Bitcoin Forum

hello all ,

I'm very surprise


I can't say anything but my wallet hacked even when i 've use 2FA including email confirmation code !!!

And i surprise that there was no click on confirmation code in my email !!!!!!

Very very intersting bussiness

Please use offline wallet and say goodbye to blockchain

With 2FA you mean Google Authenticator? Or just the email?

Well, did you get hit with a phishing attack? Or maybe you have keyloggers in your system?
You know, most of the cases it's due to the owner's own fault of not securing properly.

Can you share with us more details ? On how does it happen?  

What have you done before that happen? Any importing/exporting?

Maybe someone just compromised your wallet backup? And this is how he gain access to your wallet?


Regards.

If you've got a keylogger it probably also got your email password so they could easily gain access that way.

Do you store a back up of your wallet anywhere? Hackers can get them if there's one saved in yur emails and they donbt have 2-factor just your main password.

guess your pc is full of maleware and your 4 friends also have access to the pc? hmm, strange that all coins are gone   :P

i bet he has an altcoin client on his pc or that "bitcoin generator" app from youtube. that seems to be the likely culprits that trojans are coming from

How do you store the backup?

Again and again this type of thing happens, and people say something is wrong with the site.  Come on man, you have friends who have access to the computer?  We need more details - my guess is you're too embarrassed and not going to give more details.

Sounds like your backup JSON file was compromised, and a possible keylogger swiped the password necessary to open it.  No 2FA required if so.

More detaile ?

Are you serious ?


This is not the first time someone hacked in the site , just search google , before me there were many people .

https://bitcointalk.org/index.php?topic=188639.0
https://bitcointalk.org/index.php?topic=588644.0
https://bitcointalk.org/index.php?topic=120865.0

When they said we hacked i tought they did not keep security issues but today i reliaze they was right and something is strange !!!!!

Maybe the site itself has a keylogger !!!!!!

I'm using last update Smart security NOD32 and malewarebytes permium !!!!!!!

The stolen BTCs it's not our fault security it's about blockchain.info , i guess the site steals bitoins itself and there aren't any hacker . if there was a hacker Maybe he was very very high IQ and guess my passwrod :)))))))

I don't want doubt with you guys and wanna go to bed

Tommorrow this will happen for you and you will understand why the site is not Okay for your bitcoins but that day is late for understand !!!!!

How much u have lost ? What is your address ? Care to share ?

Did you have Google Authenticator on blockchain?

Did you have 2FA on your email account?

Hey you are too sensitive ...

I am just curious HOW does it happens. Because there is always some cause of it and a reason why does it happen.

More details - I wanted because it is not easy to truly understand what happen in your case.

To make some investigation and to find a problem why your wallet got compromised we need more details.

interesting how someone able to breach 2FA security  ??? maybe someone close to you  ::)

I have to confess when I read this I also start to worry.
I was thinking that blockchain is safe with they added security- email code and 2FA  but it seems that there is no 100 % protection on Internet.
Maybe better you use offline wallets from now on?
Regarding this hacking accident do you use shared computer?
In public places?
Or in your household more people use the same computer?

Securing your blockchain.info account access and securing your private keys are not the same thing.  Hackers don't need access to your blockchain.info account to steal your bitcoins.  They just need to gain access to your private keys after they have been decrypted by your computer.  All private keys should always be kept offline and all transactions should always be signed offline.  Private keys on an online computer will be compromised.  Computers are not designed to secure private keys!

Does your email provider have 2 Factor Authentication enabled? Not just the 2 Factor on the Blockchain.info website, you need it on both your email and Blockchain.info to be safe from logging. If you only had it just on the Blockchain.info website, I can imagine a keylogger in this scenario would allow someone to take your coins. Ex. Log email info and blockchain.info info, they went too blockchain while your sleeping and disabled the 2 factor, went into your email  to confirm emails then deleted them.

Otherwise someone close to you took your phone, logged in and took your coins.

Hackers don't need access to his e-mail account or his blockchain.info account in order to access his private keys.  This has happened many times to many of blockchain.info's customers and the response has essentially been: "Your computer is not secure.  Keeping your computer secure is not our responsibility, it is yours.  Because you failed keep your computer secure, your private keys were compromised."

They are correct.  What they fail to mention is keeping an online computer secure is impossible.

I have a hard time believing that only a few pairs of keys from Blockchain.info were accessed by hackers, what makes more sense is a that a few customers machines are compromised with key-loggers.

If it was that easy too access the private keys on Blockchain.info, don't you think more people would be having issues storing coins their? It sure seems like alot of people are happy with their service. If this seemed like a widespread problem, I would agree with you but honestly this seems like a failure on the customers behalf. Probably was using Windows and downloading altcoin wallets, miner executables, and visiting links on this board etc.

Blockchain.info and email providers have logs that clearly indicate that those accounts were not accessed in previous hacks.  If it was a keylogger being used then users would also receive e-mail notifications when their blockchain.info account was being accessed.  2FA does not prevent a hacker from accessing the private keys on your computer after they have been decrypted.  Blockchain.info does not store or have access to unencrypted private keys.  The private keys get decrypted on the user's pc.  This is why they never assume fault for the thefts.  The keys are decrypted on your own local computer.  You are responsible for keeping them secure at that point.

That's pretty interesting, I have never actually tried to use Blockchain.info to for storage, I just assumed they dealt with private keys like most other online wallet services. So they actually have you generate an encrypted private key, they then store this encrypted key, and you should be the only one able too decrypt it? If he was actually being keylogged whenever he decrypted the private key perhaps the decryption key was keylogged, or maybe the unencrypted key was taken right after decrypting it?

As for the email trail, without requesting records from the email provider or the service sending the mails, it would be as simple as just logging into their email and removing the auto-generated emails from the inbox, if you had key logged their info this would be easy. This gives the appearance that no mails were sent even though they were just deleted ASAP.

You have the option of having your encrypted keys sent to you via email anytime your wallet changes (a key is added or removed). If an attacker were to use blockchain.info to decrypt his wallet then all they would have to do is create a new wallet with the same password that the OP uses with his wallet. In other words the encrypted backup essentially acts as the identifier.

Man I started seeing these generators, the problem is education. People need to learn you cannot create or generate a bitcoin out of nothing. My bet is these amateurs see BTC as some digital thing , and since mostly everything digital can be copied or pirated or generated. This may work, then realizing it doesn't work and then going on with there day maybe even thinking they have deleted it but really not. Then one of these days there BTC disappears and they fail to link up the cause

I can understand the anger, would the OP please share the details with us?

Most likely malware or family/friends with access to your computer and cell phone. Emails can be permanently deleted. You might go online and check your old phone texts, family/friends could have stolen your coins and deleted the texts on your phone and your emails, but the phone texts should still be visible online if you log into your phone account.

There are trusted people on this forum that could do a forensic analysis of your hard drive for you. I would strongly suggest it. You need to find out EXACTLY how those coins were lost.

This is concerning, as I have small amounts in blockchain wallet
This may just be the spur I needed to move the coins into safe, offline wallets

Its your fault and your fault only. Antiviruses don't detect everything. You should stop downloading crap and visiting weird sites.
Also,



As you see, in all cases it was the users' own fault. This case its no different, its your own fault, stop blaming others for your ridiculous mistakes.

I'm sorry you lost coins. That's never a pleasant feeling..  :(

Can I ask the OP what computer he has ?

Windows, Mac or Linux ?

And did you ever access your blockchain.info account from an internet cafe ?

We are all sad when someone is losing his coins ...

But in 99% of the cases fault is on the victim's side.

Btw. Online wallets are not recommended to store large amounts of coins.

Desktop wallets are mentioned for that and then a security is up to you.


I hope in this case we can figure out what's happened but we have a lack of information.

Regards.

For curiosity's sake, what was your password?  I'm always interested in seeing what passwords were that get hacked.  I think mine is relatively advanced (not a word, uses punctuation and numbers).

His password is not as hard to brake whatever it was as 2FA should be..

As I understand he was using 2FA - which is very, very hard to be compromised...

Hello all BTC's members Again !!!!


I noticed dev of zipcoin hacked me !!!!!!!!!! and others too


Sorry .


Blockchain is safe


https://bitcointa.lk/threads/ann-zipcoin-x13-pow-pos-no-premine-7-days-pow-ninja.350313/page-11

It is a good idea to disable the backup to email feature and just manually download a backup to an offline disk (USB device or other).  However, make sure you take a backup whenever you use the service, especially when generating new addresses.

Sorry to hear your loss.
While the culprit turns out to be the ZipCoin wallet rather than blockchain.info, it is always a good idea to store your bitcoin in offline wallet.

at 1st Blockchain ... now Zipcoin ... who will be next?

Can you post any proves of what you are saying or it will remain as a hot air?