Bitcoin Forum

Economy => Service Discussion => Topic started by: Wolf Rainer on November 26, 2013, 06:25:35 PM



Title: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 06:25:35 PM
Beware blockchain.info just stole almost 0.36 btc with the address https://blockchain.info/address/1brain7kAZxPagLt2HRLxqyc3VgGSa1GR , I was logged in my wallet using my btc address generated from a 12-digit code and encryptado twice with sha256 ( 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M ) , and while trying to send funds to an account to sell , the wallet frozed and not synchronized ( indicator spinning but never updated the balance), then close and re-open and I find that my funds were stolen and emptied my wallet ...

How can allow blockchain that if I go into my wallet with my ip I'm always using, someone else can come after me and send my funds while away ?

In the pc have no trojan or virus , or I use rare pages. 5 days ago before traveling i sold 0.15 btc to pay the travel , and since then the pc was not used because it has password and left it in my house off, today I go to sell a little more in the same way I did before and this happens.

The original key that was later twice sha256 encrypted to generate the address is the same that I use in my account blockchain.info of 12 characters , so the only ones who are able to remove them, because neither the most powerful pc the world can guess a 12-digit key and then know that it was sha256 encryptada 2 times in minutes , just knowing the original password you can reach that conclusion and after several attempts.

So this leads to the consideration that there is a big vulnerability , either because you canīt you trust the online wallets or because the bots have generated many private keys (billion ) than any one uses at risk of losing their funds.

I need someone to please help me , this money was to pay the rent and I have 2 months late and now expires earlier this month , is there any way to contact blockchain.info to refund me the money ?

If someone wants to help me 19VXtNbJK2TAssSGfEXGJyoZvCCmQ42kbt promise that if i ever get out of this shitty situation or somehow blockchain finally refunded me the btc , I 'll return every thousandth of btc to who has collaborated with me.



Title: Re: Beware blockchain.info
Post by: niktitan132 on November 26, 2013, 06:29:59 PM
Your final balance is 0.36875 BTC.You didnt loose the BTC.


Title: Re: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 06:36:41 PM
Your final balance is 0.36875 BTC.You didnt loose the BTC.


The address 1brain7kAZxPagLt2HRLxqyc3VgGSa1GR its not mine, its the address of the thief. My address was 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M.

Sorry about misspeled, im using the google translator.


Title: Re: Beware blockchain.info
Post by: niktitan132 on November 26, 2013, 06:41:32 PM
Your final balance is 0.36875 BTC.You didnt loose the BTC.


The address 1brain7kAZxPagLt2HRLxqyc3VgGSa1GR its not mine, its the address of the thief. My address was 19JsLFDRxuTsAjapE79FgoVNdNdB2hNU5M.

Sorry about misspeled, im using the google translator.

Sorry then,i lost 0.2445 BTC on inputs.io and i know how its filling when you lost your BTC.But i bought some after that.Dont use online wallets use offline its more secure.

Edit: This is they support email ---> support@blockchain.zendesk.com

Or visit they support website ---> https://blockchain.zendesk.com/anonymous_requests/new


Title: Re: Beware blockchain.info
Post by: flatfly on November 26, 2013, 07:36:19 PM
By "12-digit key" do you really mean it's only digits [0-9] or does that include letters and symbols too? If it's only digits, 12 is really weak.

Also, did you generate your address using brainwallet.org, by any chance?


Title: Re: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 07:45:32 PM
By "12-digit key" do you really mean it's only digits [0-9] or does that include letters and symbols too? If it's only digits, 12 is really weak.

Also, did you generate your address using brainwallet.org, by any chance?

I encrypted it using an offline sha256 encrypter.


Title: Re: Beware blockchain.info
Post by: piuk on November 26, 2013, 08:18:59 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.


Title: Re: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 08:50:12 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...


Title: Re: Beware blockchain.info
Post by: flatfly on November 26, 2013, 09:05:38 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...


Title: Re: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 09:12:39 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.


Title: Re: Beware blockchain.info
Post by: markjamrobin on November 26, 2013, 09:19:14 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.


Title: Re: Beware blockchain.info
Post by: Wolf Rainer on November 26, 2013, 09:52:28 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isnīt encrypted twice.


Title: Re: Beware blockchain.info
Post by: flatfly on November 26, 2013, 10:01:19 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isnīt encrypted twice.

Sorry but you are mistaking hash algorithms with encryption.


Title: Re: Beware blockchain.info
Post by: markjamrobin on November 26, 2013, 10:04:12 PM
Quote
using my btc address generated from a 12-digit code

A brain wallet generated from a 12 digit code? Unfortunately this likely isn't strong enough and address has probably been swept by an automated brain wallet cracking tool

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

is there any way to contact blockchain.info to refund me the money ?

There isn't anything we can do to recover the coins.

It wasnīt a brainwallet from 12 digits... It was 12 digits converted to sha256 twice, and then used to generate private key...

Hashing a weak key can never make it stronger. For your own good, don't use brainwallets or generate your own private keys unless you really know what you are doing. And it's wrong to blame it on Blockchain.info...

A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

My password to my web wallet is >20 characters, of numbers, symbols, and letters, and many people's are even longer. 12 numbers are not secure enough.

Yeah, but your password isnīt encrypted twice.

Sorry but you are mistaking hash algorithms with encryption.

If I hash that password twice, it doesn't make it any more secure.


Title: Re: Beware blockchain.info
Post by: olivdt on March 09, 2014, 01:12:28 AM
A 12 characters mixed with numbers and simbols, then converted to sha256 2 times, and then generating a private key with that hash its unsecured? Who, so all the entire bitcoin system is unsecured.

Hi Wolf Rainer,

Please read carefully the following article: http://www.palkeo.com/code/stealing-bitcoin.html

We can see how they were able to find many active wallets by generating addresses with a dictionnary. They actually found your address by using the passphrase "alfanumerico".

I hope this answers your questions!


Title: Re: Beware blockchain.info
Post by: mysidia on March 09, 2014, 02:11:32 AM
I encrypted it using an offline sha256 encrypter.

A 12-character password with double SHA256 is not secure.    348 billion SHA256 hashes per second achievable back in 2012.    http://hackaday.com/2012/12/06/25-gpus-brute-force-348-billion-hashes-per-second-to-crack-your-passwords/

If you want to use a key generated from a passphrase;  I recommend a minimum of 15 characters.

Use Scrypt, Bcrypt, or PBKDF2  with 10000 rounds,  not SHA256.

And rotate to new sets of wallets with a new set of passphrases at least once a year.

Make sure the cost to crack is at LEAST a few orders of magnitude greater than any funds available in the wallet ----   obviously,  if there are 100BTCs in a wallet,  and a hacker suspects a brain wallet,   they could justify  spending half a million$$ or more on hardware  to attempt a brute force of the passphrase.


Title: Re: Beware blockchain.info
Post by: cozytrade on March 09, 2014, 03:51:46 PM
Beware blockchain.info just stole almost 0.36 btc

Overall, a thief stole btc. blockchain.info did not steal them right  ??? Was mislead, although you are right to be careful for using online wallet.