Bitcoin Forum

Help...
I am not sure if someone accessed a backup of my wallet somewhere... All my BTC was stolen via a single blockchain transaction

43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

sent to here

https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857

if anyone has help or can apply any forensics... i am more than willing to pay a bounty to recover some of these funds... thank you...

skype me at "thestatdude"

Update: If you are feeling like helping a bitcoin brother out, donations are welcome. I have an 8k credit card bill on some of these coins. 1KrW7wDn4n6pndwikYh2fZtMXDsgaSfqLG. From now on, everything is stored in cold wallets ONLY.

if the hacker is here... please contact me... and sleep with a clean conscience, and no fear of being caught

sorry man...

You suck at security.

Sorry about your loss. Did you access blockchain.info using tor? There are a number of users had their coins stolen because of doggy tor exit nodes.

There have been numerous posts on reddit about blockchain.info hacks.

Give us more info, did you access blockchain via TOR ?
Did you click on google adwards for blockchain (phishing attack) ?

More than 1k BTC have been stolen, i am beginning to think their main server has been hacked and user/pass are being sniffed realtime.
Tell us more to make a conclusion..

shit, i'm sorry for your loss mate. i hate to read these things, i really hope there are folks out there that can help you trace this.

 :'(

How many hundreds of thousands of BTC need to be stolen from blockchain.info hacks before everyone stops using it for anything other than watch-only?

 :-\ Saw this and thought I should give my blockchain wallet a peek and thankfully everything is still there. I definitely don't keep my main stash there although it is a sizable amount. I had a friend that lost 5 coins over a year ago thanks to his android being "rooted" somehow, despite 2FA. I don't get how people are losing their shit on blockchain esp when I have an sms sent to my phone to login and it changes every 30 seconds or so. And, I've even had my network hacked and then subsequently cleaned up again like twice in the last year and still all is well. However, when I had an idea that something wasn't right on my network I definitely wouldn't log in to anything that was financially sensitive.

no tor, no mobile,

no record of 2FA being sent to my email

someone must have gotten a wallet backup and my password.

I know how you lost your Bitcoins. . .

Why are the transactions broadcast every few hours? Why didn't the hacker simply empty it in one go?

I wouldnt keep even 1BTC (mid-long term) in a wallet that i am not the only one controlling the private key.

You sir is retarded and you created your own misfortune. Sadly.

I still feel sorry though. I am canadian so i'll say it again. Sorry.

can you tell me?

i totally agree.
keep it in paper wallet. this was an oversight on my part. doesnt explain what happened though :(

maybe this helps i dunno.. your not alone at least?

http://www.reddit.com/r/Bitcoin/comments/2nkias/this_is_a_list_of_rbitcoin_users_who_had_their/

edit - sorry for the loss, i hate btc thieves, so i just got a trezor and actually, i only have one btc atm....

If you truly lost your Bitcoins, I am sorry to hear this, the transactions are irreversible. However, the simple fact your wallet wasn't emptied immediately, but over the course of several hours leads me to believe you are bullshitting us.

what are you talking about? It was all moved at once. the hacker then distributed it over hours to multiple wallets.

Guys,can you please send mictro transactions to that address, linking to this forum post?

these were my wallets. all emptied at once.
13brziR3KJB9eBWUmiSVa7HCtDGsoi5uPv
1KFCQqWJMFp3jP2YXQv5ZMgmXeZfQ8Levs
1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB
156VdKaw31FKNkDve1PLs3J4j2s1dnkfQc
1BUCKgFCb3UYcEEgEWibFSzgUnbpWRRfiC
12Un78NEExEM3SYoFYAQvKYwxtMJozb3K6

It was not emptied immediately, the supposed "attacker" first got 13.73BTC, the change was sent back TO YOU, a change of 49.999 btc. Then the next 3 transactions same thing.

yes, we intelligent folks can see that by the tx - https://blockchain.info/tx/43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

guess remember or whatever/whoever is in his cups already? lol.. sorry again statdude. :(

Derp, thanks. I got confused, thought that https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857 was the address of OP. Sorry for that, statdude.

Honestly, not sure what to think. If BC.I was compromised even with 2FA, then this means that there is some exploit going on in BC.I and piuk owes statdude 63btc.

yup, i'd say it should be up to the online wallet host to ensure those funds are returned, however that might happen.

statdude, how do you store your wallet backup or backups?

Here is the problem with disclosures like this:

1) Bitcointalk accounts are sold all the time
2) Some people may be faking these thefts in order to avoid taxes or other liabilities
3) This may be a way for people to lash out at BTC upon exiting the scene


I'm not trying to insinuate that this is anything listed above but it makes our job of accurately diagnosing security breaches more difficult and when you make comments like the above a month before hand .

I apologize for being an asshole for even posting this, but....heavy gambler, really into alts, and pissed off at Bitcoin all raise questions as well.

not a fake acct, anyone who knows me can verify this.

There was a backup on my computer of the wallet. So if they breached my PC somehow, they would have just needed the 10 digit password.

The hacker's addresses are as follows-

Hacker if you're watching, please contact me and we can work something out, don't draw this out!

1PKKHesnMstSDkqbXQzs1kep4qms2eRJFj
16uAPb6i3AJFebLyGzQAcxcrH9YQPaT1fa
15x41gpZkT1WtRZp5va9H3y2BNGkUgPPbH
1HYeQCcAjoHqFwwofBxiurjTqCkMn7a4N6

Blockchain.info wallet backups are encrypted?

Could it be that your email was compromised, and you had an auto-backup option of the wallet, where it gets emailed to you, unencrypted perhaps?

There are actually no copies of my wallet in my email at the time. I had deleted them all.

However, there was an encrypted copy on my desktop.

Did you empty your trash after deleting your email backups?
If you use gmail did you check your filters?
Have you scanned your computer for rootkits, trojans, and viruses with multiple programs?

Blockchain.info wallets are always encrypted when they are emailed to a user.

The fact that I find most strange is that 1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB received the change of the initial 63 BTC transaction and it also was one of the sending addresses of the transaction that "emptied" the wallet. This is not the expected behavior of an attacker. This address also had ~5 BTC left in it for ~14 hours after the attacker had emptied your wallet.

Checking for viruses now. I did actually miss a couple wallet backups in my email. However, they were all encrypted.

I was trying to send a message to the scammers addresses with a "blcokchain" note saying they were stolen coins.
But it seems they locked my account as i just submitted a support ticket?
I can't do anything in there (i just sent a little dust to send the public notes)

strange indeed, but i didnt notice as I was asleep.

How much entropy was in your 10-digit password?

uh your 2FA is your email, which means anyone that hacks your email can defeat your 2FA, and also they could probably figure out your password since they already hacked your email.

I thought 2FA was supposed to be an SMS to your phone. I admit I have not used Blockchain.info other than to store less than 0.001btc.

they offer both but...


Which means statdude was using the email 2fa which mostly defeats the whole purpose of 2fa altogether as any compromised account or computer can easily defeat and cover up this 2fa. With sms 2FA the hacker would have had to compromise his cell phone as well which is more difficult to coordinate if the user doesn't plug his cellphone into his computer.

Really sorry to hear about your loss.

What was your method of 2FA? Was it just your email account? Or SMS or Yubikey?

2fa was just email which does not appear to have been breached, but who knows.
I did just find a keylogger on the PC.
MSDCSC.EXE installed 11/19. that is also the same day as a wallet file mysteriously showed up.

Also just remember that i got a mysterious login on btc-e.
25.11.14 03:33   94.242.246.24   Successful login

This may be the IP address of the hacker.

good luck catching the thief.

why didn't you use cold storage ?

I meant to. Honestly, I almost always use it. I would have certainly put them in cold storage within the next few days.

I should have obviously done so MUCH sooner.

Searching the suspicious IP address turns up a TOR server. The user of the server with a non-spam email address on that day http://www.stopforumspam.com/ipcheck/94.242.246.24

Turns up " 11/24/2014 14:59   94.242.246.24   bletkorer   nghfgdfd@gmail.com "

lu   lu   l   luxembourg   49.610001   6.124000   root sa
Luxembourg   LU   not found   not found   49.750000   6.166700   root SA
LUXEMBOURG   LU   LUXEMBOURG   STEINSEL   49.676941   6.123890   ROOT SA

 ASN    5577
Name    ROOT
Description    root SA,LU
# Peers    7
# IPv4 Origin Ranges    17
# IPv6 Origin Ranges    3
Registrar    RIPE-NCC
Allocation date    May 15, 2009
Country Code    LU


   
Reverse   orion.enn.lu.
Reverse-verified    Yes
Country Code    LU
Country    Luxembourg
Region    Europe
Population    442972
Top-level Domain    LU
IPv4 Ranges    145
IPv6 Ranges    43
Currency    Euro
Currency Code    EUR
IP Range - Start    94.242.192.0
IP Range - End    94.242.255.255
Registrar    RIPE-NCC
Allocation date    Oct 21, 2008

Humans in general suck at security from what I have seen. We all are constantly making mistakes and only realize and or acknowledge them after an attack has occurred.

Everyone desperately needs to start using secure hardware wallets and multisig paperwallets - http://mycelium.com/entropy can help.

Well there is your problem. A keylogger.

Sorry to say your email was probably breached combined with keylogger.

Email isn't true 2FA (unless your email itself has 2FA with google auth or something like that) as it is very easy for an email to become compromised.

Even then you should also use other 2FA.

Sorry for your loss again and good luck.

2FA should be on different devices, and for 50+ coins I can not imagine storing it in a online wallet

But to be honest, it's still a hassle to use offline storage, especially when you are not an IT guy. It's very difficult to find a balance between ease of use and security, that's also one of the reason that banks exist

I think Trezor is the easiest secure solution right now.

Multiple 2FA (2FA emails, Yubikeys, google auth, etc) is the way if storing coins online.

How did I get this Keylogger? I am VERY careful and dont install anything that isnt virus checked.

Is is possible my IP Vanish software which uses Tor was compromised?

What's the name of this software. Is it created by someone trusted? Let us know.

Why the hell doesn't blockchain info have sms verification for withdrawals? Does anyone? Seems it would save a lot of thievery.

Lots of apps for sms. Google phone number on another device should be pretty effective if one does not have a smart phone.

I cleared out my blockchain account a while back. Might keep a small amount there in the future if they revamp their security.

I would steer clear of Tor for anything sensitive like accessing your email or banking. Its ok for cruising piratebay and flashyourrack if you are at work.

Sorry for the OP's loss.

LOL, anti-virus do only so much, to truly know if software is safe or not, you need to learn reverse engineering and check out every software. But really, you likely got infected by a Java or Flash applet.

Sorry as well, I hope your able to get it back

this post does not represent the majority, security is a learning process, our time is finite

Sorry about your lost.

I recomend you to use Linux, i use linux and i know my bitcoins are safe this way. i will never found a trojan or a keylogger on my computer, i recomend you to give a chance to linux.

You can keep tracing the transactions, maybe that whay you will find who did it.

Good luck.

I am curious if anyone has ever actually retrieved stolen BTC? are there examples of this happening? where would I look? google is no help.

Sorry to OP though. Not trying to rub salt in your wounds. that is a lot to lose. ouch!

think this guy ended up doing a deal with the thief to split the coins

http://www.reddit.com/r/Bitcoin/comments/2af2e1/500_btc_bounty_for_the_return_of_androklis/

fact is, i treated my blockchain.info as a WEB wallet, trusting them it was SECURE with 2FA alone.

it was not.

All someone needs can be found by hacking your PC and installing a keylogger.

they need no 2FA whatsoever if they then have your password.

Well, you can improve your security, by doing this :

https://blog.blockchain.com/2014/11/13/quick-bit-boost-your-password-security-in-one-easy-step/

But, when you a service provider with +/- 2 000 000 wallets, it should have been set by default, to the highest level.

I am truely dissapointed, but VERY happy all my money is stored in paper wallets.  ;D

So sorry for your loss. Its easy to say: why havn´t you done this and this.
Humans just make mistakes sometimes.
Regarding Keyloggers, i use "Keyscrambler" and "Spyshelter", which asks me everytime, when any process wants to start in the background, to confirm. It remembers all my decisions, so its a bit a pain in the ass only in the first 2 weeks, after that its mostly quiet, unless there are new unknown processes. This way it is not only dependent on database-updates and should alert "0-days" also. I used that in addition to my antivirus for a long time, never had a problem.
And whenever theres the possibility for 2FA to the phone, certainly i use that.
Hopefully this never happens to you again. Good luck.

Oh, and i knock a lot on wood . . .

Sorry about your loss  >:(
Did you use any remotedesktop SW like TeamViewer? With email as username?

Your name on here is statdude, so I assume you are into learning about statistics. Did you ever do a risk assessment on your storage options? Why would you use something where if they know your actual password from a keylogger they get it? Why wouldn't you use a true 2 factor and tie it into your phone also? It also helps to use things that prompt you saying things like "we noticed you haven't logged in from this ip before please verify yourself" which can turn 2fa into 3fa if that question gets sent to another email address just to prove the first challenge question.

as i seen blockchain protect with email / sms code for every transaction.

if you disable this. it is your fault.

but by your case, its seems you got catch by virus bot.
and its look strange that your money is stuck in this address. and nothing action after by the thief.
1HYeQCcAjoHqFwwofBxiurjTqCkMn7a4N6

if blockchain.info could be hacked, there would be A LOT more users and bitcoin got stolen. Total number of user reported is only about 20 i think.


Hacker still need 2FA (as second password) because knowing password only isn't enough to login (unless you turned off 2FA). In your case you have 2FA sending to your email, so it's obvious to guess the hacker also got access to your email. Why don't you use 2FA on your phone ?

Furthermore, if your PC got infected with trojan/keylogger then clearly we can't blame Blockchain.info

This is also the reason i laugh at everyone saying Bitcoin is safer than bank. Hacking to a personal computer is much easier than hacking into the bank !!!

I am a new bitcoin user that uses blockchain as a wallet. I have used the above advice and gone from the default of 500 iterations to the 20,000 maximum.

What makes Bitcoin wallets different to typical online banking ?- And if your on-line bank account is hacked the bank is responsible for the loss.

Why is this not the case for bitcoin wallets?

I really feel for the stat guy and deplore some of the responses on this read saying he was to blame.

Bitcoin will never reach its potential if a newbee has to go through a raft of additional measures to keep their wallets safe.

I don't want to f about with Trezors and such, i want to use my wallet like a bank

why is this so difficult ??

Its not difficult. Just get a coinbase or circle wallet with sms 2FA and they provide the security you need from hackers and insurance as well.

What they will not protect you from, in actuality they will expose you to, is theft from the state in the form of capital gains taxes when your Bitcoins go up in value.

Damn, that is really hard.
I am glad, I finally managed to put most of my coins in paper wallets. For me it was just laziness that I postponed that for months.

Do make something clear, since so many people don't seem to understand that. The difference between bitcoin and fiat is, that with bitcoin it is your responsibility how secure they are. That is one reason why banks have hefty fees: They use part of it to ensure security and insurance. You can't have both: no fees and someone else takes care of the security

So, yes, bitcoins are much more secure than a bank, if YOU make them that secure. But it is not that hard to store them securily: Printing out paper wallets is really easy. Protect them with bip38, store one copy at home and one copy at another secure place and you are done with the security.

Bank are also scammers and the fees go to a lot of needless jobs now we have blockchain tech

Please let me make sure I understand you. Are you saying that just because you use Linux, your Bitcoin are positively secure?

I have multible wallets, 3 hot wallets and off line cold storage. I also have signed up for the coinbase vault but yet to use it.
Funny thing is the only wallet i had which got hacked was blockchain but it was a very small amount and i didnt have 2fa back then.
I would advise like many other members already have is to look into cold storage, usb or paper wallet.
If you dont think you know enough about btc security yet then sign up for coinbase vault till you learn more. I know many members won't agree with me on this but its safer from hackers.

Linux alone isnt enough obviously, but using windows makes your PC positively insecure.

I wrote a detailed article on the secure ways to store ones Bitcoin:

https://bitcointalk.org/index.php?topic=858604.0

Thats horrible, sorry to hear that dude.  WTF

Anyone you remember got in the house with your computer unattended?

Sorry for loss man!

Is it worth contacting Blockchain Support, if you haven't already done so? Seems like your not the only bitcoiner to fall victim to unauthorised 3rd party applications. Perhaps there's a way for the Blockchain web wallets to run a keylogging sweep?

Are Mac users (OSX) better protected in this case or just as susceptible as Windows/Linux users?

Umm, Linux is in no way as susceptible as Windows.

Linux and Mac have similarly strong security - Windows is a joke.

Seen before similar incidence when other guy also has 2fa authentication enabled but still lost the coin. Keeping in armory and hope for best

If you have a Keylogger on your computer the only thing that will stop unauthorised withdrawals is SMS 2fa - which I understand blockchain.info offers.

If you only have email 2fa the hacker just needs to wait until you login to your email service and they have the password. Then they wait until you log into your blockchain.info account and they have all they need. They could even delete the email from your email account after authorising the transaction.

Note, a keylogger will also give someone access to your local wallet passphrase too. It happened to someone I know and they lost a couple hundred thousand dollars worth. Keyloggers are very very dangerous.

What I am not sure about is if a malicious user gets your blockchain.info login details and you have SMS 2Fa activated can they still grab the private key. That would totally defy the purpose of SMS 2fa so I assume not but I am not sure.

I've made a quick guide to fully securing coins on Blockchain.info for beginners as these horror stories really upset me: https://bitcointalk.org/index.php?topic=876492

Have there ever been any cases where Microsoft were held accountable/compensated for security flaws in their OS?

Man im so sorry for you, who would have know that using TOR is security risk.
Im feeling your pain.

Thanks for sharing!

Your thoughts on 3rd party devices, such as Trezor? I'm worried about losing the device if I buy a few.

(Though sure they would have considered that) Just wondering in the event of losing device, how quickly Stored BTC funds would be recoverable and the process involved?

You can back up to paper wallet easily with their tool so even if you lose the Trezor the coins are safe. Also the Trezor is password protected so as long as your password is in your HEAD only they cannot steal your coins. This is just my understanding of it and I can't make any guarantees.

Me too? But surely possible to "clone" somebodies sim card remotely?

I prefer Yubikey for 2FA on blockchain. Cell phones are too accessible

Your thinking about security wrong. All Turing complete devices are susceptible to security flaws. The only way to have a good degree of confidence is by using single purpose security devices (hardware wallets), paperwallets, or multisig where some of the key are in cold storage.

Even if one had 2fa SMS a compromised computer could transmit a worm to the victims cellphone when it was plugged in or connected to the same network.

You can only have a certain degree of confidence in security and 100% confidence never applies to any system or industry.

dont think that blockchain is not secure but that your computer has team viewer, maleware or TOR installed. or several people have access to your pc etc etc

Wow!  You are a real optimist man.  At least you'll be able to dream up some 'bright side' to think about from this point.

Its tools like this solitude turd that perpetuate the problems inherent with BTC now.  I'm glad to see that the majority of users here sympathize with Statdude and are actually providing advice and trying to help.

SMS 2FA is the key, that way they need to compromise your PC and have physical access to your phone.

virus scan doesn't mean shit any competent hacker will crypt his malware to be undetectable to av and any half decent bot or rat can scan your computer for wallet.dat or anything bitcoin related in a few seconds, 90% its someone from ukraine or russia and you will never find them or your coins, sorry for the loss i' be suicidal over this

its over for you, sorry...you wanted anonymity, well you got it even when you are hacked and smashed....that is why everything needs a central authority, even BTC, otherwise its doomed..who would trust in that system...anyway...

Blockchain does have the withdrawal password option if I remember right. Don't they also have an on screen keyboard that would defeat a keylogger? 

Thanks for the comments guys... PLEASE send dust to these addresses with a public comment marking them back to this thread..I have been trying to do so but it will not work for some reason. I am doing anything I can to get these coins labeled for all to see.

You already know what addresses your coins went to.  Im curious how sending additional dust will get these coins labelled.  Don't quite understand what that will accomplish.  Could someone please explain?

You can send dust with a public note in blockchain.info, viewable by all.

It appears my gmail was logged into on 22-Nov. Google was supposed to send me a security notification to my phone and email, yet I received neither?

Also, how is my gmail logged into when it has 2FA Google Auth activated???

Here is one way how:
https://www.duosecurity.com/blog/bypassing-googles-two-factor-authentication



If your computer has a trojan keylogger and you are storing your backup on it all a hacker needs to do is capture your password to unlock your private keys without any need to verify 2FA with Google. The hacker can see and read back a history of everything you type on your computer while you are infected.

Once your computer is rooted you are completely owned. If your cellphone communicates with that infected computer in anyway it can also be compromised. 

Well, would that may be possible via my Thunderbird ASP?

Still though, why did I receive NO notification of the suspicious login?

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

I think your blockchain.info 2FA was based on gmail and gmail 2FA was based on SMS verification. Am i correct ?

Could it be that his 2FA email did come, but the attacker deleted it?

I sent you the link how one can bypass Gmail 2FA.

https://www.duosecurity.com/blog/bypassing-googles-two-factor-authentication

Just one method, but there are probably other ways. This technique allows one to access without notification.



I think he is referring to Gmails 2FA through the google authenticator app on his cell and not blockchains email 2FA.

Best of luck. But your chances look really slim.

Maybe try to negotiate with him and give him 10% or something to have any shot at getting it back.

Well, sorry dude. I don't think you can get your btc back.

This is why I only use "bitcoin core" wallet. I don't trust any online wallet or exchange...

Next step is to contact the authorities in Luxembourg and subpoena the records of the ISP.
That is enough money to pursue and you already have at least one lead so If I were the hacker
I would try and negotiate a deal soon.

Very nice of you creating that thread, very usefull for newbies. After my little loss of btc last summer i start using spybot for keylogers and rootkit scan and 2fa sms to a simple phone, smartphones sucks. I also use virtual keyboard while typing passwords.

I'm really sorry for the OP who lost such a big amount of BTC and wish cancer to the thief and spend all his stolen funds to doctors. Rot in hell!!!

I don't even think a 50/50 split agreement would persuade the thief to return the money, after all, he is a thief and planned this theft.  I know there was a link in one of the posts of this thread to a case where the thief did return 50% of the coins, I wonder what the circumstances were in that case, what coerced him to return half the coins.

Wow! that should scare him into submission.  You don't deal much with Russians - do you?

If the hacker is Russian, the chances to get 0.000001 btc back are 0%. But if he is located somewhere in Europe - there is a slight tiny chance.

If the hacker is Russian, your mom will lose her bitcoins next. 

Sorry to hear about your loss, statdude.

There is likely no split that would potentially compel a thief to return the OP's stolen bitcoin (assuming he is telling the truth), unless he left behind some evidence of his identity. If there was some level of evidence then it would potentially be possible the thief would return some percentage of the stolen money depending on what laws were potentially broken and how likely the evidence would potentially lead to the hacker's actual identity, in exchange for the OP agreeing not to contact law enforcement and agree to not press charges (and to not testify in the event that law enforcement does get involved)

sometimes credit cards pay back for stolen stuff, look in the terms and conditions

I would say that the hacker almost certainly used some kind of VPN or socks5 proxy to connect to the OP's blockchain wallet and the email account was likely hacked or compromised. Unfortunately these are generally common elements that many bitcoin related thefts have

 :( I just heard and I am deeply sorry stat. I hope you can recover them soon.

In reference to your kind messages to me two weeks ago - this is karma.

As the lovely names you called me in PM, this "insert negative name here" now has 20 BTC more than you and not a single penny of debt. Credit card, ew? Why ever invest on credit cards when this market is known for thievery and hacking? The overall EV of that decision was definitely -EV, I think you didn't run the numbers or "stats" well enough on that decision way back and now its costing you. Have fun talking to those CC companies and debt collectors... :)

hopefully before the Zerocash release  :-X

https://bitcointalk.org/index.php?topic=362468.msg3878992#msg3878992

Yeah 10% you have no chance the hacker would rather take the risk, you are looking at 50/50 or 60/40.  If the hacker is reading just do a deal with the person you hacked, you taught them a lesson on security, you made some money and they wont be chasing you all your life.  Win win all round.

I'm still awaiting this answer from OP.

It was not, unfortunately. it was setup based on email verification.

I don't know if this is what happened, but there have been some suggestions that this may have been caused by a Tor exit node.

Don't know precisely what this means, but I was using a VPN service at the time I believe functioned through Tor called IPVanish. Could this be the cause? How would I find out?

http://www.btcfeed.net/news/rogue-tor-node-hijacked-blockchain-info-accounts/

If your gmail account doesn't have SMS 2FA that might be your security weak link, Check your account activity:

https://www.google.com/settings/dashboard

If your VPN was using tor to hide your identity then there is a good change that you were subject to a MITM attack when you tried to log into your blockchain wallet. However I would be somewhat surprised if a VPN was using tor as tor is very slow and I doubt they would get very much business with the speeds that tor can provide

Sorry statdude for your lost lesson to learn
hope you manage to get it back
Now i am using PRO HMA VPN should i disconnect it when i access Bockchain
or any other online wallet despite the fact of using 2F Auth or not

Which VPN service?

HMA PPTP connection

it's called IP Vanish and connected thru Tor, although I did not know that.

Update - Coins have been moved to these addresses, any ideas?

1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received   1,009.127 BTC

1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received   41.74661948 BTC

1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received   745.6897046 BTC
Final Balance   745.6897046 BTC

14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received   43.7795 BTC
Final Balance   43.7795 BTC

The chances of you getting it back now bud are really slim.

Sorry.

Please 1 BTC should be everyones maximum limit on online wallets. Mine coins were too stolen from android wallet so I stopped using it.

Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...

This horror story reminds me of the whole inputs.io scam. I remember the first time i heard people saying their money got stolen all of a sudden. And i knew it had to have been an inside job, since it wasn't possible for all those 2FA-protected accounts to be cracked... When i read the thread title, i immediatly logged into my blockchain.info account to see if mine wasn't stolen either.

Bitcoin transactions are not reversible. That's the whole point of bitcoin anyway. So i'm afraid your 63.73 BTC is lost for sure. There simply is no way of ever getting it back. Unless ofcourse you could track the money to some casino or whatever, and report it to them as stolen money. You would be able to prove you are the owner of that address...
Sadly, it's extremely hard to track down those funds.

Any attempt to track your stolen bitcoin via the blockchain will likely be fruitless. The fact that bitcoin is fungible means that anyone can potentially trade bitcoin for other bitcoin (or bitcoin for various altcoins), and/or potentially send the stolen bitcoin to a mixer and someone completely unrelated to your thief could not be in possession of inputs that can be traced to the outputs of your stolen coins.

IMO the best bet of finding the thief is via IP tracking of the person who logged into your blockchain.info wallet. I think this would likely also be fruitless if your VPN was connecting to the internet via tor exit nodes as you seem to think they were.

Seems to be have been mixed.

https://www.cryptocoinsnews.com/tor-users-can-now-connect-blockchain-infos-onion-address-securely-ssl/
 (https://www.cryptocoinsnews.com/tor-users-can-now-connect-blockchain-infos-onion-address-securely-ssl/)

How nice, I get to be the martyr and foot the bill for blockchain.info to beef up their security.

Still ironic google 2fa protected everything except my gmail (I'm assuming), which gave up nothing except the wonderfully backed up copy of my wallet sent right to my email (thanks blockchain.info for your genius default settings, very secure).

I'm guessing keylogger did the rest by hacking my application specific password to Mozilla Thunderbird and using that to breach Google with 2FA.

I still don't understand the supposed MITM Tor Exit node attack but it may be possible. I just have no idea how to confirm if that's what happened. I do know my Google and Blockchain accounts were maliciously logged into from a strange IP address and neither sent me any sort of security alert (google was supposed to via SMS)

thanks to those with kind words.

I've certainly gained a lot of lessons about trust dealing with bitcoin. don't trust people, don't trust any form of security, & anything bad that can happen to you, most certainly can and will happen.

I wouldn't think of using anything but Bitcoin-QT.  It is intensive but once the blockchain is downloaded there is minimal effect on my computer experience if I leave it open.  I'm not even terribly confident that it is secure and I have a pass code that takes minutes to input (random phrases from Ulysses).  

I finally broke down and installed a phone wallet but only for the novelty.  There is never more than fifty bucks in it.

These stories kind of scare me.  I don't have nearly the amount that OP had but I don't want to lose anything that I have.  2FA on an email account might seem like an inconvenience but is necessary in my opinion.

I feel for you, OP.  I hope that there is a way to bet your BTC back...

Edit - I have no idea if it works or not but I type in my password and then hit five random keys (anywhere in the middle) followed by hitting the backspace five times).  Even if it is placebo, I have always thought that was a way I could defeat any potential keyloggers.  Note - I am not the most tech savvy individual in the world.

Certainly words to live by in general and even more so in the realm of unregulated crypto currencies.

Holly crap!

I don't know how to react.

Most I can tell you is check with the addresses he sent them to are coming from. For example if he sent it to a gambling website, perhaps you can then ask the admin for his username or IP or something that can help you better.

Good luck mate!

wait how the heck is that even possible though..someone stealing wallet.dat file?

or however online wallets back up work.. fuk thats gotta suck..esp when they mixed coins.

made me LOL

This would not foil any potential keylogging attempts of stealing your password to your wallet. A keylogger can see all the keys that you press so if they attempt to decrypt your wallet with your password, they can simply delete the last 5 letters and then would have access to your wallet. A keylogger would not even know that you entered them in the middle of your password so it would not affect it.

Also blockchain.info allows the 2nd password that is optional and will allow you to send funds can be entered via a "screen" keyboard which prevents most keyloggers from capturing your password

Sorry bro.....
Are you link your email to your Blockchain account? Maybe there is a private key backup file that sent by Blockchain in your email. The hacker get access to your email, he got your privet key, he got everything.

Sorry OP about the loss. I hope you catch the hacker and make him pay. It would be useful to know how your computer was compromised, if you ever find out.

And just a heads up for people talking about online wallets, Blockchain.info being online isn't what made it hackable in this case. If your computer is compromised - as appears to have been the case here - then any bitcoins that computer has access to, either on local wallets or online wallets, are in jeopardy.

Thank you for the post.  I can appreciate my bubble being burst as it does help.  Not sarcasm at all.

I pretty much don't touch that computer outside of work and three websites.  I'm on a different computer for this forum and other BTC related activity...

Trust me, I would love to catch them.

The most frustrating thing is I have NO idea how I got a keylogger. That has never happened before, and I wonder if I was targeted somehow by someone I know. The only explanation for that, would be somehow my TeamViewer had a password I used somewhere else that was leaked, but it's impossible to verify now.

I had no idea you could use 2FA for Teamviewer or I would have. I also should have had a stronger and more unique password there obviously.
I also would have used the On-Screen keyboard for blockchain.info or any sensitive passwords, and turned off blockchain email backups of my wallet, which they stupidly had on in default settings.

I would even consider restricting login to certain IP addresses. I thought about this many times but was worried I'd lock myself out somehow.

Any of those things may have saved me. I am still not sure if Tor use had anything to do with it, but if it did, that's even more upsetting.

And NEVER have trusted Google to protect my account in any way shape or form.

The irony I just put all my BTC there for safekeeping the week before is what really astounds me.

Google 2FA = total failure.  

damn, i feel for the op. being gutted like a fish is not cool..

i hope something good happens to you.

Thanks man.

To any true bitcoiners interested: I realize this is a long shot, but I am willing to be the face of a campaign to increase bitcoin security standards, thus making it more accessible to the common user. If you or your organization are interested in collaborating on such a campaign, I am willing to put a public face to this through interview and speeches.

All I ask is the opportunity to recoup some funds over time via donations. I am still a bitcoin believer, but believe the average user and service has a long way to go on security. I've learned a lot of lessons through this ordeal I'd like to share to improve best practices and help drive bitcoin forward. 

If I don't find anyone to collaborate with, I will likely start my own YouTube channel or podcast to promote bitcoin security. If you are interested in participating either via editing/graphics or being on the show, please PM me.

By the way, blockchain.info delisted from bitcoin.org due to lax security. Appropriate? http://www.reddit.com/r/Bitcoin/comments/2ogyt4/blockchaininfo_has_been_delisted_from_bitcoinorg/

Regards

After selling all of my BTC and deciding to get back into the crypto realm... I am seeing many more breach stories. Really makes you realize the importance of taking any large amount of coinage you have 'offline' and onto paper secured in your private possession. Sorry for your loss OP. Valuble lessons and whatnot.

Um I'm not too familiar with teamviewer but that might have been not so smart, as teamviewer would give access to your computer to the person so who knows what they could do.

I'm glad I didnt go the blockchain.info route as I seen too many probs there, I only use electrum the best light pc wallet around

I think this is great that you are turning this negative experience around into the start of something new.

Good luck with your project, and who knows maybe you will make much more than the coins lost if your project takes off (of course I hope you may yet still recover the coins lost too).

This to me is an important lesson in sandboxing and compartmentalizing your bitcoins.

Store the majority of them in proper cold storage--- e.g paper wallet or a old laptop with a clean os install. These are things that are dedicated storage device and generally never exposed to the Internet other than to move coins. Never check email or go past cnn.com.

Store the rest of your coins that you conceivably need to spend on a consistent basis on your phone or regular desktop.


Don't rely on touchID or coin base or 2fa or Google. If you possess any amount of coins that isn't nominal, you are a target with a gigantic flashing red light that says "try me"; period.

The issue was not the lack of physical and/or local security, the issue was that the OP was effectively using tor (via a vpn) and the exit node was able to launch a MITM attack

So if Tor isn't a safe patch option....

I doubt it. People are probably just losing their coins through lack of security or hackers on their own end.

this is pretty newb question, but what does TOR really hide you?

some people argue it doesnt, so im just trying to get an ideal response. As for the 63 btc loss how do you prevent this? besides the 2fa setup.. it seems like this can happen to anyone. I thought the 2fa helps a lot..

2fa didn't do shit for me.

no chance of getting this back.

thats beauty (and ugliness) of BTC

All that 2fa will do with a blockchain.info wallet is prevent an attacker from accessing your identifier. If they have a copy of a backup then 2fa will do nothing for you. If they successfully launch a MITM attack then then they could trick you into giving your 2fa code along with your password, which would allow them to download a copy of a backup.

It also appears that blockchain.info has made some changes to their security. They apparently no longer allow people to connect to blockchain.info via a tor exit node, but rather force them to use their .onion address. This will get people out of the habbit of trying to connect to their .info domain via tor and into using their .onion address

When one connects to an https: server over Tor, with which entity does the server establish an ssh-protected session? Is it you, or is it the Tor exit node?

okay, important question, where does one go to find a good paper wallet to print out.

without putting the private keys at risk, etc when printing it. yeah im paranoid.

Computer offline with a live OS, generate keys with bitcoin-qt, print, and it's done.

Hopefully Statdude got his BTC back,

http://www.coindesk.com/hacker-returns-225-btc-taken-blockchain-wallets/

Not the same breach or coins, unfortunately.

Too bad.  They seem to be having serious security issues.  I wouldn't store any BTC there given these developments.

i had 17 Bitcoins disappear last December  on blockchain.info and when i reported it to there support they asked for my wallet id and password to investigate same night someone acting as myself asked for my refund giving all my details even going into my back office taking off my 2fa (code to email)   and i didn't even know he done it as i didn't receive any notification it was taken off.  long and short of the story blockchain.info through there incompetence sent my refund to completely the wrong person because he gave his new BTC address and my wallet id and password :(