Bitcoin Forum
October 21, 2017, 05:26:31 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
Author Topic: Just had 39.70 bitcoins stolen from blockchain account!  (Read 5156 times)
r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
May 24, 2013, 11:12:11 AM
 #41

There gone.  Sorry but that is the reality.  Bitcoin was created to be irreversible like cash. 

This.
You kinda deserve to lose it, as you store too many money without any protection.

"I kinda deserve it"

I work with computers on a daily basis im fully clued up on encryption, i used a totally diff password to any other so called dodgy site i use.

I presumed with 2 passwords on blockchain i was safe!

Not just been me hit is others that dont know yet ive followed my btc thats now sat in russia in an account holding 99k in 4 mear transactions.

but i "kinda deserve to lose it"

you make me sick.....



Who in their right mind leaves that much BTC in an online wallet? you realize when its on the blockchain.info site they can get your public key and spam the form with a password spambot until they get in right? You said you are familiar with encryption, and i do feel bad for you and i hate a fucking scammer, but did you really do all you could to prevent this? 37.3 BTC? thats quite a damn bit to be left in a online wallet service.... in the future if you must use an online wallet service, keep an offline wallet to save most of your funds in. when you need some, just transfer it to your online wallet and spend it immediately... read up on {cold} offline wallets and protecting your self from fraud/ hackrs.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Stolen
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2013, 11:26:15 AM
 #42

So either your password was weak enough to break with a dictionary attack, or your computer is pwned. Which do you think it is?

Neither as computer is on a fresh reformat and pass was very long and not used on any other site!

At the start of this thread i was asking for advice not ridicule if you have nothing positive to say then please do not comment.
Pierre
Full Member
***
Offline Offline

Activity: 207


View Profile
May 24, 2013, 11:30:17 AM
 #43

I don't understand what you're saying. As far as I can see there are only 3 possibilities here:

1) Blockchain.info is dodgy or got hacked or something

2) Your password got cracked or guessed or stolen

3) Your computer is pwned

But you're not willing to say that 2 or 3 are even remotely possible, so are you therefore saying that blockchain is at fault? What am I missing here?
Stolen
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2013, 11:33:31 AM
 #44



Who in their right mind leaves that much BTC in an online wallet? you realize when its on the blockchain.info site they can get your public key and spam the form with a password spambot until they get in right? You said you are familiar with encryption, and i do feel bad for you and i hate a fucking scammer, but did you really do all you could to prevent this? 37.3 BTC? thats quite a damn bit to be left in a online wallet service.... in the future if you must use an online wallet service, keep an offline wallet to save most of your funds in. when you need some, just transfer it to your online wallet and spend it immediately... read up on {cold} offline wallets and protecting your self from fraud/ hackrs.
[/quote]

It was 39.70 btc and yes yes i should of held it offline but i presumed 2 very long passwords would of ment it was safe, i wont be bothering with BTC anymore myself.

What goes around.............

Karma will deal its hand ;-)



ironcross360
Full Member
***
Offline Offline

Activity: 140


Troll of the Fourth Reich.


View Profile
May 24, 2013, 11:34:44 AM
 #45

Pm, me and ill show you were to make a police report

Why are you just staring at this? Just send it! 1MHZjADM41ttjbPUiTPYWGYGm45XLf8ZeS
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1834



View Profile
May 24, 2013, 11:45:36 AM
 #46

Honestly I hear about people getting robbed from Blockchain all the time - Two-factor auth when using google is not real two-factor, it's an illusion because if one password is compromised by an infected computer so is the other.
Huh? 
Password is on entered on computer.
google auth code is obtained from smartphone.
2FA - as in two factors. 
How exactly does attacker knowing your password, compromise the independent google auth code? (Hint: it doesn't)

If the security of the PC was compromised before he added the google authenticator, the hacker could copy the key OP generated to set up google authenticator himself that would generate codes that would be the same as OP's. Another possibilty is the device used for generating the codes could have been compromised as it was mentioned above.

1. Most 2FA codes (GAuth and such) are good for a short window after generation. A keylogger which transmits to the attacker in real time would be adequate to allow an attacker to log in with a 2FA code I entered on my PC - this was actually a common method of circumventing 2FA to steal WoW gold back in the day. Anyway, since the passwords I need to send coins are the same as the passwords needed to change settings, view private keys etc the attacker could have compromised my account and exported my private keys without my knowledge, then waited until I had a worthwhile amount in the account before acting.

It shouldn't let you reuse a code more than once. In Mt.Gox if I want to quickly withdraw some BTC to two addresses I have to wait a few seconds to send to the 2nd address until a new code is generated because it won't accept the previous one that I have already used (even if it is still valid for a few seconds).
jimmijames73
Hero Member
*****
Offline Offline

Activity: 504


View Profile
May 24, 2013, 11:47:08 AM
 #47

Ask David Perry, happened to him last month

I still haven't received a real answer as to how my particular robbery happened but evidence points to one of two scenarios:

1. Most 2FA codes (GAuth and such) are good for a short window after generation. A keylogger which transmits to the attacker in real time would be adequate to allow an attacker to log in with a 2FA code I entered on my PC - this was actually a common method of circumventing 2FA to steal WoW gold back in the day. Anyway, since the passwords I need to send coins are the same as the passwords needed to change settings, view private keys etc the attacker could have compromised my account and exported my private keys without my knowledge, then waited until I had a worthwhile amount in the account before acting.

2. Blockchain.info doesn't require the 2FA code when sending from a phone. Prior to adding the PIN lock to the app there was no auth beyond passwords - a keylogged phone would be a much more sensitive attack vector.

In the end it was my fault for keeping more in a hot wallet than I was willing to lose - about $1,000 worth of coin - but it still stings.

Sorry to hear about the theft of your btc and thanks for sharing your experience.  This thread has been valuable for noobs like me to make sure we keep our wallets secure.
Stolen
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2013, 11:59:06 AM
 #48

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!
r3wt
Hero Member
*****
Offline Offline

Activity: 686


always the student, never the master.


View Profile
May 24, 2013, 12:24:29 PM
 #49

Stolen. report this to blockchain.info. they may be able to retrieve the ip address used at the time the transaction was made. assuming they log that type of stuff.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
ironcross360
Full Member
***
Offline Offline

Activity: 140


Troll of the Fourth Reich.


View Profile
May 24, 2013, 12:28:59 PM
 #50

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

Why are you just staring at this? Just send it! 1MHZjADM41ttjbPUiTPYWGYGm45XLf8ZeS
escrow.ms
Legendary
*
Offline Offline

Activity: 1078

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 24, 2013, 12:34:17 PM
 #51

2 Things are possible

Either blockchain is vulnerable or some leak happened from your end.


If blockchain is vulnerable you will see lots of accounts getting hacked soon.

I have some questions for you.
 
Do you use windows or other OS?
Did you recently installed something or visited any random site, given access to your pc to someone else?

if your answer to one of above is "yes", you might got infected with some advance FUD malware.

FUD means fully undetectable, antiviruses won't catch it and show your pc clean.




I would also like to tell you about 2factor authentication bypass and android malware.

1. 2factor authentication bypass is possible.
There are many malwares available for bank's 2factor authentication bypass. Probably they made one to steal bitcoins too as bitcoins have less risk than bank transfer.

Some malware examples : Carberp, ATS webinject (automatic transfer system)



2. Android malwares are available too,and they can bind it with any legit android app. Some android trojans are public and some are private.

So make sure to download apps from verified source only.

First public android rat:
https://github.com/RobinDavid/androrat
APK binder getting sold on hackorums
http://www.hackforums.net/showthread.php?tid=3464366


Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
escrow.ms
Legendary
*
Offline Offline

Activity: 1078

GPG Key-ID: B82BA7E1 | I don't use skype.


View Profile
May 24, 2013, 12:46:24 PM
 #52

I will suggest you to remove all your important data from your pc and check incoming/outgoing connection or any suspicious /infected file.

Don't format it might be rootkit or you will might loose evidence of malware/hijack.

If you find something suspicious let me know.

Please click here to know why I have negative feedback. https://21.co/escrow/
Tip address: 1nPfxnncZqWvVP4UHT6XLfNzfaik7akQS
Stolen
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2013, 02:48:49 PM
 #53

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

Nope i emailed em as did not think this comes under "an imminent threat"

i went for the "To report non-urgent suspicions:Contact Us here" option instead but its now been reported and logged.
Branny
Sr. Member
****
Offline Offline

Activity: 398


View Profile
May 24, 2013, 02:51:26 PM
 #54

Ah , the wonders of bitcoin.
Stolen
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2013, 03:01:46 PM
 #55

Ah , the wonders of bitcoin.

Im just wondering where all mine have gone!

well i can even see where they gone, but can do nothing about it!
Oh the Joys, at least its a lot quieter now without the OC gfx cards on full pelt!
Moebius327
Hero Member
*****
Offline Offline

Activity: 700


ARNA | PreSale - September 21st


View Profile
May 24, 2013, 03:08:41 PM
 #56

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?



I'm really sorry for you.

1) How did you generate your adress?




██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄▀▀▀▀▀▀▀▀▀▀▄▄
▄█▀░░░░░░░░░░░░░░▀█▄
▄█▀░░░░░░░░██░██░██░░▀█▄
▄▀░░░░░░░▄▄░░░░░░░▄▄░░░░▀▄
▄█░░░░░░░░▀▀░░░░░░░▀▀░░░░░█▄
█░░░░░░██░░░░░░░░░░██░░░░░░█
█░░░░░░▄▄░▄▄░▄▄░▄▄░▄▄░░░░░░█
█░░░░░░▀▀░▀▀░▀▀░▀▀░▀▀░░░░░░█
▀█░░░░░██░░░░░░░░░░██░░░░░█▀
▀▄░░░░▄▄░░░░░░░░░░▄▄░░░░▄▀
▀█▄░░▀▀░░░░░░░░░░▀▀░░▄█▀
▀█▄░░░░░░░░░░░░░░▄█▀
▀▀▄▄▄▄▄▄▄▄▄▄▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
[.
.WHITEPAPER.
.ANN THREAD.
]██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
pcmc5
Newbie
*
Offline Offline

Activity: 15



View Profile
May 24, 2013, 03:10:51 PM
 #57

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

Nope i emailed em as did not think this comes under "an imminent threat"

i went for the "To report non-urgent suspicions:Contact Us here" option instead but its now been reported and logged.

Sorry for your loss... keep us posted i would be curious to see if the police report works..
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
May 24, 2013, 03:11:13 PM
 #58

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?



I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.


How do you know he had a vanity address?
Moebius327
Hero Member
*****
Offline Offline

Activity: 700


ARNA | PreSale - September 21st


View Profile
May 24, 2013, 03:19:52 PM
 #59

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?



I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.


How do you know he had a vanity address?



Is this vanity?

██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄▀▀▀▀▀▀▀▀▀▀▄▄
▄█▀░░░░░░░░░░░░░░▀█▄
▄█▀░░░░░░░░██░██░██░░▀█▄
▄▀░░░░░░░▄▄░░░░░░░▄▄░░░░▀▄
▄█░░░░░░░░▀▀░░░░░░░▀▀░░░░░█▄
█░░░░░░██░░░░░░░░░░██░░░░░░█
█░░░░░░▄▄░▄▄░▄▄░▄▄░▄▄░░░░░░█
█░░░░░░▀▀░▀▀░▀▀░▀▀░▀▀░░░░░░█
▀█░░░░░██░░░░░░░░░░██░░░░░█▀
▀▄░░░░▄▄░░░░░░░░░░▄▄░░░░▄▀
▀█▄░░▀▀░░░░░░░░░░▀▀░░▄█▀
▀█▄░░░░░░░░░░░░░░▄█▀
▀▀▄▄▄▄▄▄▄▄▄▄▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
[.
.WHITEPAPER.
.ANN THREAD.
]██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
▄▄ ▄▄ ▄▄
▀▀ ▀▀ ▀▀
██ ██ ██
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
May 24, 2013, 03:27:40 PM
 #60

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?



I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.


How do you know he had a vanity address?

1NeiLYQBFawaummF9XHc4hPBkG6W1bUCpb

Is this vanity?
Perhaps if his name is Neil.  But very good point - if the entropy isn't sufficient in any vanity generator, it makes the coins held there unsafe.
Pages: « 1 2 [3] 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!