Silk Road forums
Discussion => Security => Topic started by: malpractice on September 10, 2013, 10:10 am
-
Hi
This morning my wallet at Blockchain was emptied completely and certainly not any of my own doing!!!
Yesterday I bought a small amount of bitcoins 3,6 via a bank-transfer and received the bitcoins in my wallet as usual.
a couple of hours afterwards the trader (doesn't matter who - trusted online bitcoin trader one of the largest) processed the order again, by mistake, they claim at least!!
Also this transaction was transferred to my wallet so actually I received the same amount twice.
I logged in this morning to transfer my bitcoins, believing there was 3,6 in my wallet - but it was empty and I could see the two deposits (realizing the second one at that time)
and all the bitcoins had been transferred out of my account to 1PpViAvCj9ALTK1Nue22Xiizp1ATbt1UCG
Obviously I have contacted the trader and they have replied instantly that they made the mistake of re-processing my order, but have no knowledge of the transaction out of my account.
I have also contacted Blockchain with the details as this might be a security breach on their side.
Anyway I would like any relevant input to this as I am quite worried.
I am pretty high on security and password security especially - I have of course scanned everything over again for any possible spyware etc.
for ref. I am on a Macbook.
-
Please update this. Can be a serious concern if you were not phished or hacked.
-
I lost 500 dolares many manoths ago when I was active, and I spread the word but I guess not enough! /Slacker
(Now I'm just wondering if I'm just really monged and having a fantasy "memory".)
Sorry it happened to you mang.
-
Hi
I will keep you posted once I hear from the support guys at Blockchain.
Of course this increased my paranoia level so I spent yesterday changing all passwords etc. etc. juts to be sure, not
that I found any bots or trojans etc.
What I did find out was, when tracing the transactions of bitcoins this guy cashed in well over 100 bitcoins yesterday from numerous
addresses within a few hours on newly setup bitcoin addresses all pointing back to his (hers), which doesn't give anything, as it is impossible
to trace the location - but to me it looks like blockchain has been compromised in some level, I should have found a bot or a trojan or a ??? on my
laptop for him to be able to snatch my passwords, which BTW was strong.
Will revert once Blockchain responds
-
I'm curious...
Were you using two-factor authentication?
How about the double encryption feature?... one pw to log on, another to make transactions?
Is the PW/UN for your blockchain different from all your other UN/PW used elsewhere?
Do you use your macbook on other wifi networks?... like at your favorite Starbucks etc.?
-
Hi Yoda
Well I have not set up the two-step however all my UN and PWs are different I never use the same.
I have one username for SR, one for the Forum, one for blockchain etc etc - strong passwords all different
Of course seen in retrospect I should have set up those features you mention as well.
I do access wifi networks, not in Starbuck's but in Hotels during business trips of course that poses a risk lets say Trojans etc.
but I never access any of the sites involved in any of this while not at home on my secure network.
I have as mentioned scanned the whole thing forwards and backwards (Clamxav) - Nothing.
Blockchain has not replied back yet, am starting to wodner if they will.
-
It's a lot more likely that you were phished than the blockchain.info site being hacked/compromised (either way, I'm sorry for your loss). Did you open any files or Java applets over the internet?
If you had malware that stole passwords and BTC, would you know it? Probably not unless you're looking for it. I'd get an antivirus/rootkit scan done on the computer ASAP. I don't know anything about Macs so can't recommend anything.
PS-for the love of god cover-up that btc address in the post! (hint, there's only one deposit into it) ;-
-
Dear Sorrymario
Well phishing is not very likely as I never use links in e-mails - unless it is directly following as a confirmation of my own doing.
Malware is a possibility, however I have scanned, rescanned and then rescanned again - with new updates etc etc and found nothing,
but that doesn't rule out Malware it only reduces the possibility somewhat.
Java - yeah that might be as you hardly can avoid that crap.
Well that bitcoin address belongs to whoever ripped mine, and mine and blockchain will never be used again.
The deposit into that, yes only one, but here comes the catch - I deposited 3,6 BTC to my account, a few hours later another 3,55 arrives which I did not put there and
then quite some hours later the combined amount is transferred out to the BTC account mentioned in this post and then, if you track it, out to two different addresses.
3,6 BTC lost - annoying but...what worries me is who on earth deposited 3,55 BTC on my account, assuming it is the same person, waits quite some hours and then
empties the account - it just doesn't make sense.
-
Sorry for your loss Mal. My guess is it might be the person doing the trade itself.
I ran across this thread trying to research if blockchain is trustworthy or not.
-
There's posts on bitcointalk under service discussion about this. https://bitcointalk.org/index.php?topic=301150.0
Use 2factor ID, or host your own wallet offline preferably.
-
I'm very sorry for your loss. If it's any consolation, I have $500 sitting in a wallet that I can't get into (probably worth much more than that now). My dumb ass installed a new OS on my PC without recording the address!
Anyway, it's sounds as if that's an issue on the blockchain/btc end, but maybe not. That address only has 2 transactions in it's history. Looks like it's being laundered (I'm not an expert).
You may be using mac OSX, but that's not 100% secure. It's security is by obscurity; users can definitely fuck that up though by being careless (not saying you were -- just sayin'). Hell, I run Linux and I'm still fucking paranoid about shit like that. Every OS has vulnerabilities and the end user is the weakest link in the chain. Not to mention WiFi.