Thanks for doing that. I'll keep digging. Having not had anything stolen before online, this theft has made me very cautious of bitcoin wallets, its clear they are not safe and while you could have any sort of online account broken into, its coloured my view on the safety of bitcoins for the average user.

I had my Blockchain Wallet drained on aug12 I posted about it on the forum.

Can someone tell me if this wallet was on the list

1Cqfi7gKrbGgQuWNpGrziDzmaNoY2cGGjV

I don't use that wallet anymore and am worried about using Blockchain.info until I know how my account was drained while I was logged in and how someone else logged in to my account from Australia at the same time without my knowledge.
 

 
I think that maybe a very good point. I have now used every sort of scan I can find and none of them picked up any trojans, worms keyloggers or remote access attempts. Also, maybe this isn't important but this happened on my Blockchain.info wallet after I had changed the settings to send an email to my gmail account for every transaction. I'm at a loss to explain it but I'm not using Blockchain.info until I know eveything is ok again. I ran spybot and it found nothing either. I checked for extra phoney system file mimics, like csrss.exe. I've never had a problem before with any online service on this laptop

One thing extra thing I've done now is to lock the wallet to a fixed IP, (it's in the Blockchain settings) so it can't be accessed from any other IP, all well and good as long as my IP doesn't change. Otherwise, it will be a huge hassle.

No feedback to report

all I can tell you is be very careful. There are many people trying to break in to your wallets and you will get no help. Be very very careful, change your password regularly, never write it down and keep wallet backups.

From the user log file in Blockchain.info wallet account settings. I posted it above.

Yes, the timing is very significant and suggests remote desktop access. The password I used has never been written down anywhere, its not in any user text file or doc. So keylogging or remote access seem to be the most plausible.

Also, I checked my Remote Assistance settings in system properties. They were mysteriously set to true. I know I had set them to false again when I upgraded to win8 several months ago (for some reason, annoyingly, the update had set them to true)

Update: I contacted the Australian server company for the suspect IP Address. So far, they have been very helpful and are looking to identify the user from their logs and time stamp etc...

I will post more when I know more.

Thanks again for your help. 

Yes you are correct. In my defense, for me it was around 2 am in the morning at the time I wrote that post and I was nearly brain dead anyway. It was a bad day.

You put it all down to a trojan and my password being abused, Of course, it was my laptop and in the end it must be my fault somehow, I agree. 

You also don't seem to take the point that the only fraudulent transaction took place under my nose while I was logged in.. ie at the same time. from an IP address on the other side of the world. logged and recorded. There have not been any other attacks, just one, at exactly the same time as I was logged in. I'm sorry I didn't lose more than 0.21 I got my numbers wrong because I was very tired.

Now, despite two deep scans from two up to date virus checkers I can find no trojans or worms or other keyloggers, the only password I used when it happened was the one for that wallet. So yes, it is most likely my fault somehow, but How? Exactly? Until I can find some help on that, I can't trust using my blockchain wallet from that laptop. As escrow.mi said, my best option is using a paper wallet until this issue is resolved. If it is so easy to strip an account, my personal trust in the system is shot and I would hate to have 10 or 100 bitcoins or even only 0.21 in any online wallet until I know I can trust it again. It's a significant security problem. sorry to have upset you. Thanks for your help. 


 

no every thing else seems to be ok, I lost 0.221776556, not 1.4 (that was wrong too it was 1.03 total deposits), that's a relief, but still gone while I watched. I also had a deposit from bitvisitor. It's been a bad day, sorry...

Checking now.

When I logged back in everything was set to 0, so I assumed it was 1.4 or close to it.

escrow.ms explained that was because I removed Blockchain from the network listing.

oh shit, that was the wrong one, it was 0.2277 something that went, my mistake

I looked at the total amount deposited, not the actual transaction

Thanks, yeh its enough to hurt. I will check out inputs.io

for anyone who's interested the Wallet that took my money was 1MfSeNc7p1cA28e9w7FE48qLJUfQT986MX

IP address 202.60.90.137 traces to

person:         Jon Eaves
nic-hdl:        JE11-AP
e-mail:         noc@dedicatedservers.net.au
address:        Ground Floor
address:        14 Finchley Street
address:        Milton QLD 4064
phone:          +61-7-3412-9582
fax-no:         +61-7-3018-0422
country:        AU
changed:        noc@dedicatedservers.net.au 20090211
notify:         noc@dedicatedservers.net.au
mnt-by:         MAINT-AU-DEDICATEDSERVERS
source:         APNIC

The one that was robbed was : 1Cqfi7gKrbGgQuWNpGrziDzmaNoY2cGGjV

So I opened a new one (in last post) , even though I changed the password and locked the IP address I don't trust using the old one now.



I installed bitdefender and did a deep scan, no trace of anything. Windows defender didn't pick anything up either. The IP address I listed above came from my Blockchain log file.

(might be an anon ip of course)

It stood out, as coming from Australia with a different IP address to mine obviously and they viewed my login page at the same time I was logged in to the wallet.

Yes it may be bitvisitor site, some don't load with just a blank screen.

I'm embarrassed to say how much I lost, its not like it was a fortune, luckily, but they were hard earned bitcoin. 1.4 bitcoin got wiped to zero.

The thing that bugs me is, imagine if you had 100 or 1000 bitcoin, you're just as vulnerable as my little pile, I've never had anything stolen from my bank online. This is the first time I've ever been attacked and I'm not a dummy when it comes to computers or guarding my security online. It's very worrying. I'm going to take  escrow.ms advice and go the paper route from now on.

Hey, whoever sent that little donation. Thanks! very much appreciated. You're a star! Restores my trust a little in humanity  

Still no reply to my support ticket on Blockchain.info  Will let people know if I find out how they stole all my money.

Good idea, but I haven't any bitcoin left now, so it doesn't really matter. Am cleaning the laptop. Deep scan shows nothing at all. no evidence of keylogging either

If anyone wants to donate some bitcoin to my new wallet at another site to get me started again: 1FvbpQt5zREwPJ5CKUX8wH7E1EPCHTduqW


Ok I know its wishful thinking, just depressed to lose everything in front of my eyes, no bitcoin, no happy.  

Still no reply from Bitchain.info on the support ticket either.

Ah, right, I'm getting paranoid.

I'll post if I find out anymore, very bummed at having my little bitcoin account robbed so easily. Not very comfortable using bitcoin at all now.

Now all my account info and transactions history has been zeroed too.  Its like a blank wallet. What's going on with that?

@ escrow.ms


Java is disabled in firefox

Yes, I am checking incoming and outgoing connections now.

I did notice that inside Firfore Options>Network  Blockchain.info is listed as 'allowed to store data for offline use'

I've removed that listing, no idea if Blockchain put it there or a hack of some kind.

No I never save passwords anywhere, I have a very good memory.

Could someone access my account from gmail? without a password? or Dropbox?

The only way I could see, is that from the logs, the hacker did it while I was actually online and logged to the wallet. Remote desktop access?

thanks for the rundown...

Backups were stored on Dropbox and email

Yes password is very secure multiple 16 chars

No imported keys or addresses

No haven't accessed wallet from anything but this win8 laptop

Last scan for malware was yesterday after a defender update. No issues reported.

Haven't accessed any phising sites that I'm aware of. I used Bitvisitor.com to get extra coin from their services. Wallet address included in URL

@Kluge - No, it only ever been used from my win8 laptop and all received came from online exhanges