Bitcoin Forum
July 19, 2019, 02:41:03 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 7 8 9 »  All
  Print  
Author Topic: 63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast?  (Read 14869 times)
owlcatz
Legendary
*
Offline Offline

Activity: 1890
Merit: 1222


BTC, XMR & VIA FTW


View Profile WWW
November 28, 2014, 01:27:04 AM
 #21

I wouldnt keep even 1BTC (mid-long term) in a wallet that i am not the only one controlling the private key.

You sir is retarded and you created your own misfortune. Sadly.

I still feel sorry though. I am canadian so i'll say it again. Sorry.

i totally agree.
keep it in paper wallet. this was an oversight on my part. doesnt explain what happened though Sad
If you truly lost your Bitcoins, I am sorry to hear this, the transactions are irreversible. However, the simple fact your wallet wasn't emptied immediately, but over the course of several hours leads me to believe you are bullshitting us.

these were my wallets. all emptied at once.
13brziR3KJB9eBWUmiSVa7HCtDGsoi5uPv
1KFCQqWJMFp3jP2YXQv5ZMgmXeZfQ8Levs
1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB
156VdKaw31FKNkDve1PLs3J4j2s1dnkfQc
1BUCKgFCb3UYcEEgEWibFSzgUnbpWRRfiC
12Un78NEExEM3SYoFYAQvKYwxtMJozb3K6

yes, we intelligent folks can see that by the tx - https://blockchain.info/tx/43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

guess remember or whatever/whoever is in his cups already? lol.. sorry again statdude. Sad

1563504063
Hero Member
*
Offline Offline

Posts: 1563504063

View Profile Personal Message (Offline)

Ignore
1563504063
Reply with quote  #2

1563504063
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1563504063
Hero Member
*
Offline Offline

Posts: 1563504063

View Profile Personal Message (Offline)

Ignore
1563504063
Reply with quote  #2

1563504063
Report to moderator
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002

Reverse engineer from time to time


View Profile
November 28, 2014, 01:28:15 AM
 #22

I wouldnt keep even 1BTC (mid-long term) in a wallet that i am not the only one controlling the private key.

You sir is retarded and you created your own misfortune. Sadly.

I still feel sorry though. I am canadian so i'll say it again. Sorry.

i totally agree.
keep it in paper wallet. this was an oversight on my part. doesnt explain what happened though Sad
If you truly lost your Bitcoins, I am sorry to hear this, the transactions are irreversible. However, the simple fact your wallet wasn't emptied immediately, but over the course of several hours leads me to believe you are bullshitting us.

these were my wallets. all emptied at once.
13brziR3KJB9eBWUmiSVa7HCtDGsoi5uPv
1KFCQqWJMFp3jP2YXQv5ZMgmXeZfQ8Levs
1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB
156VdKaw31FKNkDve1PLs3J4j2s1dnkfQc
1BUCKgFCb3UYcEEgEWibFSzgUnbpWRRfiC
12Un78NEExEM3SYoFYAQvKYwxtMJozb3K6

yes, we intelligent folks can see that by the tx - https://blockchain.info/tx/43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

guess remember or whatever/whoever is in his cups already? lol.. sorry again statdude. Sad


Derp, thanks. I got confused, thought that https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857 was the address of OP. Sorry for that, statdude.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002

Reverse engineer from time to time


View Profile
November 28, 2014, 01:32:56 AM
 #23

Honestly, not sure what to think. If BC.I was compromised even with 2FA, then this means that there is some exploit going on in BC.I and piuk owes statdude 63btc.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
raskul
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
November 28, 2014, 01:35:37 AM
 #24

Honestly, not sure what to think. If BC.I was compromised even with 2FA, then this means that there is some exploit going on in BC.I and piuk owes statdude 63btc.

yup, i'd say it should be up to the online wallet host to ensure those funds are returned, however that might happen.

tips    1APp826DqjJBdsAeqpEstx6Q8hD4urac8a
pedrog
Legendary
*
Offline Offline

Activity: 2212
Merit: 1005



View Profile
November 28, 2014, 01:40:00 AM
 #25

statdude, how do you store your wallet backup or backups?

inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
November 28, 2014, 01:42:48 AM
 #26

Here is the problem with disclosures like this:

1) Bitcointalk accounts are sold all the time
2) Some people may be faking these thefts in order to avoid taxes or other liabilities
3) This may be a way for people to lash out at BTC upon exiting the scene

My last post on bitcointalk.

I yearned for ANC since 2013, I tried to advertise it, I put in a few ideas and a little bit of work, not too much.
I told people how great it will and would be, I made them think it was on testnet on the 15th, I changed their way of thinking and some of the people bought, cuz they liked the idea.

Now I stand a fool - Just as I stood like a fool with Zetacoin.

It won't happen to me again, because this incident made me lose all trust in people on the internet. Even the people who supposedly did work on something and seemed legit even at second sight.

I won't come back to crypto anymore - I lost so much... and I gained too little, and I don't mean that moneywise.

Goodbye.

This.
I totally agree.
I've finally come to the conclusion - this whole scene - including BTC - is a scam.
play or be played.
sorry brother.

I'm not trying to insinuate that this is anything listed above but it makes our job of accurately diagnosing security breaches more difficult and when you make comments like the above a month before hand .

I apologize for being an asshole for even posting this, but....heavy gambler, really into alts, and pissed off at Bitcoin all raise questions as well.

statdude
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
November 28, 2014, 01:44:20 AM
 #27

not a fake acct, anyone who knows me can verify this.

There was a backup on my computer of the wallet. So if they breached my PC somehow, they would have just needed the 10 digit password.


▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
  Website
    Twitter
      Gitlab
      Reddit
    Telegram
Whitepaper
  ▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
statdude
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
November 28, 2014, 02:02:20 AM
 #28

The hacker's addresses are as follows-

Hacker if you're watching, please contact me and we can work something out, don't draw this out!

1PKKHesnMstSDkqbXQzs1kep4qms2eRJFj
16uAPb6i3AJFebLyGzQAcxcrH9YQPaT1fa
15x41gpZkT1WtRZp5va9H3y2BNGkUgPPbH
1HYeQCcAjoHqFwwofBxiurjTqCkMn7a4N6

▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
  Website
    Twitter
      Gitlab
      Reddit
    Telegram
Whitepaper
  ▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
pedrog
Legendary
*
Offline Offline

Activity: 2212
Merit: 1005



View Profile
November 28, 2014, 02:13:29 AM
 #29

Blockchain.info wallet backups are encrypted?

Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002

Reverse engineer from time to time


View Profile
November 28, 2014, 02:15:52 AM
 #30

Could it be that your email was compromised, and you had an auto-backup option of the wallet, where it gets emailed to you, unencrypted perhaps?

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
statdude
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
November 28, 2014, 02:20:30 AM
 #31

Could it be that your email was compromised, and you had an auto-backup option of the wallet, where it gets emailed to you, unencrypted perhaps?

There are actually no copies of my wallet in my email at the time. I had deleted them all.

However, there was an encrypted copy on my desktop.


▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
  Website
    Twitter
      Gitlab
      Reddit
    Telegram
Whitepaper
  ▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
November 28, 2014, 02:32:59 AM
 #32

Did you empty your trash after deleting your email backups?
If you use gmail did you check your filters?
Have you scanned your computer for rootkits, trojans, and viruses with multiple programs?


funtotry
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


Ever wanted to run your own casino? PM me for info


View Profile
November 28, 2014, 02:35:43 AM
 #33

Could it be that your email was compromised, and you had an auto-backup option of the wallet, where it gets emailed to you, unencrypted perhaps?
Blockchain.info wallets are always encrypted when they are emailed to a user.

The fact that I find most strange is that 1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB received the change of the initial 63 BTC transaction and it also was one of the sending addresses of the transaction that "emptied" the wallet. This is not the expected behavior of an attacker. This address also had ~5 BTC left in it for ~14 hours after the attacker had emptied your wallet.

statdude
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
November 28, 2014, 02:36:19 AM
 #34

Did you empty your trash after deleting your email backups?
If you use gmail did you check your filters?
Have you scanned your computer for rootkits, trojans, and viruses with multiple programs?



Checking for viruses now. I did actually miss a couple wallet backups in my email. However, they were all encrypted.

I was trying to send a message to the scammers addresses with a "blcokchain" note saying they were stolen coins.
But it seems they locked my account as i just submitted a support ticket?
I can't do anything in there (i just sent a little dust to send the public notes)


▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
  Website
    Twitter
      Gitlab
      Reddit
    Telegram
Whitepaper
  ▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
statdude
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000



View Profile
November 28, 2014, 02:36:59 AM
 #35

Could it be that your email was compromised, and you had an auto-backup option of the wallet, where it gets emailed to you, unencrypted perhaps?
Blockchain.info wallets are always encrypted when they are emailed to a user.

The fact that I find most strange is that 1E1nAEXaffBHh3RPpB9EGexSGSLS9qVFWB received the change of the initial 63 BTC transaction and it also was one of the sending addresses of the transaction that "emptied" the wallet. This is not the expected behavior of an attacker. This address also had ~5 BTC left in it for ~14 hours after the attacker had emptied your wallet.
strange indeed, but i didnt notice as I was asleep.

▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ █████     █ ▀██████████ █
█ █████     █   ▀████████ █
█ █████  ██ █     ▀██████ █

█ █████  ▀▀ █▄▄▄▄▄▄▄█████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████  ▄▄▄▄▄▄▄▄▄  █████ █
█ █████             █████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
  Website
    Twitter
      Gitlab
      Reddit
    Telegram
Whitepaper
  ▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▄
█ ███████████████████████ █
█ ███████████████████████ █
█ ███▄    ███████▀   ▄███ █
█ ████▌    █████▀    ████ █
█ ████▌     ███▀     ████ █
█ ████▌▐█    █▀ █    ████ █
█ ████▌▐██     ██    ████ █
█ ████▌▐███   ███    ████ █
█ ███▀  ▀███ ███▀    ▀███ █
█ ███████████████████████ █
█ ███████████████████████ █
▀█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█▀
teukon
Legendary
*
Offline Offline

Activity: 1246
Merit: 1000



View Profile
November 28, 2014, 02:39:37 AM
 #36

not a fake acct, anyone who knows me can verify this.

There was a backup on my computer of the wallet. So if they breached my PC somehow, they would have just needed the 10 digit password.

How much entropy was in your 10-digit password?
kokojie
Legendary
*
Offline Offline

Activity: 1750
Merit: 1000



View Profile
November 28, 2014, 02:44:21 AM
 #37

uh your 2FA is your email, which means anyone that hacks your email can defeat your 2FA, and also they could probably figure out your password since they already hacked your email.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002

Reverse engineer from time to time


View Profile
November 28, 2014, 02:45:55 AM
 #38

uh your 2FA is your email, which means anyone that hacks your email can defeat your 2FA, and also they could probably figure out your password since they already hacked your email.
I thought 2FA was supposed to be an SMS to your phone. I admit I have not used Blockchain.info other than to store less than 0.001btc.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
inBitweTrust
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
November 28, 2014, 02:55:35 AM
 #39

uh your 2FA is your email, which means anyone that hacks your email can defeat your 2FA, and also they could probably figure out your password since they already hacked your email.
I thought 2FA was supposed to be an SMS to your phone. I admit I have not used Blockchain.info other than to store less than 0.001btc.

they offer both but...

no tor, no mobile,

no record of 2FA being sent to my email

someone must have gotten a wallet backup and my password.

Which means statdude was using the email 2fa which mostly defeats the whole purpose of 2fa altogether as any compromised account or computer can easily defeat and cover up this 2fa. With sms 2FA the hacker would have had to compromise his cell phone as well which is more difficult to coordinate if the user doesn't plug his cellphone into his computer.

HYPERfuture
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500

HYPER project manager and PR + GoldPieces [GP]


View Profile WWW
November 28, 2014, 02:56:14 AM
 #40

Really sorry to hear about your loss.

What was your method of 2FA? Was it just your email account? Or SMS or Yubikey?

HYPER Gaming Currency -> https://bitcointalk.org/index.php?topic=624651 GP RPG Currency -> https://bitcointalk.org/index.php?topic=1053441 https://cryptogalaxies.com -> Blockchain Based Space Strategy MMO. Crypto Galaxies on Bitcointalk -> https://bitcointalk.org/index.php?topic=1374470
Pages: « 1 [2] 3 4 5 6 7 8 9 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!