|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1257
May Bitcoin be touched by his Noodly Appendage
|
|
August 01, 2013, 11:33:14 PM |
|
Help? Just ask blockchain.info for ip or any info they may have
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 01, 2013, 11:35:01 PM |
|
Looks like someone got backup copy of your wallet, from your email.. maybe?
|
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 01, 2013, 11:37:30 PM |
|
Looks like someone got backup copy of your wallet, from your email.. maybe?
I do have the blockchain info wallet backup sent to my email. Even if they had this, would they be able to extract the private keys? I still had 2FA on.
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 01, 2013, 11:41:46 PM |
|
Yes they can empty your wallet without doing login on blockchain.info wallet by importing your backup wallet into any client that supports it.
|
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 01, 2013, 11:45:52 PM |
|
Yes they can empty your wallet without doing login on blockchain.info wallet by importing your backup wallet into any client that supports it.
Ok, assuming they didn't get into my backup wallet file, what other security holes might I have?
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 01, 2013, 11:48:09 PM |
|
Yes they can empty your wallet without doing login on blockchain.info wallet by importing your backup wallet into any client that supports it.
Ok, assuming they didn't get into my backup wallet file, what other security holes might I have? Your pc might be infected. Download malwarebyets and scan it . But still it's not easy to bypass 2factor authentication. Ps: It was email based 2Factor authentication or device/cellphone based? Email one is useless if your pc got infected or someone got your emails password.
|
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 02, 2013, 12:01:30 AM |
|
Yes they can empty your wallet without doing login on blockchain.info wallet by importing your backup wallet into any client that supports it.
Ok, assuming they didn't get into my backup wallet file, what other security holes might I have? Your pc might be infected. Download malwarebyets and scan it . But still it's not easy to bypass 2factor authentication. Ps: It was email based 2Factor authentication or device/cellphone based? Email one is useless if your pc got infected or someone got your emails password. 2 Factor was on my cellphone. I'm on a mac.
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 02, 2013, 12:05:45 AM |
|
2 Factor was on my cellphone. I'm on a mac.
Then there is no other way to steal coins except getting wallet backup from your mail.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 02, 2013, 12:06:58 AM |
|
I am a big advocate of paper wallets. I have never heard of anyone having a single bitcoin stolen from a paper wallet. Print at bitaddress.org.
I am sorry to hear of your loss!
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 02, 2013, 12:13:51 AM |
|
I am a big advocate of paper wallets. I have never heard of anyone having a single bitcoin stolen from a paper wallet. Print at bitaddress.org.
I am sorry to hear of your loss!
Hi Mike, I do have Armory set up on an unconnected ubuntu laptop, and watching-only wallets on my machines connected to the internet. Yes, it's an annoyance to lose the coins, but what I'm concerned about is understanding how this happened, because I thought things were pretty buttoned up. The coins were literally sitting in the online wallet for just a few hours, as well. Given that I had 2FA on, was running on a mac, was logged out of the blockchain wallet at the time.... At this time, one theory is that someone got into my email and pulled the private key from a wallet backup file (possible, but not sure how likely that is). Willing to hear other theories. I sent an email to info@blockchain.info to get more info on the transaction.
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 02, 2013, 12:20:52 AM |
|
If he got your backup wallet it's easy to import in electrum or blockchain.info https://blockchain.info/wallet/import-wallet and spend money. but main question is, how he hacked your mail? Are you using some common/unsecure password or used same password on some other unknown/new website? If you are using gmail, you can check ip address of recent logins.
|
|
|
|
r3wt
|
|
August 02, 2013, 12:26:33 AM |
|
I am a big advocate of paper wallets. I have never heard of anyone having a single bitcoin stolen from a paper wallet. Print at bitaddress.org.
I am sorry to hear of your loss!
At this time, one theory is that someone got into my email and pulled the private key from a wallet backup file (possible, but not sure how likely that is). its easy as shit to do, but he would have to know your blockchain.info account password, which he probably did if he was ablle to get into your account already. just yesterday, i used an old wallet.aes.json backup to retrieve coins from my stolen laptop. a little backstory: i made my first bitcoin wallet on blockchain.info, then exported the addresses to the bitcoin client on the laptop. the computer was stolen from my home last week. yesterday i found an old wallet back up and imported it into a new wallet at blockchain.info. it prompted me for the password to unencrypt the wallet, then for the secondary wallet password, then it asked me to prove i was human by solving a captcha, then bam i was at the login screeen ,where i logged into my new wallet and easily recovered the .4 btc that was in my bitcoin wallet on my laptop. i'm sure the hacker did the exact same steps to steal your money.
|
My negative trust rating is reflective of a personal vendetta by someone on default trust.
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 02, 2013, 12:31:18 AM |
|
If he got your backup wallet it's easy to import in electrum or blockchain.info https://blockchain.info/wallet/import-wallet and spend money. but main question is, how he hacked your mail? Are you using some common/unsecure password or used same password on some other unknown/new website? If you are using gmail, you can check ip address of recent logins. I checked the ip address of recent logins. Everything seems to be in order. I don't have 2FA set in gmail, but my password is fairly strong. So if it's not that, can it be some type of java browser exploit?
|
|
|
|
cp1
|
|
August 02, 2013, 12:32:30 AM |
|
Did blockchain.info generate this key or was this a brain wallet?
|
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 02, 2013, 12:36:53 AM |
|
its easy as shit to do, but he would have to know your blockchain.info account password, which he probably did if he was ablle to get into your account already.
just yesterday, i used an old wallet.aes.json backup to retrieve coins from my stolen laptop.
a little backstory: i made my first bitcoin wallet on blockchain.info, then exported the addresses to the bitcoin client on the laptop. the computer was stolen from my home last week. yesterday i found an old wallet back up and imported it into a new wallet at blockchain.info. it prompted me for the password to unencrypt the wallet, then for the secondary wallet password, then it asked me to prove i was human by solving a captcha, then bam i was at the login screeen ,where i logged into my new wallet and easily recovered the .4 btc that was in my bitcoin wallet on my laptop.
i'm sure the hacker did the exact same steps to steal your money.
I'm not seeing any unusual login activity to my gmail account so assuming that wasn't the case, I'm still a bit baffled how they could have gotten around the 2FA. I'm pretty sure I was logged out. But let's say I was still logged in to the browser. What are the potential points of attack there?
|
|
|
|
dchou (OP)
Member
Offline
Activity: 97
Merit: 10
|
|
August 02, 2013, 12:37:23 AM |
|
Did blockchain.info generate this key or was this a brain wallet?
It was generated by blockchain.info
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
August 02, 2013, 12:44:29 AM |
|
Well grab a av that's available for mac and scan your pc, rats are available for mac too and blockchain.info stores a copy of wallet in your browser's storage .
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 02, 2013, 02:55:53 AM |
|
I'm not seeing any unusual login activity to my gmail account so assuming that wasn't the case, I'm still a bit baffled how they could have gotten around the 2FA.
E-mail travels around the internet unencrypted so anyone listening on a network connection where there's a chance of e-mail passing through is in a prime spot to steal wallets. I am super paranoid about theft. The only bitcoins I ever keep online are ones I plan to lose. I use BlockChain.info myself sometimes, but the only thing I will do is import paper wallets, spend whatever I'm going to spend, and send the change to a fresh paper wallet, so my BlockChain balance is zero. Their webcam QR code scanner makes paper wallets easy. And this is only for small ad-hoc transactions. If it's for any decent amount worth stealing, I will construct the transaction completely offline, get the raw hex for it, and then use a USB flash drive to introduce it to the network later (such as through Blockchain's handy https://blockchain.info/pushtx). No sense in taking any chances.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4798
|
|
August 02, 2013, 04:25:47 AM |
|
E-mail travels around the internet unencrypted so anyone listening on a network connection where there's a chance of e-mail passing through is in a prime spot to steal wallets.
This. So much this. So many people don't realize that nearly every email they send bounces around the internet completely unencrypted in plaintext for hackers to read. If your password protecting your blockchain.info wallet was weak, then a hacker could capture it as it travels from blockchain.info to Google, and then check it against a rainbow table. The 2 factor is only for logging into the website to receive the encrypted wallet. Once they've got the wallet, they don't need the 2FA at all. My best guess would be a password that exists in a rainbow table, but I suppose there are other possibilities.
|
|
|
|
|