My BtC was stolen on Blockchain.com

[boyptc]

Where were you OP all of this time, it has been moved on 2020 and you have just opened your this time?

I'm sorry with your loss, that's a lot of value right now but there's no way that you can recover it but to warn everybody here that never use that wallet anymore.

I've used it before but stopped eventually.

Maybe the OP got a call from a MITM and gave his phone companies verification code to them, allowing for control of the account to be taken over?

This is possible, I was thinking that he probably might have kept his recovery seed that the hacker has accessed but MITM is also likely, but dating that back 4 years ago, he won't probably remember what his activities were.

[Potato Chips]

I'm not sure how long has this process existed when it comes to resetting 2fa but it appears to be pretty easy once the hacker has gotten ahold of your email account. It's pretty much just sending a request and approving from your email then it's completed instantly, see: https://support.blockchain.com/hc/en-us/articles/360000286426-How-do-I-disable-two-step-verification-2FA

I'm not saying this is what happened though, just stating another possibility. It would be pretty hard to guess what exactly went through with our limited information + multiple other possible attacks at hand as this wallet is considered as one of the poor setups to have.

[relaxssl]

site: blockchain.com
screenshot of the transaction history:https://ibb.co/wM9kP1L

I had activated Email and SMS as the authentication, it was still stoled, don't know how the hacker get my sms code.

The transaction is dated from october 2020, it was almost 4 years ago bro. Why do you make a topic about it in June 2024, if you have not recent news about the attack? Unfortunately I don't think Blockchain.com and its exchange is very secure since I regularly encounter bugs when I use both of them. So I avoid to leave much money on them. SMS code is not very safe that's why using 2FA app is usually recommended instead.

yes, this happened in 2020. I just joined this forum and remembered this incident, so I decided to share it. Recently, a sudden incident on X showed that a user's funds on OKX were stolen despite having various verifications enabled. How did they manage to obtain the user's SMS verification code?

https://x.com/CryptoApprenti1/status/1799592388379484313

[relaxssl]

https://x.com/huangshiyuan17/status/1799773009068355971

This user was stolen 5M from his OKX exchange account.

[Saint-loup]

yes, this happened in 2020. I just joined this forum and remembered this incident, so I decided to share it. Recently, a sudden incident on X showed that a user's funds on OKX were stolen despite having various verifications enabled. How did they manage to obtain the user's SMS verification code?

https://x.com/CryptoApprenti1/status/1799592388379484313

Well you're right, it’s a good approach and a nice state of mind after all. It's always a good thing to report hacks and sophisticated scams to the community because it helps people to protect themselves against that and to prevent much victims to get stolen. Unfortuantely victims are usually ashamed to signal them and to talk about them because they think they've done something wrong and they feel guilty while they are not the actual culprits. A new kind of secure authentication is currently spreading in the crypto and sensitive datas universe with embedded Passkeys, I hope it will help to resolve those security impairments.

[Z-tight]

Recently, a sudden incident on X showed that a user's funds on OKX were stolen despite having various verifications enabled. How did they manage to obtain the user's SMS verification code?

It is a horrible decision to store your funds in an exchange, i don't know exactly how this person lost their coins, but if an attacker compromises your device and your exchange account, they can steal your funds. Crazy thing is that is not the only way you can lose your coins if it is on an exchange, the exchange itself can be hacked, or they can confiscate your funds for any reason.

To be safe, store your coins in cold storage, either a hardware or airgapped wallet, and you can add an extra layer of security like extending your seed phrase with a passphrase or you just create a multisig wallet, if you know exactly what you are doing.

[Potato Chips]

How did they manage to obtain the user's SMS verification code?

SMS is a pretty weak 2fa though compared to others like TOTP for instance.

That's because a telcom employee can port your phone number to the wrong person by falling into social engineering attacks or by being an accomplice with the perpetrators. We've had plenty of these cases you can search on the internet -- keywords: sim hijacking/sim swap attack

[relaxssl]

Recently, a sudden incident on X showed that a user's funds on OKX were stolen despite having various verifications enabled. How did they manage to obtain the user's SMS verification code?

It is a horrible decision to store your funds in an exchange, i don't know exactly how this person lost their coins, but if an attacker compromises your device and your exchange account, they can steal your funds. Crazy thing is that is not the only way you can lose your coins if it is on an exchange, the exchange itself can be hacked, or they can confiscate your funds for any reason.

To be safe, store your coins in cold storage, either a hardware or airgapped wallet, and you can add an extra layer of security like extending your seed phrase with a passphrase or you just create a multisig wallet, if you know exactly what you are doing.

yes, you are right, Especially for Chinese users, cryptocurrency is already in a legal gray area and is not protected by law. Currently, playing with cryptocurrency could potentially lead to legal violations. If the exchange itself engages in theft, users really have no recourse, especially with such large amounts of money involved.

[Cricktor]

OP has quite a lot of browser extensions installed and I can recognize only very few of them. Beware that browser extensions sometimes ask for a lot of permissions and thus can basically access everything that loads in your browser's pages.

Are you sure that every of your browser extensions is fully trustworthy (probably the minority, if any, is open-source and audited)?

This doesn't explain how your coins were stolen, but could be a clue how browser or login data got stolen, if you have some less reputable browser extension that may exfiltrate data silently.

OP, as far as I've read through this topic you haven't answered the question whether you've stored your wallet's recovery details in digital form on your computer. Maybe you took a picture of the details with your mobile phone which syncs pictures to some cloud service?

I wonder why the originating address of wallet is labeled "DeFi Wallet". OP, did you use this wallet for some airdrops or other non-Bitcoin stuff? Could it be that you granted some website overly generous permissions for your online wallet? (Not sure if this is possible with such a blockchain.com wallet as I don't use it.)