skysurfer31 (OP)
Newbie
 Offline
Activity: 1
Merit: 0
|
 |
July 03, 2014, 08:38:28 PM |
|
I fell prey to a scam this morning. I received a fractional bitcoin transaction in my Blockchain account with a web link. That link took me to bitmessages dot org (this is a fraudulent site, proceed with caution). The site was branded with the same type of layout and look of Blockchain, and wanted to associate to my Blockchain wallet ID, but did not require any password information. After entering the wallet ID, the site said it was returning me to Blockchain.info.
From here it returns you to a site that looks exactly like Blockchain.info, however the domain name is actually blocdhain.info or something which looks similar unless you are paying attention, which I obviously was not. As you go along your merry way entering your wallet ID and password into this form, it harvests your information and then sends you to the real Blockchain.info site.
My wallet was drained within minutes. As soon as I got the email notification that a transaction had occurred, I knew I had F'd up.
Enabling the two factor authentication would have prevented this, and was something I had not gotten around to. I feel really stupid, this is the first time I've ever been scammed in 20 years of internet usage. However, it's my fault that I didn't pay closer attention to what was going on. I had googled information on bitmessage and became interested in the protocol and incorrectly assumed this would enable some form of encrypted messaging within the Blockchain.info web site when I opened the link. Expensive lesson.
All of this has been reported to the Blockchain help desk. They got back to me and said they are in the process of taking the fraudulent site down.
Please learn from my mistake if you have not enabled multiple layers of security on your bitcoin wallet at Blockchain.info.
|
|
|
|
|
|
|
|
The network tries to produce one block per 10 minutes. It does this by automatically adjusting how difficult it is to produce blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
fat%
Member
Offline
Activity: 62
Merit: 10
|
|
July 03, 2014, 08:48:28 PM |
|
Visited that site aswell. Blockchain.info lists the transactions as "New Bitmessage" which is irresponsible for such a large website.
|
|
|
|
|
kolloh
Legendary
Offline
Activity: 1736
Merit: 1023
|
|
July 03, 2014, 09:18:41 PM |
|
Thanks for the warning.
|
|
|
|
|
Justin00
Legendary
Offline
Activity: 910
Merit: 1000
★YoBit.Net★ 350+ Coins Exchange & Dice
|
|
July 03, 2014, 09:22:27 PM |
|
I've been a sleep a while it must seem....but where does blockchain.info get tags from? The tx's themselves or ?
|
|
|
|
franky1
Legendary
Offline
Activity: 4214
Merit: 4475
|
|
July 03, 2014, 09:42:12 PM |
|
phishing wont happen if you use a proper client program that sits on your computer.
use bitcoin-core and you never have to worry about website hacking, third party thefts, social engineering exploits, scam sites, or greedy people.
please learn to use proper bitcoin software
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
|
InwardContour
|
|
July 03, 2014, 10:01:38 PM |
|
I've been a sleep a while it must seem....but where does blockchain.info get tags from? The tx's themselves or ?
The address tags are created by signing a message with the private key of the address that you want to tag. The public notes attached to TXs are from the TX themselves. |
|
|
|
|
taylortyler
Member
Offline
Activity: 84
Merit: 10
|
|
July 03, 2014, 10:45:42 PM |
|
Thanks for the heads up.
|
|
|
|
|
franky1
Legendary
Offline
Activity: 4214
Merit: 4475
|
|
July 03, 2014, 10:54:29 PM |
|
i bet 1 satoshi that the OP uses bitmessages and blockchain.info. and this attack was not random, that the scammer knows that the OP uses both services and has probably had conversations with him beforehand.
this is why i hate forum polls asking:
"how much bitcoin do you have"
"what client do you use"
as these can easily lead to social engineering tricks to gather info to then exploit
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
|
InwardContour
|
|
July 05, 2014, 03:21:36 AM |
|
i bet 1 satoshi that the OP uses bitmessages and blockchain.info. and this attack was not random, that the scammer knows that the OP uses both services and has probably had conversations with him beforehand.
this is why i hate forum polls asking:
"how much bitcoin do you have"
"what client do you use"
as these can easily lead to social engineering tricks to gather info to then exploit
You are probably correct. I don't think it was from the forum, but rather from the OP using the same email address for both services. |
|
|
|
|
lihuajkl
Legendary
Offline
Activity: 1596
Merit: 1000
|
|
July 05, 2014, 03:38:39 AM |
|
phishing wont happen if you use a proper client program that sits on your computer.
use bitcoin-core and you never have to worry about website hacking, third party thefts, social engineering exploits, scam sites, or greedy people.
please learn to use proper bitcoin software
It is hard to say! Even you are using the bitcoin core, the risk is still existing that your wallet file might be stolen. No matter what type of wallet you are using, it is your responsible to prevent such attack. You need to learn the knowledge to avoid them. |
|
|
|
|
|
Ron~Popeil
|
|
July 05, 2014, 06:31:15 AM |
|
Thanks for the warning and sorry you got scammed. I keep small amounts in web wallets but 2fa is enabled on all of them. My main stash is locked up in my home computer.
|
|
|
|
|
jc01480
|
|
July 05, 2014, 07:20:06 AM |
|
phishing wont happen if you use a proper client program that sits on your computer.
use bitcoin-core and you never have to worry about website hacking, third party thefts, social engineering exploits, scam sites, or greedy people.
please learn to use proper bitcoin software
Franky, I used Bitcoin core up until last week when i upgraded to latest version. It completely jacked up my wallet. Backed my wallet up and removed the program. Reinstalled clean and waited for it to sync with he blockchain. Copied my wallet back in and it said my wallet was corrupt and crashed. Two more times I did this with the same result. Rolled back to an older version. Same thing, except this time I reset all the options in the debug console. Shut it down and restarted. Presto! My coins magically appeared. Transferred them out right away and deleted that useless pain in the ass bitcoin core program off my system. Litecoin too. I've had hell with it. Every time I do a computer restart I'd have to re download the entire blockchain. Every fucking time! Not anymore. I'll use the easier programs from now on with less overhead than a full node. |
|
|
|
|
jbreher
Legendary
Offline
Activity: 3038
Merit: 1660
lose: unfind ... loose: untight
|
|
July 05, 2014, 06:05:24 PM |
|
Franky, I used Bitcoin core up until last week when i upgraded to latest version. It completely jacked up my wallet.
Those are an interesting litany of symptoms. Did you bother to enter a bug report at the bitcoin-qt tracker on GitHub? |
Anyone with a campaign ad in their signature -- for an organization with which they are not otherwise affiliated -- is automatically deducted credibility points.
I've been convicted of heresy. Convicted by a mere known extortionist. Read my Trust for details.
|
|
|
|
InwardContour
|
|
July 05, 2014, 07:17:48 PM |
|
phishing wont happen if you use a proper client program that sits on your computer.
use bitcoin-core and you never have to worry about website hacking, third party thefts, social engineering exploits, scam sites, or greedy people.
please learn to use proper bitcoin software
It is hard to say! Even you are using the bitcoin core, the risk is still existing that your wallet file might be stolen. No matter what type of wallet you are using, it is your responsible to prevent such attack. You need to learn the knowledge to avoid them. bitcoin-core has it's own potential vulnerabilities just like any other wallet program/service has. IMO the blockchain.info web wallet is probably the best as long as you use the proper security procedures. There is an argument to even not have any email associated with your account but instead set it up to backup your encrypted wallet to your dropbox |
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
July 06, 2014, 09:42:25 AM |
|
IMO the blockchain.info web wallet is probably the best as long as you use the proper security procedures. There is an argument to even not have any email associated with your account but instead set it up to backup your encrypted wallet to your dropbox
'Proper security procedures' is impossible for a web wallet. If you're not running the code locally, it isn't secure, period. |
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
July 06, 2014, 09:44:18 AM |
|
|
|
|
|
|
|
InwardContour
|
|
July 07, 2014, 01:02:01 AM |
|
IMO the blockchain.info web wallet is probably the best as long as you use the proper security procedures. There is an argument to even not have any email associated with your account but instead set it up to backup your encrypted wallet to your dropbox
'Proper security procedures' is impossible for a web wallet. If you're not running the code locally, it isn't secure, period. The encryption/decryption of wallets and private keys, as well as the generation of the private keys are all done on the client side. This essentially makes it impossible for blockchain.info to be able to access your private keys, as well as an attacker who is able to hack blockchain.info's servers |
|
|
|
|
|
