Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Web Wallets
Re: Blockchain.info account hacked (450+ BTC)
by
ffssixtynine
on 17/01/2014, 08:49:14 UTC
Quote from: guybrushthreepwood on January 16, 2014, 06:58:18 PM
Quote from: malevolent on January 16, 2014, 05:58:34 PM
Quote from: guybrushthreepwood on January 16, 2014, 05:39:55 PM
Quote from: Sephera on January 15, 2014, 09:12:19 AM
Was there 2 factor auth?

Probably not going by this "the theft was almost certainly due to poor security". Blockchain is pretty safe if you use all the security features.

2FA won't help if the malware is going to wait until the wallet is decrypted after the owner logs in.

What about if you have the second password option on to spend the funds, or is your entire wallet vulnerable as soon as you log in?

A compromised machine defeats all of this the moment your wallet is decrypted. If you have two passwords, that only happens in a form that reveals private keys when you enter your second password. The precise form of malware dictates whether they will get your keys, but I would certainly use the on screen keyboard that is popped up for the second password in order to defeat a more basic keylogger.

2FA was off in this case. It would not have protected API access (unless this supports 2FA) but it would have protected a web log in. There are so many points of failure security wise there is no point in even starting. However, bad security doesn't always lead of thefts, it just creates the opportunity. The question is who took the opportunity and which weakness was exploited.