTaxes' post to users after having their passwords stolen.

Just interacted with PIUK on the other thread we've been discussing this in - the one I started.  Ideally just looking to determine which apps I can trust again.

elrodvoss

please answer these question too.


Maybe we can figure out what's going on,
I suspect  BTC-e has some flaw that allows hackers to run some custom JS...
have you ever use  BTC-e?

My email was possiblely hacked. I had coins removed from my account last week (1 coin) and that's when I changed all my passowords for everything.  Bank,  google, credit cards, etc

I have main computer and laptop.  Both with antivirus and malware protection.  Nothing new installed other then dls for linux distros for new rig.

Have several apps on  gs3, but nothing new.

I have no idea how I could have been a victom esp in last 2-3 weeks. 

I do use slush pool and know that has been attacked over last 3 weeks.  But it was stated that everything was secure.  Pw changed there and wallet address checked as well.

Still on phone but may be more detailed when I get home. 

Only other thing was I been looking for new ways to cash coins since mt gox changed,  but that was after first issue a week ago.  So doubt that was the issue.

On phone I use mt gox mobile and blockchain app.

Use two rigs with main computer running slush's proxy program for straium.  That been running for 2 months.

Been using blockchain for 6-8months without issue.

if you are using their phone app dont. it makes you vulnerable. especially if you have a rooted/modded phone.

Which?
Blockchains app
or
Mt. Gox mobile site?

And phone it not rooted.

its just bad practice giving your phone access to your main hoard of bitcoin. blockchain.info wallet stores password in plaintext afaik. its not a problem because the app is sandboxed so no other apps should have access to it (unless the phone is rooted or modded). however the phone is just another way for a keylogger or malware. its a potential backdoor if you give it acces to your main hoard.

Ive placed a ticket with blockchain.info site.  No word from them yet other then confirmation email.

I have never imported any other keys or wallets into blockchain.  I was using blockchain since I could easily transfer funds from blockchain -> mt. gox -> bitinstant.  

As mentioned before I was hit week ago and just though someone got into my email.  Though that just changing all my passwords would do trick.  Shows that it didn't sadly.

Agreed, this is the main worry in all this I think...

Blockchain.info is only a client. It doesn't store bitcoins itself, it only stores credentials needed to send bitcoins from your addresses (that is private keys for your bitcoin addresses). If his computer/phone has been compromised, these credentials might be logged/copied during one of his legitimate logins to blockchain.info and sent to the attacker. The attacker could then use these stolen credentials with any other bitcoin client (like Bitcoin-Qt, Armory, Multibit, etc) to send bitcoins - and that's why blockchain.info didn't have any suspicious logins.

no log means they didnt log into your acount to send the funds.

it means they got your private key previously. and then added it to their own client/wallet and decided today was the day to empty you out.

so if elrodvoss only had the private key in blockchain.info and not a electrum or qt client. then obviously someone at some point got into his and silvereagles blockchain.info account at an earlier date and copied the private keys.. and just waited a few days/week before sweeping them.

A:  I have several bitcoin apps.  Nothing new in last several months.  Blockchain, bitcoin calculator, miner status.
B:  I posted above the wallet that was used today.   Unsure of that was same one only cause I havent looked and compared at the moment.
C:  Same name on blockchain and bitcointalk
D:  I mine at bitcoin.cz (slush)
E:  Sadly same password, though it was a strong 10+ character using capital and lowercase letters, numbers, and symbols
F:   Do not read the BTC-e chat box (dont even know what it is)
G:  Java is enabled on this computer.

For myself this only started in the last 14 days.

4/13 was withdraw, but though it was from email hack. 
Wallet address was:  1Nr8BbTNTYutpdHKYzDJpAUcuo2wToL1C2
That only had 5.2 Coins removed from various accounts.

The one from today was over 500 coins in their attack, though my loss was only 1.


I have ordered a "rasberry pi" rig that I will be using as my solo bitcoin interface.  So that should take care of most issues.  Ill have to come up with unique passwords for rest of my bitcoin accounts.  Of course only fear is that with multiple passwords I will forget/lose them and writing them down defeats the purpose on some level.

I could go back to a two wallet system.  But if they get into my slush account or blockchain they could see the address (public not private).

Well i guess what Ill have to do is

• Remake a new blockchain.info wallet.
• Use a unique PW vs any other site.
• Enable IP restriction so it can only be used at my home location

I would think that with those three, esp the IP restriction, at account creation, there should be no way a thief could access my account and view my private key.  Of course I have been wrong before.  Blockchain even states that the app will work, as long as its "synced" with account.  So that should be secure as well.  In my mind, that tells me that even if they got my password, they couldn't access my account due to IP restriction.

it would be good to understand how the hacker got to copy the private keys in the first place. maybe blockchain can add implement a fix.
obviously these 2 guys are not the only people that lost coins this way... 500BTC in total was taken this way.

the blockchain wallet runs client side (JS) right?
when that wallet is running, is it possible to have some other client side app hack the JS wallet somehow?

@elrodvoss

Does your browser have Java enabled?  click here and find out-> http://isjavaenabled.com

Right, gotcha

As stated in above responce,  java is running on computer