Will Blockchain.info ever get hacked?

[Deep In The Mines LLC]

There is no denying that blockchain.info has been ddosed before, but ddos dosen't mean hack, they are two different things, and just about every online service is vulernable to a ddos attack if its strong enough.

[1715377978]

1715377978

[devans]

There is no denying that blockchain.info has been ddosed before, but ddos dosen't mean hack, they are two different things, and just about every online service is vulernable to a ddos attack if its strong enough.

If you define "getting hacked" as an attacker gaining full access to their systems, then perhaps they haven't been hacked. Nevertheless, blockchain.info has been compromised in a manner that could have and did result in a theft of Bitcoins in the past. See my comment in this thread here for details.

[GMPoison]

People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.

[Deep In The Mines LLC]

People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.

Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.

Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.

Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.

I am unsure if they meet your criteria, but blockchain.info has already been compromised on at least two occasions:

• A bug in blockchain.info's random number generator led to more than 250 BTC being stolen from wallets. Luckily the attacker was benevolent and returned the funds.
• blockchain.info's domain name was hijacked. This allowed the attacker to serve arbitrary code to users and potentially steal funds, though I don't know if it happened in this case.

Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).

[GMPoison]

People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.

Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.

Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.

Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.

Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).

Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"? What if the site were to disappear, you're saying people wouldn't lose their coins?

[devans]

Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"?

Blockchain.info is definitely a web wallet, regardless of whether the operator has access to private keys or not. If they were to be completely compromised then users' Bitcoins would be at risk, even if not immediately. They also suffer many of the same problems that other web wallets suffer, e.g. DNS hijacking and phishing.

What if the site were to disappear, you're saying people wouldn't lose their coins?

They allow users to export their wallet seed as a BIP39 mnemonic and they seem to follow BIP44 when deriving the individual addresses, so users should be able to restore their wallet in any compliant wallet in case Blockchain.info were to disappear.

[Kprawn]

Well most of the people who has been around for a while knows that centralized services like these are ideal targets for hackers. Just a while

ago someone managed to social engineer their way into fooling the domain administrators and then re-directed users to a spoofed address. I

do not know if any bitcoins were actually lost, because it was picked up early on and warnings were send out early. So never leave large

amounts of bitcoins on these "online" wallets. 

[Deep In The Mines LLC]

People thought Mt.Gox was too big to fail too. Don't store more than spending cash in an online wallet and you have nothing to worry about. If it gets hacked, people who store their coins there will lose them, and another block explorer will rise in it's place. Maybe it will crash like when Mt.Gox went down, but it will always recover, like we've seen in the past, because it's too big of an idea to fail.

Mt.gox was different, it stored all the wallets into one massive cold-wallet and cross referenced them, blockchain dosen't do that, they store an encrypted wallet and only you, the visiter have the key to it.

Thus a huge "hack" such as mt.gox and exchange hacks will never happen to blockchain unless they change their practices.

Individual accounts will get hacked nonetheless, and if a full breach happens they still can't steal your wallet unless they infect you from the website itself, or you enter your password into the website while its vulnerable/taken over.

Indeed, there are multiple ways that a service can be taken over or abused, and all we can do is be vigilant about those scenarios, however I think what people mean by "hacked" is losing a huge amount of money (thousands of BTC) not a single individual, but a site-wide hack where a majority of the users lose their coins without any interaction with it (E.G: mt.gox, bitstamp, bitfinex, and so on).

Ah ok I was actually unaware of that because I don't use blockchain's wallet. So if hackers wouldn't have access to your coins if the website were compromised, is blockchain's wallet still considered an "online wallet"? What if the site were to disappear, you're saying people wouldn't lose their coins?

Yeah its still considered an online wallet, they also allow you to export private keys, import bitcoin-core files, and a couple of other ways to be able to use your Bitcoins even if the website ever goes offline, including wallet seeds such as BIP39 Mnemonics.

[BoXXoB]

I used to be one of those who used services like Blockchain.info for transactions but realized to step out when it was still early.

Nowadays I don't understand why people hold their coins on a site like that knowing there's a risk that something could happen while there's options to stay much safer with a very minimal effort.

I don't say online wallets are something aweful or dangerous. They are infact quite handy in some cases but I see it as a way too big risk considering what has been going on. All these "hacks" bring certain kind of doubt with them.

[Ducksun]

I do not think that it will be hacked, it can get ddosed but that is not something that we should care about because its temporary and its not that they than will get any information from the users.

[Hazir]

Every centralized service can be DDOSed don't confuse it with hack (as in getting backdoor access to bitcoin/accounts of users).

The only problem with Blockchain.info was when hackers hijacked their domain.
Whois and DNS records changed from CloudFlare to some random cheap host, effectively making blockchain.info inaccessible for couple hours.

[JANGKRIK BOSS]

I do not think that it will be hacked, it can get ddosed but that is not something that we should care about because its temporary and its not that they than will get any information from the users.

I think nothing is impossible, don't ever feel safe using the wallet from everywhere like Blockchain.info, there is always a weakness, and to boost security was do not keep bitcoin wallet, the one we use also features comprehensive 2FA, but once again not guarantee will can't hack.

[Rosberger]

Can maybe be done but I think that it will not happen, there is of course a small chance but I do not honestly that it will.

[President79]

no one dared guarantee that it is free of the hack. chances are greater than we use offline wallet. thinking realistically and do not ever underestimate the security problems.