BitCoinDream
Legendary
 Offline
Activity: 2338
Merit: 1204
The revolution will be digital
|
 |
November 29, 2014, 04:51:52 PM |
|
You can send dust with a public note in blockchain.info, viewable by all.
It appears my gmail was logged into on 22-Nov. Google was supposed to send me a security notification to my phone and email, yet I received neither?
Also, how is my gmail logged into when it has 2FA Google Auth activated???
I think your blockchain.info 2FA was based on gmail and gmail 2FA was based on SMS verification. Am i correct ? I'm still awaiting this answer from OP. |
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 29, 2014, 08:33:08 PM |
|
You can send dust with a public note in blockchain.info, viewable by all.
It appears my gmail was logged into on 22-Nov. Google was supposed to send me a security notification to my phone and email, yet I received neither?
Also, how is my gmail logged into when it has 2FA Google Auth activated???
I think your blockchain.info 2FA was based on gmail and gmail 2FA was based on SMS verification. Am i correct ? I'm still awaiting this answer from OP. It was not, unfortunately. it was setup based on email verification. I don't know if this is what happened, but there have been some suggestions that this may have been caused by a Tor exit node. Don't know precisely what this means, but I was using a VPN service at the time I believe functioned through Tor called IPVanish. Could this be the cause? How would I find out? http://www.btcfeed.net/news/rogue-tor-node-hijacked-blockchain-info-accounts/ |
|
|
|
pedrog
Legendary
Offline
Activity: 2786
Merit: 1031
|
|
November 29, 2014, 09:54:08 PM |
|
It was not, unfortunately. it was setup based on email verification. I don't know if this is what happened, but there have been some suggestions that this may have been caused by a Tor exit node. Don't know precisely what this means, but I was using a VPN service at the time I believe functioned through Tor called IPVanish. Could this be the cause? How would I find out? http://www.btcfeed.net/news/rogue-tor-node-hijacked-blockchain-info-accounts/If your gmail account doesn't have SMS 2FA that might be your security weak link, Check your account activity: https://www.google.com/settings/dashboard |
|
|
|
|
ScryptAsic
|
|
November 30, 2014, 03:43:51 AM |
|
You can send dust with a public note in blockchain.info, viewable by all.
It appears my gmail was logged into on 22-Nov. Google was supposed to send me a security notification to my phone and email, yet I received neither?
Also, how is my gmail logged into when it has 2FA Google Auth activated???
I think your blockchain.info 2FA was based on gmail and gmail 2FA was based on SMS verification. Am i correct ? I'm still awaiting this answer from OP. It was not, unfortunately. it was setup based on email verification. I don't know if this is what happened, but there have been some suggestions that this may have been caused by a Tor exit node. Don't know precisely what this means, but I was using a VPN service at the time I believe functioned through Tor called IPVanish. Could this be the cause? How would I find out? http://www.btcfeed.net/news/rogue-tor-node-hijacked-blockchain-info-accounts/If your VPN was using tor to hide your identity then there is a good change that you were subject to a MITM attack when you tried to log into your blockchain wallet. However I would be somewhat surprised if a VPN was using tor as tor is very slow and I doubt they would get very much business with the speeds that tor can provide |
|
|
|
|
Hash72
Sr. Member
Offline
Activity: 294
Merit: 250
★YoBit.Net★ 350+ Coins Exchange & Dice
|
|
November 30, 2014, 09:05:21 AM |
|
I wouldnt keep even 1BTC (mid-long term) in a wallet that i am not the only one controlling the private key.
You sir is retarded and you created your own misfortune. Sadly.
I still feel sorry though. I am canadian so i'll say it again. Sorry.
i totally agree. keep it in paper wallet. this was an oversight on my part. doesnt explain what happened though  Sorry statdude for your lost lesson to learn hope you manage to get it back Now i am using PRO HMA VPN should i disconnect it when i access Bockchain or any other online wallet despite the fact of using 2F Auth or not |
|
|
|
Puppet
Legendary
Offline
Activity: 980
Merit: 1040
|
|
November 30, 2014, 09:51:41 AM |
|
Which VPN service?
|
|
|
|
|
Hash72
Sr. Member
Offline
Activity: 294
Merit: 250
★YoBit.Net★ 350+ Coins Exchange & Dice
|
|
November 30, 2014, 11:11:32 AM |
|
Which VPN service?
HMA PPTP connection |
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
November 30, 2014, 11:08:30 PM |
|
it's called IP Vanish and connected thru Tor, although I did not know that.
|
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
December 01, 2014, 04:13:53 PM |
|
Update - Coins have been moved to these addresses, any ideas?
1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received 1,009.127 BTC
1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received 41.74661948 BTC
1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received 745.6897046 BTC
Final Balance 745.6897046 BTC
14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received 43.7795 BTC
Final Balance 43.7795 BTC
|
|
|
|
|
sifter
|
|
December 01, 2014, 04:19:59 PM |
|
The chances of you getting it back now bud are really slim.
Sorry.
|
|
|
|
tsaroz
Legendary
Offline
Activity: 2982
Merit: 1069
https://listfaucet.com
|
|
December 01, 2014, 04:24:09 PM |
|
Please 1 BTC should be everyones maximum limit on online wallets. Mine coins were too stolen from android wallet so I stopped using it.
|
|
|
|
|
Martijnvdc
|
|
December 01, 2014, 06:01:45 PM |
|
Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...
This horror story reminds me of the whole inputs.io scam. I remember the first time i heard people saying their money got stolen all of a sudden. And i knew it had to have been an inside job, since it wasn't possible for all those 2FA-protected accounts to be cracked... When i read the thread title, i immediatly logged into my blockchain.info account to see if mine wasn't stolen either.
Bitcoin transactions are not reversible. That's the whole point of bitcoin anyway. So i'm afraid your 63.73 BTC is lost for sure. There simply is no way of ever getting it back. Unless ofcourse you could track the money to some casino or whatever, and report it to them as stolen money. You would be able to prove you are the owner of that address...
Sadly, it's extremely hard to track down those funds.
|
|
|
|
|
funtotry
Sr. Member
Offline
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
|
|
December 02, 2014, 02:01:26 AM |
|
Update - Coins have been moved to these addresses, any ideas?
1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received 1,009.127 BTC
1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received 41.74661948 BTC
1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received 745.6897046 BTC
Final Balance 745.6897046 BTC
14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received 43.7795 BTC
Final Balance 43.7795 BTC
Any attempt to track your stolen bitcoin via the blockchain will likely be fruitless. The fact that bitcoin is fungible means that anyone can potentially trade bitcoin for other bitcoin (or bitcoin for various altcoins), and/or potentially send the stolen bitcoin to a mixer and someone completely unrelated to your thief could not be in possession of inputs that can be traced to the outputs of your stolen coins. IMO the best bet of finding the thief is via IP tracking of the person who logged into your blockchain.info wallet. I think this would likely also be fruitless if your VPN was connecting to the internet via tor exit nodes as you seem to think they were. |
|
|
|
|
sifter
|
|
December 02, 2014, 04:26:08 AM |
|
Update - Coins have been moved to these addresses, any ideas?
1K5B5vgry2dxA8U8YphyKCZnmL2TkXmZSX
Total Received 1,009.127 BTC
1Ajz2tmqhAS2qPDAYw1aqkYJ6xC4mz7LoU
Total Received 41.74661948 BTC
1AA5NSDzAw1nvmbiaPUAdJ7zacu8HvDdSy
Total Received 745.6897046 BTC
Final Balance 745.6897046 BTC
14KAMZsnHwHb32vd1XrNE1pndhuijHjR1a
Total Received 43.7795 BTC
Final Balance 43.7795 BTC
Seems to be have been mixed. |
|
|
|
statdude (OP)
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
December 04, 2014, 09:22:52 PM
Last edit: December 04, 2014, 09:35:31 PM by statdude |
|
https://www.cryptocoinsnews.com/tor-users-can-now-connect-blockchain-infos-onion-address-securely-ssl/
How nice, I get to be the martyr and foot the bill for blockchain.info to beef up their security. Still ironic google 2fa protected everything except my gmail (I'm assuming), which gave up nothing except the wonderfully backed up copy of my wallet sent right to my email (thanks blockchain.info for your genius default settings, very secure). I'm guessing keylogger did the rest by hacking my application specific password to Mozilla Thunderbird and using that to breach Google with 2FA. I still don't understand the supposed MITM Tor Exit node attack but it may be possible. I just have no idea how to confirm if that's what happened. I do know my Google and Blockchain accounts were maliciously logged into from a strange IP address and neither sent me any sort of security alert (google was supposed to via SMS) thanks to those with kind words. I've certainly gained a lot of lessons about trust dealing with bitcoin. don't trust people, don't trust any form of security, & anything bad that can happen to you, most certainly can and will happen.
|
|
|
|
|
MemoryShock
|
|
December 04, 2014, 09:39:28 PM |
|
Wow... I should take my money off of online wallets. I really like using the blockchain.info app on my phone, but it's not worth the security risk.
I definetly don't want to run a full blown bitcoin client like bitcoin-qt...
I wouldn't think of using anything but Bitcoin-QT. It is intensive but once the blockchain is downloaded there is minimal effect on my computer experience if I leave it open. I'm not even terribly confident that it is secure and I have a pass code that takes minutes to input (random phrases from Ulysses). I finally broke down and installed a phone wallet but only for the novelty. There is never more than fifty bucks in it. These stories kind of scare me. I don't have nearly the amount that OP had but I don't want to lose anything that I have. 2FA on an email account might seem like an inconvenience but is necessary in my opinion. I feel for you, OP. I hope that there is a way to bet your BTC back... Edit - I have no idea if it works or not but I type in my password and then hit five random keys (anywhere in the middle) followed by hitting the backspace five times). Even if it is placebo, I have always thought that was a way I could defeat any potential keyloggers. Note - I am not the most tech savvy individual in the world. |
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
December 04, 2014, 09:42:14 PM |
|
Certainly words to live by in general and even more so in the realm of unregulated crypto currencies. |
|
|
|
|
Adamcheek
|
|
December 04, 2014, 09:44:49 PM |
|
Holly crap!
I don't know how to react.
Most I can tell you is check with the addresses he sent them to are coming from. For example if he sent it to a gambling website, perhaps you can then ask the admin for his username or IP or something that can help you better.
Good luck mate!
|
|
|
|
|
Ziggs
Member
Offline
Activity: 67
Merit: 10
|
|
December 05, 2014, 12:11:11 AM |
|
wait how the heck is that even possible though..someone stealing wallet.dat file?
or however online wallets back up work.. fuk thats gotta suck..esp when they mixed coins.
|
|
|
|
|
wpalczynski
Legendary
Offline
Activity: 1456
Merit: 1000
|
|
December 05, 2014, 01:24:56 AM |
|
made me LOL wait how the heck is that even possible though..someone stealing wallet.dat file?
or however online wallets back up work.. fuk thats gotta suck..esp when they mixed coins.
|
|
|
|
|
