Blockchain.info, once the greatest and most used web wallet trusted with millions of Bitcoin at a time. Now its at the bottom of the pile, with hundreds of customers complaining how their wallets have been emptied due to the web wallets poor security.In a last ditch attempt to set things right Blockchain requested its users passwords, so don’t just instinctively dismiss any email from the web wallet service as a phishing email.
With 300 + bitcoins sweeped by white hat hacker by the name of “JoeHoe” as poorly generated private keys led to many users wallets becoming insecure. Reports of theft on the rise and the situation for users got worse and worse. With users reporting missing funds when they accessed the site through TOR, Blockchains solution was to create a site dedicated to serving users on the hidden network. However all was not calm for long as white hat hacker “JoeHoe” swept more bitcoins after his initial seizure of 200+ Bitcoins which he kindly sent back to the Blockchain address to be distributed to the rightful owners.
Blockchains newest method of finding innocent victims is to send out emails requesting users to send their passwords to the service. As controversial as it seems this has been confirmed by Blockchain.info. Whilst going through all the morals of even Blockchain, the risky method of providing the password in a unencrypted and plaintext form has its own flaws. Theres a good reason as to why everyone advises you to not give your password out anywhere as access to your account can be gained instantly by hackers with the right know how.
Blockchain never has access to your addresses or private keys.
It also means our support team has no optics into wallet balances or addresses.
As part of our process to reimburse users we have to ask for their input and review each wallet individually.
Here is how we’re doing it. First, we ask wallet owners to set up a completely new wallet then move any remaining funds into completely new addresses. Next, once the wallet with issues has an empty balance, we’re asking users for their original passwords so we can decrypt the wallets and confirm they were in custody of the weakly generated address at the time the funds were swept. Finally, upon confirmation they owned the address we’re reimbursing them to a new address provided by the end user.
We warn them very clearly to move the funds first and never use that wallet again.
We realize this is a stressful time for many and we’re working around the clock to wrap up the reimbursements. So far we’re processed hundreds and if you have questions or concerns drop us a case at blockchain.zendesk.com
source, Reddit post
With the service provided by Blockchain.info constantly degrading many have also found safety in the new line of hardware wallets which are to be released soon. However this new debacle on how Blockchains management of the current situation has simply tarnished its reputation further.Was Blockchain,info right to ask for user passwords or is this simply another disaster waiting to happen ? Voice your opinions below.