Bitcoin Forum
November 12, 2024, 04:53:48 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BLOCKCHAIN.info Wallets in Danger!!!  (Read 4455 times)
hamdi (OP)
Hero Member
*****
Offline Offline

Activity: 826
Merit: 500



View Profile
March 11, 2013, 12:04:16 PM
 #1

today i got this email:

Quote
Aladin, you password at Blockchain is Fuckyou000, which is a clear example
of a weak password.

I withdrew 40 BTC in order to show you the scope of the threat. You can
take them back going to Blockchain.info -> Import/Export -> "I Understand"
-> Import Wallet-> and copy this private key:

5Jsq2G1Cd2UKJi6icvAaPon8uXXXXXXXXXXXXXXXXXXXXXXXXXXX


In order to avoid an eventual loss I recommend you to create a new Wallet
with a strong password (random, the more the better, with UPPER and
lowercase) and send all your coins there.

If you have any problem importing this private key please let me now and
I'll help you.

Have a good day :-)


looks like he scanned for wallet-shortnames and then bruteforced the password locally.

he did withdraw 40 btc but i was able to recover them via the given private key.



everyone update your passwords to something crazy with 20+ characters!!!
ingrownpocket
Legendary
*
Offline Offline

Activity: 952
Merit: 1000


View Profile
March 11, 2013, 12:09:24 PM
 #2

My password has ~30 characters + ~100 characters pass-phrase.
remotemass
Legendary
*
Offline Offline

Activity: 1122
Merit: 1017


ASMR El Salvador


View Profile WWW
March 11, 2013, 12:11:00 PM
 #3

And probably used only passwords that were combinations of words in the dictionary, popular names and numbers.
Indeed is a weak password, that one. But "monkey" and "123456" are worse...

{ Imagine a sequence of bits generated from the first decimal place of the square roots of whole integers that are irrational numbers. If the decimal falls between 0 and 5, it's considered bit 0, and if it falls between 5 and 10, it's considered bit 1. This sequence from a simple integer count of contiguous irrationals and their logical decimal expansion of the first decimal place is called the 'main irrational stream.' Our goal is to design a physical and optical computing system system that can detect when this stream starts matching a specific pattern of a given size of bits. bitcointalk.org/index.php?topic=166760.0 } Satoshi did use a friend class in C++ and put a comment on the code saying: "This is why people hate C++".
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1358
Merit: 1002



View Profile
March 11, 2013, 12:14:01 PM
 #4

Dude, you got lucky!
bowen151
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500


Caveat Emptor


View Profile
March 11, 2013, 12:18:22 PM
 #5

Must have been a nice guy to not just abscond with it all.

I like that.

Makes me remember that not all the hackers are out to get us haha they are here to also help us (sometimes Wink

How secure are random numeric passwords, I know they can eventually be gotten but whats the time frames of say a 10 or 15 digit passcode

-Buying/Selling graphics cards every month
--Buying BTC every month £/$/€200+ wanted
---UK based re-seller of physical bitcoins  Click here to buy
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 11, 2013, 12:22:14 PM
 #6

Enable Two-Factor-Authentication while you're at it.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
March 11, 2013, 12:24:30 PM
 #7

Subject line is misleading.
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 11, 2013, 01:18:41 PM
 #8

No! 20+ pasword is NOT enough.
Use 50+ STRONG password.

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
March 11, 2013, 01:21:06 PM
 #9

Mate, you got really lucky. Remember to tip that guy if you can, as most hackers would just disappear with your coins. Please enable the 2-FA while you're at it too.
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
March 11, 2013, 01:29:08 PM
 #10

Use something like keepass or lastpass to keep each of your passwords secure and long. Never reuse passwords for God's sake. I personally use LastPass with 2FA and a random 31-word password, complete with both cases and numerals. (don't ask me how I memorized that!)
greyhawk
Hero Member
*****
Offline Offline

Activity: 952
Merit: 1009


View Profile
March 11, 2013, 01:33:04 PM
 #11

Hell, i even do not know my passes,
enemy can not get them from me even
 via extortion : i simply don't know
, what to reveal to him Wink


This adds another difficulty then however.

Remember the Marathon Man?



Is it safe?
mintymark
Sr. Member
****
Offline Offline

Activity: 286
Merit: 251


View Profile
March 11, 2013, 01:35:43 PM
 #12

I think you should give the guy a small reward for his time and trouble, he had full access to your wallet, and you would have had NO way to recover those coins.

You are lucky indeed to have your password broken by such an honourable man!!

[[ All Tips gratefully received!!  ]]
15ta5d1N8mKkgC47SRWmnZABEFyP55RrqD
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 674
Merit: 523


View Profile
March 11, 2013, 02:09:50 PM
 #13

What about 2-factor authentication? GA for example?

I guess it's better to have password "12345" with GA than 12+ password without GA.
jubalix
Legendary
*
Offline Offline

Activity: 2646
Merit: 1023


View Profile WWW
March 11, 2013, 02:35:48 PM
 #14

No! 20+ pasword is NOT enough.
Use 50+ STRONG password.



no so sure about this open to brute force with common word dict

so word1word2word3word4
try

Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
comboy
Sr. Member
****
Offline Offline

Activity: 247
Merit: 252



View Profile
March 11, 2013, 05:03:16 PM
 #15

It's also worth noting that if somebody would broke onto blockchain.info server he could modify the form so that all passwords are sent to the server. So your wallet security still pretty much depends on the server security.

Variance is a bitch!
Uglux
Full Member
***
Offline Offline

Activity: 222
Merit: 100



View Profile
March 11, 2013, 05:53:02 PM
 #16

RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
March 11, 2013, 05:55:41 PM
 #17

Dude, you got lucky!
What he said. You got hacked by a whitehat, could have gone the other way. 

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Nancarrow
Hero Member
*****
Offline Offline

Activity: 492
Merit: 503


View Profile
March 13, 2013, 03:59:10 AM
 #18


no so sure about this open to brute force with common word dict

so word1word2word3word4
try

The comic does actually go to some trouble to explain why this method is resistant to a brute force attack.

If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!