[PSA] Do NOT use Blockchain.info unless you know your shit. People are losing $$

[Decoded]

EDIT - I've had enough. Seen multiple reports on Reddit, Bitcoin.com, and finally here on Bitcointalk. If people are going to keep getting their money stolen from them, I'm just gonna put out this warning.

It doesn't look like a software vulnerability, since Blockchain would have received a huge wave of reports and put out a statement by now if so.

My assumption is that this is some sort of malware accessing your decrypted wallet file after you open blockchain.info with the software installed.

I really urge everyone to use a secure wallet. Not Core, not Electrum (Unless you're running them cold). Use a multisig or hardware wallet. If you're someone who is new to Bitcoin, I wouldn't care if you Coinbase. As a new user, they'll probably store your money better than you. Your money is, as opposed to what most of the sig spammers say on the forum, quite safe. Coinbase is insured and a registered company with people liable in the event that they are hacked.

TL;DR - If you're using blockchain.info (or any wallet where you are solely in control of your private keys), don't. Unless you are taking the proper safety precautions. In most cases, 2FA isn't enough.


Original Post -

Read some reports on forum.bitcoin.com and Reddit of people having heir balances swept out from blockchain.info, even with 2FA. No email whatsoever. I don't see any thread here, so just posting this as a warning. No statement by blockchain.info has been issued.

Reading Reddit, there are posts going back to late October 2017 relating to this. Most people complaining about this post the address 13wahvu3FP8LK8P51UmEkhBUhyC7mzkrn3, which is constantly receiving more and more Bitcoin. This leads me to think that this is some sort of attack.

I'm urging everyone to sweep their coins off of blockchain.info into a new address on a different wallet, preferably multisig. After this is cleared up, maybe you can deposit back.

This is just a little bit of googling and a couple of reports on another forum, I'm not sure whether this is a hoax or not. If someone can confirm this is an attack, that will help.

[1714938904]

1714938904

[1714938904]

1714938904

[1714938904]

1714938904

[SomeGuyThatLostBitcoin]

I got 0,04 Bitcoin stolen but from some other adress.

Here the transaction: https://blockchain.info/tx/8b9717800fcff3c1df5c88c4080ae0bc089ae6b77f8573d0fbac2332cc44af08

Just want to kill myself...

[marky89]

I'm urging everyone to sweep their coins off of blockchain.info into a new address on a different wallet, preferably multisig. After this is cleared up, maybe you can deposit back.

This is just a little bit of googling and a couple of reports on another forum, I'm not sure whether this is a hoax or not. If someone can confirm this is an attack, that will help.

It's an active attack that appears to go back to at least 2017-11-09. I think it's a bit premature to assume that Blockchain.info is compromised based on this information alone. A handful of "unauthorized transaction from my wallet" posts usually suggests a phishing scam of sorts.

I've seen multiple reports of a scam targeting Blockchain.info users. It goes like this: "Check out this profit-generating mining scheme. Set up a BCI wallet, give me your username/password while it's empty, I'll set up the wallet for mining generation, then you change your password." The attacker drains any future funds via the HD recovery seed. It's crazy that people would fall for such an obvious scam, but there are a lot of suckers out there.

So yeah, I'm guessing it's a phishing scam targeting Blockchain.info users, not a compromise of the service itself. If they were compromised, the attackers would have made off with much more than 26.52202749 BTC.

[akamit]

It is almost 8 hours passed without confirmation for my transaction.
I am wondering what making this delay.

After two hours approx from my spending I checked there was about 20k unconfirmed transactions.
But now it reached over 40k unconfirmed transactions. There must be something going on behind the scenes.

I also accelerated through this site http://confirmtx.com and I also accelerated by taking the service from coolwave.
But still no sign of confirmations after accelerating, I think 5 hours passed already.

[pinkflower]

From my perspective, it's FUD until proven that it's true. But it did make me cautious enough to move my BTC to greenaddress.it. I have originally been planning to anyway.

Decoded, can you post all the relevant links? Ty.

[exstasie]

From my perspective, it's FUD until proven that it's true. But it did make me cautious enough to move my BTC to greenaddress.it. I have originally been planning to anyway.

Decoded, can you post all the relevant links? Ty.

The threads are pretty easy to find if you follow the hacker's address:
https://forum.bitcoin.com/technical-support/non-authorised-transfer-from-blockchain-wallet-t57744.html
https://www.reddit.com/r/Bitcoin/comments/7cz9pu/bitcoin_stolen_from_blockchaininfo_wallet_even/
https://www.reddit.com/r/Bitcoinhacks/comments/7cz22q/btc_stolen_from_blockchaininfo_wallet_even_with/
https://bitcoin.stackexchange.com/questions/62766/someone-has-taken-my-100gbp-from-blockchain

Based on the limited nature of the thefts, it seems unlikely that Blockchain.info was compromised. Newbies like to think they know what they're doing, but I'm pretty confident these guys were phishing victims.

That said, don't use Blockchain.info anyway. There are much better wallets. As attacks get more sophisticated, it will become increasingly risky to let software that you don't control to broadcast transactions. MITM attacks, for instance.

[pinkflower]

From my perspective, blockchain.info is an "OK" webwallet if you want convenience and ease of use. But everyone should turn on 2FA and enable their second passwords for better security.

Plus don't use any webwallet for all your BTC. Your whole savings should be safely stored in an air gapped device.

[Decoded]

From my perspective, blockchain.info is an "OK" webwallet if you want convenience and ease of use. But everyone should turn on 2FA and enable their second passwords for better security.

Plus don't use any webwallet for all your BTC. Your whole savings should be safely stored in an air gapped device.

I'm not sure if you read the OP or not. I'm saying that there's been a reoccurance of users having their private keys swept from their blockchain wallet without even triggering 2FA.

 It seems to me to be some sort of malware that waits for you to download the wallet payload and logs your password (not sure how this works, since some magic is done on the decryption keys before using them. Maybe a RAM scraper for the decrypted wallet? I dunno.

[sunsilk]

I've seen those people too that are complaining that their balance are gone on their blockchain.info account and as extasie said, I also believe they are all victims of phishing links.

But I didn't know any single details about this address "13wahvu3FP8LK8P51UmEkhBUhyC7mzkrn3" and you made me look at the history of that address.

It's likely and I guess that this is the address of the hacker and most of the stolen bitcoins were sent to him coming from those victims. I'm good with blockchain.info and I just noticed that there's an internal error when I'm about to send some mBtc's. I forgot what's the whole error thing but it went okay later on.

[Tyrantt]

Holy **** all transactions were done on 11.12 at average of 10min between transactions. This is a huge thing that cannot be done that easily, possibly the blockchain.info themselves have some malware, this is just scary. luckily my bitcoins are still there.

It's likely and I guess that this is the address of the hacker and most of the stolen bitcoins were sent to him coming from those victims. I'm good with blockchain.info and I just noticed that there's an internal error when I'm about to send some mBtc's. I forgot what's the whole error thing but it went okay later on.

But it almost looks automated, the time between transactions is almost constant. Yeah, I've never had any problems whatsoever and been using them for some longer time now. So it must be some malware or something like that.

[Fatunad]

Checking out the address:

Transactions
No. Transactions   766   

Total Received   34.4578045 BTC   

Final Balance   10.41907155 BTC


And transactions do happen on very short interval some on smaller amounts but it do continue to accumulate. This is quiet alarming that blockchain do have some sort of this kind of issue.

[Lucius]

Something strangely is happening with blockchain.info wallet and people lose theirs coins on really mysterious ways.I just found this interesting article from Reddit where this user tried to explain what actually happens.

He say :

I have evidence that some bitcoin address generation code in the wild is using private keys that can easily be discovered on a regular basis.

It's likely the code was introduced by someone who works (or worked) for some company connected to bitcoin (exchange/mining pool/gambling site/wallet).

This user is made a great effort to find out what this is really about and he even managed to get back stolen 9 BTC to one user.You should read what he wrote and consider to move your coins from blockchain.info wallet.

https://bitcointalk.org/index.php?topic=2488493.0