Using the MTGox Yubikey on a site other than MTGox is not Two-Factor Authentication. It's two password authentication.
http://us.thedailywtf.com/Articles/WishItWas-TwoFactor-.aspx
It's no different than the stupid banking sites asking for "mothers maiden name" as their "2FA." It's a joke and not any more secure than using one password. It's basically the TSA of Password security. Elaborate, complicated security theater that accomplishes nothing, except to give you a false sense of security.
Don't do it ... get a real Yubikey or Google Authenticator.
Topic: Blockchain.info acount hacked while using yubikey.... - page 3. (Read 14297 times)
Sorry to hear this OP. Can you email me your wallet identifier [email protected].
You have an email from me ([email protected])
thanks that you want to help, but the coins are gone to somewhere in poland
(probarly an Mtgox europe adress).I was saving to around 120btc and then buy 2x 500gr silver bar from an online store
Sucks... 
I think you should stop "supporting" mtgox key while you can't really support it. At least you should let users know it is not keylogger-proof
It is better than no yubikey, expecially if the password is reused on other sites. Besides it might not even be related to the yubikey. The attacker might have got access to the OP's wallet backup.
Sorry to hear this OP. Can you email me your wallet identifier [email protected].
I think you should stop "supporting" mtgox key while you can't really support it. At least you should let users know it is not keylogger-proof
Sorry to hear this OP. Can you email me your wallet identifier [email protected].
Hello guys,
some sad news My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.
Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked (also seeing the large drop in bitcoin price i suspect a large bitcoin hack)
Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
some sad news
My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked
(also seeing the large drop in bitcoin price i suspect a large bitcoin hack)Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
... and the first factor of the two factor authentication was? Let me guess a computer running Microsoft Windows. It seems to me that Microsoft Windows rather than bitcoin is the real problem here. By the way I have been using GNU/Linux exclusively for all my online financial transactions since well before bitcoin even existed with no problems.
It does not matter what king of currency one uses BTC, CAD, USD, EUR etc. If one uses Microsoft Windows for financial transactions there is good chance that sooner or later one will get burned.
How can a acount be hacked when i use a yubikey to login....
Simple, if they get your password keyloged and find a copy of your encrypted wallet stored on the blockchain servers, they can decrypt it by simply using your password. The yubickey is merely requested by the blockchain eWallet javascript which however you do not need in order to use the wallet file.
At least that's how I understand it.
Does the online backups of your wallet need the MtGox Yubikey to be decrypted? If not maybe some hacked your email, Dropbox or Google Drive? Otherwise the thief must be someone you know.
I don't think so and I also think yours is the most likely explanation.
Hello guys,
some sad news My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.
Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked (also seeing the large drop in bitcoin price i suspect a large bitcoin hack)
Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
some sad news
My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked
(also seeing the large drop in bitcoin price i suspect a large bitcoin hack)Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
That sucks man. Sry. But why would you stop mining if you have 4.5 gh? Mining takes no effort and you already purchases the gpu's. You currently make 1.5 coins a day mining.
...
Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
So long, come back in a few years when all this nasty stuff is taken care of.
Edit: How can someone manage to loose so many bitcoins? Have you looked into paper wallets or Casascius bitcoins?
Using AVAST antivirus, so i should be safe. And i didn't download anythin last week (except by steam a game and the demo of it on the official website (Farming simulator 2013)). So that couldn't be it.
But as I said, I think I stop with bitcoin. The loss is to big for me.
Maybe going to do BOINC or something, not realy sure.
But as I said, I think I stop with bitcoin. The loss is to big for me
. Maybe going to do BOINC or something, not realy sure.
Have you figured out how did you lose 10BTC on MtGox?
Using AVAST antivirus, so i should be safe. And i didn't download anythin last week (except by steam a game and the demo of it on the official website (Farming simulator 2013)). So that couldn't be it.
But as I said, I think I stop with bitcoin. The loss is to big for me.
Maybe going to do BOINC or something, not realy sure.
But as I said, I think I stop with bitcoin. The loss is to big for me
. Maybe going to do BOINC or something, not realy sure.
I tried out my MtGox YubiKey on the blockchain wallet service, and I noticed the OTP's that it generates are REUSABLE. It seems Blockchain.info is only looking at the first few letters of the OTP, as they are static, you can actually change the end of the OTP and the website will still accept it.
Doesn't sound secure at all to me.
Doesn't sound secure at all to me.
You are absolutely correct
https://bitcointalksearch.org/topic/how-can-blockchaininfo-use-the-mtgox-yubikey-64300
What about if you don't use the MtGox Yubikey but the standard version. Also can you use the standard version of the Yubikey on more than wallet/site and be safe?
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked
(also seeing the large drop in bitcoin price i suspect a large bitcoin hack)Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
No, it's your own computer got hacked. It MUST have a keylogger
I tried out my MtGox YubiKey on the blockchain wallet service, and I noticed the OTP's that it generates are REUSABLE. It seems Blockchain.info is only looking at the first few letters of the OTP, as they are static, you can actually change the end of the OTP and the website will still accept it.
Doesn't sound secure at all to me and is definitely something that needs to be addressed. This is not 2-factor authentication.
Doesn't sound secure at all to me and is definitely something that needs to be addressed. This is not 2-factor authentication.
Good lord. That's a pretty big deal.
I tried out my MtGox YubiKey on the blockchain wallet service, and I noticed the OTP's that it generates are REUSABLE. It seems Blockchain.info is only looking at the first few letters of the OTP, as they are static, you can actually change the end of the OTP and the website will still accept it.
Doesn't sound secure at all to me.
Doesn't sound secure at all to me.
You are absolutely correct
https://bitcointalksearch.org/topic/how-can-blockchaininfo-use-the-mtgox-yubikey-64300
Does the online backups of your wallet need the MtGox Yubikey to be decrypted? If not maybe some hacked your email, Dropbox or Google Drive? Otherwise the thief must be someone you know.
I tried out my MtGox YubiKey on the blockchain wallet service, and I noticed the OTP's that it generates are REUSABLE. It seems Blockchain.info is only looking at the first few letters of the OTP, as they are static, you can actually change the end of the OTP and the website will still accept it.
Doesn't sound secure at all to me and is definitely something that needs to be addressed. This is not 2-factor authentication.
Doesn't sound secure at all to me and is definitely something that needs to be addressed. This is not 2-factor authentication.
a yubikey should be protecting a acount since its a physical thing you need to press to get a UNIQUE key out of it. Thats all the times different, and will only work 1 time.
Even although its mtgox "branded" it should still be safe to use as its an unique thing.
But it doesn't matter anymore, i stop mining bitcoin. Sad to end it this way instead of buying asic. Its a sad lesson i wasted so much electricity for nothing.
Even although its mtgox "branded" it should still be safe to use as its an unique thing.
But it doesn't matter anymore, i stop mining bitcoin. Sad to end it this way instead of buying asic. Its a sad lesson i wasted so much electricity for nothing.
MtGox yubikey should not be used on anything other than MtGox. MtGox has clearly warned that.
Blockchain.info should stop "supporting" MtGox yubikey
Blockchain.info should stop "supporting" MtGox yubikey
Hello guys,
some sad news My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.
Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked (also seeing the large drop in bitcoin price i suspect a large bitcoin hack)
Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
some sad news
My blockchain acount is hacked today, lost around 101 bitcoin. I am using the "mtgox yubikey" So i am realy feeling shit . Had already lost 10bitcoin on mtgox, thats why i bought myself a yubikey so this couldn't happen again.Sad to announce, but i think i quit mining with my 4,5ghs.
The transaction hash: 1803eb98f2aaba1facba17d8b9e5d953b78fe63a3d85c9abb25002f09db0d7a8
How can a acount be hacked when i use a yubikey to login.... And i have the yubikey always with me, this means blockchain.info is hacked or the yubikey of Mtgox is cracked
(also seeing the large drop in bitcoin price i suspect a large bitcoin hack)Goodbeye guys, ill stop bitcoin from now on. Lost about $1000
(edit $ instead of €)
Jump to: