$4 000 USD

AUGUST 2013

UNKNOWN

BLOCKCHAIN.INFO

DESCRIPTION OF EVENTS

"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."

 

"I import the private key into blockchain.info." "I had previously used a paper wallet, but transferred my money back to Blockchain to enable easier transactions. I was using 2 factor authentication with an SMS code being sent to my phone to be able to access my wallet. I did not notice this at the time, but now that I checked, a wallet authentication code was was sent to my phone at 12:17am Aug 2nd. I do not recall ever seeing this until now." "[H]e was texted a confirmation code to enable the transaction, not a notice saying it had happened."

 

"I was once sent an email from Blockchain with a wallet backup saying the following, but that is all I'm aware of - "Attached to this email is an AES encrypted wallet backup which contains everything you need to restore your bitcoin balance. You can use it to restore the wallet at anytime at My Wallet or using the 3rd party MultiBit Desktop client."

 

"The password was not very strong at all..." "My password could probably be stronger, but it is one of the stronger ones I use. 5 letters and 6 numbers. I don't believe I use it anywhere else." "And as I mentioned earlier in this post, I stupidly sent myself and email with my username and password to my wallet when I first opened one at Blockchain." "It looks like I used the same one for Coinbase as well, but just those 2 locations."

 

"I don't have my phone locked."

 

"On July 17th, somebody signed in by iPhone with a different IP address than what mine appears to be (an the site says it was a Verizon IP, though that is my provider). It is close to the city where I live, but probably 30 minutes away."

 

"On July 30th, I was logged in from a Starbucks on the hospital's WiFi which I can see on the map. Besides that, the location on the map appears to be where my apartment is and have the same IP address (the first 11 characters are the same, but then they change - I don't understand what that means)."

 

"Just another piece of data. I ran a full Symantec scan and the only thing it found was a tracking cookie from quantserve.com. I'm assuming that is nothing, but I just wanted to mention it."

 

"Today when I logged onto Blockchain.info, I noticed the 40+ BTC I had in my wallet were gone and had been sent to this address 1GvmpUY1RdR5zf7jDZnpjfuBnoCz3S2xSS at 12:20am Aug 2nd."

 

"I checked my laptop browser history, and I do not see any activity during the time of the transfer. However, it looks like there is a gap in my history where I or somebody else cleared the history on my computer. 8/1 12pm to 8/2 11am is missing. The transfer happened at 12:20am on 8/2."

 

"I did not notice this at the time, but now that I checked, a wallet authentication code was was sent to my phone at 12:17am Aug 2nd. I do not recall ever seeing this until now." "The time between the two is 3 minutes. 12:17am the code was sent. 12:20am, the was the transaction that emptied the wallet." "I honestly do not remember seeing this text until right now (5 days later). I was quite out of it that day. I had a surgery for which I was put under, 10 hours earlier in the day and was basically a zombie. I do not recall seeing the message at the time, either when it was sent, or after the fact, but it is possible that I did see the message that day but didn't think much of it (again, I was very out of it)."

 

"I don't believe anybody could have borrowed my phone at that time. I was at home for a few days in my apartment because of a surgery. I may have turned on my wifi once (though I don't think so) if that could do something." "We've eliminated people without physical access to your phone and computer because your email wasn't accessed by someone else."

 

"I'd appreciate some help to understand what happened, and if possible, how I can get the BTC back. I'm not a tech person, so it's been a struggle to learn what I have about Bitcoin..."

 

"I followed the transactions and it looks interesting. The address it was sent to then sent that balance to two other addresses. If you track those addresses down, they also keep doing a forked balance split by sending to two other addresses. I am not very good at digging deep into this stuff though, so maybe someone else has an idea of what is happening."

 

"I do not have 2-factor for Gmail, but I'll do that now and change all my passwords to something much more robust."

A blockchain.info user reports that their wallet was emptied, and the transaction referenced has 40.416 BTC. The user sent password information to their email addresses, however they found no login history on the email. They received a transfer code to their phone, which they leave unlocked. They report some of their browser history is deleted. The user was drugged from surgery at the time. The prevailing theory is that one of their roommates took the funds. Another possibility is that they were another victim of the failures in the Blockchain.info random number generator, with the attack sending funds to a second address.

HOW COULD THIS HAVE BEEN PREVENTED?

The blockchain.info wallet is web-based, which makes it a form of hot wallet. Hot wallets are vulnerable to breach, and should not be used to store large sums of money. Always store the vast majority of funds offline in a cold storage medium which is not connected to the internet.

 

In general, it is not good practice to let anyone else know how many bitcoin you have, and to have a decoy wallet with less bitcoin more easily accessible.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.