Bitcoin wallet backup restore / Dogecoin hashrate wallet

This past Sunday,all 3 of the bitcoin addresses in Fr33 Aid’s blockchain.info wallet were emptied of their bitcoins in this transaction. The value of the loss was nearly 23.5 bitcoins.

Four minutes after the theft,Fr33 Aid received a donation of 0.01 bitcoins,and later that evening the first of 2 transactions with proceeds from the Texas Bitcoin Conference charity events were received,totaling 1.5 bitcoins. These bitcoins were secured yesterday,as soon as we learned Fr33 Aid’s wallet had been compromised,and the donation address on our website was updated. Please use our new address for any future donations.

Fr33 Aid’s wallet had 2 Factor Authentication enabled prior to the theft,and we are actively working with blockchain.info to investigate how it happened. They have been very responsive,and we expect to be able to update this post with more information soon.

See embedded video below confirming I set up the new address using both a different device and wallet program than I had used previously.

Today I was able to access Fr33 Aid’s blockchain.info wallet for the first time in a few days,as their wallet functionality was out of service during that time. I had previously turned on logging,and in checking the log I discovered that a Blockchain.info Admin had approved a 2 Factor Authentication reset on Sunday,about a day after the request was made and about an hour before the settings were accessed and wallet was updated and bitcoins stolen. I was the only person with access to Fr33 Aid’s wallet,and I did not request the 2FA reset. I understand from Mandrik at Blockchain that the 2 IP addresses used for these activities (185.21.188.146 and 77.247.181.162) were both Tor exit nodes.

What We Did Right

Enabled 2 Factor Authentication for Blockchain wallet access using Google Authenticator.

Turned on logging with IP addresses for all Blockchain wallet activities. This allowed us to identify the 2FA reset that helped the thief gain access to the wallet.

Regularly checked the balance on Fr33 Aid’s address,not relying solely on email notifications. This enabled us to detect the theft and secure the recent donations before they were taken as well.

Secured the private keys for Fr33 Aid’s addresses offline and in a manner that was separate from the device used for accessing the wallet. This enabled us to access the more recent donations we received.