Bit Blender Hacked

[soidontgetfined]

Hello,

New to the forum. Was hacked 4/16 on bit blender http://bitblendervrfkzr.onion. Hadn't been on the site in about 5 months had 0.69676800 BTC in there. Went to log in several times and my login info wasn't working thought it was strange but had to take care of some other things. Next day made a new account to contact support per the instruction and here's what happened:

Me: I forgot the password of another account, please help

Please provide the following information in a message.
1. The username. - justhere
2. Deposit addresses belonging to account. - 15nk1AhEbJrE9unTochg3knbbogYkciKiQ
3682NTjY5VmAAL3nM1me8mJgvBqDLUwnwB
3. Destination addresses of withdraws, if any. Not available anymore
4. Time of last successful login. ~ 11/9/2018
5. Approximate amount of coins on account. 0.67 at current value

BB:Hi,

The account "justhere" was deleted yesterday through the account delete feature on the profile page.

The following withdraw was made first
13dpnGjMWBbv9ML49P9mbxLXMGdjm459HJ
0.69676800 BTC

Me: Hi,

That wasn't me I dont recognize the wallet address either can you provide more information???

BB: If it was not you then it was someone who knew your password.

It reminds of other cases where people gave out their passwords by signing in on a scam/phishing look alike Blender site instead of the real URL. For some reason the scammers delete the account after making a withdraw, not sure why they would do that. So my guess is that is how you lost your password too.

I asked several follow up questions how do I get the money back? how can i file a claim etc etc, same response. I searched this 13dpnGjMWBbv9ML49P9mbxLXMGdjm459HJ wallet and the scammer moved the money a couple more times to where it appears to have finally landed here 1Ly7zX8bqxNqxqsae2BiSVuKnWYd5KUQqS and here 3BcSkPaXvAuNCpnK3wB5zmfugHXLbSKdet and then the the money was moved several more times each times random amounts to more wallets. I searched up on the forum and looks like im SOL but I had to ask is there anything that can be done. I never shared my password and I have no idea how they hacked in. It looks like the initial hack took place about 2 hours after I gave up and shut down my computer b/c my log in info wasnt working. Any advice or suggestions is appreciated.

Thanks

[TryNinja]

There is probably nothing you can do. The hacker may have even mixed your coins already.

You either entered your password somewhere you shouldn’t or your device may be infected with a malware. In that case, you should do a complete reinstall of your OS and change your passwords.

Sorry for your lost.

[LoyceV]

I'm sorry to tell you, but there's no way to get your Bitcoins back after they're gone. There's also nobody to file a claim to, you're using a Darknet mixer. I don't think they have an office address you can visit.

I didn't know you can keep funds on Bitblender for months, why would anyone do that, instead of withdrawing funds to your own wallet?

[jackg]

There's almost nothing you can do. Your funds are probably gone but you should ask if they are able to add 2FA to accounts (such as the secret key for google authenticator) as this will stop this issue from occuring and a random key on your phone with a label you've given it will be a lot more secure than just using a username and password. Also don't use your normal password again and if your password was less than about 12 characters then it's too weak.

[DireWolfM14]

There's almost nothing you can do. Your funds are probably gone but you should ask if they are able to add 2FA to accounts (such as the secret key for google authenticator) as this will stop this issue from occuring and a random key on your phone with a label you've given it will be a lot more secure than just using a username and password. Also don't use your normal password again and if your password was less than about 12 characters then it's too weak.

Bitblender does have a 2FA feature, it uses PGP.  To enable it you upload your public PGP key to their server, and every time you log in they give you a one-time-use password that's encrypted with your PGP key.

@OP, sorry for your loss.  It sounds like you got phished.  You should probably enable 2FA and bookmark the link to the real site in your tor browser.

[Bitcoin_Arena]

It's very sad that you lost such an amount of money. Lately there have been so much phishing bitcoin mixer websites. Probably what i think happened is that when you first attempted to login and it did not work, It could have been phishing site that then got your details.

Another likely scenario is that your browser could be infected or having some sort of malicious extension or generally your PC is infected.


By the way, the title gave me a little bit of an adrenaline rush,  It made me think that the whole Bitblender service had been hacked

[soidontgetfined]

Thank you everyone for your input, I kept it on there because I didnt want to pay another fee to move it out and I've never had an issue before so I didnt see any security risk. The 2FA is a great suggestion. It sucks and looks like i got got. Password is over 12 characters. Again thanks for the help i've come to terms with it.

[dothebeats]

Thank you everyone for your input, I kept it on there because I didnt want to pay another fee to move it out and I've never had an issue before so I didnt see any security risk. The 2FA is a great suggestion. It sucks and looks like i got got. Password is over 12 characters. Again thanks for the help i've come to terms with it.

Yeah 2FA works well, and perhaps if you have a spare machine, use that when transacting with something sensitive such as financial accounts, personal emails, storing wallets and whatever that needs additional security. You may have visited a phishing site, but that may not be the end of it, for they can still inject something into your computer that you may not have known. That was a costly lesson learned, but a lesson nonetheless.

[jackg]

Thank you everyone for your input, I kept it on there because I didnt want to pay another fee to move it out and I've never had an issue before so I didnt see any security risk. The 2FA is a great suggestion. It sucks and looks like i got got. Password is over 12 characters. Again thanks for the help i've come to terms with it.

Have you got an active antivirus running or can you do a scan (not wind ws defender). Try using that just to see if there's anything on your system you need to get rid of.

Check the cleaner link you used to access the tor link for the site (although it's probably unlikely you have these if you were browsing on tor).

[Thirdspace]

Was hacked 4/16 on bit blender http://bitblendervrfkzr.onion. Hadn't been on the site in about 5 months had 0.69676800 BTC in there. Went to log in several times and my login info wasn't working thought it was strange but had to take care of some other things.
~

It reminds of other cases where people gave out their passwords by signing in on a scam/phishing look alike Blender site instead of the real URL. For some reason the scammers delete the account after making a withdraw, not sure why they would do that. So my guess is that is how you lost your password too.

withdrawal was made on 4/16, was it the same day you're failing to log into your account?
it seems that you were logging on the phishing site and that's when the perp immediately withdrew your balance
(I've never used onion) is there a browsing history that you can check on your onion browser?

[nc50lc]

is there a browsing history that you can check on your onion browser?

Nothing, once he closed the session, all sensitive data will be deleted, including the browsing history.

But it's pretty obvious that he's phished by a fake URL since he mentioned about "login details are not working" and it shouldn't happen in the first place unless there's a consistent typo on his several tries.

[TryNinja]

But it's pretty obvious that he's phished by a fake URL since he mentioned about "login details are not working" it shouldn't happen in the first place unless there's a consistent typo on his several tries.

His login details were not working because the hacker deleted his account. He says that in his post.

Anyways, it was probably a phishing/malware, but not because of the login errors.

[nc50lc]

His login details were not working because the hacker deleted his account. He says that in his post.

Anyways, it was probably a phishing/malware, but not because of the login errors.

No, if you investigate the transaction timestaps and his posts, it all happened within a short period of time after that "invalid logins".
Which could mean that he was phished (4/16 @OP) and immediately later, the hacker made a withdrawal
(2019-04-16 18:05:33 @35bfafb9a2bfd7873ca31782996a9c74dd346cca9f610a4e42f27233422da1a2) then, deleted his account right after the withdrawal which makes it invalid to the original site.

Then he created a new account the next day to contact support and the conversation is in the OP ("deleted yesterday" not quoted).