Bitcoin Forum

For the last couple of months, since my UK banking partner ended its relationship with my bitcoin OTC trading company, I have engaged in high volume cash trades with a couple of regular clients.

My modus operandi has always had a strong focus on security. I keep a lot of my coins in cold storage but I also have one main trading wallet on blockchain.info that has 2-Factor Authentication enabled. When a trade is organised, I send coins from this wallet to an intermediary wallet (also blockchain.info) using the shared send feature with my IP address concealed. I then obtain a new identity and repeat this procedure, sending the coins to a blockchain.info address attached to a phone I only use for trading. The relationship of my primary online wallet to the one I use to trade is therefore very obscure. Once the trade is completed I never use the same intermediary address or trading address on my phone again. The computer I use is rarely used for anything other than bitcoin trading, has multiple levels of encryption, has all scripts turned off on the internet browser, employs little snitch to guard against keyloggers and is never in the presence of anyone I trade with. Once I walk away from it, even to go to the toilet, any sensitive info encrypted in a hidden container.

A couple of days ago, I logged into my blockchain account to find my coins gone. I felt I had been a victim of a man-in-the-middle attack that grabbed my password and that that person also cracked Google Authenticator. I knew I had no hope of getting my coins back and actually did very little to even attempt to do so. Then yesterday, when I was trading with another customer, he informed he that he heard from another trader that people had backdoor access to blockchain.info and 2 weeks ago they stole a very similar amount of coins to what I had taken. I called the trader the information stemmed from (whom I also trade with regularly) and asked him about it, never telling him that I had coins stolen. I met him for a trade today and continued to quiz him, feigning interest in learning the technique so I could engage in stealing myself. He refused to tell me his methods but said that with the help of friends he was able to gain access almost 'at will' and that 2-Factor authentication (all forms of it) was no hindrance. He bragged that he currently had access to a wallet with 1800 BTC in it but needed the wallet address to be able to steal the coins. (He also said that Bitstamp has been compromised several times but that this was never made public but didn't say it was him and his associates who did this). All the while I was questioning I didn't really believe what he was saying, I guess I was just going on a slight bit of hope it was related to my loss. He also claimed that when he had compromised an account, he flew to a foreign country to steal the coins and dumped the laptop immediately. The whole process takes about 4 hours apparently. Again I'm not sure why anyone would do this considering there are many ways to conceal one's IP. Eventually, I quizzed him on his 'big score' from a couple of weeks ago. The amount he claimed to have taken was the exact amount I had stolen. I immediately told him that they were mine as this couldn't be a coincidence. He asked me for proof that I owned the wallet he compromised and I told him he'd have to accompany me to my place and to my computer. He refused to go. I repeated that I knew the coins were mine, it's too much of a coincidence and that I wanted him to return them immediately before I called the police. He first said, "No way, I'm smarter than you", then completely changed his story and denied ever saying anything he said previously. I left him by giving him 24 hours to return my coins before I involved LE. They are still in the same address they were sent to after the theft along other coins.

The fact is he's stolen my coins. What is up for question is how he did it. If he has compromised blockchain.info, why does he need wallet addresses to finish the job? Is that why he needs to have contact with someone he steals from? Despite having trading contact with me, how has he isolated the identity of my primary wallet considering the steps I have taken? The most confusing element of the story is however, how on earth did he not know it was me he stole from?

and?

.... The suspense is killing me

a lot of members are facing problem with blockchain.info
you should report this issue and stay away from this untill this issue is resolved

sorry pressed post by accident. full account now there.

Do you have links to these threads?

We should be fine if we are using Dekstop wallets right ? even if transactions can be seen on blockchain.info  :-\

here is one of them
https://bitcointalk.org/index.php?topic=843228.0

Did your coins end up at this address?

Thanks. Malicious exit node (I have accessed it through TOR once - stupidly), man-in-the-middle is what I thought from day one. It's the only thing that made sense. It's the only thing that still makes sense. However, how is it that this guy has stolen an identical amount recently and is making these claims about accessing blockchain.info? Maybe it's just an insane coincidence but the number he quoted is the correct one right down to the bitcoin.

PSA: If you don't control your private keys you don't have any bitcoin.

Sorry for your situation and I hope you get your bitcoin back. That is a pretty surreal story to say the least. 

blockchain.info actually does not control your private keys. If you are actually connected to their site then you will generate, encrypt and decrypt the keys locally.

The OP mentioned that he would use shred send while "keeping his IP concealed", this implies that he was either using tor or a no-log proxy, and it is possible that someone used a MITM attack to capture his password and 2FA code, then logged into his wallet, downloaded a backup, then loaded the backup to a new wallet (without 2FA enabled) and sent the coins to an address the attacker controlled

At the risk of exposing my ignorance on this stuff that post went completely over my head. That is exactly why I don't keep bitcoin anywhere but in a paper wallet. Thanks for the correction though. I need an occasional reminder about how little I know about internet security.

So is this only a threat when using tor or is that kind of attack possible with all browsers?

Interesting.
More to the story...not smart accessing via TOR.

If this were the case then the attacker had at most a 1-minute window to log in since the same 2FA code was used. I would think that some security feature could be easily implemented on the website to prevent the same code from being used back-to-back in 2 consecutive logins.

afaik when using blockchain.info they never have your private key?
did they change that (havent used them for a while)?

this is Mt.gox all over again. At first some users faced some problem, all of a sudden the whole site goes dark. Fellow BTC users, stay sharp.

I don't think that coins can be stolen from Blockchain.info. The site is designed against any possible coin theft. Also, they just raised $30 million a few days ago, to improve the security issues.

Sounds like a tall tale to me
That said, would love to hear if there is an update/sequel to this story

Sounds like bullshit to me too. Obviously bitcoin can be stolen from blockchain but when it is it's usually the users fault for being lax on security someway. I don't buy this being in contact with the hacker bs unless you can provide more proof of it.

If I was reading this I'd say bullshit straight up too. I don't blame you. Thing is, this happened to me. I've lost a lot of coins and this guy told me what he told me. The only way I can make sense of it is that I was attacked in ways alluded to here and the guy I spoke to is talking shit. I guess I did feed him with answers in some sense since I suspected him of thieving from me but other info he volunteered. He did also show me a wallet with 867 BTC in it.