QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$76 000 USD
NOVEMBER 2013
GLOBAL
BLOCKCHAIN.INFO
DESCRIPTION OF EVENTS
"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."
"Blockchain.info is not an online wallet. They don't have access to private keys. If this story is true, his PC was compromised."
"OP used Coinbase (which had 2FA) to purchase the bitcoins but then transfered the coins to Blockchain.info (which did not have 2FA) which is where they got stolen from." "I had used 2 factor authentication with Coinbase, but did not have it enabled for blockchain.info, where I had transferred the coins to."
Blockchain.info had a "blockchain back up file they send to your email." "Yes, I did have the backup file in my email." Email password was "10 characters with uppercase, lowercase, digits and punctuation."
"Today, as I was halfway through my workout at the gym, I get a notification on my Android phone: "You have transferred 301 BTC""
"Ugh. My entire savings gone. I put nearly every paycheck into buying bitcoins through Coinbase - not one of the early gpu miners =("
"Not looking for pity, but hoping this serves as a warning to anyone not using cold storage or some level of 2 factor authentication for large amounts of BTC. I am also curious if I can find out how it happened. Malware on my Android phone or Macbook?"
"Let me ask you.... did you leavr any of your computers unlocked? Or accessable..? I ask because a easy attack vector would be the blockchain back up file they send to your email." "Yes, I did have the backup file in my email. This sounds most likely..."
"We need to address this to the community to prevent it again. Man I am really really sorry for your loss and your hard work. Theres still a bit of hope to still be a early adopter."
"Young, single and nothing left to speculate with. Onward."
A blockchain.info user noticed one day that their wallet was emptied of their entire life savings of over 300 bitcoin. The most likely culprit was their email backup, which would have been exposed if their email was compromised. It is unclear if the password may have been reused and exposed in a previous data breach, which is a common attack vector.
HOW COULD THIS HAVE BEEN PREVENTED?
Passwords need to be unique on each account to prevent breaches. In particular, ensure that any accounts which hold finances such as banking or primary email have a unique and secure password. One strategy for generating easier to remember passwords is to use 4 fully random words.
I just lost 301BTC ($70,000+) on blockchain.info. USE 2FA / Cold wallets! : Bitcoin (Mar 19)
Address: 1PcrtzwnGVVvwXy8xAVErq6U6hPb8omkJJ | Blockchain Explorer (Mar 26)
Address: 13V8GFEQnct9iX1XoG1GA7bqf9XfVmjgtD | Blockchain Explorer (Mar 26)
Address: 1PLsqpR1Ln2CNhT3YXc1M74gQxP4yPEkAZ | Blockchain Explorer (Mar 26)
Address: 1NiRNN1yXeeAg1CnBsVPjvpHKk6AZxd9U9 | Blockchain Explorer (Mar 26)
Address: 1HJ3tECDZA4Zpgux1qK9AXKpRYZWjXXK4 | Blockchain Explorer (Mar 26)
xkcd: Password Strength (Mar 26)
936: Password Strength - explain xkcd (Mar 26)
Blockchain.com Wallet - Store and Invest in Crypto (Dec 24)
Blockchain Wallet Review: Learn How To Buy Bitcoin On Blockchain (Dec 24)
https://ca.investing.com/crypto/bitcoin/historical-data (Mar 15)
Transaction: dbafa6c1225ef8d919369a82530a0708a09738eb8ce26ca4a7482b19f22dea11 | Blockchain Explorer (May 29)
Imgur: The magic of the Internet (May 29)
