There have been numerous thefts on Blockchain.com (previously Blockchain.info) wallet. Hundreds or even thousands of customers have lost millions worth of Bitcoins and other cryptocurrencies.
The most recent reason for these thefts is 2FA malfunction. Most victims have stated that right before the theft, either 2FA email has been changed or 2FA completely disabled, after which all funds have been moved out.
There’s a known 2FA security flaw on Blockchain.com that allows a hacker to disable 2FA without needing to authenticate with 2FA first. This allows the hacker to login to the wallet with just Wallet ID and password.
Even though Blockchain.com has been aware of this flaw since 2019, it still has not been fixed. This flaw is likely the reason for multiple hacks, though there may be other security flaws in the Blockchain.com wallet. The involvement of Blockchain.com staff or a data leak cannot be ruled out either.
As of now, Blockchain.com is unwilling to accept responsibility or admit that their system has any security flaws. Instead, Blockchain.com is threatening people who have exposed these flaws with legal actions. Here's the example of such a letter and further correspondence with their lawyers:
Blockchain.com has also been unable to provide any reasonable support to its customers and has offered absolutely no aid to the victims of the theft. As a result of this, on TrustPilot, 60% of reviews are negative 1-star reviews.
We strongly advise everyone to stop using Blockchain.com wallet and their other services due to the extremely low security they provide and the high risk of theft on their platform.