Bitcoin Forum

Hello

Last night i saw a message of a Bitcoin transaction from my wallet that i didnt ordered of 9.67 BTC that was almost the total of what i have there.
So i saw that my BTC was been sending to 12bj8u6cKZoYjWksBpuPVMUj8sSkRRc89b wallet!

And im sure my pc wasnt compromissed, and i have 2FA enabled in a Phone i have only for this that dont even have a SIM card inserted, and been looking at my email logs and no one logged from a ip diferent then mine.

I dont open any emails i dont know, never used TOR, i have all instaled that protects me from any kind of malware, i have all the cautions about this as i never been hacked.

After this i had run several anti-malware...anti-troians...anti-rootkits...software, and they found nothing as i expected and again... i have 2FA in a phone without SIM that i use only to storage my 2FA keys so no way the hacker can get that, im 100% sure that the security breach was not on my side!

Blockchain should see the logs has i log always from the same range of IPs.

 - First withdraw - https://blockchain.info/address/12bj8u6cKZoYjWksBpuPVMUj8sSkRRc89b

 - Final Withdraw from the second one - https://blockchain.info/address/12cfKkiK9C3kfyrWeLP3jt76TmX52GDeRx

And my 9 BTC parked there, is the first transaction!

 - Splited withdraw with the rest 0.67 BTC - https://blockchain.info/address/14ceUvczuqTsA1mKYBqtpdQ5cc9mQbQrjC

And im sure more accounts at Blockchain are compromissed as i see more incoming in that last one!

Blockchain keep closing my requestes and replying with burocratic answers like...we are sorry but we do not control the users wallets!

But again i had Google 2FA on a isolated phone that i connect to net trough wifi once per 15 days to update the keys.

Thank a lot for your help and suggestions.

I just tried to log on to my blockchain wallet from a different country and I had to manually verify via email the logon attempt. So it seems unlikely that someone outside of your vicinity logged into your account without you knowing. Did you have the logging options within blockchain activated? If not then you're not going to be able to tell who did it.

Even so, I don't know if storing 9.67 BTC on a web based wallet is such a great idea.

TBH it is pretty irresponsible of these companies to not restrict outgoing transactions without verification via email at the very least.

Hi

I was 200% sure that having Google 2FA enabled i was secure... i was not!

I was moving those 9.67BTC from another place and was not to stay there, but 5 minutes after its confirmation, hacker sent them to the adresses i have described!

Well, that's a pity. Maybe from a wallet backup?

Really an horrible story, which no one want to happen to them.  Is there any way to recover them?

Blockchain keep closing my requests without a single sign that will help me at least to get to that IP that have logged to my account!

I never tought that Blockchain would have this kind of behaviour with users.

This just make me feel like they have some kind of responsability in it or they at least would help with the IP.

Did you have logging options enabled on your wallet?

That shit is gone.

Make a new wallet and also disable API key.  I had .2 stolen from me a long time ago so i made a new one..

How did you store your wallet backup?

That's the trouble with online wallets. Hackers working day and night trying to steal btc.

So sad to hear.  They must feel responsibility and need to help you as much as possible to find out the theft.

From your security measures (protecting your PC, 2FA etc) and this part of your post, it seems to me that this is not a hacked account but something to do on Blockchain.info's side that can cause private keys to be leaked.

This has happened in past with this site and who is to say this isn't one more of the site's vulnerability?

We can only verify when other users have similar issues as yours though.

Your mistake is you assume they're creating the transaction, they're not.  Bitcoin doesn't need anyone's authorisation, that's part of the appeal.

Then run the bitcoin core client?

The advantage of having an email log also is that there can be no question in situations like this--the IP address, browser, time, amount, addresses involved would all be recorded within that users email address.

How about the email account with a previous backup of your wallet? If hackers have your old wallet backup, they can extract your private keys.

This.  2FA doesn't apply to backups.   Did you have a backup emailed to yourself?  Stored on your computer?  Sent to dropbox?

Most likely, they already stike stole wallet backup / secret information when you sign up at blockchain.info
And there are low chances you use fake anti-malware/anti-trojans/anti-rootkits

Or the hackers use man-in-the-middle attack http://en.wikipedia.org/wiki/Man-in-the-middle_attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack)

2FA does apply to backups if you actually think about security; gmail, dropbox and many other services support 2FA. Of course storing items in plaintext or unencrypted on your harddrive is just asking for trouble.

Nothing is preventing you storing a backup securely using dropbox as long as you use PGP or something else to encrypt it beforehand.

Also, sharing the same email address for every single service is asking for trouble.

You forgot to take one of the biggest precautions which is don't keep big amount of your Btc in an on-line wallet. Sorry for your loss but your coins are gone forever.

Hello my friends

My email logs dont show any other IP then mine, so my email was not compromissed, and i never emailed my secret key, i had done one backup to email and then downloaded to a pen ages ago so why now?

I had several times, 5, 8 BTC and nothing has happened, why now?

Those 9.67 BTC was months of gathering and now im left with nothing!

And i had Google 2FA in a phone i connect to net trough WiFi once per 15 days to update the keys and dont even have a sim inserted, i got that phone only for this and i tought i was secure!

Already sent a email to the last guy that hacked Blockchain to see if he can help me cause i have my BTC parked in one adress and more time i waste trying Blockchain to help me more far i will be from recovering my BTC.

My 9 BTC "he sent the rest 0.67 BTC to another adress" its parked here!

https://blockchain.info/address/12cfKkiK9C3kfyrWeLP3jt76TmX52GDeRx

That first transaction that came from 12bj8u6cKZoYjWksBpuPVMUj8sSkRRc89b are my 9 BTC!

he sent from my wallet to 12bj8u6cKZoYjWksBpuPVMUj8sSkRRc89b then to 12cfKkiK9C3kfyrWeLP3jt76TmX52GDeRx

thanks a lot for your help

do you live alone or with someone else?
if email logs doesnt show any other IPs it could be an 'inside job'

I've never used Blockchain Wallet but I usually hear good things about them. I personally use Coinbase and I've never had a problem there. Does Blockchain allow you to store your Bitcoin in cold storage/offline? I think it's best to store the bulk of your BTC offline and just keep 1 or 2 BTC for day to day use (unless of course you use a lot). Coinbase's offline storage, the Vault, is a pretty cool feature.

Been talking to some ppl that say if i used my wallet in December for sure my secret key is compromissed!

Anyway, more time they take to give me a IP, more far i am from recovering those BTC.

If you used your wallet or if you created your addresses in September?

Already asked you if you had logging options enabled on your wallet. If you didn't I don't think you're ever going to see an IP address.

If you did then you should be able to see the IP address already.

See this kind of thing actually gives me a little scare how do they get you're BTC when you have 2factor on ???

Surly before you send coins you should have to type in the verification what has gone to you're phone! How do they get verification codes? 

Appreciate anyone with more knowledge than i clearly have.

ik_do i dont have ip logging enabled but im sure they have access to server logs!

Post all this info on reddit.com/r/bitcoin. There have been a lot of bci hacks lately. Many users got their coins back. You have to fight for your bitcoins. If it was re-used r-value exploit who got them, you should get them back afaik. Either way, search reddit. Good luck, and sorry either way.

Already made a Reddit post and thanks all for their answers and suggestions

link it here please thanks. ;)

Yes please. And sorry for your loss and I hope you can get it back. :( I also have a blockchain wallet but I've never stored more than 0.5 btc on it. I advise you to use a paper wallet for large amounts of btc next time.

here is my reddit link

http://www.reddit.com/r/Bitcoin/comments/2vgmu6/blockchain_wallet_hacked_and_bitcoins_stolen/

thanks

Cool thanks, but i see you never replied there... Did you figure out what happened and was bci of any use/help?

Also wondering about what happened. It makes me scared for my own blockchain wallet. :-/

It shouldn't. You should have logging etc enabled for instances like this so that you can know as much information about what has happened.

If you fail to enable logging etc, you are willingly asking for less information about what happens to your btc.

i noticed they been delisted as a service on the bitcoin.org site. lol.

It is not by location, it is by browser (they check for a cookie on your browser). They will not however allow you to authorize a login attempt by someone outside of a certain IP address range.

The most likely scenario is that the OP's backups were somehow compromised and/or has some kind of malware on his computer that would automatically create/push a transaction of all bitcoin stored on his computer