|
Tirapon (OP)
|
 |
October 21, 2013, 05:30:41 PM |
|
My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this? https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80 |
|
|
|
|
|
|
|
|
|
|
|
|
|
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
Frendlick
|
|
October 21, 2013, 06:42:32 PM |
|
Bruce Force? Something no one but now-a-days used.
Maybe he had any advice or keylogger on his computer, and he uses a smartphone?
|
|
|
|
|
Tirapon (OP)
|
|
October 21, 2013, 07:13:58 PM |
|
Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.
|
|
|
|
|
|
BitPappa
|
|
October 21, 2013, 10:26:14 PM |
|
500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all. Regardless, your friend must be devastated. My genuine condolences. |
|
|
|
DannyHamilton
Legendary
 Offline
Activity: 3388
Merit: 4653
|
|
October 21, 2013, 10:56:40 PM
Last edit: October 22, 2013, 05:18:37 PM by DannyHamilton |
|
500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all. Regardless, your friend must be devastated. My genuine condolences. I suspect that what is being stated is that His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person. This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction. I suspect the OP is correct. If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could. Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address. |
|
|
|
|
|
Tirapon (OP)
|
|
October 21, 2013, 11:07:35 PM
Last edit: October 22, 2013, 09:17:26 PM by Tirapon |
|
500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all. Regardless, your friend must be devastated. My genuine condolences. Sorry, I might not have made it very clear - My friend didn't lose 500 BTC, if he had that many I would have taken them offline for him. The transaction was 500 BTC from many addresses, seems lots of people got robbed in one go. |
|
|
|
|
|
Tirapon (OP)
|
|
October 21, 2013, 11:11:00 PM |
|
500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all. Regardless, your friend must be devastated. My genuine condolences. Look at the transaction silly. His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person. This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction. I suspect the OP is correct. If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could. Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address. My suspicion exactly. What a shame, I feel really bad for him. I now make sure to explain to my friends how to create strong passwords. For anyone else reading this, make sure you create a really good password for all BTC related activities. It's very easy to think of memorable passwords with 20+ characters including capitals, lower case, numbers and symbols. |
|
|
|
|
|
evansearle42
|
|
October 22, 2013, 02:12:18 AM |
|
Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.
How bad is his password? like only 5 keys? |
|
|
|
|
|
accord01
|
|
October 22, 2013, 02:30:38 PM |
|
Bruce Force? Something no one but now-a-days used.
Maybe he had any advice or keylogger on his computer, and he uses a smartphone?
Is it not safe to log in to blockchain wallet from smartphone browser? I thought it was only the smartphone app that was unsafe. |
|
|
|
|
|
Tirapon (OP)
|
|
October 22, 2013, 04:33:54 PM |
|
Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.
How bad is his password? like only 5 keys? His password was actually 10 characters, but it was a dictionary word followed by '1234'. This is not a strong password, people use brute force attacks with this common practice in mind. If you're using dictionary words you need several of them, and capitalise random letters, plus throw in a few numbers and symbols for good measure. |
|
|
|
|
|
BitPappa
|
|
October 22, 2013, 05:15:21 PM |
|
Look at the transaction silly.
His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person.
This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction.
I suspect the OP is correct. If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could.
Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address.
Ahhh, okay. To defend myself as not being silly, isn't it theoretically possible that all these addresses belonged to one person's blockchain.info account? I use many addresses in my blockchain.info account, just to keep track of different payments, etc. So my payment transactions from Blockchain.info often are coming from multiple addresses. With that background, is there some way you could look at this transaction and know it was definitely more than one Blockchain.info account that was hacked? |
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4653
|
|
October 22, 2013, 05:24:09 PM |
|
Ahhh, okay. To defend myself as not being silly, isn't it theoretically possible that all these addresses belonged to one person's blockchain.info account?
Good point. I've edited my post to no longer indicate that your assumption was "silly". It still seems to me that, given the context, assuming multiple wallets cracked for a total of 500+ BTC makes more sense than assuming a single wallet with multiple addresses cracked for a total of 500+ BTC. My guess is that someone got hold of a bunch of identifiers
Any weak passwords would have lost coins.
I wouldn't have thought he'd be much of a target as he's not really involved in BTC.
|
|
|
|
|
|
BitPappa
|
|
October 22, 2013, 08:20:18 PM |
|
Good point.
I've edited my post to no longer indicate that your assumption was "silly".
Then mission accomplished, thanks. |
|
|
|
|
