Suprise

[cryptolaxy]

this is the best bitcoin forum i have come across.

i just have an issue which i will really much appreciate your inputs. my blockchain.info account got hacked today and 9btc was stolen from my account. i had set up sms two factor authentication on my account and i also disabled tor login. i also setup a secondary password. i just couldnt understand how my account got hacked and my coins stolen. does this mean that sms two factor authentication isn't as secure as it seems?

[Deathwing]

Maybe you forgot to enable the SMS option.

[Boukefalos]

It could be that your pc is compromised. Check for viruses or spyware using a descent antivirus tool (I use Avast Free Antivirus). In the worst case scenario, an attacker might have gotten access to your backup password. I recommend that you take precautions before you open a new account!

[cryptolaxy]

Maybe you forgot to enable the SMS option.

SMS option was enabled because I made a few transactions and each time I login I always get the SMS code.

[cryptolaxy]

It could be that your pc is compromised. Check for viruses or spyware using a descent antivirus tool (I use Avast Free Antivirus). In the worst case scenario, an attacker might have gotten access to your backup password. I recommend that you take precautions before you open a new account!

If my pc was compromised, does that mean my phone was compromised also?

[marcovaldo]

You can send a pm to piuk.
It is very strange if you have a SMS alert and still, you got hacked.


Maybe you gave the private key of the address to someone and it has nothing to do with blokchchain.info?
Or maybe you did the transfer and don't remember it?


You should not be able to bypass double authen

[favdesu]

best thing would be to send the support an email and let him check it.

where do you keep the wallet backup?

[b!z]

Did you generate your wallet on android? Some pc browsers also created weak addresses that were hacked. Do some searching to see if your address was on the list.

You should also think about whether or not your phone has malware installed. If it doesn't have spyware, then was the SMS intercepted?

[cryptolaxy]

You can send a pm to piuk.
It is very strange if you have a SMS alert and still, you got hacked.


Maybe you gave the private key of the address to someone and it has nothing to do with blokchchain.info?
Or maybe you did the transfer and don't remember it?


You should not be able to bypass double authen

I don't even know how to find my private key on blockchain.info, so I couldn't have given it out to anyone. Also it's not possible i send a transaction and not remember it. My wallet was wiped clean.

[marcovaldo]

What is the link of the address?

[favdesu]

Hmm that seems a rather unlikely event. He would need to compromise both your pc and phone.
Have you contacted support?

no need for sms if attacker got the wallet backup and phished the unlock password.

[cryptolaxy]

What is the link of the address?

https://blockchain.info/tx/b193b63265225d3477639ff465baded76536576249774bf0f8fdc3d94cb105b3

[cryptolaxy]

Hmm that seems a rather unlikely event. He would need to compromise both your pc and phone.
Have you contacted support?

i havent contacted support. i just thought since bitcoins transactions are irreversible, there is little or nothing support can do to recover my coins.

[marcovaldo]

So I guess that your address is     1HuDSbSCtcDBx4MPmSqTZr2CPgDUEPkVoQ

I see a - 4 btc transaction, just 20 min before the -9.
Did you do this one?

Maybe the double authentification is valid for a period of time.

[cryptolaxy]

Hmm that seems a rather unlikely event. He would need to compromise both your pc and phone.
Have you contacted support?

no need for sms if attacker got the wallet backup and phished the unlock password.

My wallet backup gets delivered to my hotmail email account. And my hotmail email account also has two factor authentication. It baffles me.

[favdesu]

Hmm that seems a rather unlikely event. He would need to compromise both your pc and phone.
Have you contacted support?

no need for sms if attacker got the wallet backup and phished the unlock password.

My wallet backup gets delivered to my hotmail email account. And my hotmail email account also has two factor authentication. It baffles me.

so
mh yeah, just checked my blockhain.info settings. you can even export the unencrypted private keys with the password/s alone. so basically anyone with access to your pc / method to catch you password could easily wipe your account

[cryptolaxy]

So I guess that your address is     1HuDSbSCtcDBx4MPmSqTZr2CPgDUEPkVoQ

I see a - 4 btc transaction, just 20 min before the -9.
Did you do this one?

Maybe the double authentification is valid for a period of time.

Yes that is my wallet address. And yes I made the 4btc transaction.

[marcovaldo]

Yes that is my wallet address. And yes I made the 4btc transaction.

I think that you only need to have the double authen for logging in the wallet, so your computer might have been compromised and they got a cookie or something from you that allowed them to do the second transaction right after the first one.

[cryptolaxy]

So I guess that your address is     1HuDSbSCtcDBx4MPmSqTZr2CPgDUEPkVoQ

I see a - 4 btc transaction, just 20 min before the -9.
Did you do this one?

Maybe the double authentification is valid for a period of time.

Yes that is my wallet address. And yes I made the 4btc transaction.

After I sent the 4btc transaction, I logged out of my wallet, then I got an email from blockchain saying they blocked an attempted tor login. Minutes after the email I got the SMS of 9btc transfer.

[cryptolaxy]

i just changed my two factor from sms to google authenticator. could this be a step in the right direction?