BTC is missing from Blockchain.info wallet

[alastori]

Op really seems to be knowledgeable about cyber security and knows where he should place himself. The fault should really be on blockchain.com's end.

alastori, you should report this to them on https://support.blockchain.com/hc/en-us/requests/new though I doubt that they will compensate your loss but let's see if they can stand and will figure out this faulty issue on their end.

I have already reported it to blockchain but i have not received a response yet.
What hurts the most is that everybody thinks it's always the clients fault, I am highly educated in cybersecurity and it is in my nature to not fall for stupid phishing attacks or to install suspicious malware.
Every time I have to deal with a file that comes from an unverified source, I view it on a virtual machine or when a VM is not available i use sandboxes to open it. It's very hard to get the usual malware on Linux, especially when you are educated on cybersecurity, because most hackers target their malware to Windows users because they are the majority, not Linux users. Everything is regularly updated on my PC and I only use 2 or 3 browser add-ons that are among the most popular ones. Plus they are all disabled on incognito mode by default, unless you SPECIFICALLY go and enable them in incognito, which is a thing I have not done. My wireless network was a home one, not a cafe or a restaurant etc., so I am excluding a MITM attack. Even if someone was theoretically sniffing my traffic, the traffic is already encrypted by SSL. If it was a non-secure wallet with other circumstances, I would not even open this thread. If I had a malware on my device, they would steal the funds from the other blockchain.info wallet too, not just this one. Plus, the weird error that i screenshotted, what's that ? I never encountered an error like that in my 3 years or so experience of Blockchain.info.

[alastori]

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

[sunsilk]

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

Does your account don't have that email verification each time you log in? they display IP address everytime you log in. Check your email because it also includes the browser used, operating system and the time of accessing.

The title of that email should be 'Authorize log-in attempt'.

snip

I understand your frustration especially if you are a techie guy and you are technically into cybersecurity. With the screenshot, IIRC it never happened to me but there were times that the app itself isn't working but it stops you from sending too.

And about the support through email, I've contacted them before and they seem to be good in replying with those concerns. I think their ticket has been flooded and they have to look over each of it that's why they haven't replied to your concern.

[alastori]

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

Does your account don't have that email verification each time you log in? they display IP address everytime you log in. Check your email because it also includes the browser used, operating system and the time of accessing.

The title of that email should be 'Authorize log-in attempt'.

I have the email verification, that's 2FA. It never showed any login attempt for me to verify, I have 2FA in my email too, no suspicious log-in attempts.

[Lucius]

alastori, i recently find interesting article how 2FA can be bypass in combination with phishing attack, and although this does not have to be something that has happened to you, it is possible that you are a victim of a similar attack.

The hack employs two tools, called Muraena and NecroBrowser, which work in tandem to automate the attacks. The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver.

Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual. Once the Muraena authenticates the session’s cookie, it is then passed along to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.

Regarding error you see, this is something I never see in time I use blockchain wallet. Whatever happened with your account, there is a probability that some trace has remained and that blockchain will find something.

Are you check your home wirelles network for intruders? All protection can be hacked, and everything depends on your modem / router firmware.

https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-80211-networks/

[sunsilk]

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

Does your account don't have that email verification each time you log in? they display IP address everytime you log in. Check your email because it also includes the browser used, operating system and the time of accessing.

The title of that email should be 'Authorize log-in attempt'.

I have the email verification, that's 2FA. It never showed any login attempt for me to verify, I have 2FA in my email too, no suspicious log-in attempts.

Okay that means that there's nothing wrong if you have verified it on the email that I'm talking. I don't have anything to add anymore since you have validated most of it and you're sure that you have done you part.

And there's no negligence on your side, did they replied already to the support report that you did?

[alastori]

alastori, i recently find interesting article how 2FA can be bypass in combination with phishing attack, and although this does not have to be something that has happened to you, it is possible that you are a victim of a similar attack.

The hack employs two tools, called Muraena and NecroBrowser, which work in tandem to automate the attacks. The two tools work together like the perfect crime duo. Think of Muraena as the clever bank robber, and NecroBrowser as the getaway driver.

Muraena intercepts traffic between the user and the target website, acting as a proxy between the victim and a legitimate website. Once Muraena has the victim on a phony site that looks like a real login page, users will be asked to enter their login credentials, and 2FA code, as usual. Once the Muraena authenticates the session’s cookie, it is then passed along to NecroBrowser, which can create windows to keep track of the private accounts of tens of thousands of victims.

Regarding error you see, this is something I never see in time I use blockchain wallet. Whatever happened with your account, there is a probability that some trace has remained and that blockchain will find something.

Are you check your home wirelles network for intruders? All protection can be hacked, and everything depends on your modem / router firmware.

https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-80211-networks/

Yeah I understand how this attack works, the thing is i never open blockchain wallet from a link or something like that, i always type the URL key by key, the WPA2 password on my wireless network would take probably months to crack, no neighbours who are into this field, so I am ruling that out too.

I even made a request to Blockchain.info to send logs of IP addresses that logged in to my wallet, just to confirm that nobody else was able to log in there, but they are not responding.

Does your account don't have that email verification each time you log in? they display IP address everytime you log in. Check your email because it also includes the browser used, operating system and the time of accessing.

The title of that email should be 'Authorize log-in attempt'.

I have the email verification, that's 2FA. It never showed any login attempt for me to verify, I have 2FA in my email too, no suspicious log-in attempts.

Okay that means that there's nothing wrong if you have verified it on the email that I'm talking. I don't have anything to add anymore since you have validated most of it and you're sure that you have done you part.

And there's no negligence on your side, did they replied already to the support report that you did?

Nope, no reply yet.

[bitmover]

I would recommend everybody to use another wallet, I'm already using Electrum, my BTC there is safe. Stop giving web wallets a chance, I knew I was probably making a mistake but I thought that since the blockchain.info wallet is probably the oldest it is probably safe. It is not.

Hello alastori.

You made the correct decision, and you are using now a safer wallet.

However, we are all humans, and we are susceptible of making mistakes. If you make a mistake, such as using a not updated browser or clicking in a phishing or virus or whatever, your funds will be compromised using Electrum.
There are various sophisticated phishing, such as asking for update inside the electrum software with a phishing link.

Hardware Wallets are a cheap solution. Ledger nano s costs about 60 USD (buy only from ledger.com, never from any third party, because it may be compromised).
A hardware wallet is like 99.9% safe, the risks are minimum and you will basically only lose money if a hacker has physical access to the device. It is worth. I use it, and I recommend it to everyone.

[Lucius]

Yeah I understand how this attack works, the thing is i never open blockchain wallet from a link or something like that, i always type the URL key by key, the WPA2 password on my wireless network would take probably months to crack, no neighbours who are into this field, so I am ruling that out too.

Regarding WPA2-PSK, I doubt that it take months to crack - if firmware of all devices is not updated after that exploit was found, there is definitely a vulnerability which can be used for attack. People always suspect on neighbors with such things, but these days you can crack someone wireless even on few km with pretty cheap equipment.

A hardware wallet is like 99.9% safe, the risks are minimum and you will basically only lose money if a hacker has physical access to the device. It is worth. I use it, and I recommend it to everyone.

With hardware wallet user need to pay attention to a few things which can pose a danger. Seed should be stored in safe place, and all words need to be checked (backup is most important). Any address we see on Ledger Live or any other UI should be checked on hardware wallet because of possible clipboard malware which can change address. Last thing is to never type seed anywhere except in hardware wallet.

This way of keeping cryptocurrency is far more secure then any online or desktop wallet.