Bitcoin Forum
November 22, 2017, 07:53:48 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Stolen coin report - 5 BTC wiped from blockchain.info MyWallet  (Read 2134 times)
asoltys
Newbie
*
Offline Offline

Activity: 18


View Profile
April 09, 2013, 06:25:28 AM
 #1

I setup a wallet for a friend of mine at blockchain.info several months back and it's just recently been emptied of 5 BTC: https://blockchain.info/address/1BCBgPjdZsheEq6mtfBTDQx3rX3seY2ioC.  Strangely there was 0.31594303 left in tact which I've just moved to an address under my control.  The unauthorized transaction was https://blockchain.info/tx/d37bfd5a31e3535c0be745d8c94aca7603f8afa9c5264204a0ab142dc56424d9

I checked her "archived addresses" and although there are some in there, the offending address 1JR4byfx89UCn6dyVzfvtoD37iDdneJGS4, is not.

She changed the main password on the account after I set it up for her and said she had a secondary password on the account although now that she's given me the new password I'm logged in and there doesn't seem to be a secondary one set.  Blockchain's logging feature was disabled.  I checked with her and she wasn't using the mobile app, just logging in from her laptop and her work PC.  She said she had been logging in to the account every few days to "check the wallet".  Unfortunately I guess she didn't know that you could check the address balance without logging in.  I feel bad because this started out as an account for me to pay her back $10 for lunch when bitcoins were $5 so we never bothered with cold storage.  She bought 3.35 BTC off me for $150 last month as an investment.  There are also some minor transactions to the address that I sent while doing some testing.

The original password I set on the account was foxconn123 (an inside joke) and she had it changed to foxconn321 when it was hacked -- so not particularly strong.  I presume she had backups emailed to her but am not sure.  Since she didn't use a new address after changing the main password a compromised backup file could have been encrypted with either the original or new password I suppose.  Possibly bruteforced?  Or do you think she might have a keylogger installed on one of her machines?  Any other thoughts or suggestions?  She said she had had trouble logging in to the site the other night and got a spinner icon and a message saying something along the lines of "changing wallet identifier".  I know blockchain.info was having some server issues yesterday but not sure how that could relate to these coins going missing.

Thanks for reading,
Adam
1511337228
Hero Member
*
Offline Offline

Posts: 1511337228

View Profile Personal Message (Offline)

Ignore
1511337228
Reply with quote  #2

1511337228
Report to moderator
1511337228
Hero Member
*
Offline Offline

Posts: 1511337228

View Profile Personal Message (Offline)

Ignore
1511337228
Reply with quote  #2

1511337228
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Twerka
Full Member
***
Offline Offline

Activity: 154


View Profile
April 09, 2013, 06:27:34 AM
 #2

keylogged using sme public PC? That's my guess.

The worst enemy of Bitcoin is Mt.Gox exchange.
demzie
Sr. Member
****
Offline Offline

Activity: 266



View Profile
April 10, 2013, 02:29:11 PM
 #3

foxconn123 and foxconn321 as passwords? WTF! And you leave the key in the door when you leave the house?

No serious, use their double auth method at least.
And passwords like these: GbSKj#gFzUv3eJ3Ad!kR6hwYC6Ub$cGCzDW

Hehehe
greyhawk
Hero Member
*****
Offline Offline

Activity: 924


View Profile
April 10, 2013, 02:49:52 PM
 #4

foxconn123 (an inside joke)

Ohey, maybe you can change it to "swordfish". No one will ever guess that.
zebedee
Donator
Hero Member
*
Offline Offline

Activity: 670



View Profile
April 17, 2013, 10:49:51 PM
 #5

Anything in common with this?

https://bitcointalk.org/index.php?topic=173149.msg1869132#msg1869132
Wardrick
Legendary
*
Offline Offline

Activity: 1022


View Profile
April 18, 2013, 01:14:13 PM
 #6

If she hasn't done a complete virus scan and/or reformatted her computer, I would do that before you create any other passwords or accounts. If you can virus scan the public computer too to see if there's any sign of a virus/keylogger.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!