Topic: How I got robbed of 34 btc on Mt.Gox today - page 2. (Read 124827 times)

Conceivably, an exploit like this could lie in wait until you use two-factor and then hijack your existing session to do whatever.  While the OP did, IMO, screw up, Gox has some responsibility to monitor their own computers.

When I grow up I wanna be a haccker JUST like these guys, and I wanna rip off guys like you just CLICK and FORGET!

In spite of being a techie how the hell could you be so irresponsible ! EVEN 34 BTC at a time like this can cause some damage... No wonder the SLL/BTC prices plummeted today !

You guys should check you don't appear in any of these lists:

http://pastebin.com/search?cx=partner-pub-4339714761096906%3A1qhz41g8k4m&cof=FORID%3A10&ie=UTF-8&q=Compromised+MTGox+account+info&sa.x=0&sa.y=0&sa=Search

Just take it as a lessson learned, and don't get defensive. You screwed up, and paid for it. I'm sorry about your losses.

I use Debut Video capture. It will record a sizeable rectangle of screen to .avi or other video format.

three words:

YU BI KEY

Is this verbatim? The "If the Download did not worked" maybe should have set off alarm bells...
Horrible story though, really sad for the guy.

I'm thinking of doing a Ubuntu boot purely to run a browser in for trading. People are right to warn about Windows, - it's much harder to defend against malware...

guys they did it again !
but gox hushed the pw right with salt so strong pw are safe but if you typed in flipper or some shit
change it now!

Incidentally, they do have a method that is secure against this ... Yubikey, and Google Authenticator.

Happens a lot:

MtGox account got cleared out
 - https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533

All BTC disappeared from my Mt. Gox account
 - https://bitcointalksearch.org/topic/all-btc-disappeared-from-my-mt-gox-account-88368

Another:
 - https://bitcointalksearch.org/topic/m.941759

And another: My mtgox account got compromised, what can I do?
 - https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - https://bitcointalksearch.org/topic/mtgox-account-hacked-lost-2k-usd-mtgox-will-not-explain-how-89142

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - https://bitcointalksearch.org/topic/stolen-from-mtgox-coins-help-return-the-coins-119816

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - https://bitcointalksearch.org/topic/bitcoinica-mtgox-account-compromised-93074

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - https://bitcointalksearch.org/topic/unauthorized-account-activity-on-my-mtgox-account-account-compromisedhacked-94140

And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!?
 - https://bitcointalksearch.org/topic/my-mt-gox-account-was-hacked-lost-it-all-today-now-what-137795

Ditto: My MtGox account was just exploited - 3 BTC stolen
 - https://bitcointalksearch.org/topic/my-mtgox-account-was-just-exploited-3-btc-stolen-old-news-141816

Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox
 - https://bitcointalksearch.org/topic/just-lost-190-bitcoins-through-mt-gox-141831

And other ones get added to the list: Unauthorized withdrawal on Mt. Gox
 - https://bitcointalksearch.org/topic/unauthorized-withdrawal-on-mt-gox-147070

And now this: How I got robbed of 34 btc on Mt.Gox today
 - https://bitcointalksearch.org/topic/how-i-got-robbed-of-34-btc-on-mtgox-today-173227

And another recent one: My funds and BTC have just disappeared from my Gox account!
 - https://bitcointalksearch.org/topic/my-funds-and-btc-have-just-disappeared-from-my-gox-account-174556

And on other services as well. Here same thing happened to some GLBSE users:
 - https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893

And elsewhere, BitMarket.eu in this instance:
 - https://bitcointalksearch.org/topic/m.1259168

And on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - https://bitcointalksearch.org/topic/bitcoins-stolen-from-bitcoinde-130264


In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Also, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - https://bitcointalksearch.org/topic/how-to-use-2-factor-auth-on-mtgox-even-without-a-smartphone-111943

It's not all bad, You made the BBC news, bitbully!

http://www.bbc.co.uk/news/technology-22120833

Oh, wait... :/

Safest bet is a camera. Or if you trust the malware not to quit the screen recording program, and I don't think it will, use a screen recorder like Fraps or Hypercam or one of the thousand others.

Yes.

Are there any utilities that can continuously record the screen of my computer, so that I can go back in history and observe exactly what I saw in the past?

Hey Frott,

You bring up a lot of good points. I'm not a expert with the terminology. The 0-day exploit was referenced in a post from 3 days prior:

http://www.reddit.com/r/Bitcoin/comments/1bvl4n/beware_when_clicking_any_link_from_chatboxesirc/

and was suggested as a possibility of how the script was able to run automatically. Others have said my security settings were misconfigured.

I know the trojans detected by malwarebytes were from that site because AdobeUpdate-Setup.1.84.exe is the downloaded file from that site. It was definitely from that website and the file dates/times match.

I was able to grab most of the site but some files are missing so if anyone has a full rip please PM me. I have forwarded it to security researchers and they are reverse engineering it as we speak. So far we know that it was a "Dark Comet" keylogger, but thats only part of what I was able to grab, so until I get a hold of the rest of the site I won't know everything that was implemented.

I'm not claiming to know exactly how it worked, but what I do know is that it was fast, unexpected and painful. In the end I'm just happy that people are becoming aware of how easy it is to lose all your mtgox btc in the blink of an eye, and yes taking extra security precautions is a must and let this be a lesson to me and all others (Seems I'll be paying the tab this time...).

Is it possible for this exploit, or a similar one, to work on Mac OS X?

Thanks for the support everyone.

Just to reiterate, a java applet was never run, clicked on, or allowed to execute by me. I'm reading there was more than one attack vector in the page. There was a java initiated executable payload, which contained at the very least a keylogger - yet within seconds of clicking on the link the withdrawal was already initiated, leaving no time for the attacker to sniff my passwords and manually perform a withdrawal. The password was also changed after the withdrawal. Additionally there could have been a session token theft, or some form of XSS.

My understanding from two different IT security consultants is that mtgox's website security is sub-par. Instead of everyone trying to blame me or mtgox, perhaps the discussion should be about how we can stop this from happening in the future. I'm trying to make a point that however this trojan was crafted, it is very good at instantaneously emptying out your account. Someone could repackage it tomorrow and this whole story will repeat itself. No antivirus detects it, and it works directly with mtgox's site. I don't understand how some of you feel like this shouldn't be of concern to mtgox.

I'll be waiting for a response from mtgox, and will update if and when I receive a response. I do recognize however there is an uncomfortable situation over there right now, with bitcoin price going crazy, potential ddos attacks, thousands of new users in queue, under-staffing and system overloads. I mean their website isn't even loading right now and their pricing api isn't working...

Makes me real hopeful to see colored bitcoins and atomic swaps come to life.

I appreciate all those who are helping me both publicly and privately.

I tend to live somewhat "dangerously" as well, but to allow Java to run, unbidden, from any web browser is foolhardy in the extreme.  I now no longer allow Java to run at all, except when I issue it from a shell command line (not as root) and with known software from a known source, just like allowing any other application to run.

Yes, it's more secure with 2 factor auth, but my personal experience has been more hassle than it's worth, and I regularly deal with thousands of dollars worth on other sites. However, it's the fault of the bank or site that does not offer 2 factor auth. It just so happens that I have no choice to deal with certain banks (in my country), and they don't offer 2 factor auth.

So what I do, when I have to access those sites, I restart my computer so anything that was there from random browsing is gone. Then I go only to those sites to do what I have to do. I believe I have the client side secured more than enough. I also believe the server side isn't as secure as I prefer it to be, but I can't do anything about that until they upgrade their systems.

Deep Freeze (and other similar stuff like sandboxie, return nil, etc) isn't meant to protect you from your own user initiated mistakes like clicking on links or running programs. I have it primarily to fix my system to my last known good working configuration every time. Updates to software like Firefox and OS are done manually, and usually after doing a reboot first.

I actually live relatively "dangerously" online. But I take responsibility for what I do. When I have to deal with someone else's money, I just have to be more vigilant about securing what I'm working on.