ProfMac
Legendary
Offline
Activity: 1246
Merit: 1002
|
|
May 25, 2013, 06:59:43 PM |
|
I am looking in my own account under Account Settings --> Security --> 2 Factor Authentication There are several choices: - none
SMS YubiKey eMail Google Authenticator
Will you disclose which of these you had? I'm glad that you posted this. I would not have known about the YubiKey choice if I had not looked there today. I will switch from eMail to YubiKey. Do I understand correctly that an Android phone was part of your environment? Don't use Yubikey unless you have a Yubikey (it's a physical USB device). And AFAIK blockchain.info do not have their proprietary yubikeys, you have to use a Gox Yubikey, which is absurd IMO (the whole point of 2FA is to use a UNIQUE mechanism for each account). I'd suggest using SMS because you do not need a smartphone and you can easily and immediately recover your phone number even if you lose your device. Google authenticator is good too, but you need to have a proper paper backup of the QR code and/or the private key of the security token linked to the account (this is mandatory or you may very well end up having the same problem described in the "I want to sue Google" thread in the legal subforum) I have a Mt.Gox Yubikey, and also a standard Yubikey. Both of them will enter characters into the authentication box. Neither of them seem to enter the "return" character, which is the behavior that the key seems to have in other environments. I have tested this on Firefox and Chrome, both in a Linux environment. I also tested it in MSIE in Vista.
|
I try to be respectful and informed.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
May 25, 2013, 07:14:17 PM |
|
That's why you shouldn't have used an online wallet
It is important to look deeper when hacks & thefts occur to prevent "feel good security". If (and we don't know for sure) the OP computer was compromised by malware or a 0-day java exploit then a local wallet wouldn't provide any more security. The malware would gain a copy of the encrypted wallet.dat and when user unlocked his local wallet gained a copy of the passphrase as well.
|
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
May 25, 2013, 11:31:32 PM |
|
Moved most of my coins out of blockchain.info, just because. There is no perfect security, except locking up the guilty.
|
|
|
|
Stolen (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
May 26, 2013, 03:54:16 AM Last edit: May 26, 2013, 04:10:56 AM by Stolen |
|
Moved most of my coins out of blockchain.info, just because. There is no perfect security, except locking up the guilty.
Ben from blockchain.info has contacted me and is trying to help, i will let you all know on the outcome! All i know is i sent 0.1 btc from my 50btc account and allmost at the same time that went into my blockchain.info account i got hacked. I run every scan going on my PC, im clean it did not happen from my end! All the best Stolen.... I would just like to add this was miner i downloaded i had to rewrite the src code myself to remove all this before i used it, how many ppl out there are running these miners, my miner was clean as id rewrote the source code myself! I suggest you all run this on your miners your using https://www.virustotal.com/en/file/59ed333e51a79e5a7598289f78d161033691c547f56d75329e0b2508f5c46357/analysis/ as this one i downloaded from 50btc about a year ago, first thing i did was scan it and then realise had to rewrite a new safe source code..... Downloaded a litecoin one today aswell! want to see what in that one? https://www.virustotal.com/en/file/e8f8ac2648bcb3ac333a8ea7e01d61742537c9af24bb51bbbbb43594bedaf0b4/analysis/Im going to rewrite this sorce code aswell and if anybody wants clean copies of either your welcome to them....
|
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
May 26, 2013, 08:39:24 AM |
|
Ironic name.
But you may be the victim of a keystroke logger. Was your password complex? And not 1234abc?
|
███████████████████████████████████████
,╓p@@███████@╗╖, ,p████████████████████N, d█████████████████████████b d██████████████████████████████æ ,████²█████████████████████████████, ,█████ ╙████████████████████╨ █████y ██████ `████████████████` ██████ ║██████ Ñ███████████` ███████ ███████ ╩██████Ñ ███████ ███████ ▐▄ ²██╩ a▌ ███████ ╢██████ ▐▓█▄ ▄█▓▌ ███████ ██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─ ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌ ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌ ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─ ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩ ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀ ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀` ²²² ███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ . LEALANA BITCOIN GRIM REAPER SILVER COINS. |
|
|
|
ASFx
Member
Offline
Activity: 68
Merit: 10
|
|
May 26, 2013, 08:40:36 AM |
|
This is pretty scary. I'm new to bitcoin and it looks like the only safe place to store my bitcoins is encrypted on my own computer!
|
|
|
|
Pierre
|
|
May 26, 2013, 09:09:36 AM |
|
This is pretty scary. I'm new to bitcoin and it looks like the only safe place to store my bitcoins is encrypted on my own computer!
Paper wallets are probably the safest.
|
|
|
|
cescan
|
|
May 26, 2013, 09:24:58 AM |
|
where to buy a hardware wallet.
|
|
|
|
tioted
Newbie
Offline
Activity: 5
Merit: 0
|
|
May 26, 2013, 09:51:00 AM |
|
Your computer is probably infected
|
|
|
|
|
sydeu
|
|
May 26, 2013, 10:39:44 AM |
|
ouch that sucks man
|
|
|
|
Moebius327
|
|
May 26, 2013, 10:41:43 AM |
|
where did you download this from?
|
|
|
|
OracionSeis
|
|
May 26, 2013, 10:49:26 AM |
|
I felt sorry about that,mate :S
|
Time off to sleep ... ( ̄︶ ̄)~
|
|
|
niknik
Newbie
Offline
Activity: 9
Merit: 0
|
|
May 26, 2013, 10:50:05 AM |
|
hmm thought that's "impossible" to have bitcoins stolen. What I heard was it takes forever.
|
|
|
|
|
bobthebuilder18
Newbie
Offline
Activity: 17
Merit: 0
|
|
May 26, 2013, 11:03:01 AM |
|
Hi, I share similar experience. Some 4 months ago my blockchain wallet first sent all available BTC to some address (it was around 0.3BTC then). I wasn't upset to much because the sum was not big. After a while I forgot about that and set my wallet address in some mining pool. When I got my first payment it was automatically withdrawn again I had GA enabled all the time and also had a strong password (16 chars, upper, numbers, special - impossible to guess).... So it couldn't be keylogger (because of GA), and as I'm using Linux don't suspect that it was infection.... Really strange, I moved all my BTC to offline wallet and add the address as watch only in blockchain... Regards,
|
|
|
|
Pierre
|
|
May 26, 2013, 11:06:20 AM |
|
Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.
Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
May 26, 2013, 11:09:19 AM |
|
Hi, I share similar experience. Some 4 months ago my blockchain wallet first sent all available BTC to some address (it was around 0.3BTC then). I wasn't upset to much because the sum was not big. After a while I forgot about that and set my wallet address in some mining pool. When I got my first payment it was automatically withdrawn again I had GA enabled all the time and also had a strong password (16 chars, upper, numbers, special - impossible to guess).... So it couldn't be keylogger (because of GA), and as I'm using Linux don't suspect that it was infection.... Really strange, I moved all my BTC to offline wallet and add the address as watch only in blockchain... Regards, I also had problem with blockchain that's why i didn't used it. Once i hve setup my account with 2 factor password authentication, cell phone number, new email id with no text based alias and next day i got mail saying someone logged into my account from Australia. I didn't used it after that incident.
|
|
|
|
bobthebuilder18
Newbie
Offline
Activity: 17
Merit: 0
|
|
May 26, 2013, 11:53:16 AM |
|
Bob, once a wallet is stolen you can NEVER use that address again, any new money you send to it will just be stolen again. A hacker only needs to get the key to the wallet once and it is compromised forever.
Really you should not re-use any addresses, always make a new one for any new bitcoin you want to receive.
But I thought that it's allright if I input a watch only address (no private key), so I can only see transactions, but cannot send BTC. Well now I'll probably open a brand new wallet just to be 100% sure... Thanks,
|
|
|
|
|