Pages:
Author

Topic: Just lost 190 bitcoins through Mt. Gox - page 6. (Read 6836 times)

hero member
Activity: 840
Merit: 1000
February 07, 2013, 11:31:54 PM
#19
This is the 3rd MtGox account I've heard of that's been cleaned out in the last week.  A new vulnerability, perhaps?
Adobe released an emergency patch today for a Flash vulnerability that "is being exploited in the wild" and could lead to malicious code running on users' computers.

I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.
To be fair, a common use for a paper wallet is long term storage, so there is a lag between the use of paper wallets and the reporting of lost coins with them.  The majority of paper wallets that have been created have probably never been redeemed.  When people finally get around to redeeming them, they may find them lost, destroyed, stolen, or that the private keys were printed incorrectly in the first place.

Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.
2-factor authentication solves 99.9% of the issues with stolen mtgox accounts.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
February 07, 2013, 11:29:45 PM
#18
Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.
sr. member
Activity: 252
Merit: 250
February 07, 2013, 11:20:23 PM
#17
I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^

Sure you can:

mtgox->paperwallet: use the withdraw function

paperwallet->mtgox: use the import private key function

About all you can't do is list an ask for btc on a paper wallet.

Yes we can Smiley But once they are imported you have to deal with security.  Sad
donator
Activity: 994
Merit: 1000
February 07, 2013, 11:15:57 PM
#16
Recycled the password or parts of it on a different site?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
February 07, 2013, 11:14:28 PM
#15
I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^

Sure you can:

mtgox->paperwallet: use the withdraw function

paperwallet->mtgox: use the import private key function

About all you can't do is list an ask for btc on a paper wallet.
sr. member
Activity: 252
Merit: 250
February 07, 2013, 11:12:09 PM
#14
I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.

But I can't trade paper wallets on Mt.Gox^^
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
February 07, 2013, 11:10:01 PM
#13
I am still waiting to hear about the first person who ever loses a single bitcoin stored on a paper wallet.
sr. member
Activity: 252
Merit: 250
February 07, 2013, 11:07:51 PM
#12
All fair responses.  I guess it's more of a warning...

1. I did not share my password with anyone.
2. I was an active member of Mt. Gox for over a year, maybe more
3. I can show my account was accessed by an IP registered to someplace in Sweden this morning, and someone came into my account and sent about 4k USD of bitcoins into the ether.

I can prove some of the above and would be happy to share whatever info I have, not that it matters, but to whatever extent it would help Mt. Gox of the bitcoin community fix whatever security hole was exploited.  I have no illusions about getting my money back.  I've learned and moved on (an expensive lesson), but I'm not a total newbie... I do think I would know if something was capturing keystrokes etc. or there was some rogue process running on my laptop, but who knows...

Cheers

You wouldn't notice advanced malware/keylogger etc, osx or windows. Even security professionals and darn black hats learn this from time to time. A yubikey is our only effective solution at the moment.

Good luck.
newbie
Activity: 3
Merit: 0
February 07, 2013, 10:55:51 PM
#11
All fair responses.  I guess it's more of a warning...

1. I did not share my password with anyone.
2. I was an active member of Mt. Gox for over a year, maybe more
3. I can show my account was accessed by an IP registered to someplace in Sweden this morning, and someone came into my account and sent about 4k USD of bitcoins into the ether.

I can prove some of the above and would be happy to share whatever info I have, not that it matters, but to whatever extent it would help Mt. Gox of the bitcoin community fix whatever security hole was exploited.  I have no illusions about getting my money back.  I've learned and moved on (an expensive lesson), but I'm not a total newbie... I do think I would know if something was capturing keystrokes etc. or there was some rogue process running on my laptop, but who knows...

Cheers
sr. member
Activity: 252
Merit: 250
February 07, 2013, 03:19:49 PM
#10
This is the 3rd MtGox account I've heard of that's been cleaned out in the last week.  A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.
Perhaps... maybe someone has access to the database with passwords?  Hashes are pushed against a rainbow table to pick out the easy ones?  Obviously, 2FA would prevent this from working, hence the reason only 1FA accounts have been broken?  I would think many more accounts than just 3 would be accessed in such a case, as you alluded to, but you never know how many have been accessed without the owner finding out yet or without the owner posting here on this forum.

Not sure what else the attacks could be from.  Keylogger?  Maybe.

Yes, the keyloggers from the malware victims connected to the botnets, I mean. Embarrassed Many are specialized, like advertising and stuff. But many log paypal logins and bank stuff. I can only imagine, thats one line of code or a name added to a list for the bad guys. This storys will probably increase as Bitcoin adoption grows.
legendary
Activity: 1400
Merit: 1005
February 07, 2013, 02:57:36 PM
#9
This is the 3rd MtGox account I've heard of that's been cleaned out in the last week.  A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.
Perhaps... maybe someone has access to the database with passwords?  Hashes are pushed against a rainbow table to pick out the easy ones?  Obviously, 2FA would prevent this from working, hence the reason only 1FA accounts have been broken?  I would think many more accounts than just 3 would be accessed in such a case, as you alluded to, but you never know how many have been accessed without the owner finding out yet or without the owner posting here on this forum.

Not sure what else the attacks could be from.  Keylogger?  Maybe.
hero member
Activity: 826
Merit: 500
February 07, 2013, 02:56:31 PM
#8
Let me guess.... no two factor authentication?



Yea beat me too it... I wont put more than 1 BTC anywhere that doesnt support two factor.

I think im up to 20 accounts now with two factor or yubikey
sr. member
Activity: 252
Merit: 250
February 07, 2013, 02:53:45 PM
#7
This is the 3rd MtGox account I've heard of that's been cleaned out in the last week.  A new vulnerability, perhaps?

None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.
legendary
Activity: 1498
Merit: 1000
February 07, 2013, 02:40:08 PM
#6
That ip is out of sweden, and owned by www.junet.se so maybe try and reach out to them.

But next time two factor authentication is the only way to go.
donator
Activity: 1218
Merit: 1079
Gerald Davis
February 07, 2013, 02:34:47 PM
#5
Let me guess.... no two factor authentication?

legendary
Activity: 1400
Merit: 1005
February 07, 2013, 02:33:59 PM
#4
Different IP than the one reported here (https://bitcointalksearch.org/topic/my-mtgox-account-was-just-exploited-3-btc-stolen-old-news-141816), but that doesn't mean it's not the same person.  In all likelihood, they'd be using a VPN or botnet computer to cover their tracks.
newbie
Activity: 3
Merit: 0
February 07, 2013, 02:31:39 PM
#3
Man it really sucks.

Remote IP was 193.11.111.212, for whatever it's worth.
legendary
Activity: 1400
Merit: 1005
February 07, 2013, 02:19:41 PM
#2
This is the 3rd MtGox account I've heard of that's been cleaned out in the last week.  A new vulnerability, perhaps?
newbie
Activity: 3
Merit: 0
February 07, 2013, 02:18:00 PM
#1
Have been using it over a year but today found out someone accessed my account and cleaned it out.  Here is the response I got from Mt. Gox (not very helpful):


---------

Hello,

Sorry for the inconvenience.Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.

Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds and once filing a police report, please send a copy of the police report and the official ID document to Mt.Gox. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.

Thanks,

MtGox.com Team

---

I'm trying to decide if it's worth trying to explain the police what a bitcoin is.

There is no other human being on the planet who had my Mt. Gox password... has anyone else had this problem?

Pages:
Jump to: