$76 000 USD

NOVEMBER 2013

GLOBAL

BLOCKCHAIN.INFO

DESCRIPTION OF EVENTS

"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."

 

"Blockchain.info is not an online wallet. They don't have access to private keys. If this story is true, his PC was compromised."

 

"OP used Coinbase (which had 2FA) to purchase the bitcoins but then transfered the coins to Blockchain.info (which did not have 2FA) which is where they got stolen from." "I had used 2 factor authentication with Coinbase, but did not have it enabled for blockchain.info, where I had transferred the coins to."

 

Blockchain.info had a "blockchain back up file they send to your email." "Yes, I did have the backup file in my email." Email password was "10 characters with uppercase, lowercase, digits and punctuation."

 

"Today, as I was halfway through my workout at the gym, I get a notification on my Android phone: "You have transferred 301 BTC""

 

"Ugh. My entire savings gone. I put nearly every paycheck into buying bitcoins through Coinbase - not one of the early gpu miners =("

 

"Not looking for pity, but hoping this serves as a warning to anyone not using cold storage or some level of 2 factor authentication for large amounts of BTC. I am also curious if I can find out how it happened. Malware on my Android phone or Macbook?"

 

"Let me ask you.... did you leavr any of your computers unlocked? Or accessable..? I ask because a easy attack vector would be the blockchain back up file they send to your email." "Yes, I did have the backup file in my email. This sounds most likely..."

 

"We need to address this to the community to prevent it again. Man I am really really sorry for your loss and your hard work. Theres still a bit of hope to still be a early adopter."

 

"Young, single and nothing left to speculate with. Onward."

A blockchain.info user noticed one day that their wallet was emptied of their entire life savings of over 300 bitcoin. The most likely culprit was their email backup, which would have been exposed if their email was compromised. It is unclear if the password may have been reused and exposed in a previous data breach, which is a common attack vector.

HOW COULD THIS HAVE BEEN PREVENTED?

Passwords need to be unique on each account to prevent breaches. In particular, ensure that any accounts which hold finances such as banking or primary email have a unique and secure password. One strategy for generating easier to remember passwords is to use 4 fully random words.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.