Tor+Blockchain wallet hacked? 633 btc loss

[raveldoni]

Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.

[1715221493]

1715221493

[1715221493]

1715221493

[TR8888]

Tor is fine for anonymity but not security.

No it isn't, Not anymore. TOR is pretty much useless these days.

[pitiflin]

Just to clarify, I'm not the guy who lost 633 BTC

I've just lost 1 BTC using blockchain + TOR and I lost 2 BTC 6 months ago using Coinbase + TOR

I use a cold wallet from Armory and now I'm using hot wallets for small amounts with Armory as well.

I'm going to do some more research, but I don't feel like using Armory + TOR after my bad experiences...

[Come-In-Behind]

Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.

This^

[Window2Wall]

Tor is totally unsafe for any kind of money transactions. You need to be security conscious  when you are holding this much money online.

I would disagree. I think you need to be sure that you are dealing with the correct website when using tor. I agree that it is very difficult to know for sure you have in fact accessed the correct website. Although one way around this kind of attack is to access a hidden service (I don't think blockchain.info has a hidden service that people can access using tor).

[marcelus]

The exact same thing happened to me (on Oct 16) with a similarly horrific amount of coins except for a couple of differences.

1. I am fairly confident I did not log in on the day of the theft.

2. I am 100% certain I never, ever accepted any untrusted security certificate. (If I get a cloudfare notice, I immediately change identity and start again)

 

[nikkoy]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

[odolvlobo]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.

[marcelus]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.

[pooya87]

first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars

[Piston Honda]

first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars

Exactly, granted not fair that it was jacket - but still, have to be more careful!!!

[marcelus]

first mistake is using online wallet.
second is using tor with it and i am sure there were no 2FA
third mistake is keeping 633 BTC in one place, for god's sake by 13-10-2014 (time of tx) it was 250K worth of dollars

Sorry mate I'm actually looking to hear from people who know what they're talking about.

1. I don't store coins there. I was just using the service primarily for the shared coin feature.
2. I did use 2FA - read back.
3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack.
4. Blockchain.info employs https.


Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.

[Remember remember the 5th of November]

4. Blockchain.info employs https.

This is precisely what got your coins stolen, ironically.

[marcelus]

4. Blockchain.info employs https.

This is precisely what got your coins stolen, ironically.

Maybe not I just replied to your pm.

[FuegoTropicalArrrrrrriiii]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.

Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.

[marcelus]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.

Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.

I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.

[FuegoTropicalArrrrrrriiii]

this is the problem on BTC transactions, it is not completely secured and you cannot run or complain to someone because no one owns it. Unlike banks, when you lost your credit card or someone stole it, you can cut off its future transaction to your bank but BTC is not.

Yep, that is the problem with Bitcoin. You can't be a baby and run crying to your mommy when you fall down and hurt your knee. And your mommy can't tell you that you are a bad little boy and take away your allowance. With Bitcoin, you have to be an adult and that sucks.

I'm aware of all of this guys. I, like the OP, am just trying to make sense of the exploit. I follow diligent security procedures. My computer is heavily encrypted with multiple backups and I employ little snitch to guard against keyloggers. I also rarely browse with javascript enabled. A lot of my coins are in cold storage and when I do employ blockchain.info I always use 2 Factor Authentication. To me, it's pretty impossible my laptop is exploited because of how my laptop is setup.  

Since I certainly didn't accept any dodgy security certificate, I also can't make sense of a TOR exit node attack since https is employed by blockchain.info.

I'm just looking for answers.

Have you considered that maybe someone close to you stole your coins? I'm basing this from the fact that you had 2FA enabled and you seemed to have everything that someone might exploit remotely in check.

I have yes thanks as this was put to me straight away by someone. It's completely out of the question. As soon as I step away from my computer it's encrypted. Even if I go to the toilet. I never leave it open.

Damn, I'm stumped. Sorry I wasn't a help at all. This is Mission Impossible type shit.

[Meuh6879]

complained to 8btc.com that he lost 633 btc

Virtual Wallet.
Deal with it ... like usual.

[teukon]

Sorry mate I'm actually looking to hear from people who know what they're talking about.

1. I don't store coins there. I was just using the service primarily for the shared coin feature.
2. I did use 2FA - read back.
3. Blockchain.info does not have access to one's private keys - they're generated locally so is not at risk to an MtGox-type hack.
4. Blockchain.info employs https.

Given all of this info, I want to hear ideas (there have been some helpful suggestions already on this thread) on how I was exploited. I don't want to hear about what I supposedly did wrong, I want to hear what the attacker may have done. It's an investigation.

Hmm...  I'm really not sure about this one.  A more detalied timeline might help.  Did you lose your coins at the moment of the coin-join operation or was it a few hours/days out?

[rampage101]

People are trolling the guy for not taking enough security. It's getting to the point where if you do not have PhD in computer science then your coins can be hacked... cold wallets are difficult enough to understand having the correct background.

We need better insurance policies for the regular users. It would be better there were insurance plans for bitcoins.

When somebody hacks your bank account, the bank gives you back all your money. In this respect the banking system is far superior for large amounts of money.