Just had 39.70 bitcoins stolen from blockchain account!

[r3wt]

There gone.  Sorry but that is the reality.  Bitcoin was created to be irreversible like cash. 

This.
You kinda deserve to lose it, as you store too many money without any protection.

"I kinda deserve it"

I work with computers on a daily basis im fully clued up on encryption, i used a totally diff password to any other so called dodgy site i use.

I presumed with 2 passwords on blockchain i was safe!

Not just been me hit is others that dont know yet ive followed my btc thats now sat in russia in an account holding 99k in 4 mear transactions.

but i "kinda deserve to lose it"

you make me sick.....

Who in their right mind leaves that much BTC in an online wallet? you realize when its on the blockchain.info site they can get your public key and spam the form with a password spambot until they get in right? You said you are familiar with encryption, and i do feel bad for you and i hate a fucking scammer, but did you really do all you could to prevent this? 37.3 BTC? thats quite a damn bit to be left in a online wallet service.... in the future if you must use an online wallet service, keep an offline wallet to save most of your funds in. when you need some, just transfer it to your online wallet and spend it immediately... read up on {cold} offline wallets and protecting your self from fraud/ hackrs.

[1714769201]

1714769201

[1714769201]

1714769201

[1714769201]

1714769201

[Stolen]

So either your password was weak enough to break with a dictionary attack, or your computer is pwned. Which do you think it is?

Neither as computer is on a fresh reformat and pass was very long and not used on any other site!

At the start of this thread i was asking for advice not ridicule if you have nothing positive to say then please do not comment.

[Pierre]

I don't understand what you're saying. As far as I can see there are only 3 possibilities here:

1) Blockchain.info is dodgy or got hacked or something

2) Your password got cracked or guessed or stolen

3) Your computer is pwned

But you're not willing to say that 2 or 3 are even remotely possible, so are you therefore saying that blockchain is at fault? What am I missing here?

[Stolen]

Who in their right mind leaves that much BTC in an online wallet? you realize when its on the blockchain.info site they can get your public key and spam the form with a password spambot until they get in right? You said you are familiar with encryption, and i do feel bad for you and i hate a fucking scammer, but did you really do all you could to prevent this? 37.3 BTC? thats quite a damn bit to be left in a online wallet service.... in the future if you must use an online wallet service, keep an offline wallet to save most of your funds in. when you need some, just transfer it to your online wallet and spend it immediately... read up on {cold} offline wallets and protecting your self from fraud/ hackrs.
[/quote]

It was 39.70 btc and yes yes i should of held it offline but i presumed 2 very long passwords would of ment it was safe, i wont be bothering with BTC anymore myself.

What goes around.............

Karma will deal its hand ;-)

[ironcross360]

Pm, me and ill show you were to make a police report

[malevolent]

Honestly I hear about people getting robbed from Blockchain all the time - Two-factor auth when using google is not real two-factor, it's an illusion because if one password is compromised by an infected computer so is the other.

Huh? 
Password is on entered on computer.
google auth code is obtained from smartphone.
2FA - as in two factors. 
How exactly does attacker knowing your password, compromise the independent google auth code? (Hint: it doesn't)

If the security of the PC was compromised before he added the google authenticator, the hacker could copy the key OP generated to set up google authenticator himself that would generate codes that would be the same as OP's. Another possibilty is the device used for generating the codes could have been compromised as it was mentioned above.

1. Most 2FA codes (GAuth and such) are good for a short window after generation. A keylogger which transmits to the attacker in real time would be adequate to allow an attacker to log in with a 2FA code I entered on my PC - this was actually a common method of circumventing 2FA to steal WoW gold back in the day. Anyway, since the passwords I need to send coins are the same as the passwords needed to change settings, view private keys etc the attacker could have compromised my account and exported my private keys without my knowledge, then waited until I had a worthwhile amount in the account before acting.

It shouldn't let you reuse a code more than once. In Mt.Gox if I want to quickly withdraw some BTC to two addresses I have to wait a few seconds to send to the 2nd address until a new code is generated because it won't accept the previous one that I have already used (even if it is still valid for a few seconds).

[Stolen]

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

[r3wt]

Stolen. report this to blockchain.info. they may be able to retrieve the ip address used at the time the transaction was made. assuming they log that type of stuff.

[ironcross360]

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

[escrow.ms]

2 Things are possible

Either blockchain is vulnerable or some leak happened from your end.


If blockchain is vulnerable you will see lots of accounts getting hacked soon.

I have some questions for you.
 
Do you use windows or other OS?
Did you recently installed something or visited any random site, given access to your pc to someone else?

if your answer to one of above is "yes", you might got infected with some advance FUD malware.

FUD means fully undetectable, antiviruses won't catch it and show your pc clean.




I would also like to tell you about 2factor authentication bypass and android malware.

1. 2factor authentication bypass is possible.
There are many malwares available for bank's 2factor authentication bypass. Probably they made one to steal bitcoins too as bitcoins have less risk than bank transfer.

Some malware examples : Carberp, ATS webinject (automatic transfer system)



2. Android malwares are available too,and they can bind it with any legit android app. Some android trojans are public and some are private.

So make sure to download apps from verified source only.

First public android rat:
https://github.com/RobinDavid/androrat
APK binder getting sold on hackorums
http://www.hackforums.net/showthread.php?tid=3464366

[escrow.ms]

I will suggest you to remove all your important data from your pc and check incoming/outgoing connection or any suspicious /infected file.

Don't format it might be rootkit or you will might loose evidence of malware/hijack.

If you find something suspicious let me know.

[Stolen]

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

Nope i emailed em as did not think this comes under "an imminent threat"

i went for the "To report non-urgent suspicions:Contact Us here" option instead but its now been reported and logged.

[Branny]

Ah , the wonders of bitcoin.

[Stolen]

Ah , the wonders of bitcoin.

Im just wondering where all mine have gone!

well i can even see where they gone, but can do nothing about it!
Oh the Joys, at least its a lot quieter now without the OC gfx cards on full pelt!

[Moebius327]

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?

I'm really sorry for you.

1) How did you generate your adress?

[pcmc5]

Pm, me and ill show you were to make a police report

Thank you Ironcross360 pm on the way!

I Pmed you their phone # Did you call them to make the report?

Nope i emailed em as did not think this comes under "an imminent threat"

i went for the "To report non-urgent suspicions:Contact Us here" option instead but its now been reported and logged.

Sorry for your loss... keep us posted i would be curious to see if the police report works..

[SgtSpike]

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?

I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.

How do you know he had a vanity address?

[Moebius327]

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?

I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.

How do you know he had a vanity address?

Is this vanity?

[SgtSpike]

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?

I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.

How do you know he had a vanity address?

1NeiLYQBFawaummF9XHc4hPBkG6W1bUCpb

Is this vanity?

Perhaps if his name is Neil.  But very good point - if the entropy isn't sufficient in any vanity generator, it makes the coins held there unsafe.

[enmaku]

I deeply dislike the statement that someone deserves to have their coins stolen if they don't do XYZ things to protect them. Should people do their homework before storing that kind of value? Absolutely. But saying they deserve to have their coins stolen is like saying that a woman deserves to get beaten or that some "heathen" city deserves to be destroyed by a natural disaster.

I can get behind the statement that some people will never learn until they learn the hard way but no one deserves to be stolen from simply because they were a bit of a noob. I lost a fair amount of funds because I got busy and didn't manage my account balances well - did I deserve to be stolen from? If it turns out that whatever system you use has a faulty random number generator do you deserve to be stolen from because you "should've known better" than to use a non-quantum entropy source? There's always some extra step you can take to secure your funds better and to blame the victim because they didn't take as many steps as you is a terrible attitude. This was a theft, blame the thieves.

That said, this is one of the many ways in which Bitcoin has a long way to go still. Properly securing a keypair isn't impossible to do and we already know plenty of ways to do it, but it's not common knowledge and we place far too much of the burden of security on the individual who, frankly, almost certainly has no idea what they're doing. Key management is a pretty specialized skill and we need solutions that don't rely on every single user to have that skill. If you have that skill and want to manage your own keys, good on you, I'm happy to manage my own keys too, but most people are going to be incompetent at this particular skill and that's ok - I'm incompetent at carpentry but if I want something built of wood I hire someone to do it. Not everyone has to be good at everything they want done.