Dogechain.info decided to put 2fa on every wallet, can not log in anymore

[choosername23wtf]

I have been using the webwallet on my.dogechain.info quite often during this year, using my wallet id and password.

Now, during the last 30 days, they decided to force 2fa on every login, which they never announced on their site.
I no longer have access to the email i used when creating the account 6 years ago.
Thus, i can no longer log in to my wallet, because their newly added 2fa is sending tokens to the defunct mail.

I already contacted blocks.io through their form, but i do not expect any help to come from them.

There was a method where you could access their api and decrypt the wallet by hand.
I believe it is gone now too, but maybe it still sits in some browser cache?

Maybe someone else has had similar issues. Any help would be appreciated.

[The Sceptical Chymist]

Ugh, sorry to hear about your predicament OP.  

Why did you choose to use a web wallet to store your doge on instead of a software or even a hardware one?  Obviously you see the problem with web wallets: You're at the mercy of whoever is behind the wallet, even if they don't have access to your private keys.  They can implement stuff like this to lock you out, though I'm not sure why they'd do that if they can't steal anything from you.  Do you have control of your private keys with this particular wallet?

I'm actually surprised people still use web wallets.  It seems rare nowadays that someone creates or bumps a thread in this section, so obviously they've lost a lot of the relevance they once had.

I already contacted blocks.io through their form, but i do not expect any help to come from them.

If they just made this change, hopefully there's someone still around who can assist you.  There's not much that the community here can do to help you as far as I know, but maybe someone will show up with some ideas.

[agustina2]

Now, during the last 30 days, they decided to force 2fa on every login, which they never announced on their site.
I no longer have access to the email i used when creating the account 6 years ago.
Thus, i can no longer log in to my wallet, because their newly added 2fa is sending tokens to the defunct mail.

Regardless of whether they decided to put 2FA or not, nothing will change as you don't have any access to your email for long anymore. Even they didn't announce that change, you should be soon won't access the website since you forgot your email. I don't understand why you didn't take the act of withdrawing your funds before the moment you don't have any access to that email.

I think there's no solution to it as there are no references they can look at to support your claims.

[choosername23wtf]

Why did you choose to use a web wallet to store your doge on instead of a software or even a hardware one?  Obviously you see the problem with web wallets: You're at the mercy of whoever is behind the wallet, even if they don't have access to your private keys.  They can implement stuff like this to lock you out, though I'm not sure why they'd do that if they can't steal anything from you.  Do you have control of your private keys with this particular wallet?

I am doing a lot of activism and my devices and online appearance constantly get tampered with. Emails disappearing, files vanishing, usb sticks stolen etc.
My security protocol was to go to a friends place, plug a tails dongle and access the wallet via tor, having my credentials memorized.
That worked pretty well so far.
But no, i do not have anything else except the credentials for my wallet. I think I do have a backup of my operating system back when i set up the wallet though.
Anyway, maybe somebody has a solution, the only thing i found on this issue so far was a thread on the dogecoin reddit.

[choosername23wtf]

are you referring to this method https://keychainx.medium.com/dogechain-info-all-is-not-lost-f98d9a42214 ?

Yes exactly that one. The api call just returns {enabled: true}, maybe this can be tricked, ill give it a shot.

Just wondering, do you know Tails have persistant storage feature which can store additional application and it's configuration/data (with Dotfiles feature)? With those feature, you could store lightweight DOGE wallet and it's data on Tails.

Well i know my paranoia was not helpful at all here and led to exactly what i did not want to happen. My goal was to keep my wallet from being stolen, so the ratio was to not have anything physically that could be pilfered.

I could've known it, just looked at the tustpilot entry for my.dogechain.info

[nc50lc]

are you referring to this method https://keychainx.medium.com/dogechain-info-all-is-not-lost-f98d9a42214 ?

Yes exactly that one. The api call just returns {enabled: true}, maybe this can be tricked, ill give it a shot.

The second api code which contains those info will only appear once you entered the correct 'access code' (2fa code).
If you type the wrong code, the next 'api code' will only contain "error: "Unable to process request".

Probably because they wont give the browser access to the encrypted credentials of the user even thought the correct walletID is provided, unless the 2fa code is provided.

[o_e_l_e_o]

Anyway, maybe somebody has a solution, the only thing i found on this issue so far was a thread on the dogecoin reddit.

Unless there is a significant flaw in their implementation, you are not going to be able to bypass the 2FA process to access your wallet.

Your options are to either recover access to the email account in question, recover from a back up you have created, or convince dogechain.info to disable/reset the 2FA on your account. Which provider did you use for this email address you can no longer access? Did you set up any recovery methods? Is there a possibility the email address has expired and you could register it again?

[The Cryptovator]

Your options are to either recover access to the email account in question, recover from a back up you have created, or convince dogechain.info to disable/reset the 2FA on your account.

Most likely it will not happen. If they enable the account without entering the 2FA code then it will easier to hack the account. When we are using online accounts with email then losing email would be lost everything and this is an example. I don't do consider it shady behavior asking 2FA code through an email address. Because it's a matter of security of the account. Just for example how we would sure OP telling truth and he isn't trying to access someone else account? Please don't mind OP, I just describe possible scenarios.

I am sorry to say, but I don't think they will help you using an account without a 2FA code. And this is the disadvantage of using Web wallets or custodial wallets. Just be careful about the future using a Web wallet.

[o_e_l_e_o]

Just for example how we would sure OP telling truth and he isn't trying to access someone else account?

If he explains the situation he finds himself and proves that he knows the account credentials and password, then perhaps alongside knowledge of what funds are present on the account, or knowledge of the addresses and transactions, or knowledge of when the account was last accessed, etc., he could convince dogechain.info that he is indeed the real owner and have them disable the 2FA. Other 2FA providers, such as TrustedCoin for Electrum, will reset a user's 2FA provided they can provide a reasonable level of evidence that they are the true owner.

[Mr.Scott]

So, It's proved that- "Not your keys, not your coins"

I also have been using the webwallet on my.dogechain.info but luckily have no fund to care about their recent update. Actually it's great that they implement 2FA on their web wallet. Yeah, Expert might disapprove to use web wallet but it's up to user satisfaction where security not always as concern.