WARNING! Stay away from Blockchain.com wallet!

[cryptalpro]

There have been numerous thefts on Blockchain.com (previously Blockchain.info) wallet. Hundreds or even thousands of customers have lost millions worth of Bitcoins and other cryptocurrencies.

The most recent reason for these thefts is 2FA malfunction. Most victims have stated that right before the theft, either 2FA email has been changed or 2FA completely disabled, after which all funds have been moved out.

https://honestproscons.com/blockchain-com-is-losing-customers-funds

There’s a known 2FA security flaw on Blockchain.com that allows a hacker to disable 2FA without needing to authenticate with 2FA first. This allows the hacker to login to the wallet with just Wallet ID and password.

https://docs.google.com/presentation/d/1B7Edd-fj3wSegL2_JMwKBglPzk3pBG9DUVLuz3HPP-w/edit#slide=id.g848d967a91_0_21

Even though Blockchain.com has been aware of this flaw since 2019, it still has not been fixed. This flaw is likely the reason for multiple hacks, though there may be other security flaws in the Blockchain.com wallet. The involvement of Blockchain.com staff or a data leak cannot be ruled out either.

As of now, Blockchain.com is unwilling to accept responsibility or admit that their system has any security flaws. Instead, Blockchain.com is threatening people who have exposed these flaws with legal actions. Here's the example of such a letter and further correspondence with their lawyers:

https://blockchaindotcomsucks.com/legal-stuff

Blockchain.com has also been unable to provide any reasonable support to its customers and has offered absolutely no aid to the victims of the theft. As a result of this, on TrustPilot, 60% of reviews are negative 1-star reviews.

https://www.trustpilot.com/review/blockchain.com?stars=1

We strongly advise everyone to stop using Blockchain.com wallet and their other services due to the extremely low security they provide and the high risk of theft on their platform.


Source: Reddit

[1714832698]

1714832698

[1714832698]

1714832698

[1714832698]

1714832698

[1714832698]

1714832698

[1714832698]

1714832698

[JeromeTash]

Custodial Web wallets, especially those that require one to sign up using an email and password are the worst kind of wallet one can ever think of using to store BTC. Anybody using them risks losing the funds any time due to security breaches.
Looking at the trustpilot reviews alone paints a picture of so many people who became victims as a result of trust blockchain wallet.

[Ryker1]

Well, we have a perfect policy. ^{[ not your key, not your crypto ]}
This web wallet is totally sucked --there are hundreds or even thousands of newbie users who experienced difficulties while using this web wallet. Juts like it takes how many days your withdrawal that getting stuck because of their policy. However, all in all, they had poor customer support to aid any new that faced possible errors. In the first place, I should use a web wallet? We have a hardware wallet and we also have an android app wallet that opensource and you have the keys. That is a good warning too.

[khaled0111]

Even though Blockchain.com has been aware of this flaw since 2019, it still has not been fixed.

As far as I know, blockchain.com fixed that vulnerability and patched it. The issue is that they refused to pay the bug bounty to the person who discovered it. It was BayAreaCoins
You can read the full story from here:
https://bitcointalk.org/index.php?topic=5193539.0

Web wallets are the worst (be it blockchain.com or any other service) and no one should use them.

[hatshepsut93]

Pretty much all browser-based wallets should be avoided. The web ecosystem isn't known for great security, and Bitcoin has one of the highest security demands in the world, because the safety of your coins relies on the secrecy of a small sequence of bytes that need to be exposed to the software. Unlike with online banking, there's nothing that can stop suspicious transactions or revert back the theft, so just because millions of people use online banks or PayPal in their browser, doesn't mean that it's okay to do it with Bitcoin.

[SquirrelJulietGarden]

As far as I know, blockchain.com fixed that vulnirability and patched it. The issue is that they refused to pay the bug bounty to the person who discovered it. It was BayAreaCoins
You can read the full story from here:
https://bitcointalk.org/index.php?topic=5193539.0

Web wallets are the worst (be it blockchain.com or any other service) and no one should use them.

I did not know this story and the reputation of Blockchain.com is destroyed by their refusal to pay bug bounty for @BayAreaCoins.

I used Blockchain.com wallet as my first bitcoin wallet but later I did not use it. I don't want to get issue to sync my account and confirm the legitimacy of my log in on different devices.

Immediately after I knew of Electrum wallet, I used it and forget about Blockchain.com wallet. It is inconvenient for me to have access to my email just to log in my blockchain wallet on the same device. I don't want to put them all on one device. This feature is not good, for me. That story keeps me staying farther from that wallet.

If hacker can get access to email and get wallet ID, they can brute force wallet password. Risky.

[vintages]

Just exactly what you would be expecting from any online exchange. Issues of security from one time to another.
When I started blockchain.com durting my first year with bitcoin. Luckily I didn't lose my coin with them but one of the things I don't like about their site is they are vulnerable to phishing.

[Slow death]

this was my first wallet, but it brought me a lot of headache and the reason? it was precisely because of 2FA that the support was unable to solve the problem, it had several times that it took 1 month to unlock the 2FA sms and there were several times that the support was incompetent when it came to solving my problem. perhaps this wallet no longer intends to continue in this market, because it is not possible that they do not want to improve the service they provide. every day they just earn a bad reputation... I don't see people praising blockchain.com.

[Saint-loup]

Well, we have a perfect policy. ^{[ not your key, not your crypto ]}
This web wallet is totally sucked --there are hundreds or even thousands of newbie users who experienced difficulties while using this web wallet. Juts like it takes how many days your withdrawal that getting stuck because of their policy. However, all in all, they had poor customer support to aid any new that faced possible errors. In the first place, I should use a web wallet? We have a hardware wallet and we also have an android app wallet that opensource and you have the keys. That is a good warning too.

You are wrong Ryker1 blockchain.com is not a pure custodial wallet, and you can't say "not your key, not your coin" for them. On blockchain.com you have access to your seed and to your xpub key. You can import your seed in any BIP39 wallet, same for the xpub key if you want to monitor your funds from a software wallet or a blockchain explorer without having to log into blockchain.com
https://support.blockchain.com/hc/en-us/articles/115001298143-Your-Recovery-Phrase-The-Failsafe

[TalkStar]

this was my first wallet, but it brought me a lot of headache and the reason? it was precisely because of 2FA that the support was unable to solve the problem, it had several times that it took 1 month to unlock the 2FA sms and there were several times that the support was incompetent when it came to solving my problem. perhaps this wallet no longer intends to continue in this market, because it is not possible that they do not want to improve the service they provide. every day they just earn a bad reputation... I don't see people praising blockchain.com.

Actually its hard to say what is their real strategy of providing service like that but still many people like to put their crypto assets on this wallet. If anyone tell me that they are too much strict and running little bit extra complex platform than other wallet users then I don't think actually they are following the proper way. Its been a long time Its been a long time i am also using their wallet but honestly i don't like to use them for regular transaction purpose.

I can remember the time when many people have lost their transaction and raise finger against them. Most annoying thing is that they were not so friendly enough in that case and transaction time was a big issue on their wallet too.

I agree with you that their support system is quite far from professional service and i faced that multiple time during using their payment API. I don't know they have plan to modernize their service or not but if they don't do this then its pretty much clear that they will lose a big amount of regular users on their platform.   

[Lucius]

If I got 100 satoshi when I read every complaint for this wallet I would probably have already collected 1 BTC

Joke aside, even though I have an account on that service for years and have never had a problem (not the slightest), I personally wouldn’t keep more than $100 there anywhere I don’t have complete control over my private keys. Of course, I say this from the position of someone who does not trade, and one should understand those who cannot avoid that risk.

However, I can't completely dismiss the suspicion that something is really wrong with this service, especially when it comes to 2FA - given that most complaints are due to this feature. I also use 2FA (e-mail), but it is unique and with a very strong password, and all login data is always offline - I don't see how anyone can get hold of it except to infect my computer with a keylogger or to click on a phishing link, and is really unlikely for both.

I can’t say people’s claims aren’t true, but I also can’t say it’s not user error - so as long as my account is secure, I won’t say that service is scam, but there are so many better ways to store your crypto and avoid such a risk.

[aioc]

I'm a long-time user of blockchain.com, back when they are using blockchain.info so far I have no issue at all with their service, but I'm fully aware of their issues it's a small percentage but I will not risk all my coins and make it my main wallet the most funds I have stored here was $150, I just need an online wallet so I can access it whenever I'm on the road, so far it serves it purpose.

[Quickseller]

Custodial Web wallets,

Well, we have a perfect policy. ^{[ not your key, not your crypto ]}

I don't think blockchain.info/.com actually has access to your keys. My understanding is that your keys are encrypted locally, and your password (and 2nd password, if applicable) is needed to decrypt your keys locally. Your keys will never be decrypted on their servers, and are generated locally. The above assumes you are accessing an unmodified version of their online wallet. It would be trivial for them to serve you a modified version of their wallet, although if you looked at the code, you could detect this.