Urgent Beware - My Blockchain.info account was drained!

[AAleron]

I just had my Blockchain.info wallet drained. I was logged in and watched helplessly as my entire bitcoin balance was drained and sent to another wallet.

I put in a support ticket and have heard nothing back at all from Blockchain.info. I found the IP address of the hacker in my logs. Still no reply from Blockchain.info

Please change your passwords immediately for Blockchain.info

[Kluge]

Were addresses ever used on the mobile version? https://bitcointalk.org/index.php?topic=271831.0

[AAleron]

Yeh I pretty much guessed they won't/can't give it back. For future reference the offending IP that accessed my account is 202.60.90.137

Anyone any ideas? if it was a remote desktop app certainly wasn't notified, does anyone know what to look for in the Task manager for suspicious apps?

[AAleron]

Were addresses ever used on the mobile version? https://bitcointalk.org/index.php?topic=271831.0

@Kluge - No, it only ever been used from my win8 laptop and all received came from online exhanges

[DannyHamilton]

Yeh I pretty much guessed they won't/can't give it back. For future reference the offending IP that accessed my account is 202.60.90.137

Anyone any ideas? if it was a remote desktop app certainly wasn't notified, does anyone know what to look for in the Task manager for suspicious apps?

There are many vectors of attack if you are not careful.

Do you have backups of your blockchain.info wallet? If so, where?  Are they sent to your email? Are they stored on dropbox?

Do you have a complex and secure password?  (AT LEAST 10 characters long, including uppercase, lowercase, numbers, and symbols, with no real words)

Have you imported any private keys or addresses into your wallet that were generated elsewhere?

Have you accessed your wallet from a mobile device or public computer?

How sure are you that you don't have any malware running on your computer?

Did you accidentally access a phishing website that was designed to look like a legitimate site but was actually run by hackers?

[AAleron]

There are many vectors of attack if you are not careful.

Do you have backups of your blockchain.info wallet? If so, where?  Are they sent to your email? Are they stored on dropbox?

Do you have a complex and secure password?  (AT LEAST 10 characters long, including uppercase, lowercase, numbers, and symbols, with no real words)

Have you imported any private keys or addresses into your wallet that were generated elsewhere?

Have you accessed your wallet from a mobile device or public computer?

How sure are you that you don't have any malware running on your computer?

Did you accidentally access a phishing website that was designed to look like a legitimate site but was actually run by hackers?

thanks for the rundown...

Backups were stored on Dropbox and email

Yes password is very secure multiple 16 chars

No imported keys or addresses

No haven't accessed wallet from anything but this win8 laptop

Last scan for malware was yesterday after a defender update. No issues reported.

Haven't accessed any phising sites that I'm aware of. I used Bitvisitor.com to get extra coin from their services. Wallet address included in URL

[DannyHamilton]

- snip -
Backups were stored on Dropbox and email

Yes password is very secure multiple 16 chars
- snip -

Did you happen to send a copy of your password to yourself in your email so you wouldn't forget it?

[AAleron]

No I never save passwords anywhere, I have a very good memory.

Could someone access my account from gmail? without a password? or Dropbox?

The only way I could see, is that from the logs, the hacker did it while I was actually online and logged to the wallet. Remote desktop access?

[escrow.ms]

Last scan for malware was yesterday after a defender update. No issues reported.

Malware scan does not helps in every case as virus/trojan could be "FUD"(Fully undetectable).

Do you have java on your pc, or visited any suspicious site /downloaded some  app recently ?

[escrow.ms]

Install a firewall and check incoming/outgoing connections.

[AAleron]

@ escrow.ms

Malware scan does not helps in every case as virus/trojan could be "FUD"(Fully undetectable).

Do you have java on your pc, or visited any suspicious site /downloaded some  app recently ?

Install a firewall and check incoming/outgoing connections.

Java is disabled in firefox

Yes, I am checking incoming and outgoing connections now.

I did notice that inside Firfore Options>Network  Blockchain.info is listed as 'allowed to store data for offline use'

I've removed that listing, no idea if Blockchain put it there or a hack of some kind.

[escrow.ms]

I did notice that inside Firfore Options>Network  Blockchain.info is listed as 'allowed to store data for offline use'

I've removed that listing, no idea if Blockchain put it there or a hack of some kind.

https://blockchain.info/wallet/security

Local storage

No sensitive data is stored in your browser's local storage. If available the site will cache your wallet identifier, address balances and transactions, in the event of login with a different identifier this data is cleared

[AAleron]

Now all my account info and transactions history has been zeroed too.  Its like a blank wallet. What's going on with that?

[escrow.ms]

Now all my account info and transactions history has been zeroed too.  Its like a blank wallet. What's going on with that?

I've removed that listing

[AAleron]

Ah, right, I'm getting paranoid.

I'll post if I find out anymore, very bummed at having my little bitcoin account robbed so easily. Not very comfortable using bitcoin at all now.

[adamcol]

Were you on Windows? Maybe you had a keylogger.

[escrow.ms]

Ah, right, I'm getting paranoid.

I'll post if I find out anymore, very bummed at having my little bitcoin account robbed so easily. Not very comfortable using bitcoin at all now.

Use offline wallets (Paper wallet,armory cold storage) until you are sure that your pc is clean.

[AAleron]

Good idea, but I haven't any bitcoin left now, so it doesn't really matter. Am cleaning the laptop. Deep scan shows nothing at all. no evidence of keylogging either

If anyone wants to donate some bitcoin to my new wallet at another site to get me started again: 1FvbpQt5zREwPJ5CKUX8wH7E1EPCHTduqW


Ok I know its wishful thinking, just depressed to lose everything in front of my eyes, no bitcoin, no happy.  

Still no reply from Bitchain.info on the support ticket either.

[AAleron]

Hey, whoever sent that little donation. Thanks! very much appreciated. You're a star! Restores my trust a little in humanity  

Still no reply to my support ticket on Blockchain.info  Will let people know if I find out how they stole all my money.

[escrow.ms]

Hey, whoever sent that little donation. Thanks! very much appreciated. You're a star! Restores my trust a little in humanity 

Still no reply to my support ticket on Blockchain.info  Will let people know if I find out how they stole all my money.

what was your blockchain's bitcoin address?