Just lost 190 bitcoins through Mt. Gox - page 6.

dust

hero member

Activity: 840

Merit: 1000

Quote from: SgtSpike on February 07, 2013, 03:19:41 PM

This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?

Adobe released an emergency patch today for a Flash vulnerability that "is being exploited in the wild" and could lead to malicious code running on users' computers.

Quote from: casascius on February 08, 2013, 12:10:01 AM

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

To be fair, a common use for a paper wallet is long term storage, so there is a lag between the use of paper wallets and the reporting of lost coins with them. The majority of paper wallets that have been created have probably never been redeemed. When people finally get around to redeeming them, they may find them lost, destroyed, stolen, or that the private keys were printed incorrectly in the first place.

Quote from: casascius on February 08, 2013, 12:29:45 AM

Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.

2-factor authentication solves 99.9% of the issues with stolen mtgox accounts.

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.

robocoin

sr. member

Activity: 252

Merit: 250

Quote from: casascius on February 08, 2013, 12:14:28 AM

Quote from: robocoin on February 08, 2013, 12:12:09 AM

Quote from: casascius on February 08, 2013, 12:10:01 AM

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^

Sure you can:

mtgox->paperwallet: use the withdraw function

paperwallet->mtgox: use the import private key function

About all you can't do is list an ask for btc on a paper wallet.

Yes we can

But once they are imported you have to deal with security. Sad

Jutarul

donator

Activity: 994

Merit: 1000

Recycled the password or parts of it on a different site?

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: robocoin on February 08, 2013, 12:12:09 AM

Quote from: casascius on February 08, 2013, 12:10:01 AM

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^

Sure you can:

mtgox->paperwallet: use the withdraw function

paperwallet->mtgox: use the import private key function

About all you can't do is list an ask for btc on a paper wallet.

robocoin

sr. member

Activity: 252

Merit: 250

Quote from: casascius on February 08, 2013, 12:10:01 AM

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^

casascius

vip

Activity: 1386

Merit: 1136

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

robocoin

sr. member

Activity: 252

Merit: 250

Quote from: nycsurf808 on February 07, 2013, 11:55:51 PM

All fair responses. I guess it's more of a warning...

1. I did not share my password with anyone.
2. I was an active member of Mt. Gox for over a year, maybe more
3. I can show my account was accessed by an IP registered to someplace in Sweden this morning, and someone came into my account and sent about 4k USD of bitcoins into the ether.

I can prove some of the above and would be happy to share whatever info I have, not that it matters, but to whatever extent it would help Mt. Gox of the bitcoin community fix whatever security hole was exploited. I have no illusions about getting my money back. I've learned and moved on (an expensive lesson), but I'm not a total newbie... I do think I would know if something was capturing keystrokes etc. or there was some rogue process running on my laptop, but who knows...

Cheers

You wouldn't notice advanced malware/keylogger etc, osx or windows. Even security professionals and darn black hats learn this from time to time. A yubikey is our only effective solution at the moment.

Good luck.

nycsurf808

newbie

Activity: 3

Merit: 0

All fair responses. I guess it's more of a warning...

1. I did not share my password with anyone.
2. I was an active member of Mt. Gox for over a year, maybe more
3. I can show my account was accessed by an IP registered to someplace in Sweden this morning, and someone came into my account and sent about 4k USD of bitcoins into the ether.

I can prove some of the above and would be happy to share whatever info I have, not that it matters, but to whatever extent it would help Mt. Gox of the bitcoin community fix whatever security hole was exploited. I have no illusions about getting my money back. I've learned and moved on (an expensive lesson), but I'm not a total newbie... I do think I would know if something was capturing keystrokes etc. or there was some rogue process running on my laptop, but who knows...

Cheers

robocoin

sr. member

Activity: 252

Merit: 250

Quote from: SgtSpike on February 07, 2013, 03:57:36 PM

Quote from: robocoin on February 07, 2013, 03:53:45 PM

Quote from: SgtSpike on February 07, 2013, 03:19:41 PM

This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.

Perhaps... maybe someone has access to the database with passwords? Hashes are pushed against a rainbow table to pick out the easy ones? Obviously, 2FA would prevent this from working, hence the reason only 1FA accounts have been broken? I would think many more accounts than just 3 would be accessed in such a case, as you alluded to, but you never know how many have been accessed without the owner finding out yet or without the owner posting here on this forum.

Not sure what else the attacks could be from. Keylogger? Maybe.

Yes, the keyloggers from the malware victims connected to the botnets, I mean. Embarrassed

Many are specialized, like advertising and stuff. But many log paypal logins and bank stuff. I can only imagine, thats one line of code or a name added to a list for the bad guys. This storys will probably increase as Bitcoin adoption grows.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: robocoin on February 07, 2013, 03:53:45 PM

Quote from: SgtSpike on February 07, 2013, 03:19:41 PM

This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.

Perhaps... maybe someone has access to the database with passwords? Hashes are pushed against a rainbow table to pick out the easy ones? Obviously, 2FA would prevent this from working, hence the reason only 1FA accounts have been broken? I would think many more accounts than just 3 would be accessed in such a case, as you alluded to, but you never know how many have been accessed without the owner finding out yet or without the owner posting here on this forum.

Not sure what else the attacks could be from. Keylogger? Maybe.

RandomQ

hero member

Activity: 826

Merit: 500

Quote from: DeathAndTaxes on February 07, 2013, 03:34:47 PM

Let me guess.... no two factor authentication?

Yea beat me too it... I wont put more than 1 BTC anywhere that doesnt support two factor.

I think im up to 20 accounts now with two factor or yubikey

robocoin

sr. member

Activity: 252

Merit: 250

Quote from: SgtSpike on February 07, 2013, 03:19:41 PM

This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.

gweedo

legendary

Activity: 1498

Merit: 1000

That ip is out of sweden, and owned by www.junet.se so maybe try and reach out to them.

But next time two factor authentication is the only way to go.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Let me guess.... no two factor authentication?

SgtSpike

legendary

Activity: 1400

Merit: 1005

Different IP than the one reported here (https://bitcointalksearch.org/topic/my-mtgox-account-was-just-exploited-3-btc-stolen-old-news-141816), but that doesn't mean it's not the same person. In all likelihood, they'd be using a VPN or botnet computer to cover their tracks.

nycsurf808

newbie

Activity: 3

Merit: 0

Man it really sucks.

Remote IP was 193.11.111.212, for whatever it's worth.

SgtSpike

legendary

Activity: 1400

Merit: 1005

This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?

nycsurf808

newbie

Activity: 3

Merit: 0

Have been using it over a year but today found out someone accessed my account and cleaned it out. Here is the response I got from Mt. Gox (not very helpful):

---------

Hello,

Sorry for the inconvenience.Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.

Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds and once filing a police report, please send a copy of the police report and the official ID document to Mt.Gox. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.

Thanks,

MtGox.com Team

---

I'm trying to decide if it's worth trying to explain the police what a bitcoin is.

There is no other human being on the planet who had my Mt. Gox password... has anyone else had this problem?

Topic: Just lost 190 bitcoins through Mt. Gox - page 6. (Read 6836 times)