raveldoni
Sr. Member
Offline
Activity: 434
Merit: 250
🤖UBEX.COM 🤖
|
|
October 19, 2014, 10:15:47 AM |
|
Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
|
|
|
|
TR8888
|
|
October 19, 2014, 11:22:12 AM |
|
Tor is fine for anonymity but not security.
No it isn't, Not anymore. TOR is pretty much useless these days.
|
|
|
|
pitiflin
|
|
October 19, 2014, 12:02:48 PM |
|
Just to clarify, I'm not the guy who lost 633 BTC
I've just lost 1 BTC using blockchain + TOR and I lost 2 BTC 6 months ago using Coinbase + TOR
I use a cold wallet from Armory and now I'm using hot wallets for small amounts with Armory as well.
I'm going to do some more research, but I don't feel like using Armory + TOR after my bad experiences...
|
|
|
|
Come-In-Behind
|
|
October 19, 2014, 04:45:30 PM |
|
Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
This^
|
|
|
|
Window2Wall
|
|
October 19, 2014, 06:23:02 PM |
|
Tor is totally unsafe for any kind of money transactions. You need to be security conscious when you are holding this much money online.
I would disagree. I think you need to be sure that you are dealing with the correct website when using tor. I agree that it is very difficult to know for sure you have in fact accessed the correct website. Although one way around this kind of attack is to access a hidden service (I don't think blockchain.info has a hidden service that people can access using tor).
|
|
|
|
marcelus
|
|
November 07, 2014, 02:33:19 PM |
|
The exact same thing happened to me (on Oct 16) with a similarly horrific amount of coins except for a couple of differences.
1. I am fairly confident I did not log in on the day of the theft.
2. I am 100% certain I never, ever accepted any untrusted security certificate. (If I get a cloudfare notice, I immediately change identity and start again)
|
|
|
|
nikkoy
Newbie
Offline
Activity: 42
Merit: 0
|
|
November 07, 2014, 03:22:27 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4396
Merit: 3303
|
|
November 07, 2014, 04:19:15 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
marcelus
|
|
November 07, 2014, 04:43:55 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup. Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info. I'm just looking for answers.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3528
Merit: 10723
|
|
November 07, 2014, 05:57:38 PM |
|
first mistake is using online wallet. second is using tor with it and i am sure there were no 2FA third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
|
|
|
|
Piston Honda
Legendary
Offline
Activity: 2730
Merit: 1068
Juicin' crypto
|
|
November 07, 2014, 06:42:09 PM |
|
first mistake is using online wallet. second is using tor with it and i am sure there were no 2FA third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
Exactly, granted not fair that it was jacket - but still, have to be more careful!!!
|
$ADK ~ watch & learn...
|
|
|
marcelus
|
|
November 07, 2014, 07:00:53 PM Last edit: November 07, 2014, 08:02:35 PM by marcelus |
|
first mistake is using online wallet. second is using tor with it and i am sure there were no 2FA third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars
Sorry mate I'm actually looking to hear from people who know what they're talking about. 1. I don't store coins there. I was just using the service primarily for the shared coin feature. 2. I did use 2FA - read back. 3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack. 4. Blockchain.info employs https. Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
November 07, 2014, 07:04:02 PM |
|
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
marcelus
|
|
November 07, 2014, 07:07:47 PM |
|
4. Blockchain.info employs https.
This is precisely what got your coins stolen, ironically. Maybe not I just replied to your pm.
|
|
|
|
FuegoTropicalArrrrrrriiii
Member
Offline
Activity: 67
Merit: 10
|
|
November 07, 2014, 07:37:09 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup. Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info. I'm just looking for answers. Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.
|
|
|
|
marcelus
|
|
November 07, 2014, 07:40:53 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup. Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info. I'm just looking for answers. Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check. I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.
|
|
|
|
FuegoTropicalArrrrrrriiii
Member
Offline
Activity: 67
Merit: 10
|
|
November 07, 2014, 07:45:43 PM |
|
this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.
Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks. I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup. Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info. I'm just looking for answers. Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check. I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open. Damn, I'm stumped. Sorry I wasn't a help at all. This is Mission Impossible type shit.
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
November 07, 2014, 07:54:01 PM |
|
complained to 8btc.com that he lost 633 btc Virtual Wallet. Deal with it ... like usual.
|
|
|
|
teukon
Legendary
Offline
Activity: 1246
Merit: 1011
|
|
November 07, 2014, 10:08:56 PM |
|
Sorry mate I'm actually looking to hear from people who know what they're talking about.
1. I don't store coins there. I was just using the service primarily for the shared coin feature. 2. I did use 2FA - read back. 3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack. 4. Blockchain.info employs https.
Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.
Hmm... I'm really not sure about this one. A more detalied timeline might help. Did you lose your coins at the moment of the coin-join operation or was it a few hours/days out?
|
|
|
|
rampage101
Member
Offline
Activity: 182
Merit: 10
|
|
November 07, 2014, 11:03:43 PM |
|
People are trolling the guy for not taking enough security. It's getting to the point where if you do not have PhD in computer science then your coins can be hacked... cold wallets are difficult enough to understand having the correct background.
We need better insurance policies for the regular users. It would be better there were insurance plans for bitcoins.
When somebody hacks your bank account, the bank gives you back all your money. In this respect the banking system is far superior for large amounts of money.
|
|
|
|
|