New Users

Send and receive bitcoins in seconds.

Create Your Free Wallet
Existing Users

Already have a Blockchain Wallet?

Login Now

Two Factor Authentication

It is highly recommended you enable two factor authentication on your My wallet account. Your wallet data is still only encrypted with your password however a second authentication step will need to be passed before your encrypted wallet data is output. Currently we support Yubikey and email two-factor authentication.

Failed Login Attempts

If you have two factor authentication enabled on your account after 4 failed login attempts your account will be locked for 2 hours at which point no more login attempts can be made. You will be sent an email if your account is locked giving you time to take precautions if necessary.

Secret Phrase

A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis.

Sessions & cookies

For your convenience once two factor authentication is verified this will be remembered for a short time. Yubikey sessions expire in 4 hours, Email Codes expire in 24 hours.

Local storage

No sensitive data is stored in your browser's local storage. If available the site will cache your wallet identifier, address balances and transactions, in the event of login with a different identifier this data is cleared.

Password Policy

Your password is never transmitted over the internet, sent to our servers, stored in cookies or in your browser's local storage in any form for this reason we are unable to help recover lost passwords.

Access to personal data

Your personal data such as email address is only made available to a client with the associated shared key, this is encrypted inside your wallet which requires your password to reveal.

Cross-site scripting (XSS)

All user data is stripped of any html or javascript code before being output. You are encouraged to review our code for possible XSS vulnerabilities.

Cross-site request forgery (CSRF)

As a password is required for every login and no cookies are used the site is not vulnerable to CSRF exploits.

Server Access

Our database and website run on privately owned dedicated hardware which is located in a secure data center with a 24 hour security guard. Only the site administrator has access to the servers.

Backup Policy

All data is synchronously committed to at least two different servers and backed up to an offsite location every 24 hours.

Can I review your code?

The client side javascript is available at https://github.com/blockchain

Secure bitcoin wallet

Please Note

This service allows you to freely import and export private keys in various formats. It is important to keep this data safe as two factor authentication or any other security measures taken by us are nullified if your backup is not secure. It is recommended you keep only AES encrypted or Paper Wallet backups on your own PC, do not store your unencrypted JSON data without additional security measures being taken.

For inquiries such as lost passwords, stolen/lost bitcoin, and general questions, please contact us at support@blockchain.zendesk.com.
To report any bugs, vulnerabilities, exploits, etc. contact us at security@blockchain.info.