Bitcoin Forum
November 13, 2024, 04:23:58 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: My (and i think some others) blockchain.info wallet was hacked  (Read 5540 times)
starik69 (OP)
Legendary
*
Offline Offline

Activity: 1367
Merit: 1000


View Profile
April 12, 2013, 08:24:33 AM
 #41

Did the ones that got hacked have an easily guessed alias? 
My alias was same as BTC-e nickname.
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 12, 2013, 09:01:35 AM
 #42

My understanding is that blockchain.info will vend your (encrypted) wallet given only a username. Because it uses JavaScript for all its crypto and JavaScript is very slow, the KDF is 10 rounds of SHA1 which is extremely weak.

If my understanding is correct this means anyone who can guess usernames (not passwords) can brute force the encryption, potentially at very high speeds using their GPUs. I haven't seen any software that can do that and don't know enough about GPU programming to know if it's easy to check the resulting keys for correctness, but certainly the KDF in use is not any obstacle to brute forcing. And unfortunately it cannot be, because the nature of blockchain.info is it runs entirely within the browser.

If you have an (unhacked) b.i account, I'd suggest downloading the current beta/snapshot release of MultiBit (0.5.9), creating a new wallet, encrypting it and then sending your money to it. Don't import your b.i wallet for obvious reasons, you'd need to move the money with a real transaction. MultiBit is using a very high number of scrypt iterations that should be a lot more robust against brute forcing.
JJJJust
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
April 13, 2013, 02:56:26 PM
 #43

After my bitcents were stolen, I turned on logging in my account and didn't bother changing my password. Whatever happened, somehow, SOMEBODY managed to get my blockchain password and has been having a snoop through tor.

Today 01:03:15   get account settings   37.221.170.49   Mozilla/5.0
Today 00:06:41   get account settings   204.124.83.132   Mozilla/5.0
2013-04-12 21:43:37   get account settings   37.130.227.133   Mozilla/5.0
mikesheadroom
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
April 14, 2013, 01:49:54 PM
Last edit: April 14, 2013, 02:11:08 PM by mikesheadroom
 #44

I was one of the initial victims.  Subsequently I ran multiple malware scans, changed my password, enabled two factor authentication on my Blockchain wallet and installed no script.  I just had my account emptied again.
Logging indicates it was through TOR.
Update:  At this point, I am just completely abandoning the wallet and no longer going to access my new wallet from the potentially compromised computer until a full system wipe is performed.

Archain.org | Whitepaper | Bitcointalks Thread
Decentralised Archive of the Internet
HostFat
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 1209


I support freedom of choice


View Profile WWW
April 16, 2013, 03:15:22 PM
 #45

I hope to hear some news from piuk about this topic ...

NON DO ASSISTENZA PRIVATA - https://t.me/hostfatmind/
zebedee
Donator
Hero Member
*
Offline Offline

Activity: 668
Merit: 500



View Profile
April 17, 2013, 10:49:17 PM
 #46

A friend of mine had 7 coins taken from her blockchain wallet.  Like others have reported, oddly the thief left 1 BTC behind.

  https://blockchain.info/tx/df97a2c8722d8980fe87d9696a1bc176cdb818a8fbac253b2c7a2dd315cf4393

I suspect her password was brute-forced, it wasn't particularly strong (but not stupidly easy either).

The facts:

  • Not logged on even once to blockchain.info since wallet was setup last October.  So it's not like the password was keylogged or anything like that.
  • Wallet backup was mailed to her yahoo.co.uk email last October.
  • No wallet alias was used.
  • The transaction that stole the coins returned the change to the original address.  This is typical blockchain.info behaviour.  So I'd guess the thief used blockchain.info to send the coins (rather than crafting their own transaction from the private key).

Does anything above match others' experiences with blockchain thefts?  How can the attacker get hold of the wallet URL?

My understanding is that to take coins, a thief needs both a wallet URL and the password.  What I don't understand is where they are getting the wallet URLs from.

I have only four ideas:

  • Either blockchain.info's database of encrypted wallets has been stolen, or
  • Her yahoo.co.uk email has been hacked, or
  • Someone inside yahoo that works with email there has been trawling for emailed blockchain URLs or backups
  • Web browser malware is searching bookmarks for wallet URLs (I've not yet confirmed she had a bookmark for it, I suspect she did)

Any ideas or other ways of pulling this off?
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
*
Offline Offline

Activity: 1316
Merit: 1043

👻


View Profile
April 18, 2013, 11:34:27 AM
 #47

Browser history check?

Does she have an alias set up?
lunarboy
Hero Member
*****
Offline Offline

Activity: 544
Merit: 500



View Profile
April 18, 2013, 01:52:05 PM
 #48


I too have noticed several unauthorised attempts at my account and was wondering how this was possible?
I used to have a similar forum username to my blockchain.info account but have since changed it.

What is current advice? Should I also start a fresh and create a new account or is the change of account name and the creation of a new set of BTC addresses sufficient?

The Bitcoin ecosystem seems to be on a full scale war footing at the moment.  Shocked
zebedee
Donator
Hero Member
*
Offline Offline

Activity: 668
Merit: 500



View Profile
April 18, 2013, 02:18:07 PM
 #49

My friend had no browser bookmarks, and there is no blockchain url at all in her browser history.  So to get the URL one of the following must be true:

  • Her yahoo email is compromised
  • Yahoo have a crooked employee trawling email for URLs
  • blockchain.info has a crooked employee
  • blockchain.info's encrypted wallet database is out in the wild

I see no alternatives.
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
April 18, 2013, 02:58:56 PM
 #50

I think your friends computer is hacked, not blockchain.info. If you read how their system works (and it's open source) they don't have a copy of your unencrypted wallet. They don't even have a copy of your password (hence if you lose it, you're screwed). The encrypted wallet sits on their server and then your computer decrypts it in the browser.

It's still possible to 'hack' this scenario, but from all angles it's 99.9% that the fault lies somehow with your friends computer and not blockchain.

more or less retired.
zebedee
Donator
Hero Member
*
Offline Offline

Activity: 668
Merit: 500



View Profile
April 18, 2013, 03:19:15 PM
 #51

I think your friends computer is hacked, not blockchain.info. If you read how their system works (and it's open source) they don't have a copy of your unencrypted wallet. They don't even have a copy of your password (hence if you lose it, you're screwed). The encrypted wallet sits on their server and then your computer decrypts it in the browser.

It's still possible to 'hack' this scenario, but from all angles it's 99.9% that the fault lies somehow with your friends computer and not blockchain.
I think that's unlikely - the URL doesn't exist on her machine - not in browser history, no bookmark etc.  She's never visited it since setup over 6 months ago.  I think the URLs have been obtained somewhere else, likely blockchain.info itself.
optimator
Sr. Member
****
Offline Offline

Activity: 351
Merit: 250



View Profile WWW
April 18, 2013, 03:55:44 PM
 #52

I hate to call it... But the pattern seems very obvious.

Blockchain.info is under a ddos attack - they are unsure how their server ip was leaked.
Multiple wallets with strong-ish passwords have funds disappear.
The funds disappear by access to the private key.

Im not familiar with the exact workings of the blockchain wallet, but I would be very inclined to move the funds to a paper wallet for the near term until this is sorted out.

crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1002


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
April 18, 2013, 07:39:40 PM
 #53

It's up and it's working fine. Before spreading FUD you should read the source code behind Blockchains open source software. If they were truly "hacked" it means only the inconvenience of you having to load your wallet backup (You DO backup right?) into your own computer with your own client.

So it's not the end of the world by any means. Even in a total meltdown you still have your funds- and they don't. Thats how it works.

more or less retired.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
April 18, 2013, 10:14:30 PM
 #54

It's up and it's working fine. Before spreading FUD you should read the source code behind Blockchains open source software. If they were truly "hacked" it means only the inconvenience of you having to load your wallet backup (You DO backup right?) into your own computer with your own client.

So it's not the end of the world by any means. Even in a total meltdown you still have your funds- and they don't. Thats how it works.
+1

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
demzie
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250



View Profile
April 19, 2013, 05:29:28 AM
 #55

It's up and it's working fine. Before spreading FUD you should read the source code behind Blockchains open source software. If they were truly "hacked" it means only the inconvenience of you having to load your wallet backup (You DO backup right?) into your own computer with your own client.

So it's not the end of the world by any means. Even in a total meltdown you still have your funds- and they don't. Thats how it works.

+1
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!