Pages:
Author

Topic: mt gox account stolen, I lost all my money (Read 5449 times)

hero member
Activity: 756
Merit: 522
MtGox should make it so you can lock BTC withdrawals to a single preset bitcoin address.  This would be simple and straightforward and would 100% eliminate losses like this.  This isn't the first time I have ever mentioned this crazy idea, there is no reason this can't be implemented yesterday, and I hope their competition brings it sooner than later.

Not to mention most anyone sane does it that way. Karpeles is too smart to listen tho, so.
legendary
Activity: 1176
Merit: 1011
this is crazy, but why dont gox have like you have to enter your birth date or something to cash out as well. that would make this bs avoidable. they could also have a setting so you receive e-mail if someone with ip outside your country logs in.
That won't protect you from an inside job. They'll claim somebody close to you, who knew your birthday, must have done it. ("do you trust the people in your environment?")

Only thing that would help is to specify a whitelist of withdrawal addresses in advance, and only allow coins to be withdrawn to those addresses. And in order to add new addresses, have them confirmed through email and enforce a week delay (before any new address becomes whitelisted) so sudden hit & run theft is no longer possible. Well, of course a MtGox insider could still take your coins, but in this scenario it's obviously a fucked up at their end so they can be held responsible.
newbie
Activity: 12
Merit: 0
sorry to hear that, very unfortunate

ive had some troubles and now use google auth tokens, they make it much more complicated and annoying to log in, but it gives you piece of mind
sr. member
Activity: 392
Merit: 250
I'm sorry for your loss, but you did not lost your money. You lost the bitcoins your account bought.
And bitcoin is not safe: you can't do shit and will never see them again.


If someone stole your euros/usd/money, you could do something (go to the police station), but now, you're fucked up.
sr. member
Activity: 307
Merit: 250
GUYS GUYS I'M A GIRL

Feel sorry for me and donate to help me recuperate my stupid ass mistakes.


Ignore this shit.

You never should have blindly thrown your money into something you CLEARLY know nothing about




full member
Activity: 267
Merit: 101
The ip the withdrawl came from was a tor exit node in sweden.

Wow, I thought MtGox blocked accounts that were accessed via Tor. Is this not right?

They can't catch everything.  Losing money sucks, but least it was only 4 BTC.
newbie
Activity: 7
Merit: 0
The ip the withdrawl came from was a tor exit node in sweden.

Wow, I thought MtGox blocked accounts that were accessed via Tor. Is this not right?
sr. member
Activity: 353
Merit: 251
I have two factor authentication on my accounts.

It was stolen despite this.

Ouch.

This is as far as I know the first report of 2FA being worthless on MtGox.

And if memory serves, the last time they got hacked it also started with two weeks of compromised accounts (which the "victims of their own success" blamed on the actual victims, of course).

D&T does have a point tho, any details you can provide would be useful.

Yeah how could it be that 2FA was worthless? The article linked earlier talk about the kind where text-messages were intercepted, but I can't imagine how a google authenticator could be intercepted. And why not make a fixed withdrawal-address? That's really fucking easy to implement, and just send an e-mail when it's changed but make sure it takes two weeks before it would be really changed. which give you plenty on time to sort things out with MtGox.
newbie
Activity: 5
Merit: 0
Only store on a e-wallet what you can afford to loose.
Learn a thing or two about computer security.
Try and use Linux to store your wallet
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
MtGox should make it so you can lock BTC withdrawals to a single preset bitcoin address.  This would be simple and straightforward and would 100% eliminate losses like this.  This isn't the first time I have ever mentioned this crazy idea, there is no reason this can't be implemented yesterday, and I hope their competition brings it sooner than later.
newbie
Activity: 55
Merit: 0
Sorry I was at work all day.

Yes, I got the email from gox, I emailed back and forth with them on their support site and basically they told me I'm screwed, the transaction is irreversable.

I was logged into gox last night shortly before going to bed when it happened. Nobody had physical access.

I'm thinking either my session got jacked or I have a keylogger/phone virus.

The ip the withdrawl came from was a tor exit node in sweden.

I know I"m screwed at this point, it just sucks.
full member
Activity: 164
Merit: 100
Your a can whore on credit and your complaining?!

Well at least she can grenner.

God damm auto correct FML!
hero member
Activity: 756
Merit: 522
Your a can whore on credit and your complaining?!

Well at least she can grenner.
newbie
Activity: 9
Merit: 0
that is a sad story my friend Sad
full member
Activity: 164
Merit: 100
Your a can whore on credit and your complaining?!
sr. member
Activity: 307
Merit: 250
unless this was some sort of inside job. apparently its happened to other people as well.

gox basically sent me their "call the police" form letter. When I explained that I did all their authentications right, they didnt' reply.

I dunno, the whole point of this endeavor was to camwhore on reddit for tips, and then take some of my personal funds and invest with the hope of making ends meet a little easier. Now if anything the situation is far worse.

I think I may leave btc. Nobody ever broke into my USD bank account and stole all my money. Even if they did, I could get it back.

I think the worst part though is seeing the tor exit node and wallet name on blockchain and knowing some bastard did this to me.

Stop being so dramatic.

If you really put your "grocery" money into this, then you did this to yourself.

If you had actually spent time researching and combing through the forums for even a day you would have known the risks.

hero member
Activity: 756
Merit: 522
I have two factor authentication on my accounts.

It was stolen despite this.

Ouch.

This is as far as I know the first report of 2FA being worthless on MtGox.

And if memory serves, the last time they got hacked it also started with two weeks of compromised accounts (which the "victims of their own success" blamed on the actual victims, of course).

D&T does have a point tho, any details you can provide would be useful.
newbie
Activity: 8
Merit: 0
this is so sad...
ija
newbie
Activity: 8
Merit: 0
Fawksey

uhmn, run a virus scan on your pc and mobile... and please tell us if you have any malicious software installed.

Hnm could be a decent hacker who just deletes the malicious software after use. There probably is something that points to what happened.


If she had back ups of her reset keys then they could "bypass" the security.

Ps fawkesy i agree with you about monsanto ... very naughty peeps.


donator
Activity: 1218
Merit: 1079
Gerald Davis
Stop believing the myth that TFA is uncrackable.
It does improve security, sure, but it is no way the holy grail.
There have been precedents where malware could steal funds despite TFA.

http://www.wired.com/insights/2013/04/five-myths-of-two-factor-authentication-and-the-reality/


Please provide some examples, your linked article did nothing of the sort. 

Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time.

Quote
Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details.
 

Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger.  In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA).  A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in.  In either case the only IP would be the users.  Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.

My claim was not that extraordinary... It's not like I'm saying
I was abducted by a UFO or something Smiley

Anyway, here's one rather famous example:

http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more-than-47m-by-infecting-pcs-and-phones/

I agree with the rest of your comments.



Nice example.  This is one reason why I favor dedicated offline tokens.  PayPal (of all people) uses a nice one which is the size of a credit card so you can easily store it in your wallet.

The extraordinary claim was more direct at the OP claim.  Some  details would be nice.  Past examples of people reporting their 2FA on MtGox was compromised turned out to be untrue (in one example user never activated it due to user error).
Pages:
Jump to: