Just had 39.70 bitcoins stolen from blockchain account!

[Stolen]

Somebody has hacked my blockchain account and took everything i had all 39.70btc ive been mining for months!

Im even sat here watching transactions being confirmed and can see the 2 accounts its all now held in, via blockchain info!

Anbody got any advice?

I'm really sorry for you.

1) How did you generate your vanity adress?

2) Did you use 2-Factor Auth.

How do you know he had a vanity address?

1NeiLYQBFawaummF9XHc4hPBkG6W1bUCpb

Is this vanity?

Thats not my address this is/was 14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y

And this is where its gone https://blockchain.info/address/1ETWJY39bJb1jb29R4rew3YVZDSDsaERFy

who then passed it on to 1JkoobQf4MfhpGvgywQPsCQGyxbtjiACr2 $ 2,083.73 &
12BYKgGptsrjMV47CgStCokkSCR3xL86Hx $ 3,030.01 

And if you look at there accounts you will see they done other ppl aswell but they clearly dont know yet!

[1714834446]

1714834446

[1714834446]

1714834446

[1714834446]

1714834446

[SgtSpike]

I deeply dislike the statement that someone deserves to have their coins stolen if they don't do XYZ things to protect them. Should people do their homework before storing that kind of value? Absolutely. But saying they deserve to have their coins stolen is like saying that a woman deserves to get beaten or that some "heathen" city deserves to be destroyed by a natural disaster.

I can get behind the statement that some people will never learn until they learn the hard way but no one deserves to be stolen from simply because they were a bit of a noob. I lost a fair amount of funds because I got busy and didn't manage my account balances well - did I deserve to be stolen from? If it turns out that whatever system you use has a faulty random number generator do you deserve to be stolen from because you "should've known better" than to use a non-quantum entropy source? There's always some extra step you can take to secure your funds better and to blame the victim because they didn't take as many steps as you is a terrible attitude. This was a theft, blame the thieves.

That said, this is one of the many ways in which Bitcoin has a long way to go still. Properly securing a keypair isn't impossible to do and we already know plenty of ways to do it, but it's not common knowledge and we place far too much of the burden of security on the individual who, frankly, almost certainly has no idea what they're doing. Key management is a pretty specialized skill and we need solutions that don't rely on every single user to have that skill. If you have that skill and want to manage your own keys, good on you, I'm happy to manage my own keys too, but most people are going to be incompetent at this particular skill and that's ok - I'm incompetent at carpentry but if I want something built of wood I hire someone to do it. Not everyone has to be good at everything they want done.

I completely agree with you - I am not trying to blame the victim, only trying to find out why this might have happened so that we may all better protect ourselves.

That hardware wallet cannot come soon enough...

[alyssa85]

was your identifier an alias or the long identifier number?

[Stolen]

And this is where it all is now https://blockchain.info/address/1HSDGPDdq1BcuFbMCtswLLbGiuSZHEjS68 so defo not just been me had!

[Stolen]

was your identifier an alias or the long identifier number?

Was a long identifier

[Zaih]

With Bitcoin there's some downsides.. I guess this is one of them.

Live & learn. Hopefully won't happen again.

[Rampion]

Already 2 users on this thread affected by the thief. And that address has plenty of coins, if all of that is from stealing (116BTC) is quite a successful raid.

Hope we end up knowing what kind of exploit was used.

[Stolen]

With Bitcoin there's some downsides.. I guess this is one of them.

Live & learn. Hopefully won't happen again.

No shit wont happen to me again, ill never mine that much again not with mear GFX set up i have and current difficulty lvls.

Ive been wiped out, bang goes our summer holiday!

[Stolen]

I have no idea how they did all these transactions whilst i was actually on Blockchain looking at my account without the first withdraw being registered they must of been allmost instant all these

65969f220edbabf5a21e17961014c5f69ef99f6ae58caf0adb07cb873c1bce65
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 64.56 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 2,190.21 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 31.63 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 23.07 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 3.09 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 51.64 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.80 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 12.91 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 5.68 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 5.32 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 2.58 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 16.57 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 193.67 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.42 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 42.61 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 59.97 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.30 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 30.67 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 25.82 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 52.09 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.55 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 24.53 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 48.21 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 4.14 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.96 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 64.56 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 2.45 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1,462.68 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 12.91 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 38.73 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 23.24 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 25.82 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 20.66 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 25.82 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 14.53 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 13.87 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 7.75 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 2.44 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.30 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.63 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 9.04 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 6.46 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.80 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 30.68 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.29 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 0.62 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 6.46 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 64.56 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 3.50 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.64 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 13.67 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 32.28 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 1.34 - Output)
14epNbGQ1rBFqhWWSx7jN4JPTLW5yZUo7Y ($ 5.16 - Output)
      1ETWJY39bJb1jb29R4rew3YVZDSDsaERFy - (Spent) $ 5,124.83

[DeathAndTaxes]

If the security of the PC was compromised before he added the google authenticator, the hacker could copy the key OP generated to set up google authenticator himself that would generate codes that would be the same as OP's. Another possibilty is the device used for generating the codes could have been compromised as it was mentioned above.

The first scenario is always a possibility one must start secure to remain secure.  The second possibility is important to bring up because many people may be undermining their "2"FA.  If for example your android phone is your second factor device you SHOULD NOT be using apps or accessing the website from that device.  If the phone is compromised both your factors are now on the same location.  A compromised phone would give the attacker access to both your pasword & gAuth secret key.

One thing people may not be aware of if gAuth doesn't require an active internet connection.  I use an old junked smartphone which I removed all apps, disabled all wireless & cellular that sits on my desks as a 2FA "device" for about 20 or so websites.  When I am not home it goes in the office safe.  Granted that may be a little extreme but eventually everyone is going to have an old smartphone so using a "semi-dedicated" device which is permanently air gapped provides enhanced security on the cheap.

It shouldn't let you reuse a code more than once. In Mt.Gox if I want to quickly withdraw some BTC to two addresses I have to wait a few seconds to send to the 2nd address until a new code is generated because it won't accept the previous one that I have already used (even if it is still valid for a few seconds).

Correct.  By the standard the website should never accept the same code twice (even if still valid).  It is simple to achieve this.  When the site receives the auth code and validates it, it then stores the most recent code in the login/user table.  When receiving a new authentication from the user it first checks that the code wasn't the last one received.  The site should only store last VALID code to avoid an attacker where attacker "flushes" the code by providing an invalid one, and then the valid one.  

Maybe blockchain.info can verify how they ensure no replay attack of 2FA codes.


Note it is possible that a severely compromised computer with custom specific purpose malware could still fail.  The malware could intercept the code, prevent the computer from sending it to the site and then use the code to perform the action the attacker wants.  I would point out if your system is that compromised then just about any wallet (local client, paper wallet input for spending, etc) is at risk. 2FA isn't a magic bullet however it does raise the bar for the attacker.  A generic keylogger, or brute force attack would be insufficient to gain access.  The goal of any security system is to make it more difficult for the attacker.  Can a physical safe be cracked?  Sure but having your gold in a safe is better than in a cardboard box.


PSA about public wifi (or other unknown/untrusted internet connectivity):
MITM attacks can defeat 2FA pretty easily.  The most likely attack scenario will occur when using "public wifi".  An attacker can create a hotspot with the same SSID as your regular hotspot (say starbucks) and using a higher output amp "block" the real starbucks wifi (most routers have pretty weak output so this is pretty easy).  You connect thinking you are connecting to starbucks but you are connecting to the attacker sitting there drinking a coffee with his laptop.  The attacker can MITM any internet browsing.  If the website uses SSL the attacker can't easily impersonate that however the attacker could provide you a fake decrypted (http://blockchain.info vs https://blockchain.info) version of the site or provide you a "secure" spoofed site (https://bl0ckchain.info).  The real solution is that 802.11 needs to be extended to provide strong cryptographic (CA type solution) authentication and per session SSL type keysharing scheme.  Baring the development of a standard I would highly recommend NOT using public wifi for sensitive tasks (or route all communication via VPN when on public wifi) and double check that the website is operating over https and the url is correct.

[DeathAndTaxes]

I have no idea how they did all these transactions whilst i was actually on Blockchain looking at my account without the first withdraw being registered they must of been allmost instant all these

65969f220edbabf5a21e17961014c5f69ef99f6ae58caf0adb07cb873c1bce65

It is a single transaction, it just has multiple inputs.  Once the attacker had a copy of your unencrypted wallet file he wouldn't need to use blockchain.info website.  Using any client/wallet he could create the transaction and submit it to the network.  Blockchain.info website wouldn't be aware of the transaction until it had already propagated the network.

[DeathAndTaxes]

I deeply dislike the statement that someone deserves to have their coins stolen if they don't do XYZ things to protect them. Should people do their homework before storing that kind of value? Absolutely. But saying they deserve to have their coins stolen is like saying that a woman deserves to get beaten or that some "heathen" city deserves to be destroyed by a natural disaster.

I can get behind the statement that some people will never learn until they learn the hard way but no one deserves to be stolen from simply because they were a bit of a noob. I lost a fair amount of funds because I got busy and didn't manage my account balances well - did I deserve to be stolen from? If it turns out that whatever system you use has a faulty random number generator do you deserve to be stolen from because you "should've known better" than to use a non-quantum entropy source? There's always some extra step you can take to secure your funds better and to blame the victim because they didn't take as many steps as you is a terrible attitude. This was a theft, blame the thieves.

That said, this is one of the many ways in which Bitcoin has a long way to go still. Properly securing a keypair isn't impossible to do and we already know plenty of ways to do it, but it's not common knowledge and we place far too much of the burden of security on the individual who, frankly, almost certainly has no idea what they're doing. Key management is a pretty specialized skill and we need solutions that don't rely on every single user to have that skill. If you have that skill and want to manage your own keys, good on you, I'm happy to manage my own keys too, but most people are going to be incompetent at this particular skill and that's ok - I'm incompetent at carpentry but if I want something built of wood I hire someone to do it. Not everyone has to be good at everything they want done.

I completely agree with you - I am not trying to blame the victim, only trying to find out why this might have happened so that we may all better protect ourselves.

That hardware wallet cannot come soon enough...

Agreed.  Blaming the victim is just disgusting.  It is never the victim's fault.  The point about 2FA is to educate others how they can reduce the chance of becoming a victim.  2FA is just a risk reduction tool.  Similar to how strong locks, good neighborhood, outdoor lighting, an alarm system, and a shotgun are tools to reduce the risk of burglary.

Blaming the victim is contrary to the libertarian/voluntarism mindset than many on this site claim to believe in.  

[JimCGSavings]

Newbie question here, but am I reading this right and the stolen bitcoins are still in a blockchain account? Can't blockchain "freeze" the account until this is sorted out?

[SgtSpike]

Newbie question here, but am I reading this right and the stolen bitcoins are still in a blockchain account? Can't blockchain "freeze" the account until this is sorted out?

Blockchain.info has no control over user accounts or users' bitcoins.  The Bitcoins are controlled client-side - blockchain.info only facilitates an interface to help control them.

[malevolent]

One thing people may not be aware of if gAuth doesn't require an active internet connection.  I use an old junked smartphone which I removed all apps, disabled all wireless & cellular that sits on my desks as a 2FA "device" for about 20 or so websites.  When I am not home it goes in the office safe.  Granted that may be a little extreme but eventually everyone is going to have an old smartphone so using a "semi-dedicated" device which is permanently air gapped provides enhanced security on the cheap.

I did the same (without keeping it in the safe part), there are even unnofficial gauths for symbian-based phones (written in java & open sourced ofc)
alternatively one could run it on an old PC/laptop that is never connected to the Internet

Lastly MITM attacks can defeat 2FA pretty easily.  The most likely attack scenario is using "public wifi".  As an example an attack can create a hotspot "starbucks wifi" and using a higher output amp "block" the real starbucks wifi.  You connect and now the attacker can MITM any internet browsing.  If the website uses SSL the attacker can't easily impersonate that however the attacker could provide a unencrypted (http vs https) version of the site to trick the user.  There are no real good solutions.   The real solution is that public wifi really needs a CA type solution and a SSL type keysharing scheme.  OS/devices would warn when connecting to an unknown wifi source.  Baring the development of a standard I would highly recommend NOT using public wifi (or route all communication via VPN when on public wifi) and double check that the website is operating over https and the url is correct (not https://bl0ckchain.info).

With DNS spoofing attacks and SSL hijacking I wouldn't recommend anyone to connect through an untrusted wifi without a trusted VPN (best to set it up yourself) for anything remotely connected with any money.

P.S. you have misquoted in the post I am now replying to

[turtles]

this all sounds somewhat terrifying

[Nasty]

Where did you download your miners from?

[Stolen]

Where did you download your miners from?

50BTC about a year ago...

[aymar_est]

Sorry for your loss.

Many people listed possibilities here but are you clarified what caused that hacking?

[BCB]

OP, Sorry for you loss. We've all had some experience with bitcoin loss and or fraud this and it no fun.   Unfortunately wallet security is a real challenge for bitcoiners.   An until we can get wallet security right this is going to be a very large hurdle to greater adoption.  I'm not sure about anyone else but I  get the following email several times a week.

Code:

Authorize log-in attempt

An attempt to login to your blockchain.info wallet was made from an unknown browser. Please confirm the following details are correct:

Time: 2013-05-20 05:47:07
IP Address: 122.150.61.62 (Australia)
User Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_3 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B329 

So blockchain (as are any other high volume bitcoin businesses) is clearly target.

I think Tangible mentioned it first -  does any know that the blockchain.info OTP is really "ONE TIME."  I know when I started using gox OTP it was actually possible to reuse the OTP for up to 5 minutes after the first successful login which would renter the otp inneffectual for any virus resident on your box (GOX has since fixed the issue).