Bitcoin Forum
October 21, 2017, 01:34:28 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
Author Topic: Just had 39.70 bitcoins stolen from blockchain account!  (Read 5155 times)
bobthebuilder18
Newbie
*
Offline Offline

Activity: 17


View Profile
May 26, 2013, 11:53:16 AM
 #121

Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.

Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.

But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC.
Well now I'll probably open a brand new wallet just to be 100% sure...

Thanks,
1508549668
Hero Member
*
Offline Offline

Posts: 1508549668

View Profile Personal Message (Offline)

Ignore
1508549668
Reply with quote  #2

1508549668
Report to moderator
1508549668
Hero Member
*
Offline Offline

Posts: 1508549668

View Profile Personal Message (Offline)

Ignore
1508549668
Reply with quote  #2

1508549668
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508549668
Hero Member
*
Offline Offline

Posts: 1508549668

View Profile Personal Message (Offline)

Ignore
1508549668
Reply with quote  #2

1508549668
Report to moderator
1508549668
Hero Member
*
Offline Offline

Posts: 1508549668

View Profile Personal Message (Offline)

Ignore
1508549668
Reply with quote  #2

1508549668
Report to moderator
wachtwoord
Legendary
*
Offline Offline

Activity: 1624


View Profile
May 26, 2013, 12:54:44 PM
 #122

Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.

Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.

But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC.
Well now I'll probably open a brand new wallet just to be 100% sure...

Thanks,

This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet.

The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made.

davidbitcoins
Newbie
*
Offline Offline

Activity: 5


View Profile
May 26, 2013, 12:57:19 PM
 #123

Whaaat that sucks man!
Hawkix
Hero Member
*****
Offline Offline

Activity: 522



View Profile WWW
May 26, 2013, 03:29:08 PM
 #124

Watch out for the security of the e-mail address you use in blockchain.info's wallet.

Regardless of 2FA, if you sent your backup to compromised e-mail and your password is weak enough so the attacker (has months to do it) can crack it, all your private keys are exposed. He does not need to logon to blockchain.info to empty your wallet there! The dark net is full of broken e-mails and someone may be monitoring them automatically.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
Moebius327
Hero Member
*****
Offline Offline

Activity: 700


ARNA | PreSale - September 21st


View Profile
May 26, 2013, 06:19:13 PM
 #125

Watch out for the security of the e-mail address you use in blockchain.info's wallet.

Regardless of 2FA, if you sent your backup to compromised e-mail and your password is weak enough so the attacker (has months to do it) can crack it, all your private keys are exposed. He does not need to logon to blockchain.info to empty your wallet there! The dark net is full of broken e-mails and someone may be monitoring them automatically.


+1

██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄▀▀▀▀▀▀▀▀▀▀▄▄
▄█▀░░░░░░░░░░░░░░▀█▄
▄█▀░░░░░░░░██░██░██░░▀█▄
▄▀░░░░░░░▄▄░░░░░░░▄▄░░░░▀▄
▄█░░░░░░░░▀▀░░░░░░░▀▀░░░░░█▄
█░░░░░░██░░░░░░░░░░██░░░░░░█
█░░░░░░▄▄░▄▄░▄▄░▄▄░▄▄░░░░░░█
█░░░░░░▀▀░▀▀░▀▀░▀▀░▀▀░░░░░░█
▀█░░░░░██░░░░░░░░░░██░░░░░█▀
▀▄░░░░▄▄░░░░░░░░░░▄▄░░░░▄▀
▀█▄░░▀▀░░░░░░░░░░▀▀░░▄█▀
▀█▄░░░░░░░░░░░░░░▄█▀
▀▀▄▄▄▄▄▄▄▄▄▄▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
[.
.WHITEPAPER.
.ANN THREAD.
]██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
bobthebuilder18
Newbie
*
Offline Offline

Activity: 17


View Profile
May 26, 2013, 06:36:29 PM
 #126

So because of all of that I'm now using Armory with strong passphrase and only keep a paper backup in my home. Basically there is now only a risk of a fire, but that's about it (at least I hope) Smiley

BR
BCB
CTG
VIP
Legendary
*
Online Online

Activity: 1036


BCJ


View Profile
May 26, 2013, 08:54:42 PM
 #127

If your btc value is high store an encrypted back up of your wallet.dat file or a paper wallet in another location.  (bank - work)
scintill
Sr. Member
****
Offline Offline

Activity: 448


View Profile WWW
May 27, 2013, 12:19:41 AM
 #128

hmm thought that's "impossible" to have bitcoins stolen. What I heard was it takes forever.

It's virtually impossible (takes longer than a human lifespan) to crack a key if you only know an address.  But stealing bitcoins is as easy as stealing private keys off someone's hard drive and cracking any password they have -- with proper security procedures though, that should be just as hard.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
Bitcointrrader200
Newbie
*
Offline Offline

Activity: 11


View Profile
May 27, 2013, 04:06:02 AM
 #129

That really sucks, a tough price to pay for the truth that the internet is probably less safe then the streets...
Pierre
Full Member
***
Offline Offline

Activity: 207


View Profile
May 27, 2013, 04:49:55 AM
 #130

Paying the iron price
wachtwoord
Legendary
*
Offline Offline

Activity: 1624


View Profile
May 27, 2013, 10:28:26 AM
 #131

So because of all of that I'm now using Armory with strong passphrase and only keep a paper backup in my home. Basically there is now only a risk of a fire, but that's about it (at least I hope) Smiley

BR

You can keep a paper backup in a bank safe or on you at all times (out of plain sight, out of things that frequently get stolen) to prevent that. I'm still thinking of something better, but the paper wallet codes are a little long to reliably memorize Smiley

btcshops
Newbie
*
Offline Offline

Activity: 6



View Profile
May 27, 2013, 11:04:33 AM
 #132

You should have been more careful bro...

13ThJTiHF3BvW6TTWtdN5nCEZrrNrnb9o4
ranlo
Legendary
*
Offline Offline

Activity: 1610



View Profile
May 27, 2013, 04:03:21 PM
 #133

Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.

Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.

But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC.
Well now I'll probably open a brand new wallet just to be 100% sure...

Thanks,

This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet.

The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made.

Is using a watch-only wallet just like using the blockchain to keep up with transactions, only cleaner (and inclusive of all your addresses at once)? Or is there some other benefit as well?


 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 




















Earn Devcoins by Writing
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
May 27, 2013, 04:08:54 PM
 #134

Google authenticator should work just as well as a yubikey. Just remember to keep a backup of your key, or some one time passwords.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Fredidans
Newbie
*
Offline Offline

Activity: 12


View Profile
May 27, 2013, 04:40:33 PM
 #135

Personnaly i lost 5,5 BTC last year.

Now my wallet is on a crypted usb key
slashnp
Newbie
*
Offline Offline

Activity: 25



View Profile
May 27, 2013, 05:02:01 PM
 #136

You should keep your wallet on your flashdrive ! Undecided
JayKEy00
Newbie
*
Offline Offline

Activity: 27



View Profile
May 27, 2013, 05:50:15 PM
 #137

MOD EDIT:
See https://bitcointalk.org/index.php?topic=218040.0 as this site is probably a scam


The best method to save your bitcoins is a paper wallet, here can nobody steal you digital, only physicall and i think this happens less. I used the Bitcoin address generator at www.bitcoin-address.org. I think its the best because its the official bitcoin generator. How can I get my bitcoins now back digital, if i have them on paper? How can I import them?

Official Bitcoin Homepage: bitcoin.org
Official Bitcoin Address Generator: bitcoin-address.org
ndr76
Newbie
*
Offline Offline

Activity: 28


View Profile
May 27, 2013, 06:06:46 PM
 #138

Consider using cold storage. Just write the private key on a piece of paper and remove it from you computer.
wachtwoord
Legendary
*
Offline Offline

Activity: 1624


View Profile
May 27, 2013, 06:14:36 PM
 #139

Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.

Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.

But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC.
Well now I'll probably open a brand new wallet just to be 100% sure...

Thanks,

This is correct. With a watch only wallet no-one can do anything with your Bitcoins because a watch only wallet only contains public keys and lacks the private keys required to make transactions using the addresses in the wallet.

The only thing you lose when someone gains access to your watch only is a lack of privacy: people can determine how many Bitcoins you hold in the wallet and what transactions you made.

Is using a watch-only wallet just like using the blockchain to keep up with transactions, only cleaner (and inclusive of all your addresses at once)? Or is there some other benefit as well?

No there are no additional benefits Smiley

(And you meant www.blockchain.info, that is not the same as the BlockChain Wink)

ProfMac
Legendary
*
Offline Offline

Activity: 854



View Profile
May 29, 2013, 05:26:07 PM
 #140


Don't use Yubikey unless you have a Yubikey (it's a physical USB device). And AFAIK blockchain.info do not have their proprietary yubikeys, you have to use a Gox Yubikey, which is absurd IMO (the whole point of 2FA is to use a UNIQUE mechanism for each account).

I'd suggest using SMS because you do not need a smartphone and you can easily and immediately recover your phone number even if you lose your device. Google authenticator is good too, but you need to have a proper paper backup of the QR code and/or the private key of the security token linked to the account (this is mandatory or you may very well end up having the same problem described in the "I want to sue Google" thread in the legal subforum)

I have a Mt.Gox Yubikey, and also a standard Yubikey.  Both of them will enter characters into the authentication box.  Neither of them seem to enter the "return" character, which is the behavior that the key seems to have in other environments.  I have tested this on Firefox and Chrome, both in a Linux environment.  I also tested it in MSIE in Vista.


My standard Yubikey behaves the same way - the code enters the box but is not saved. I'd really like to use Yubikey as it seems the e-mail 2FA at blockchain lags quite often (I'm using gmail with my own domain). Is the blockchain Yubikey 2FA method working at all? AFAIK only the Mt.Gox ones are not supported for the "new" accounts.


Seems the Yubikey support at blockchain.info was fixed and Yubikey 2FA works now (at least my standard one does).


My standard Yubikey was accepted.
My Mt. Gox Yubikey was rejected.

edited:
I also restricted the account to my IP address.


I try to be respectful and informed.
Pages: « 1 2 3 4 5 6 [7] 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!