Its the no log that really irks me. How can a withdraw be made without an entry made.?
Agreed, this is the main worry in all this I think...
Blockchain.info is only a client. It doesn't store bitcoins itself, it only stores credentials needed to send bitcoins from your addresses (that is private keys for your bitcoin addresses). If his computer/phone has been compromised, these credentials might be logged/copied during one of his legitimate logins to blockchain.info and sent to the attacker. The attacker could then use these stolen credentials with any other bitcoin client (like Bitcoin-Qt, Armory, Multibit, etc) to send bitcoins - and that's why blockchain.info didn't have any suspicious logins.
Well i guess what Ill have to do is
- Remake a new blockchain.info wallet.
- Use a unique PW vs any other site.
- Enable IP restriction so it can only be used at my home location
I would think that with those three, esp the IP restriction, at account creation, there should be no way a thief could access my account and view my private key. Of course I have been wrong before. Blockchain even states that the app will work, as long as its "synced" with account. So that should be secure as well. In my mind, that tells me that even if they got my password, they couldn't access my account due to IP restriction.