BLOCKCHAIN.INFO

DESCRIPTION OF EVENTS

"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."

"The popular Blockchain website primarily offers market data and serves as the main block chain explorer for the bitcoin currency. However, users can also create web-based wallets to send and receive bitcoins."

"[I']ve just had my blockchain wallet hacked for £5300 that [I] had been saving for 3 years." "[A]ll my cryptos that [I] had been saving for 3-4 years had been stolen days before [I] bought a trezor wallet all because blockchain has no security process for someone wanting to reset the 2FA rendering 2FA absolutely useless if a hacker hacks your email." "[I] was literally about to buy a cold wallet days before being hacked and ive had them on blockchain for 3-4 years with no problem but right at the very moment its hacked."

"I have proton mail with 2FA." "I understand blockchain completely. [I] just never thought 2FA could have been hacked without my phone, not knowing someone can just hack my email and request my blockchain exchange accounts 2FA to be reset."

"[I] do not suggest using it if you want your Cryptos to be safe. I really now just realize how much [I] hate the internet and how it can let some slimy little cowardly rob you of your life changing amount of money/resources."

"One day [I] went to check my cryptos on the blockchain site and it let me in without needing my 2FA[. W]ith that [I] felt dread and then saw all my cryptos had gone."

"After a few days processing how [I] felt [I] learnt that my 2FA had been reset and removed."

"A few months later [I] realized my email mail wasnt showing in my email and realized someone had hacked my email and changed setting so that anything with specific words like password, account etc. would go straight to the bin. So they have do a real hack job on me it seems."

"[N]ow as the bull run starts its gone. I feel like killing my self, feels like life has done this on purpose." "[T]o be honest [I']m done with crypto all together. I[']ve lost 0.364 BTC that could potentially be worth £70,000 this bull run[. A]ll [I] have now is 0.027 BTC."

"[I']ve just checked his transactions and this person has used tumblers to hide his transactions[. I]nsane."

Reddit user Truth-Seeker1990 used the Blockchain.com online wallet, which offers a "2FA" account recovery option based on the user's email account. His email address was hacked (which typically may happen due to reusing the same password as a login for a website). The hacker modified his email account to forward and remove sensitive email messages. He then "recovered" the blockchain.com account and withdrew all the funds ($7k) stored there. The funds were subsequently sent through different mixing services, making tracking very difficult.

HOW COULD THIS HAVE BEEN PREVENTED?

In this case, there are multiple failures. Storing funds online is a very risky move, and the safest storage is offline with a properly protected key. Password reuse was likely also a factor in this attack. At the very least, make sure that key accounts such as primary email, banking, or crypto, have unique and secure passwords. A good method of generating secure and memorable passwords is the XKCD method of generating 4 fully random words. Feel free to turn those words into a long human-readable sentence, with standard punctuation/spaces, if your service will allow it.

Check Our Framework For Safe Secure Exchange Platforms

ALL of my stored cryptocurrency has been STOLEN from my Ledger Nano S! : ledgerwallet (Mar 19)
Fuck Blockchain : Bitcoin (May 4)
Blockchain.com Wallet - Store and Invest in Crypto (Dec 24)
Blockchain Wallet Review: Learn How To Buy Bitcoin On Blockchain (Dec 24)
Bitcoin Privacy Check 3JNtKojECXLrXBD3vDCuUbLeBZzdt7TNGA (May 4)

More case studies

SushiSwap
First Attack

BTC Markets
Privacy Breach