Bitcoin Forum
May 26, 2024, 05:25:46 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Economy > Marketplace > Service Discussion > This redditor claims 160 BTC stolen from his blockchain acct even with 2 factor
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: This redditor claims 160 BTC stolen from his blockchain acct even with 2 factor  (Read 872 times)
coastermonger (OP)
Sr. Member
****
Offline Offline

Activity: 367
Merit: 250

Find me at Bitrated


View Profile
April 24, 2013, 11:34:42 PM
 #1
The thread: http://www.reddit.com/r/Bitcoin/comments/1czrua/just_lost_160_btc_from_address_managed_with/

I was wondering if someone more versed in security could comment on it.  Some users seem to think that he mismanaged and the coins got sent to a "change" address still under his control, while the OP insists that this isn't the case here, and someone actually managed to bypass both his password protection and 2-factor security, possibly through an Android wallet App.   Needless to say, such news scares the shit out of us.
Bitrated user: Rees.
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
April 25, 2013, 12:49:32 AM
 #2
Quote from: coastermonger on April 24, 2013, 11:34:42 PM
The thread: http://www.reddit.com/r/Bitcoin/comments/1czrua/just_lost_160_btc_from_address_managed_with/

I was wondering if someone more versed in security could comment on it.  Some users seem to think that he mismanaged and the coins got sent to a "change" address still under his control, while the OP insists that this isn't the case here, and someone actually managed to bypass both his password protection and 2-factor security, possibly through an Android wallet App.   Needless to say, such news scares the shit out of us.

This underscores the fact that bitcoin isn't ready for mainstream, as the simplest and most secure way to store bitcoin wealth is still more trouble and more technical that what most people are prepared to implement  (i.e. offline, air-gapped private keys with encrypted and physical backups).

Right now, I wouldn't be pairing blockchain.info wallets with mobile devices.  I actually do pair a blockchain.info wallet with my iPhone, but that account only watches addresses associated with offline private keys.  I cannot spend from it, and neither could anyone else.
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
Aseras
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


View Profile
April 25, 2013, 01:20:27 AM
 #3
Blockchains iPhone and android app store your main password in clear text in the db. If you have that, you can simply login, go to export unencrypted and do whatever the hell you want with the private keys. 2 factor or not.

It's useless and it a huge hole that should be plugged.
gbl08ma
Sr. Member
****
Offline Offline

Activity: 306
Merit: 250


Donations: http://tny.im/nx


View Profile WWW
April 25, 2013, 04:53:02 PM
 #4
Quote from: Aseras on April 25, 2013, 01:20:27 AM
Blockchains iPhone and android app store your main password in clear text in the db.
What, Blockchain.info's mobile apps offer an option for remembering the password? That's just plain stupid. If such an option doesn't exist when using the web browser version, why should it exist on the apps? It's equally unsafe.

If I had 160 BTC, I wouldn't be storing them on Blockchain.info but on a very well kept paper wallet.
http://tny.im
Pages: [1]
  Print  
Bitcoin Forum > Economy > Marketplace > Service Discussion > This redditor claims 160 BTC stolen from his blockchain acct even with 2 factor
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!