Bitcoin Forum
November 05, 2024, 08:25:07 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Stolen coins  (Read 1501 times)
Tirapon (OP)
Hero Member
*****
Offline Offline

Activity: 898
Merit: 1000



View Profile
October 21, 2013, 05:30:41 PM
 #1

My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this?

https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80
Frendlick
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
October 21, 2013, 06:42:32 PM
 #2

Bruce Force? Something no one but now-a-days used.
Maybe he had any advice or keylogger on his computer, and he uses a smartphone?

Tirapon (OP)
Hero Member
*****
Offline Offline

Activity: 898
Merit: 1000



View Profile
October 21, 2013, 07:13:58 PM
 #3

Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.
BitPappa
Sr. Member
****
Offline Offline

Activity: 431
Merit: 261



View Profile WWW
October 21, 2013, 10:26:14 PM
 #4

My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this?

https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80

500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all.

Regardless, your friend must be devastated. My genuine condolences.

DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
October 21, 2013, 10:56:40 PM
Last edit: October 22, 2013, 05:18:37 PM by DannyHamilton
 #5

My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this?

https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80

500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all.

Regardless, your friend must be devastated. My genuine condolences.

I suspect that what is being stated is that

His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person.

This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction.

I suspect the OP is correct.  If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could.

Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address.
Tirapon (OP)
Hero Member
*****
Offline Offline

Activity: 898
Merit: 1000



View Profile
October 21, 2013, 11:07:35 PM
Last edit: October 22, 2013, 09:17:26 PM by Tirapon
 #6

My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this?

https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80

500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all.

Regardless, your friend must be devastated. My genuine condolences.

Sorry, I might not have made it very clear - My friend didn't lose 500 BTC, if he had that many I would have taken them offline for him. The transaction was 500 BTC from many addresses, seems lots of people got robbed in one go.
Tirapon (OP)
Hero Member
*****
Offline Offline

Activity: 898
Merit: 1000



View Profile
October 21, 2013, 11:11:00 PM
 #7

My friend had a wallet at blockchain.info created back in april - he has just checked the balance, and it's all gone. I've had a look at the transaction - over 500BTC in one go. My guess is that someone got hold of a bunch of identifiers and had a go bruteforcing the passwords. Any weak passwords would have lost coins. Can anyone shed a bit more light on this?

https://blockchain.info/tx/89f8223bc1d9140889496dea843df1854f17aee35b8ac5006ec1efee2ba5bd80

500 BTC??? Please tell me he has lots more BTC spread around in other wallets. I'm so paranoid, I can't imagine keeping that much Bitcoin in one wallet. For that matter, I can't imagine having that much Bitcoin at all.

Regardless, your friend must be devastated. My genuine condolences.

Look at the transaction silly.

His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person.

This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction.

I suspect the OP is correct.  If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could.

Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address.

My suspicion exactly. What a shame, I feel really bad for him. I now make sure to explain to my friends how to create strong passwords. For anyone else reading this, make sure you create a really good password for all BTC related activities. It's very easy to think of memorable passwords with 20+ characters including capitals, lower case, numbers and symbols.
evansearle42
Sr. Member
****
Offline Offline

Activity: 366
Merit: 250


View Profile
October 22, 2013, 02:12:18 AM
 #8

Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.

How bad is his password? like only 5 keys?
accord01
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
October 22, 2013, 02:30:38 PM
 #9

Bruce Force? Something no one but now-a-days used.
Maybe he had any advice or keylogger on his computer, and he uses a smartphone?

Is it not safe to log in to blockchain wallet from smartphone browser?  I thought it was only the smartphone app that was unsafe.
Tirapon (OP)
Hero Member
*****
Offline Offline

Activity: 898
Merit: 1000



View Profile
October 22, 2013, 04:33:54 PM
 #10

Only reason I though brute forced was because when he told me his password it was pretty weak. Maybe a keylogger but he wasn't using a smart phone and I wouldn't have thought he'd be much of a target as he's not really involved in BTC.

How bad is his password? like only 5 keys?

His password was actually 10 characters, but it was a dictionary word followed by '1234'. This is not a strong password, people use brute force attacks with this common practice in mind. If you're using dictionary words you need several of them, and capitalise random letters, plus throw in a few numbers and symbols for good measure.
BitPappa
Sr. Member
****
Offline Offline

Activity: 431
Merit: 261



View Profile WWW
October 22, 2013, 05:15:21 PM
 #11

Look at the transaction silly.

His friend didn't loose 500 BTC. This isn't 500+ BTC stolen from a single person.

This is a total of over 500 BTC stolen in smaller amounts from MANY people all in one big transaction.

I suspect the OP is correct.  If 2FA wasn't turned on and a weak password was used, then the thief probably grabbed as many identifiers as they could, used them to download as many encrypted private keys as possible, and then used brute-force to decrypt as many private keys as they could.

Finally, they used all those private keys to create one big transaction sending all the funds from all the cracked addresses to a single address.

Ahhh, okay. To defend myself as not being silly, isn't it theoretically possible that all these addresses belonged to one person's blockchain.info account? I use many addresses in my blockchain.info account, just to keep track of different payments, etc.  So my payment transactions from Blockchain.info often are coming from multiple addresses. With that background, is there some way you could look at this transaction and know it was definitely more than one Blockchain.info account that was hacked?

DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
October 22, 2013, 05:24:09 PM
 #12

Ahhh, okay. To defend myself as not being silly, isn't it theoretically possible that all these addresses belonged to one person's blockchain.info account?

Good point.

I've edited my post to no longer indicate that your assumption was "silly".

It still seems to me that, given the context, assuming multiple wallets cracked for a total of 500+ BTC makes more sense than assuming a single wallet with multiple addresses cracked for a total of 500+ BTC.

My guess is that someone got hold of a bunch of identifiers

Any weak passwords would have lost coins.

I wouldn't have thought he'd be much of a target as he's not really involved in BTC.

BitPappa
Sr. Member
****
Offline Offline

Activity: 431
Merit: 261



View Profile WWW
October 22, 2013, 08:20:18 PM
 #13

Good point.

I've edited my post to no longer indicate that your assumption was "silly".

Then mission accomplished, thanks.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!