Topic: Market Crash: Mt Gox has been Hacked (Official Statement) (Read 6714 times)

Well, my bet is that several accounts got compromised.
I would understand a rollback if the whole market got compromised.

But if it is only ONE account compromised, the rollbacks are not justified IMO.

Rolling back won't change anything, but oh well, we'll see.

Was that an Example reference I got there?

*rhymes*

No, Google was notified by Mt Gox and Google worked fast 'cause Google rocks.

oh that happened to me too. 

My gmail account was among the leaked account details. I just logged in a couple of minutes ago and Google prompted me to change my password before I could access my inbox. I'm guessing someone cracked the MD5 hash and tried to access my gmail account. Good thing I didn't use the same password.

The two $ it is a clear telltale of the Modular Crypt Format of crypt(3)
It is a Unix MD5 Hash, it is given away by the $1$, the 1 confirms the MD5 algorithm.

Before making statements be sure you know what you are really talking about.
"It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt"

I've been saying this for years. The attack was carried out by the government to hurt bitcoin. Do not let government control BTC or we will have panics like this! Believe in BTC! Things will get better as long as you believe!

I am still wondering.
Why the hell are they still using MD5? Isn't that simply crazy?
How can you claim to be secure using MD5?

i think that's happened already, ie market got crazy. 

Rolling back does not solve the problem.
We need to have a chance to remove the standing orders before tha market gets crazy.

These are salted MD5 hashes as generated by crypt(3), breaking these using brute force should be quite complicated (if the crackers did not discover another MD5 weakness).

BTW: I found my fresh account there too. Fortunately I did not have any BTC or USD there yet. I hope they implement better security measures and do a code review before going online again.

That is pretty much the thought process I had - surely you knew that something was wrong as soon as it got down below $10

If you managed to buy some BTC at .01, I hope you were smart enough to transfer them out of there quickly!
I guess those crying about the rollback didn't quite get theirs out in time.

Once it's on the internet it can't be taken off. The only thing unlinking it from here will do is keep legit users from knowing about it quickly and changing their info on related sites (if it's reused). This is especially bad since the Mt.Gox hacked/CSRF threads tell which/where pw's might be reused. Time to get as much info as possible and mitigate the risk as much as possible. I'd assume it's torrented by now and being downloaded by all sorts of malicious people NOT affliliated with this site.

Also: just when finishing this post up I got this email:

Dear Mt.Gox user,

Our database has been compromised, including your email. We are working on a
quick resolution and to begin with, your password has been disabled as a
security measure (and you will need to reset it to login again on Mt.Gox).

If you were using the same password on Mt.Gox and other places (email, etc),
you should change this password as soon as possible.

For more details, please see this:

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

The informations there will be updated as our investigation progresses.

Please accept our apologies for the troubles caused, and be certain we will do
everything we can to keep the funds entrusted with us as secure as possible.


The leaked data includes the following:

- Account number
- Account login
- Email address
- Encrypted password

While the password is encrypted, it is possible to bruteforce most passwords
with time, and it is likely bad people are working on this right now.


Any unauthorized access done to any account you own (email, mtgox, etc) should
be reported to the appropriate authorities in your country.


Thanks,
The Mt.Gox team

And the lulz kick-starts again.

This is why I'm pretty heavily against using Mt Gox right now. That and the lack of Pound Sterling support sucks.

Actually people on #mtgox say the limit is 50BTC or 1000 USD per day.

Oh, but I do. People are brute forcing them successfully right now. Some are salted. Some are not. That is why someone was willing to sell bitcoins at $0.01. Because the account wasn't theirs.

I wish people would stop linking that file. Mods are removing posts relating to it, just not fast enough.

But yes this is what happened.

My email is in there. The leak is real. fuck