Updated: Dec 1, 2020
A few weeks ago, my buddy knew very little about cryptocurrency. He knew it was interesting. He knew he had to be careful with his private keys. Like many would, he assumed that there was some modicum of professionalism in the services available to beginning users. But there is a deep and abiding problem at Blockchain.com, and it is, quite simply, the ease with which a “big” player can brush off complaints, theft, and hacking as a sort of “buyer beware.”
If you take nothing else away from this post, please read this:
BLOCKCHAIN.COM is a flawed site with an admitted exploit and targets scammers worldwide; they know this and refuse to fix it!
Please do not use Blockchain.com to do business online, do not create a wallet using their tools, and do not trust them to prevent hackers or scammers from using their service to steal your cash. They have allowed it once, and they will allow it again and again. Do not use their service.
Let me explain.
Say you had $10,000 in US currency. Cold hard cash. You own it; it’s yours, it’s in your hand. If you went to a bank, you could hand that currency to a teller and deposit it in your insured bank account. Because it is $10,000, the USA's government will want to know how and where you got the money (for tax and legal reasons). Everyone understands and goes through with this process because if, at some point, the bank explodes or thieves beset it from all sides, or a dozen other things happen, nothing affects the simple relationship between you and the bank.
And to many, banks are evil. They are capitalist tools aimed at stealing your dough. Fair. I read Ayn Rand once, too.
If, on the other hand, you take the same $10,000 and put it in a box under your bed, you will always know where it is, the government can’t control it, and the world has no idea you have any money at all. If your house burns down, then you might be out of luck but assume you’re safe and sane, and you put your cash inside a fireproof box and that has a key hidden somewhere else so you can open it when the flames die down. That is not the say the box will survive the fire, but those are the chances you have to take.
When you buy bitcoin (BTC) in the crypto world, you are either trusting a big company to hold your fireproof box or owning the fireproof box itself. The big company still has all the bank's reporting requirements, but the company isn’t insured and, in fact, often refuses to acknowledge hacks or scams are its responsibility. If a scammer were working the lobby of your local Chase, you’d assume the security guard might do something. But scammers lurk around these exchanges all the time, and no one cares.
There are essentially two ways to store BTC online. You can use a custodial service like Kraken.com (which is excellent), or you can use a non-custodial service like Blockchain.com, which is seen as more desirable because it gives the user more control. Don’t be fooled. Blockchain.com is not safe, not sane, not your friend.
Bitcoins are not inherently risky. They are the literal equivalent of digital cash. If you “lose” a bitcoin, then it is no longer yours. You can’t rewind the system to make it come back. But, just as you assume that your wallet in your pants pocket is usually safe from robbers when you’re sitting in your living room, you can also assume your bitcoin is safe as long as you do everything correctly. If you own your keys, you own your bitcoin. In fact, Blockchain.com pretends to be a non-custodial service that tells you that you own your own wallet and keys and any trouble that stems from this is your fault. But imagine if the maker of your leather wallet actively ignored security protocols and led hundreds of scammers and thieves to your house and told them exactly where your good old leather wallet was hidden. That’s what Blockchain.com does.
Superficially, Blockchain.com has a lot to offer. They make it stupidly easy to store your BTC despite advertising themselves as the most popular and safest place to do this despite having millions of accounts. Their simplicity trade-off is a lack of security.
Unfortunately, they also have a known, exploitable hack that allows scammers to steal your cryptocurrency as soon as you create a wallet there. By stealing your credentials at the moment of creation, nothing you store in a Blockchain wallet is secure. And they could easily fix this. Why don't they?
Oh, and by the way, if you are already confused by my "simple" explanation, they are counting on that. Though I've tried to dumb this down as best I can; I realize this is still confusing. So, if you have ANY questions, DM me here, on LinkedIn, @johnbiggs, or email me at firstname.lastname@example.org, and I'll arrange a Zoom call to explain the fraud.
When my friend created a “2FA” protected account on Blockchain, the story is simple: a hacker immediately stole his keys because Blockchain.com allows multiple instances of the new wallet to be open simultaneously without authentication.
They were then able to steal anything in his blockchain.com wallet in seconds. In other words, in an absurd real-world example, imagine if that as soon as you bought your good old leather wallet, it signaled thieves around the world to follow you home and then - without you knowing - was able to unlock your front door. If that sounds ludicrous, then welcome to Blockchain.com.
Blockchain.com management, from the CEO down to the Chief Security Officer and the VP of Marketing, have all communicated with me and all know about this incident and others like it. They refuse to acknowledge it or fix it. However, they have admitted it in writing.
I don’t want to detail the specific exploit here because I want to give Blockchain.com one chance to fix it and make it right.
Tomorrow, I will print the entire exploit and how to do it yourself.
2020 has been an awful year, and maybe you need some Christmas cash?