alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 01:09:32 AM |
|
Hello everybody, Tonight I was trying to send some money from a blockchain.info wallet(INCOGNITO window) to my other blockchain wallet(normal window) and i kept getting an error "bitcoin transaction failed to send. Please try again" ( https://prnt.sc/ofizu7 ) something like this. I kept trying for like 3-4 minutes, i tried changing the fee and all that but i still couldn't send the money to my main blockchain wallet, so after some tries i gave up and decided to try again later so i closed my browser completely(including the incognito one) and after more than an hour i decided to login again and try and i saw that my funds (0.27735 BTC) were sent to this address: 16MgFBd4ay7Yz5bw2HEpvTzCFQwqRmFK73 so I immediately checked the other blockchain wallet if it was compromised or something but the other one was untouched. I don't know this address, I've checked my history and I've never copied or anything and as a matter of fact i wasn't even trying to send money from my main account(the one where i lost the bitcoins). I have 2FA enabled and no signs of some malware or other stuff in my computer, i am using Ubuntu Linux. Can someone please help me find out how I just lost ~3K USD?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2604
Merit: 6416
Self-proclaimed Genius
|
|
July 16, 2019, 02:01:52 AM |
|
With those limited info, it's kinda hard to tell. I could be a phishing site, compromised wallet/account, watch-only wallet, malicious browser extension and other "common" scams.
We need more information about the wallet, how you've created it and the actual URL of the website that you're visiting.
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 02:12:30 AM |
|
With those limited info, it's kinda hard to tell. I could be a phishing site, compromised wallet/account, watch-only wallet, malicious browser extension and other "common" scams.
We need more information about the wallet, how you've created it and the actual URL of the website that you're visiting.
I am 100% certain that it was https://www.blockchain.com/wallet. No malware extensions because I was using incognito mode and they are disabled on incognito mode. I am certain it wasn't a malware or something else because if it was a malware the hackers would have stolen the funds in my other wallet too. That's why I am so confused.
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 02:24:39 AM |
|
And btw after I lost the BTC i tried some other transactions on the same wallet and kept getting the same error as in the screenshot that i have posted. After 2 or 3 tries i was able to send money again and I am ruling out the phishing or malware part because I am using Two Factor Authentication so it's highly unlikely that I was hacked. I saw some other users are also having issues with some funds in blockchain.info so maybe it is related to that?
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2604
Merit: 6416
Self-proclaimed Genius
|
|
July 16, 2019, 03:12:24 AM |
|
There are indeed other reports but most of them are victims of scam where the culprit offers cheap or free accounts with balance; but the wallet is watch-only and only him can spend it. Others are cases of lost old version wallets. By any chance, [1] Haven't you created that wallet yourself? [2] Have you exported some or that particular address' private key before? [3] Did you stored the 12/24-word SEED somewhere vulnerable ( Cloud storage/Email/etc)? Because those are the most possible reasons if we take malware and hacks into account. Another problem is, if it was their fault, they wont be able to help you with it because the new version of blockchain.com wallet's private keys are only available for the user and not their server ( as they said): When you sign up for a Blockchain Wallet, you’re creating an encrypted file that contains the information you will use to access your funds: your seed (backup phrase), private keys, and cryptocurrency addresses. The file is encrypted with your password, which we never store or have access to
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 08:05:13 AM |
|
I have created both of the wallets myself in early 2017. The 12 word seed was only stored on plain paper and the papers aren't lost or stolen. I think this is all somehow related to the sending problem I had because there is no other logical explanation for it. I have never exported the address private keys because I simple didn't have the need to. I have contacted blockchain.info support and I am waiting for their reply. I am excluding some type of cookie attack because i logged out of my wallet 2 or 3 minutes before the BTC were gone so that would reset the session ID and therefore even if my cookies were stolen they would be invalid.
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 10:12:50 AM |
|
The BTC has now been moved out of 16MgFBd4ay7Yz5bw2HEpvTzCFQwqRmFK73 . I guess they are gone forever.
|
|
|
|
bitmover
Legendary
Online
Activity: 2492
Merit: 6320
bitcoindata.science
|
|
July 16, 2019, 10:57:13 AM |
|
The BTC has now been moved out of 16MgFBd4ay7Yz5bw2HEpvTzCFQwqRmFK73 . I guess they are gone forever.
Yes, they are gone.you were hacked. Your system is compromised . I would format all computers/smartphone that you ever used to access your wallet. Where did you store the seed? Was it in a paper? Or in a Google draft, drive, cloud storage? Blockchain.info wallet is not very safe, as there are many ways a hacker could get access to it. Maybe even the e email that you used to create the wallet is compromised. Change its password and add 2fa to it.
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 11:48:19 AM |
|
The BTC has now been moved out of 16MgFBd4ay7Yz5bw2HEpvTzCFQwqRmFK73 . I guess they are gone forever.
Yes, they are gone.you were hacked. Your system is compromised . I would format all computers/smartphone that you ever used to access your wallet. Where did you store the seed? Was it in a paper? Or in a Google draft, drive, cloud storage? Blockchain.info wallet is not very safe, as there are many ways a hacker could get access to it. Maybe even the e email that you used to create the wallet is compromised. Change its password and add 2fa to it. The 12 word seed was only stored on plain paper and the papers aren't lost or stolen. I was using a secure mail provider, Tuta.io and 2FA was enabled on both the email account and the blockchain.info wallet. I know i was probably compromised but I have no idea how. All the latest updates of Ubuntu are installed and no new software has been installed in the previous 2 months or so.
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
|
|
July 16, 2019, 11:58:37 AM |
|
Well... Like others have already said, your system is compromised... Either reinstall your os, or at least continue digging untill you find the problem. Here's a starting point: https://upcloud.com/community/tutorials/scan-ubuntu-server-malware/ (in your previous post you mentioned you ran ubuntu). You do have to realise exentions *can* be enabled, even in incognito mode... As a matter of fact, if you only installed packages from the official repo's and you're 100% sure you didn't fall for a (phising) scam, i'd say browser extensions are the most probably cause of infection, especially sine you indicate the funds were lost after you opened your wallet using your browser (what are the odds somebody having physical access to the seed decides to rob you at the exact moment you're using your browser).
|
|
|
|
bitmover
Legendary
Online
Activity: 2492
Merit: 6320
bitcoindata.science
|
|
July 16, 2019, 12:58:18 PM |
|
I was using a secure mail provider, Tuta.io and 2FA was enabled on both the email account and the blockchain.info wallet. I know i was probably compromised but I have no idea how. All the latest updates of Ubuntu are installed and no new software has been installed in the previous 2 months or so.
If you had 2fa on both email and blockchain.info , the attacker somehow got access to your browser or seed. Theoretically, your seed in blockchain.jnfo is always compromised because you received it from your browser (someone could be watching) I would format everything, as I already said. And review your online habits. Also , try a more secure wallet next time, such as Electrum.org
|
|
|
|
sheenshane
Legendary
Offline
Activity: 2506
Merit: 1232
|
|
July 16, 2019, 04:49:09 PM |
|
The BTC has now been moved out of 16MgFBd4ay7Yz5bw2HEpvTzCFQwqRmFK73 . I guess they are gone forever.
Yes, they are gone.you were hacked. Your system is compromised . I would format all computers/smartphone that you ever used to access your wallet. I'd been reading the replied post above and I had the same thought with them, compromising your system will be one of the main reason or you are in a phishing link. I saw that there are no chances that your bitcoin back(just move on of your loss) take this scenario as a lesson to learn. And bitmover was right, clean your computer or use a clean gadget that might use as an intended for wallet only(separate your working PC for daily use). Never trust web wallet they are easy to compromise by hackers. Also , try a more secure wallet next time, such as Electrum.org
Strongly agree, Reliable and safe to use if your computer is clean. https://electrum.org/#download, Link to download for safer.
|
|
|
|
Mpamaegbu
Legendary
Offline
Activity: 2884
Merit: 1233
Once a man, twice a child!
|
|
July 16, 2019, 07:17:45 PM |
|
I was using a secure mail provider, Tuta.io and 2FA was enabled on both the email account and the blockchain.info wallet. I know i was probably compromised but I have no idea how. All the latest updates of Ubuntu are installed and no new software has been installed in the previous 2 months or so.
If you had 2fa on both email and blockchain.info , the attacker somehow got access to your browser or seed. Theoretically, your seed in blockchain.jnfo is always compromised because you received it from your browser (someone could be watching) I would format everything, as I already said. And review your online habits. Also , try a more secure wallet next time, such as Electrum.org Blockchain info is also a secured wallet. At least I have used it for over two years without any issues. Except he exposed his 12 passphrase words online or someone around the OP got hold of them, I still don't know how it could be hacked. To even say that the 2FA authenticator was beaten in this case is really surprising to me to say the lest.
|
|
|
|
alastori (OP)
Newbie
Offline
Activity: 11
Merit: 2
|
|
July 16, 2019, 09:40:52 PM |
|
I was using a secure mail provider, Tuta.io and 2FA was enabled on both the email account and the blockchain.info wallet. I know i was probably compromised but I have no idea how. All the latest updates of Ubuntu are installed and no new software has been installed in the previous 2 months or so.
If you had 2fa on both email and blockchain.info , the attacker somehow got access to your browser or seed. Theoretically, your seed in blockchain.jnfo is always compromised because you received it from your browser (someone could be watching) I would format everything, as I already said. And review your online habits. Also , try a more secure wallet next time, such as Electrum.org Blockchain info is also a secured wallet. At least I have used it for over two years without any issues. Except he exposed his 12 passphrase words online or someone around the OP got hold of them, I still don't know how it could be hacked. To even say that the 2FA authenticator was beaten in this case is really surprising to me to say the lest. It was my money I lost, I have no reason to lie. I would never fall victim to a phishing attack, my 12 word seed was not stored anywhere online. If I had no idea around hacking or cybersecurity, I would understand that it is my fault and I wouldn't even open this thread. The only logical explanation is that there is some kind of zero day exploit that the public doesn't know about yet, or that the blockchain.info wallet is not as secure as you think. I would recommend everybody to use another wallet, I'm already using Electrum, my BTC there is safe. Stop giving web wallets a chance, I knew i was probably making a mistake but i thought that since the blockchain.info wallet is probably the oldest it is probably safe. It is not.
|
|
|
|
Potato Chips
|
|
July 17, 2019, 01:02:47 AM |
|
Regardless of who's at fault, it doesn't change the fact that web wallets are one of the least safe ways to store funds as it is more susceptible to attacks. The amount of time you've used it without issues doesn't change anything, no one should wait until a problem has occurred. @op, note that securing funds doesn't end in picking a wallet as none provides 100% safety. Your wallet won't protect you in case of human error which is why adopting healthy practices helps in increasing your security. Take this as a reference https://bitcoin.org/en/secure-your-walletLastly, don't forget to verify your electrum files to make sure what you've got isn't compromised
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
July 17, 2019, 01:56:19 PM |
|
This is another mysterious disappearance of user coins from blockchain wallet, and I doubt that the cause will be revealed any time soon. This service is have bad history of very strange hacks, and by reading how careful OP was with this site, I could agree that this is some exploit on blockchain.com. It would be interesting to see what will support say, but I doubt they will say anything which can cause them any damage, and at the end they will say it was user error. https://bitcointalk.org/index.php?topic=2488493.0
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
|
|
July 17, 2019, 02:09:50 PM |
|
This is another mysterious disappearance of user coins from blockchain wallet, and I doubt that the cause will be revealed any time soon. This service is have bad history of very strange hacks, and by reading how careful OP was with this site, I could agree that this is some exploit on blockchain.com. It would be interesting to see what will support say, but I doubt they will say anything which can cause them any damage, and at the end they will say it was user error. https://bitcointalk.org/index.php?topic=2488493.0Well... In my previous job I had to handle helpdesk calls one day a week in an environment with educated, but non-it personel (it was a rotating shift in which every IT team member was responsible for first line support one day a week). I've heared hundreds of people falsely claim to have done/not have done stuff, even when i confronted them with evidence. My point is, there is no way to prove the OP didn't mess up... And there is no shame in this either... I have allmost fallen for a phising scam in the not so distant past, i've installed infected files on my "sandbox" pc unwillingly, i've even fallen for a ponzi a long, long time ago. Everybody makes mistakes, sometimes even without realising you made a mistake. Now let me be clear, i'm not inplying the OP made a mistake and fell for a phising attack or got his system compromised, i'm just saying that i don't think anybody (including me) should be taken at face value when saying they 100% certainly didn't make a certain mistake. I really don't like web wallets, but i would never go as far as implying it was blockchain's fault without seeing any real evidence. In my opinion, the odds of OP's system being compromised, or the OP being victim of a phising or a social engineering attack still seem more likely than blockchain being exploited... It's all about odds tough, there's no way to know for sure.
|
|
|
|
dunfida
Legendary
Offline
Activity: 3276
Merit: 1159
|
|
July 17, 2019, 04:26:19 PM |
|
This is another mysterious disappearance of user coins from blockchain wallet, and I doubt that the cause will be revealed any time soon. This service is have bad history of very strange hacks, and by reading how careful OP was with this site, I could agree that this is some exploit on blockchain.com. It would be interesting to see what will support say, but I doubt they will say anything which can cause them any damage, and at the end they will say it was user error. https://bitcointalk.org/index.php?topic=2488493.0As usual where we would hear out those common lines that this incident was always on users side/fault.Majority is on infected PC but there are instances where i do able to read up that users are pretty aware with their security which you can really think or say in mind that there were something behind on Blockchains service.
|
|
|
|
sunsilk
|
|
July 17, 2019, 09:12:57 PM |
|
Op really seems to be knowledgeable about cyber security and knows where he should place himself. The fault should really be on blockchain.com's end. alastori, you should report this to them on https://support.blockchain.com/hc/en-us/requests/new though I doubt that they will compensate your loss but let's see if they can stand and will figure out this faulty issue on their end.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3430
Merit: 6152
Crypto Swap Exchange🈺
|
|
July 18, 2019, 09:21:57 AM |
|
mocacinno, I agree that we can not be 100% sure that OP did not do something wrong, maybe he will find out later what wrong step he made. But during the years we see too many people complain that they lost bitcoins by using this wallet, and we have solid evidence (on link I posted), that it was possible to get user private key / seed without any notification on e-mail of mobile phone in case of 2FA.
Some user is post few threads below that he and some other victims preparing are lawsuit against this company, they all lost significant amounts of coins in a very similar way, regardless of all security measures they taken.
Maybe I am wrong, but I do not see complaints from Coinbase or Binance users who lost coins, it is always blockchain wallet. I know they have big number of users, but still they should make a detailed review of their system and fix security vulnerabilities if they exist.
|
|
|
|
|