blockchain.com hacked. I need a bit of light shared please

[pqrbtc]

HI there. I have been a user of blockchain.com since it's inception. I know not to share my private keys with anyone and I know not to fall for phishing emails. I have a computer which I only use to login to blockchain (no exception)!!!. So I am certain this is not my fault. I also believe there is some king of software that transferred the funds since on April 13th (my last login) I had 31 BTC remaining and now I have 12 left (a person would have transferred the whole amount I believe). There have been 5 unauthorized transactions after my login on April 13th. I will write the tx below.

8d3889d7623b16b1a361b1414a6a5515266c11dc7fbe079b8d547167b5066163
431a75acfa374be69834bf9aff0b3e520260452b6d6ed4bd4b20802ee8b93aad
5bebb29748c9196aa7f335980cfcbdaf5c7c5853a13d0b223e29924dd50b6086
aedbe9f05b4f34f6675dcfe2245f097bf609b54be55186787331b1e93401f400
b55864c00b37b2184dae70e3bd13e6852413fa196eeb1eef267b5aa41443b988


On the next tx is a transfer for 1.32 BTC (tx c7ed5beb2541e9153a7287f73722f9ecfb8a6b25a0c769790c2fc73bb7fc4fb4) but at the same time the amount was sent back to me

(tx 2b93fcc90c2350277376314e24eb8292658cac9d04831d26761a4012421e5875) which is extremely weird. Does someone have an idea why would this happen?


This is a screenshot of the transactions (my own last transaction was 1 btc on April 13th. https://imgur.com/QENbCv1

[Charles-Tim]

Leaving such huge amount on hot wallet is not a good idea, hardware wallet should be used for huge amount like that, I will even advice anyone having more than $500 worth of bitcoin to use hardware wallet, or if the person know how to handle other offline wallet, they can be recommended also.

Hot wallets are not secure like offline wallets, but web wallet like blockchain.com are most vulnerable type of hot wallet because it is a web wallet, web wallets are not even recommended at all. There are many complains of coin lost on blockchain.com wallet, you need to transfer you fund immediately.

Download electrum wallet immediately
[GUIDE] How to Safely Download and Verify Electrum [Guide]

Create a new electrum wallet and transfer the remaining funds there.

You will need to buy hardware wallet, or make use of offline wallet. I will recommend Trezor (open source) or Ledger Nano (close source). If you buy Trezor, make sure you use passphrase, and do proper backup because if the seed phrase and passphrase are lost, you will lose your funds. If you do not use passphrase, be careful for thieves not to steal your Trezor because they can be able to know your seed phrase, but the passphrase in this case will help you to generate another keys and addresses entirely, this will make it the type of attack impossible.

Make sure you buy from legit reseller, but buying directly from the official hardware company is recommended. You will have to transfer the fund from electrum to hardware wallet. And make sure you protect your wallet.
The transactions with the above txid have been confirmed already. It can be due to hackers that are able to use malware to steal from your devices or someone get access to your phone to steal it. Make sure you are using password or pin to access your wallet.

[bL4nkcode]

Probably someone got your recovery seed without you knowing, but there should be an email notification you will receive after a transfer on your blockchain account. If you will check the web wallet board you'll find that most of the complains are blockchain.com users.

With that amount probably I'll check that account every single day, and on april 14th I should knew that someone got accessed my wallet and should transfer the remaining funds.

A thousand worth question, is why you use this (blockchain.com) worst wallet while there are many secured and trusted wallet like electrum, and with that amount, I'll use a hardware wallet.

I feel sorry for you and that amount cannot be recovered.

[noorman0]

Transactions are clearly recorded on your blockchain account, meaning that the hackers did it in your wallet (your login information was leaked) since April 18th. Maybe you can recall the activities you remember on your computer at that time to analyze the cause of the hack.

Surprisingly, the balance still shows $0 despite a refund on the transaction of 1.323BTC on April 21st, where did your funds go?

[shield132]

Do you use the cracked version of Windows downloaded from Russian torrent websites?
Was your email hacked? Because Blockchain.com always sends verification emails when you try to log in. Do you have sync turned on in your smartphone or do you use blockchain.com wallet on your smartphone? If you have synchronization turned on on your emails, then you would immediately receive the new email verification on your smartphone, otherwise, maybe the person had access to your email and deleted them as soon as possible.

I think that you can check the login history on your blockchain.com account and it would answer some questions.

[pqrbtc]

I accept the fact that I shouldn't have kept my btc on blockchain.com and should use a ledger but what I do not understand is why would anyone leave 12.5 btc in my account and not transfer them all?? Secondly why would he transfer 1.32 btc and then transfer it back?  Plus, as I said before , I only use this computer for two things: email and blockchai.com. I never open anything else in the browser or install software.

[pqrbtc]

Do you use the cracked version of Windows downloaded from Russian torrent websites?
Was your email hacked? Because Blockchain.com always sends verification emails when you try to log in. Do you have sync turned on in your smartphone or do you use blockchain.com wallet on your smartphone? If you have synchronization turned on on your emails, then you would immediately receive the new email verification on your smartphone, otherwise, maybe the person had access to your email and deleted them as soon as possible.

I think that you can check the login history on your blockchain.com account and it would answer some questions.

I use windows 10, no cracked version or something. Been doing it for 4-5 years the same. I cannot find how to check the login history on blockchain. I only use the browser, no app.

[numanoid]

Didn't you activated 2FA on your blockchain wallet, OP? Or sms OTP? Since you are saying you never install anything weird or phising link or sharing your private key to anyone, did someone ever use your computer beside you? I.e your brother, sister or friend?

[Potato Chips]

I accept the fact that I shouldn't have kept my btc on blockchain.com and should use a ledger but what I do not understand is why would anyone leave 12.5 btc in my account and not transfer them all?? Secondly why would he transfer 1.32 btc and then transfer it back?  Plus, as I said before , I only use this computer for two things: email and blockchai.com. I never open anything else in the browser or install software.

Are some of your funds stored in your trading/interest accounts? Do your peers know you have huge amount of bitcoins?

In any case op, you should move the remaining funds to a different wallet using a clean device. Ordering a hardware wallet would probably take long so for the mean time, store it in electrum (https://electrum.org/). Make sure to verify your wallet file to make sure of its authenticity (tutorial)

[pqrbtc]

Didn't you activated 2FA on your blockchain wallet, OP? Or sms OTP? Since you are saying you never install anything weird or phising link or sharing your private key to anyone, did someone ever use your computer beside you? I.e your brother, sister or friend?

No one besides me has access to my computer or email. Weird thing as the last transaction was on April 21st for 1.32 BTC and it got sent back to my wallet and never transfered again so I am left with 12.5 BTC. This makes me believe there is some kind of script, software and not a person getting into my account.

[The Cryptovator]

The case is quite complex to me, I haven't seen such as case previously. Once happen clipboard hack then partial funds would be hacked. But according to you, the device wasn't used for anything else except your email and blockchain wallet. Are you sure you haven't clicked any link from email? Had you attempted to transfer your funds during the event of the hacking period? If not then most probably there is something else behind the story. Because if compromised your wallet credentials then the hacker won't leave any funds into your wallet. Hackers are really not so kind.

There is a rumor that a few blockchain staff is involved with such hacking attempts. I am assuming that would happen in your case. I don't think OP stupid enough who holding such as big amount will careless to save wallet credentials or device. But yes, it was a stupid attempt to store such huge funds in a web wallet. The hacked amount is very big which is enough to settle a few life. It's not impossible that blockchain staff wouldn't be involved with such as case once the amount is life-changing.

We can't do anything with sent funds which is confirmed into blockchain and seems the hacker broken the chain with small transactions. Hope you realized your mistakes that anyone shouldn't store such as a huge amount in a web wallet. Just secure your funds immediately with a Ledger wallet. I even wouldn't dare to hold such an amount in Electrum. That's why I bought Ledger back a year.

Last question, had you moved your remains fund from Blockchain wallet? If not then do it as soon as possible if you don't want to be a victim again.

[BitMaxz]

Didn't you activated 2FA on your blockchain wallet, OP? Or sms OTP? Since you are saying you never install anything weird or phising link or sharing your private key to anyone, did someone ever use your computer beside you? I.e your brother, sister or friend?

No one besides me has access to my computer or email. Weird thing as the last transaction was on April 21st for 1.32 BTC and it got sent back to my wallet and never transfered again so I am left with 12.5 BTC. This makes me believe there is some kind of script, software and not a person getting into my account.

That's the problem if you don't enable your 2FA even the SMS authentication. Your accounts are not secured and anyone can able to access your wallet without any authentication.

You might be phished and used a fake blockchain wallet before?

Or maybe you trade on blockchain and forgot that you sell and buy BTC?

Or maybe you imported a bitcoin address in your blockchain wallet?

If you didn't import a Bitcoin address maybe the hacker trying to fool you and imported a BTC address in your wallet that is why you think that you receive the 1.32 BTC back to your wallet.

[pqrbtc]

Yes I moved the funds. I know that the funds cannot be recovered but I cannot get my head around how this happened and why would someone leave 12.5 btc on the wallet. Also I never received a confirmation email and my emails are forwarded to another email address with a different password! Everything is weird about this. I cannot but think blockchain.com has something to do with this.

[bL4nkcode]

[...] so I am left with 12.5 BTC. This makes me believe there is some kind of script, software and not a person getting into my account.

But on your screenshot it shows $0.00 total balance. If its really still there I suggest you to transfer it asap, don't use the email you used on your blockchain.com account if ever, change both passwords on your email and blockchain.com account as well.

[pqrbtc]

[...] so I am left with 12.5 BTC. This makes me believe there is some kind of script, software and not a person getting into my account.

But on your screenshot it shows $0.00 total balance. If its really still there I suggest you to transfer it asap, don't use the email you used on your blockchain.com account if ever, change both passwords on your email and blockchain.com account as well.

I already transferred the 12.5 that's why it shows 0 now

[bL4nkcode]

I already transferred the 12.5 that's why it shows 0 now

Yeah, that's explains, thanks.

Seems like we had witness a hacker with sympathy which I think this is not a outsider person who stole your funds there. It seems like it was done on your computer something like a person who has an access to that computer besides you that needs only a part of that amount not as a whole.

Blockchain support/people might be one of the sus as well.

[pqrbtc]

Does anyone know how to find the login history on blockchain? I cannot find this and the people from support are not responding.

[The Cryptovator]

Yes I moved the funds. I know that the funds cannot be recovered but I cannot get my head around how this happened and why would someone leave 12.5 btc on the wallet. Also I never received a confirmation email and my emails are forwarded to another email address with a different password! Everything is weird about this. I cannot but think blockchain.com has something to do with this.

Do you know even blockchain staff would change your email where you have been receiving 2FA code for login? I just managed to find the story I had read before. So please read this article My Experience With Blockchain.com: Lost Funds, Bad Support, Low Reviews . I am not only blaming to blockchain staff. But since you strongly believe there aren't your mistakes, so I am assuming the blockchain staff is involved with that. Just curious how nowadays hackers become too kind?

[BitMaxz]

Yes I moved the funds. I know that the funds cannot be recovered but I cannot get my head around how this happened and why would someone leave 12.5 btc on the wallet. Also I never received a confirmation email and my emails are forwarded to another email address with a different password! Everything is weird about this. I cannot but think blockchain.com has something to do with this.

Why not try to contact blockchain about this and maybe this is just a bug on their side.

Try to contact them with their Twitter or Facebook account

- https://twitter.com/blockchain
- https://www.facebook.com/blockchain/

Or try to submit a request here for help
- https://support.blockchain.com/hc/en-us/requests/new

Let's hope that it's just a bug but if not there is no way to recover those hacked BTC.

Does anyone know how to find the login history on blockchain? I cannot find this and the people from support are not responding.

No, they don't have a login history but you should receive an email or notification every time you log in or if blockchain detect suspicious IPs.

[Rizzrack]

I heard of hacker's guilt but never seen a rl example. Sorry for your losses!

Thinking about this and it doesn't sound like a script. If it were it would have cleaned you out! The transaction where he gave you back the amount sounds like a mistake while copy/pasting. My bet is on the email... spyware, malware type.
I assume that the amount were mixed a few rounds after. At least this is my impression after glancing and the btc trail.

Did you recently notice this or on the same day?