Blockchain.info Wallet Emptied
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Blockchain.info is a highly popular web wallet which was commonly used back in 2013. A blockchain.info user reports that their wallet was emptied, and the transaction referenced has 8.4 BTC. Blockchain.info used to send backup information to people's email addresses, which is a possible way that the wallet was breached. Another possibility is that they were another victim of the failures in the Blockchain.info random number generator, with the attack sending funds to a second address.
This is a global/international case not involving a specific country.[1][2][3][4][5]
About Blockchain.info
"The world’s most popular crypto wallet. Over 80 million wallets created to buy, sell, and earn crypto." "As they say, not your keys, not your crypto. Blockchain.com Private Key Wallets are the most widely-used wallets for self-custody of your crypto. We make it easy for people who are ready to control their private keys to hold them with a Secret Private Key Recovery Phrase." "When it comes to ensuring that your crypto is secure, we think about every last detail so you don’t have to."[6]
The Reality
In general, funds which are stored online in web-based wallets should not be considered fully secure. There are a multitude of ways that funds can be taken from web wallets. In particular, the user in this situation had a backup of their wallet sent to their Gmail email account.
What Happened
A user reports that their blockchain.info account was hacked on August 1st, 2013.
| Date | Event | Description |
|---|---|---|
| August 1st, 2013 5:23:58 AM MDT | Blockchain Theft Transaction | The theft transaction occurs on the blockchain. |
| August 1st, 2013 5:27:22 PM MDT | BitcoinTalk Post Made | A thread is started in BitcoinTalk trying to determine more information about how the funds may have been breached. |
Technical Details
"I've found no evidence that my email was compromised, and was using two-factor authentication at the time." "I have 2 factor enabled. Was logged into btct and bitfunder at the time (but not blockchain.info)" "The coins were literally sitting in the online wallet for just a few hours, as well."
"I checked the ip address of recent logins. Everything seems to be in order. I don't have 2FA set in gmail, but my password is fairly strong."
Existing Password Reuse Theory
This theory is that the thief was able to gain access to the blockchain.info wallet.
Facts supporting:
- Password was relatively weak, 8 letters and 2 numbers.
- Past logins were observed in June and July of that same year.
Facts against:
- There was reportedly a 2FA enabled on the account.
- The blockchain.info wallet does not report any recent logins.
"My best guess would be a password that exists in a rainbow table, but I suppose there are other possibilities."
Wallet Backup From Email Theory
The theory is that a wallet backup which was stored in his Gmail account was breached.
Facts supporting:
- There was a wallet backup stored in the Gmail account.
- A wallet backup is sufficient to gain access to the wallet, regardless of 2FA.
Facts against:
- It was reported that no previous suspicious logins had been seen on the Gmail account, which suggests that access either happened a long time ago or was not through logging into the Gmail account.
"So many people don't realize that nearly every email they send bounces around the internet completely unencrypted in plaintext for hackers to read."
"If your password protecting your blockchain.info wallet was weak, then a hacker could capture it as it travels from blockchain.info to Google, and then check it against a rainbow table. The 2 factor is only for logging into the website to receive the encrypted wallet. Once they've got the wallet, they don't need the 2FA at all."
"I do have the blockchain info wallet backup sent to my email. Even if they had this, would they be able to extract the private keys? I still had 2FA on."
"[T]hey can empty your wallet without doing login on blockchain.info wallet by importing your backup wallet into any client that supports it."
Wallet With Weak RNG Exploit Theory
The RNG exploit would be an insecure wallet generation. This would likely affect multiple wallets and blockchain.info would be aware of such an exploit.
"How can I determine if this was caused by the rng exploit? I was using Chrome at the time."
Total Amount Lost
The transaction referenced has 8.3995 BTC[4]. The total amount lost has been estimated at $2,000 USD[5].
Immediate Reactions
"My account was hacked on Aug 1st." "Someone was able to empty out my blockchain.info account." "It appears someone got into my blockchain.info account and transferred coins out of it just a few minutes ago." "Yes, it's an annoyance to lose the coins, but what I'm concerned about is understanding how this happened, because I thought things were pretty buttoned up." "Any help would be appreciated."
Ultimate Outcome
Discussion ensued and multiple theories were put forward. There doesn't appear to have been a consensus reached as to what happened to enable the breach.
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
The blockchain.info wallet is web-based, which makes it a form of hot wallet. Hot wallets are vulnerable to breach, and should not be used to store large sums of money. Always store the vast majority of funds offline in a cold storage medium which is not connected to the internet.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Blockchain.info security [FUNDS STOLEN] - BitcoinTalk (Accessed Mar 19, 2022)
- ↑ Hacked - BitcoinTalk (Accessed Mar 26, 2022)
- ↑ Blockchain Wallet Review: Learn How To Buy Bitcoin On Blockchain - BitDegree (Accessed Dec 24, 2021)
- ↑ 4.0 4.1 Theft Transaction 1174e27cd6de043ec081a68b52f455ba1548f35949c2ba2ddd3abc60f5a29840 - Blockchain Explorer (Accessed Mar 27, 2022)
- ↑ 5.0 5.1 Bitcoin Historic Price Data - Investing.com (Accessed Mar 15, 2022)
- ↑ Blockchain.com Wallet - Store and Invest in Crypto (Accessed Dec 24, 2021)