Bitcoin Forum

Two passwords, each unique to the site and a yubikey. Only device attached to the account was my cellphone - which was in my pocket while I was driving to work as this heist occurred.

https://blockchain.info/tx/1826f610d9dea7698d906da8f874974240204f42500fa621f1581c7023c6cc61

I think I'm going to vomit...

a lot of these threads here and on reddit the last few days... common factor always seem to be a cell phone. I think its fair to say some cell phone malware is going around.

Assuming this is legitimate, I'm very sorry.  So far it seems what's common among all these blockchain.info heists are linked mobile devices.  In any event, I no longer trust blockchain.info with any amount, whether my phone is linked or not.

Well that's just lovely. Nice to know that memorizing those ridiculous passwords and buying a yubikey was worth it. Time to go print myself a paper wallet.

IIRC, so far it's only been android devices.

Mother.... fucking...... thieves....
We really need to identify how the hell this is happening to people!

Well if it came from my phone, then I can tell you exactly where the malware came from, the only app I've installed in months is BitCare, because I needed a mining widget. I don't do much on my phone but make calls and such, I have a tablet for games et al and the blockchain app wasn't installed on the tablet.

this is why you don't use online wallets.

Armory is your safest bet.

Were you using the Blockchain app or a browser to access your account? 

I worry every time I update an app that one of these software authors got greedy.

I usually only keep a little in there for convenience and keep the bulk of my coins in cold storage etc, but I got way too busy and ended up letting too much coin pile up. Keeping that many coins there was my error, but it still shouldn't happen. Maybe where bc.info is a service that stores peoples coins they could have an optional feature requiring email confirmation before sending more than a configurable amount? I won't feel bad if someone steals $50 because I screwed up, but this is too much.

If that's the case, I guess the reduced functionality of the iPhone version of the blockchain.info app ended up being a good thing.  I have the blockchain.info app installed on my non-jailbroken iPhone and linked to a wallet that does not use 2FA, or a second password, and I haven't had any coins stolen....knock on wood.

Sorry to hear.  I have also experience massive online theft.



I have been experiencing an odd behavior with blockchain.info for the past few days.  It no longer accepts my alias - and email alerts me that my browser user-agent string is unidentified (and it's indeed my real user-agent and IP.)


*shrugs*

I don't think this is the fault of blockchain.info, well... maybe their mobile app... but this is why you don't use phone wallets.... which is a bit of a problem if its ever expected to be used for POS payments. Some enterprising genius better got on the stick.

If you're savvy enough to use bitcoin, i'd hope your savvy enough to avoid iOS devices period. That said, I don't know of any bitcoin wallets for non-jailbroken iPhones (i may be wrong of course as I no longer use one)

The blockchain info app is a fully functional wallet

Straight from https://blockchain.info/wallet/iphone-app:

"Where can I download it?
Due to restrictions from Apple the bitcoin wallet functionaility is not available in the app store version. However it is still available for free download with limited features.

For Jailbroken iphones the app is also available in TheBigBoss.org Cydia Repository"

Live and learn I guess. I've washed my pants with my physical leather wallet in them plenty of times, it was only a matter of time before I did the digital equivalent. I kind of wish I'd been more vigilant about keeping less cash in said wallet, but it happens. I've updated all my posted addresses, informed those who had the old ones saved, etc. Time to start being more careful about moving to cold storage again.

Wow, no end to the number of these :(  I feel something undetected has happened to the site itself.

how does it get past yubi key and 2 passwords....did it inject a redirect???

Apparently it's some kind of Android-based malware, so my phone was probably the culprit. What's really embarrassing is that I'm one of the "Ease of Use" panelists at the Bitcoin 2013 conference next month and I was about to sing their praises for how much easier they've made things.

It's always embarrassing to be the victim of theft I suppose, but everyone will lose some coins eventually, it's all about minimizing your losses. Thankfully I do keep the bulk of my coins in cold storage, I'd just taken a few too many coins in and hadn't sent them off to cold storage in way too long - an oversight I doubt I'll repeat after learning a $1,000 lesson.

My friend lost 7 coins a few days ago.  She doesn't use android, doesn't do anything else bitcoin related, and hadn't visited the site in 6 months since she set up her wallet in October.

So how did she lose her coins?  I have no idea, but something very odd is going on.

Can we get it analyzed?  Like, if you know enough, maybe see if you can find the malware and post copies; or if you don't, is there someone you could trust to image your phone and extract any malware?

Have you previously accessed this wallet from a computer or only from your phone?   Was this wallet initially established from a computer or from your phone?  If you've used a computer to access/set up this wallet in the past, does this computer have Java installed/enabled?  Have you ever visited the BTC-e website?

https://bitcointalk.org/index.php?topic=187823.msg1947257#msg1947257