Blockchain wallet hack

[Dexter]

My wallet was hacked this morning, thankfully nothing was taken, but someone else on another computer was trying to access my account. The warning came when I logged in and blockchain had it that someone using a different browser and IP address linked to another state far from me. I sent a message to security with details.

They have my wallet ID and PW.

They didn’t have my email address to request login authorization, but it’s just one more warning to all of you not to keep your funds laying around and to regularly change wallet, email address and passwords.

 

[dexes]

2-step authenticator bro

 

[Dexter]

dexes" pid='70551' dateline='1570141650:

2-step authenticator bro

I have 2 step authenticator.

And a second password for transactions.

They didn’t get any money, what they did was try to login using my password and wallet ID. They don’t have access to my phone and if they wanted I’m sure they could get my number however I don’t know how much trouble it is to get sim card set up with my phone#, probably not worth it.

At this point I’m switching over to my linux machine and wiping my ssd clean on this machine. Close out my proton account and switch everything over to new emails. Transfer funds to a new blockchain wallet.

 

[MikeAlstott]

Wait, so they were able to login without MFA? How do you know they have your password?

 

[Dexter]

MikeAlstott" pid='70559' dateline='1570149753:

Wait, so they were able to login without MFA? How do you know they have your password?

Blockchain had someone logging into my account when I was logging in. When I was logging in my IP address (light up in blue) and the scammers IP address (light up in red), a message asked if I would like to okay(blue) or reject(red) their login from the Red address. The IP address showed up as 1500 miles from me.

I contacted security, they said it was a scam in progress, I gave them all the info I had, they recommended closing the account. I changed the password on the account and no one has touched any funds.

Like I said the easiest solution is to change wallets, passwords, emails, and in about two weeks I plan to change my phone number after I finish out some transactions. I’ll also be jumping back to my trusted Linux, I’ve been using Win10 for the past 9 months after using linux for almost twenty years without a single issue, windows has always been complete and total s***. I suspect from here on out I’ll use a Linux OS burned to a DVD running on ram, so I don’t have any possibility of leaving anything behind.

 

[superawesomename]

Dexter" pid='70565' dateline='1570153844:

I suspect from here on out I’ll use a Linux OS burned to a DVD running on ram, so I don’t have any possibility of leaving anything behind.

Little scorched-earth, don’t you think? Though I’m confused how they would be able to access/change your 2fa/sim card? AFAIK Google authenticator is rooted to the physical device, I’d imagine most are similar. I got a new phone, swapped sim cards and all, and I just had to set everything up again. It never gave me the option to even attempt to access previous information, which was gay because I had my Ubisoft auth on that bitch and I had to do a whole bunch of emailing to get back into my R6 Siege account lmao

 

[resistor]

superawesomename" pid='70579' dateline='1570184104:

Dexter" pid='70565' dateline='1570153844:

I suspect from here on out I’ll use a Linux OS burned to a DVD running on ram, so I don’t have any possibility of leaving anything behind.

Little scorched-earth, don’t you think? Though I’m confused how they would be able to access/change your 2fa/sim card? AFAIK Google authenticator is rooted to the physical device, I’d imagine most are similar. I got a new phone, swapped sim cards and all, and I just had to set everything up again. It never gave me the option to even attempt to access previous information, which was gay because I had my Ubisoft auth on that bitch and I had to do a whole bunch of emailing to get back into my R6 Siege account lmao

If you have access to the data used to seed google authenticator, you can create a second, also valid, MFA device. Not very probable, but possible

 

[superawesomename]

resistor" pid='73029' dateline='1571978399:

superawesomename" pid='70579' dateline='1570184104:

Dexter" pid='70565' dateline='1570153844:

I suspect from here on out I’ll use a Linux OS burned to a DVD running on ram, so I don’t have any possibility of leaving anything behind.

Little scorched-earth, don’t you think? Though I’m confused how they would be able to access/change your 2fa/sim card? AFAIK Google authenticator is rooted to the physical device, I’d imagine most are similar. I got a new phone, swapped sim cards and all, and I just had to set everything up again. It never gave me the option to even attempt to access previous information, which was gay because I had my Ubisoft auth on that bitch and I had to do a whole bunch of emailing to get back into my R6 Siege account lmao

If you have access to the data used to seed google authenticator, you can create a second, also valid, MFA device. Not very probable, but possible

That’s interesting, didn’t know that. Do you by happenstance information someone would need to be able to gather that? I imagine just your email and password, correct?

 

[Dexter]

resistor" pid='73029' dateline='1571978399:

If you have access to the data used to seed google authenticator, you can create a second, also valid, MFA device. Not very probable, but possible

For me it’s pretty simple, since I have four laptops, I just wiped one, installed a minimal FreeBSD and will leave that to the side for all transactions, never using it for anything but crypto and banking.

The only real secure method is a system you never use for anything else.

It was an indian scammer that got me(they need to start hunting these guys down, publicly executing them via woodchipper on pay-per-view), granted they didn’t get anything out of my blockchain, but they won’t get anything now with three passwords required to complete a transaction.

 

[kuryu4]

If you guys have a decent amount of money in crypto, do not store it in a hot wallet (exchanges, anything connected to the internet). When you have it in a hot wallet, those coins are at risk and they aren’t really in your possesion. Sure you have access to it but if at any point that exchange becomes compromised (hacked or exit scammed) you will be shit out of luck. Download a cold wallet (such as electrum), right down your private key and seed phrase and store it somewhere safe.