my wallets were stolen just now, can any one help me?

[watertech666]

I just changed passphrase for the address  1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn . Let's see what happen.

[1713490070]

1713490070

[1713490070]

1713490070

[1713490070]

1713490070

[1713490070]

1713490070

[1713490070]

1713490070

[ingrownpocket]

get answer from Jesse James (blockchain.info) as bellow  https://bitcointalk.org/index.php?topic=277595.new

I did a bit more transaction following ... it appears another address implicated with the thief address is 13KLNHPWLtWKTtKtr4fY5pu4Di4aQVLzPf.  This address received a coinad payout on 2013-04-10 07:54:10.

Coinad probably has the guy's email address.  Could be a dead end if their policy prevents them from handing this information out, or if they don't validate email addresses of members, or if he gave them a throwaway address.

Keep in mind, my evidence linking these two addresses is not 100% ... but it's pretty high.

Another possible lead is that the thief seems to think using Satoshi Dice a few times after a heist is an effective laundering technique.  In this transaction he apparently submitted his gambling transaction directly to blockchain.info ... so depending on how much they log, they may have the IP address of the thief.  This could also be a dead end if he's using Tor or some other proxy ... but seeing as he apparently thinks using Satoshi Dice makes tracking stolen coins harder, he probably isn't the brightest hacker in the world.

Thank you Jesse. I have send messenger to coinad.com . Hope to receive their reply soon.

I'm really sorry but I've deleted all CoinAd old backups... This is the second time someone asks me for information for the exact same reason. 

[tkone]

i never really use the addresses from blockchain.info
if anything i add a watch only address, and when i want to sent i just put in my private key, this way only i have access to the private key,
oh and also the private is store encrypted on a persistent partition of a tails os usb,
this way im only loggin in with tails os, and thats the only way i put my private key in,

im thinkin of gettin a new address, not sure if bitaddress.org is safe to generate me a good secure privatekey ofcourse in tails with a saved version of the website and while im offline too !!!

i think im going to do that soon, and transfer some direct shares to that addresss, leaving me farther away from my money, this way i can just leave it and let it grow,

hmm or maybe use it to circulate more money? we'll see


edit: it could of been a phising site that was like blockchain, i havent seen one but thats how i got my account on here hacked, from a phising site that looked and was identicle and i just didnt notice i clicked on the link from like a chat somewhere, and thought let me log in to add or w.e.

dont know any other way that they could of stole your keys, i keep my keys offline, this way its even more difficult for me to get to them,


its really not that hard to be safe, make a tails os, boot it, make a persistent drive if u want or not, download bitaddress.org but make sure its a safe one from like github thats been up for a while and everyone trusts it,

then get offline if u want, or save it to persistent so u have a copy of it if needed,
make urself some keys,

now make a new blockchain wallet, dont really matter, ofcourse the more secure your passwords ect. is better but still dont matter,
then add your keys as watch only, and if u want to send anything just boot ur tails and persistent that has the private keys,

and make a transaction add your private key,

this procedure im currently using, im sure there is more safer, like a dedicated offline wallet, that signs transactions offline, and then put those transactions on a usb, and broadcast it from a diff computer to the network, this way your completely offline at alltimes,

but i feel this method i use is easier for now for me, and not so burdensom

[didjaydisteele]

I just changed passphrase for the address  1CzAncjXYjtiXNC4CNAw4RoKdQLoi72xn . Let's see what happen.

The address, that's it!

[b!z]

@tkone, the most secure way is to use an offline cold wallet for sure. using online wallets puts you at risk.

[MrVivaldi]

What type of level of security does "http://brainwallet.org/#tx" provide?

Do you think it could result in the heist of ones coins?

[cp1]

Brainwallets are the worst unless you can come up with a really good passphrase (computer generated)

[MrVivaldi]

Thank you for your reply CP1. My question was more specifically wether their way of creating raw transactions was unsecure.

[cp1]

Oh sorry I misunderstood.  I think there was a problem with using it offline with java that gave bad random number generation, but that should be fixed now.  But I use armory to do all my offline transaction generation, so I'm not really up to date on web based methods.

[Mark_Twain]

Just had 10BTC ripped off from my Blockchain.info wallet without my consent!

Situation explained here:

https://bitcointalk.org/index.php?topic=373612.msg4004705#msg4004705

[Exther]

Still trying to figure out how the thief accessed account if you had google authenticator activated?

[bryant.coleman]

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.

[BurtW]

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well. Recently I am hearing a lot of horror stories from people who are using Blockchain.info wallets. They should really improve their security.

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

[cp1]

I think the problem usually turns out to be wallet backups sent to your compromised email account.

[BurtW]

I think the problem usually turns out to be wallet backups sent to your compromised email account.

This may be a possibility in Mark_Twain's case.

[hilariousandco]

Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

That is a good proposal. This will eliminate the problem with keyloggers as well.

This is definitely a good idea. Keyloggers are probably the easiest way to get at your password.

Like others have said, I recommend Linux. I moved from windows about a year ago and never looked back. Was getting far too many viruses.

[bryant.coleman]

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?

[BurtW]

Blockchain.info is one of the most secure wallets there is if used properly.

If you have a keylogger on your system then all wallets (and all bank accounts, and PayPal, etc.) are vulnerable.

You can tie Blockchain to a single IP address, you can log all IPs of all accesses, you can use various forms of 2FA.  The list goes on.  I have been using if for years with no issues.  Having said that I also keep most of my coins offline.

You must use a very good > 20 character very random password, enable 2FA, etc.

If our IP changes without warning, then we might not be able to log-in.

BTW.... how can we see the log of all accesses in Blockchain.info?

Yes, but I think it is disabled by default so you must turn it on:

Wallet Home -> Account Settings -> Continue -> Logging

Select the logging level you desire

[bitpop]

How would they steal from a wallet backup?

[BurtW]

How would they steal from a wallet backup?

If you have the wallet backup all you need to do is decrypt it.  That means guessing the password.  The 2FA does not matter anymore.  There is nothing to slow you down, you can make as many attempts per second as your hardware allows.  Also the password guessing can be done in parallel on multiple machines.

Given a weak password it will crack.