Topic: Im just been attacked and robbed on my MT Gox account - page 2. (Read 9423 times)

when I came back from vacation, I logged into my account which I usually do, but I could not use my password, so I had to receive a recovery mail from MT Gox, I did and wrote my password again and came in as I wont ... but quickly discovered that something was wrong because everything was in both 0 and $ bitcoins ...

so I went into history and saw that it was sold and move a lot of money and bitcoins.

You answered whilst I was writing my last post

How could it have been a password by email reset hack? You said you logged into your account after coming back form holiday. If this is true then I'm assuming you used the same password as before you went on holiday and the only way that can happen is if the hacker knew your password to set it back... in which case, would they reset your password?

My Wallet
Here you can see what has been the movement on my wallet, 3 activities for MT Gox



Recover mail
mail that I sent after I tried to get into my account on Thursday 04.08.2011

I could not login with my regular password: (



MY MT Gox account
As you can see there on 28.07.2011 was 100 BTC and move up afterwards sold 19 BTC.

then there are so moved about $ 305 and then the account was empty: (

Account History $



Account History BTC



which in his view, there is one who has to move 100 BIC and subsequently sold the rest to move a lot of $ out of my account ..

You can go back to China with that slander.

but the only way they could get this mail code is that it has gone out of MT Gox's system and data ...

no matter how you look at it, then MT Gox has my IP addresses and know I am from Denmark, how can they allow an IP address from Malaisia ​​and U.S. to empty my account ... it is because of poor security ..

The vector would be that your email adress, as everyone elses, became known from the MtGox hacking incident. Somehow someone decided it was worth trying to hack your emailaccount - making it possible to do a pw reset on MtGox.

Why someone targetted you in particular, and managed to guess your email password, is another question. The most likely cause would be that you signed up somewhere else Bitcoin related and re-used the same pw as you use with your email provider.

(If your email account has been hacked you of course need to make sure to clean your account from any hidden forwards and then basically consider EVERYTHING you've ever signed up for as "broken" since the attacker could've used it to gain entry to a lot more than just MtGox)

Of course, all the above is based on MagicalTux both being honest about what the logs say and that if the logs say pw reset through email that there's no way to fool the system into doing pw resets some other way.

I could not find such an email, with it's no harder than perosner have deleted them afterwards ... the person may very well delete it entirely using my code.

I would think that my password should be strong enough ..

I have not touched on my MT Gox account elsewhere in the home and from my office, and both lines are secured with codes.

I figure even with that it is my password has been cracked, as it is a very strong code .... but thank you because you have looked at it because I am very frustrated over this, it is much money I've lost ..

r I've lost all me fath too bitcoins, and it's sad after which I was in the process of getting it out in Denmark and Scandinavia.

YubiKey is based on RSA’s SecureID, look what could happen to it if the keys are stored in a central database http://steve.grc.com/2011/03/19/reverse-engineering-rsas-statement/

and please calm down guys 

I'm a skeptic but I know an over-the-top-paranoid person when I see one. Your theory is insane.

The YK is just free compensation. Even if everyone were to buy one after reading it's safer, Gox would gain next to no profit.
The keys actually do cost $30, Mt. Gox is sending them with free shipping & a customized logo, so they are *losing* money initially by sending them out
(though gaining in the long term due to less problems from stolen accounts and disputes)

How is my knowledge on northern European English skills being "Gox Apologist"? We can go into more detail if you want to learn more about how hearing perfectly spoken English, but seldom using it in writing, result in people who use american expressions but with grammar and/or spelling mistakes - but I suggest you start another thread for that study.

PS: "hagget" is a Danish version of "hacked", an English word having been Danishified. Even a simple Google search would've told you that.

Seriously?  I see plenty of errors in all three of those sentences.  Not one of them is perfect.

I also deal with a BUNCH of international people on a daily basis who have a variety of skill levels when it comes to the English language.  Some write in exactly the same "BS" broken manner as J. does.

Go find another thread to throw wild, baseless accusations around in.

It looks perfectly on par for someone from Denmark (and other European countries where people grow up with subtitled american TV series).

Man, you are dumb.

Yubikey has been around since about 2008 - I remember when Steve Gibson met Stina Ehrensvrd at the RSA Security Conference, trying to drum up interest in the product. http://www.grc.com/sn/sn-143.txt Since Yubikey is used in many environments besides MtGox, I doubt this entire post exists just to drum up support for it. But then, this is the Internet, so who knows (It looks a bit to me like someone used a web language translation tool.)

Certainly, if it's true that MtGox passwords can be reset simply by controlling the email address, then that is probably a cause for concern. Up until fairly recently, pretty much all email clients default to POP or IMAP access using plaintext password transmission. As a result, any other non-isolated members of a wireless network have a strong chance of being able to see that password. (Wired networks are generally less susceptible.) All routers between the end user and their email server can also see that password.

Similarly, almost all email clients store the password within the machine somewhere. On Windows, there are plenty of freeware programs that will read the email password in the blink of an eye (mailpv for example) so it too is another security risk. Even third party programs such as Thunderbird will happily reveal your password.

Basically, for financial sites; a simple password reset facility via email is not sufficient security. It needs to be paired with another out-of-bound medium such as SMS, Yubikey, etc.

wow after reading it all again you might be right bro. lol. and I might have helped

who knows anymore.

this is anonymous currency isn't it? now you're saying you basically want mtgox storing ssn's? what I'm asking is how far are they supposed to take it before it's just.... paypal? why wasn't this guy using a yubikey? at what point do you draw the line and say well.... the end user fucked up?

In one breath you criticize my suggestion while asking for a different security feature.

Then you mention etrade which clearly does not have such a simple way to reset a password without knowing:

E*TRADE User ID:
Social Security or Tax ID Number:
Last Name:
Zip or Postal Code:

The fact of the matter is that MTGOX has a reset password feature that is about right for a forum like this and not
a place to store money/BTC.

Is it really that hard to see it has room for improvement or do a lot of people like to argue for the fun of it?

Anyway... enough is enough. I said my piece. I am sure tux read it and will consider what he should do with his website.
I will simply go where I feel comfortable when I wish to sell my BTC.