Bitcoin Forum>Other>Beginners & Help
Pages:
Author

Topic: mt gox account stolen, I lost all my money (Read 5397 times)

MPOE-PR
hero member
Activity: 756
Merit: 522
mt gox account stolen, I lost all my money
May 14, 2013, 05:46:53 AM
#45
Quote from: casascius on May 13, 2013, 07:44:11 PM
MtGox should make it so you can lock BTC withdrawals to a single preset bitcoin address.  This would be simple and straightforward and would 100% eliminate losses like this.  This isn't the first time I have ever mentioned this crazy idea, there is no reason this can't be implemented yesterday, and I hope their competition brings it sooner than later.

Not to mention most anyone sane does it that way. Karpeles is too smart to listen tho, so.
Kazimir
legendary
Activity: 1176
Merit: 1001
Re: mt gox account stolen, I lost all my money
May 14, 2013, 05:23:27 AM
#44
Quote from: teamtarp on May 13, 2013, 11:49:19 AM
this is crazy, but why dont gox have like you have to enter your birth date or something to cash out as well. that would make this bs avoidable. they could also have a setting so you receive e-mail if someone with ip outside your country logs in.
That won't protect you from an inside job. They'll claim somebody close to you, who knew your birthday, must have done it. ("do you trust the people in your environment?")

Only thing that would help is to specify a whitelist of withdrawal addresses in advance, and only allow coins to be withdrawn to those addresses. And in order to add new addresses, have them confirmed through email and enforce a week delay (before any new address becomes whitelisted) so sudden hit & run theft is no longer possible. Well, of course a MtGox insider could still take your coins, but in this scenario it's obviously a fucked up at their end so they can be held responsible.
nopowerbills
newbie
Activity: 12
Merit: 0
Re: mt gox account stolen, I lost all my money
May 14, 2013, 05:22:27 AM
#43
sorry to hear that, very unfortunate

ive had some troubles and now use google auth tokens, they make it much more complicated and annoying to log in, but it gives you piece of mind
naphto
sr. member
Activity: 392
Merit: 250
Re: mt gox account stolen, I lost all my money
May 14, 2013, 04:52:11 AM
#42
I'm sorry for your loss, but you did not lost your money. You lost the bitcoins your account bought.
And bitcoin is not safe: you can't do shit and will never see them again.


If someone stole your euros/usd/money, you could do something (go to the police station), but now, you're fucked up.
solidshotnosh
sr. member
Activity: 307
Merit: 250
Re: mt gox account stolen, I lost all my money
May 14, 2013, 03:02:43 AM
#41
GUYS GUYS I'M A GIRL

Feel sorry for me and donate to help me recuperate my stupid ass mistakes.


Ignore this shit.

You never should have blindly thrown your money into something you CLEARLY know nothing about




data_teks
full member
Activity: 267
Merit: 101
Re: mt gox account stolen, I lost all my money
May 13, 2013, 09:50:12 PM
#40
Quote from: quixotist on May 13, 2013, 09:42:09 PM
Quote from: girlfawkesy on May 13, 2013, 07:39:23 PM
The ip the withdrawl came from was a tor exit node in sweden.

Wow, I thought MtGox blocked accounts that were accessed via Tor. Is this not right?

They can't catch everything.  Losing money sucks, but least it was only 4 BTC.
quixotist
newbie
Activity: 7
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 09:42:09 PM
#39
Quote from: girlfawkesy on May 13, 2013, 07:39:23 PM
The ip the withdrawl came from was a tor exit node in sweden.

Wow, I thought MtGox blocked accounts that were accessed via Tor. Is this not right?
Equilux
sr. member
Activity: 353
Merit: 251
Re: mt gox account stolen, I lost all my money
May 13, 2013, 08:00:50 PM
#38
Quote from: MPOE-PR on May 13, 2013, 04:02:14 PM
Quote from: girlfawkesy on May 13, 2013, 07:45:32 AM
I have two factor authentication on my accounts.

It was stolen despite this.

Ouch.

This is as far as I know the first report of 2FA being worthless on MtGox.

And if memory serves, the last time they got hacked it also started with two weeks of compromised accounts (which the "victims of their own success" blamed on the actual victims, of course).

D&T does have a point tho, any details you can provide would be useful.

Yeah how could it be that 2FA was worthless? The article linked earlier talk about the kind where text-messages were intercepted, but I can't imagine how a google authenticator could be intercepted. And why not make a fixed withdrawal-address? That's really fucking easy to implement, and just send an e-mail when it's changed but make sure it takes two weeks before it would be really changed. which give you plenty on time to sort things out with MtGox.
Aineko
newbie
Activity: 5
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 07:58:44 PM
#37
Only store on a e-wallet what you can afford to loose.
Learn a thing or two about computer security.
Try and use Linux to store your wallet
casascius
vip
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Re: mt gox account stolen, I lost all my money
May 13, 2013, 07:44:11 PM
#36
MtGox should make it so you can lock BTC withdrawals to a single preset bitcoin address.  This would be simple and straightforward and would 100% eliminate losses like this.  This isn't the first time I have ever mentioned this crazy idea, there is no reason this can't be implemented yesterday, and I hope their competition brings it sooner than later.
girlfawkesy
newbie
Activity: 55
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 07:39:23 PM
#35
Sorry I was at work all day.

Yes, I got the email from gox, I emailed back and forth with them on their support site and basically they told me I'm screwed, the transaction is irreversable.

I was logged into gox last night shortly before going to bed when it happened. Nobody had physical access.

I'm thinking either my session got jacked or I have a keylogger/phone virus.

The ip the withdrawl came from was a tor exit node in sweden.

I know I"m screwed at this point, it just sucks.
buddrulez
full member
Activity: 164
Merit: 100
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:47:22 PM
#34
Quote from: MPOE-PR on May 13, 2013, 04:44:36 PM
Quote from: buddrulez on May 13, 2013, 04:17:33 PM
Your a can whore on credit and your complaining?!

Well at least she can grenner.

God damm auto correct FML!
MPOE-PR
hero member
Activity: 756
Merit: 522
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:44:36 PM
#33
Quote from: buddrulez on May 13, 2013, 04:17:33 PM
Your a can whore on credit and your complaining?!

Well at least she can grenner.
Troophey
newbie
Activity: 9
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:31:29 PM
#32
that is a sad story my friend Sad
buddrulez
full member
Activity: 164
Merit: 100
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:17:33 PM
#31
Your a can whore on credit and your complaining?!
solidshotnosh
sr. member
Activity: 307
Merit: 250
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:09:11 PM
#30
Quote from: girlfawkesy on May 13, 2013, 08:03:29 AM
unless this was some sort of inside job. apparently its happened to other people as well.

gox basically sent me their "call the police" form letter. When I explained that I did all their authentications right, they didnt' reply.

I dunno, the whole point of this endeavor was to camwhore on reddit for tips, and then take some of my personal funds and invest with the hope of making ends meet a little easier. Now if anything the situation is far worse.

I think I may leave btc. Nobody ever broke into my USD bank account and stole all my money. Even if they did, I could get it back.

I think the worst part though is seeing the tor exit node and wallet name on blockchain and knowing some bastard did this to me.

Stop being so dramatic.

If you really put your "grocery" money into this, then you did this to yourself.

If you had actually spent time researching and combing through the forums for even a day you would have known the risks.

MPOE-PR
hero member
Activity: 756
Merit: 522
Re: mt gox account stolen, I lost all my money
May 13, 2013, 04:02:14 PM
#29
Quote from: girlfawkesy on May 13, 2013, 07:45:32 AM
I have two factor authentication on my accounts.

It was stolen despite this.

Ouch.

This is as far as I know the first report of 2FA being worthless on MtGox.

And if memory serves, the last time they got hacked it also started with two weeks of compromised accounts (which the "victims of their own success" blamed on the actual victims, of course).

D&T does have a point tho, any details you can provide would be useful.
saint-tropez
newbie
Activity: 8
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 03:45:47 PM
#28
this is so sad...
ija
newbie
Activity: 8
Merit: 0
Re: mt gox account stolen, I lost all my money
May 13, 2013, 03:41:47 PM
#27
Fawksey

uhmn, run a virus scan on your pc and mobile... and please tell us if you have any malicious software installed.

Hnm could be a decent hacker who just deletes the malicious software after use. There probably is something that points to what happened.


If she had back ups of her reset keys then they could "bypass" the security.

Ps fawkesy i agree with you about monsanto ... very naughty peeps.


DeathAndTaxes
donator
Activity: 1218
Merit: 1079
Gerald Davis
Re: mt gox account stolen, I lost all my money
May 13, 2013, 03:04:05 PM
#26
Quote from: flatfly on May 13, 2013, 02:59:22 PM
Quote from: DeathAndTaxes on May 13, 2013, 02:28:42 PM
Quote from: flatfly on May 13, 2013, 02:22:54 PM
Stop believing the myth that TFA is uncrackable.
It does improve security, sure, but it is no way the holy grail.
There have been precedents where malware could steal funds despite TFA.

http://www.wired.com/insights/2013/04/five-myths-of-two-factor-authentication-and-the-reality/


Please provide some examples, your linked article did nothing of the sort. 

Nobody said anything about holy grail but extraordinary claims require extraordinary details. The OP provided no details so to assume MtGox 2FA has been compromised is dubious at this time.

Quote
Measures like the above would greatly help secure user accounts (in addition to TFA) while being rather easy to implement, so Gox really has no excuses for neglecting such details.
 

Unless the OP had a horribly weak password the most common attack vector is compromise to the users machine and gain access to credentials via keylogger.  In that instance it is highly likely the user's email address is compromised as well (unless it is also protected by 2FA).  A more sophisticated attack would use OP computer as a proxy or to just steal the OP session when already logged in.  In either case the only IP would be the users.  Layering steps and procedures which all involve the same compromised machine is probably just "feel good" security.

My claim was not that extraordinary... It's not like I'm saying
I was abducted by a UFO or something Smiley

Anyway, here's one rather famous example:

http://arstechnica.com/security/2012/12/sophisticated-botnet-steals-more-than-47m-by-infecting-pcs-and-phones/

I agree with the rest of your comments.



Nice example.  This is one reason why I favor dedicated offline tokens.  PayPal (of all people) uses a nice one which is the size of a credit card so you can easily store it in your wallet.

The extraordinary claim was more direct at the OP claim.  Some  details would be nice.  Past examples of people reporting their 2FA on MtGox was compromised turned out to be untrue (in one example user never activated it due to user error).
Pages:
Bitcoin Forum>Other>Beginners & Help
Jump to: