Topic: MT Gox account compromised. (Read 1393 times)
Lesson learnt the hard way. How long will they take to actually write something to me? :?
Duuuuuuuuuuude how do you not have 2 factor?? :/
So, Mt. Gox staff saw my submitted request and rather than a response, the ticket has been closed. And it says, This request has been deemed solved.
What the heck does this mean?
What the heck does this mean?
Hey, I understand it's my fault. My second question is still unanswered. I'd appreciate it if you can answer it.
If I understand your question, you want to prove to mtgox that you own the address that the funds came in from? If you still have the wallet (and private keys) that is possible.
They can have you sign a message using that private key, that would prove that you own it. I have no idea if mtgox actually goes through this procedure though, you will have to ask them.
Hey, I understand it's my fault. My second question is still unanswered. I'd appreciate it if you can answer it.
Just a pastry, heh. Actually my name has origins in Arabic.
I am still curious. How would Mt. Gox confirm that I'm the real owner?
I am still curious. How would Mt. Gox confirm that I'm the real owner?
Collect every bit of information relating to your dealings with the account and use them to prove who you are.
If you made payments into the account and you can send MtGox the verification documents to prove who you are then that would help. Did you make any deposits or withdrawls? and what methods did you use? and what days?
How old is your account?
How often do you use it?
Where do you access it from?
What browser do you usually use to access it?
Did you use the same PC to access your account all the time? If so then it is linked by the IP address of your PC. This can change when you reset your router but it will change to within a range. Go to the url http://mtgox.com/this_is_danish_and_my_username_is_xxx_help_pox.html this will appear in their web logs and might match the IP address you last logged in with. Do it.
The villains will be able to look through your email and trade history so you need to find things that are not listed in those places.
Bank accounts. Letters to your home. Photo ID, Locations of access.
Maybe you are the villain and you want to prove you own someone else's account or steal another persons.
I don't know.
How likely is this to happen? Ive got a verified account and bitstamp and gox, and have just recently starting using their sites to sell btc.. Im hesitant now after reading this more than once.. This seems quite common. I dont think Id ever keep a large sum in my gox account would mostly be moved into from personal encrypted wallet, and then sold and wired right to bank..
We badly need a new exchange.
How do you figure it's mtgox's fault?
It's highly improbable that the compromise happened at mtgox's end. Most likely the user's password was phished or otherwise captured.
Mtgox offers 2 factor authentication, the OP didn't use it. I suppose mtgox might be better off *forcing* 2 factor auth on everyone, but not everyone has a google-authenticator capable device or a yubikey.
We badly need a new exchange.
I agree, but not because someone has poor security practices.
Just a pastry, heh. Actually my name has origins in Arabic.
I am still curious. How would Mt. Gox confirm that I'm the real owner?
I am still curious. How would Mt. Gox confirm that I'm the real owner?
Quarter to five in the morning there now! Usually they are fast. I bought a Yubikey when they cost 6 Bitcoins. worth it's cost ever since.
Bad luck. Are you a real Dane or just pastry?
Bad luck. Are you a real Dane or just pastry?
Does any know how long does Mt. Gox to answer!?
We badly need a new exchange.
20k balance but no 2 factor? why?
http://3.bp.blogspot.com/-cN5oLk4WyWc/UMYjBynvG0I/AAAAAAAAPMg/_l5gGgI0iAI/s1600/Why-Meme.png
http://3.bp.blogspot.com/-cN5oLk4WyWc/UMYjBynvG0I/AAAAAAAAPMg/_l5gGgI0iAI/s1600/Why-Meme.png
My thoughts exactly...
Like locking your front door with selotape
Ive used the google authenticator:
http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447
Super easy and true 2factor (aka you are not running the secondary factor on the same pc as you are typing your password) Which they already have hacked.
http://support.google.com/accounts/bin/answer.py?hl=en&answer=1066447
Super easy and true 2factor (aka you are not running the secondary factor on the same pc as you are typing your password) Which they already have hacked.
How do you install 2 factor authentication if you have a Windows PC?
If you know how to use git and have java installed then pull the repo from https://github.com/mclamp/JAuth.git
Otherwise there is a windows installer in the downloads section https://github.com/mclamp/JAuth/downloads
I'm not on windows so don't know how that will work out for you but it should be ok.
There are probably other implementations around but I've used this one on MtGox without problems.
You then create a file with the secret key in and launch the program with the filename as a parameter, or you can even launch with the key as a parameter.
Might be different on windows but I doubt it.
MtGox requires a correct two factor login code using a key before you can enable the two factor login process. In this way if you have managed to enable two factor login then you know you are generating the right keys.
Remember to back the secret key up on another machine or device or even a piece of paper, it's not long.
How do you install 2 factor authentication if you have a Windows PC?
I would use https://mtgox.com/contact-us and also send an email to [email protected]
Explain your situation and state that you don't want any withdrawals happening.
From mtgox website
"Warning: As a security measure, you will be unable to make any
withdrawals for 24 hours after changing your email address or
password."
So you have 24 hours from the possible break in.
If your email password was compromised then you should think about how that was possible.
Also a good reminder to use two factor login.
You don't need a smart phone for two factor login.
Can use JAuth - available on github.
Explain your situation and state that you don't want any withdrawals happening.
From mtgox website
"Warning: As a security measure, you will be unable to make any
withdrawals for 24 hours after changing your email address or
password."
So you have 24 hours from the possible break in.
If your email password was compromised then you should think about how that was possible.
Also a good reminder to use two factor login.
You don't need a smart phone for two factor login.
Can use JAuth - available on github.
Unless they transferred out then change pw/email
20k balance but no 2 factor? why?
http://3.bp.blogspot.com/-cN5oLk4WyWc/UMYjBynvG0I/AAAAAAAAPMg/_l5gGgI0iAI/s1600/Why-Meme.png
http://3.bp.blogspot.com/-cN5oLk4WyWc/UMYjBynvG0I/AAAAAAAAPMg/_l5gGgI0iAI/s1600/Why-Meme.png
Hey, thanks a ton for your help. How does one prove to them that I'm the account holder? My account was unverified. I have mentioned to them that all my Bitcoin deposits came from a different wallet to which I can show them screenshots of?
Jump to: