63.73 BTC Hacked - Blockchain.info secured by 2FA - Starting security podcast?

[statdude]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

[BitCoinDream]

You can send dust with a public note in blockchain.info, viewable by all.

It appears my gmail was logged into on 22-Nov. Google was supposed to send me a security notification to my phone and email, yet I received neither?

Also, how is my gmail logged into when it has 2FA Google Auth activated???

I think your blockchain.info 2FA was based on gmail and gmail 2FA was based on SMS verification. Am i correct ?

[Remember remember the 5th of November]

Could it be that his 2FA email did come, but the attacker deleted it?

[inBitweTrust]

Also, how is my gmail logged into when it has 2FA Google Auth activated???

I sent you the link how one can bypass Gmail 2FA.

https://www.duosecurity.com/blog/bypassing-googles-two-factor-authentication

Just one method, but there are probably other ways. This technique allows one to access without notification.

Could it be that his 2FA email did come, but the attacker deleted it?

I think he is referring to Gmails 2FA through the google authenticator app on his cell and not blockchains email 2FA.

[magicmexican]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Best of luck. But your chances look really slim.

Maybe try to negotiate with him and give him 10% or something to have any shot at getting it back.

[AltcoinInvestor]

Well, sorry dude. I don't think you can get your btc back.

This is why I only use "bitcoin core" wallet. I don't trust any online wallet or exchange...

[inBitweTrust]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Next step is to contact the authorities in Luxembourg and subpoena the records of the ISP.
That is enough money to pursue and you already have at least one lead so If I were the hacker
I would try and negotiate a deal soon.

[amorphia]

I've made a quick guide to fully securing coins on Blockchain.info for beginners as these horror stories really upset me: https://bitcointalk.org/index.php?topic=876492

Very nice of you creating that thread, very usefull for newbies. After my little loss of btc last summer i start using spybot for keylogers and rootkit scan and 2fa sms to a simple phone, smartphones sucks. I also use virtual keyboard while typing passwords.

I'm really sorry for the OP who lost such a big amount of BTC and wish cancer to the thief and spend all his stolen funds to doctors. Rot in hell!!!

[wpalczynski]

I don't even think a 50/50 split agreement would persuade the thief to return the money, after all, he is a thief and planned this theft.  I know there was a link in one of the posts of this thread to a case where the thief did return 50% of the coins, I wonder what the circumstances were in that case, what coerced him to return half the coins.

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Best of luck. But your chances look really slim.

Maybe try to negotiate with him and give him 10% or something to have any shot at getting it back.

10%  haha try 50/50 split and it might get returned

[TKeenan]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Wow! that should scare him into submission.  You don't deal much with Russians - do you?

[magicmexican]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Wow! that should scare him into submission.  You don't deal much with Russians - do you?

If the hacker is Russian, the chances to get 0.000001 btc back are 0%. But if he is located somewhere in Europe - there is a slight tiny chance.

[TKeenan]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Wow! that should scare him into submission.  You don't deal much with Russians - do you?

If the hacker is Russian, the chances to get 0.000001 btc back are 0%. But if he is located somewhere in Europe - there is a slight tiny chance.

If the hacker is Russian, your mom will lose her bitcoins next. 

[b!z]

Sorry to hear about your loss, statdude.

[deluxeCITY]

I don't even think a 50/50 split agreement would persuade the thief to return the money, after all, he is a thief and planned this theft.  I know there was a link in one of the posts of this thread to a case where the thief did return 50% of the coins, I wonder what the circumstances were in that case, what coerced him to return half the coins.

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Best of luck. But your chances look really slim.

Maybe try to negotiate with him and give him 10% or something to have any shot at getting it back.

10%  haha try 50/50 split and it might get returned

There is likely no split that would potentially compel a thief to return the OP's stolen bitcoin (assuming he is telling the truth), unless he left behind some evidence of his identity. If there was some level of evidence then it would potentially be possible the thief would return some percentage of the stolen money depending on what laws were potentially broken and how likely the evidence would potentially lead to the hacker's actual identity, in exchange for the OP agreeing not to contact law enforcement and agree to not press charges (and to not testify in the event that law enforcement does get involved)

[fr4nkthetank]

Help...
I am not sure if someone accessed a backup of my wallet somewhere... All my BTC was stolen via a single blockchain transaction

43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

sent to here

https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857

if anyone has help or can apply any forensics... i am more than willing to pay a bounty to recover some of these funds... thank you...

skype me at "thestatdude"

many of these coins were purchased via credit card and i have hardly afford to lose them... please help..

sometimes credit cards pay back for stolen stuff, look in the terms and conditions

[ScryptAsic]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Next step is to contact the authorities in Luxembourg and subpoena the records of the ISP.
That is enough money to pursue and you already have at least one lead so If I were the hacker
I would try and negotiate a deal soon.

I would say that the hacker almost certainly used some kind of VPN or socks5 proxy to connect to the OP's blockchain wallet and the email account was likely hacked or compromised. Unfortunately these are generally common elements that many bitcoin related thefts have

[ed_teech]

  I just heard and I am deeply sorry stat. I hope you can recover them soon.

[KingOfSports]

Help...
I am not sure if someone accessed a backup of my wallet somewhere... All my BTC was stolen via a single blockchain transaction

43d9ecf12e25a0bcc6c655660d604cdff800f726dc42f68b08cea8fc1d61a3c4

sent to here

https://blockchain.info/address/1L8zn4BJs2B4a4pxN4HBaNKEgaowpa3857

if anyone has help or can apply any forensics... i am more than willing to pay a bounty to recover some of these funds... thank you...

skype me at "thestatdude"

many of these coins were purchased via credit card and i have hardly afford to lose them... please help..

In reference to your kind messages to me two weeks ago - this is karma.

As the lovely names you called me in PM, this "insert negative name here" now has 20 BTC more than you and not a single penny of debt. Credit card, ew? Why ever invest on credit cards when this market is known for thievery and hacking? The overall EV of that decision was definitely -EV, I think you didn't run the numbers or "stats" well enough on that decision way back and now its costing you. Have fun talking to those CC companies and debt collectors...

[LiteCoinGuy]

Thanks for the comments guys... PLEASE send dust to these addresses with a public comment marking them back to this thread..I have been trying to do so but it will not work for some reason. I am doing anything I can to get these coins labeled for all to see.

hopefully before the Zerocash release  

https://bitcointalk.org/index.php?topic=362468.msg3878992#msg3878992

[BitCoinNutJob]

To the hacker:

I do have your login IP address and .edu email domain from a European country with Google.

I will be investigating this to the fullest extent allowable by law. Please contact me if you don't want this.

Best of luck. But your chances look really slim.

Maybe try to negotiate with him and give him 10% or something to have any shot at getting it back.

Yeah 10% you have no chance the hacker would rather take the risk, you are looking at 50/50 or 60/40.  If the hacker is reading just do a deal with the person you hacked, you taught them a lesson on security, you made some money and they wont be chasing you all your life.  Win win all round.