Author

Topic: Mtgox Account Hacked (Read 2930 times)

hero member
Activity: 792
Merit: 1000
Bite me
February 03, 2014, 07:26:07 AM
#19
it's nothing to do with mtgox - if you use a comprised machine or share username / passwords  or use free wifi
there are many ways of 2FA
..
learn how to protect yourself online -
full member
Activity: 196
Merit: 100
February 01, 2014, 02:16:45 AM
#18
my account has been compromissed and after 12h nobody from mtgox got in contact with me, it seems that the address kept the BTC for a while so maybe there was something to do but they are to lazy and i am not that important.

i didn´t have the 2FA because i don´t have android mobile but that doesn´t mean that mtgox should clean their hand and do nothing. they should have some responsabilties. other exchanges request you to click a link on the email they send to confirm the transaction. if it was like that i wouldn´t been hack because my email hasn´t beeen compromissed.

i know one that will not use mtgox again and will try to do my best to expando my experience around the forums so people is aware about mtgox
hero member
Activity: 798
Merit: 531
Crypto is King.
August 28, 2013, 11:43:44 AM
#17
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?
A dictionary based password for your $$$? D=
hero member
Activity: 792
Merit: 1000
Bite me
August 28, 2013, 10:59:46 AM
#16
OP said he wasn't
but the OP needs to clean his machine NOW
he has a keylogger [my guess]
also he should use lastpass after he has cleaned himself
sr. member
Activity: 367
Merit: 250
Find me at Bitrated
August 28, 2013, 10:08:33 AM
#15
Did we confirm that OP was using 2-factor? Because that would save him the biggest headache there, even if his password was compromised it's another layer of security that can't easily be cracked
sr. member
Activity: 362
Merit: 252
August 28, 2013, 09:22:17 AM
#14
Scan your computer for malware. Kaspersky is not good enough.
kaspersky is good enough but for added protection use malwarebytes Smiley now your covered all angles

if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password
www.passwordmeter.com/  check out your passwords XD

You are kidding me, right? Are all people here this badly educated about the very simple topic of internet security?

There is today only one way to do it right:

Get Lastpass and choose a really secure last password (Just read up about how to choose and remember it. 20 chars of random jibberish should be a good start. And YES everybody who has the right to vote should be able to remember such a password).
Get a Yubikey.
Get GoogleAuthenticator.
Use a unique password generated by Lastpass for every site (20 chars from all possible characters)
Use 2 Factor Auth on any service that offers it.
If Yubikey and GoogleAuth are offered, use Yubikey (Hardware before Software).

--> Sleep tight at night.
legendary
Activity: 1540
Merit: 1002
August 28, 2013, 09:10:33 AM
#13
Scan your computer for malware. Kaspersky is not good enough.
kaspersky is good enough but for added protection use malwarebytes Smiley now your covered all angles

if anything has to do with money use passwords with special keys like !@:. this makes it much harder for people to bruteforce a password
www.passwordmeter.com/  check out your passwords XD
newbie
Activity: 19
Merit: 0
August 28, 2013, 09:05:34 AM
#12
If its malware then i have more bitcoins ....but they are intact
b!z
legendary
Activity: 1582
Merit: 1010
August 28, 2013, 08:37:56 AM
#11
Scan your computer for malware. Kaspersky is not good enough.
full member
Activity: 228
Merit: 100
CIYAM - UI/UX design
August 28, 2013, 07:25:07 AM
#10
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc


What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money.

+1 don't use any password twice ...
newbie
Activity: 19
Merit: 0
August 28, 2013, 07:17:03 AM
#9
yes i know ....i used the same password.... and levino i m currently MCS and doing MS(CS) ....some time develops some php websites ....And after the mistake of same pass i got my lesson from it...
sr. member
Activity: 350
Merit: 250
August 28, 2013, 06:34:04 AM
#8
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?


You obviously chose an easy password, and the same for different website.
:/ It was a mistake.
newbie
Activity: 19
Merit: 0
August 28, 2013, 06:32:27 AM
#7
I think its brute forced .... bacause the password was dictionary based... but they can add brute force detection to their website ? or not?
sr. member
Activity: 362
Merit: 252
August 28, 2013, 06:29:54 AM
#6
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc


What are you developing as "a developer"? Gameboy games? Stop whining. If you use credentials twice this has been the perfect lesson for you. Before you mess with bitcoins, do your homework. In your case probably get a BA in Computer Science. Before you know what you are doing, let the older kids play with the real money.
sr. member
Activity: 350
Merit: 250
August 28, 2013, 06:26:31 AM
#5
keylogger, brute forced or whatever error you made.
If anyone could access mt.gox database they would NOT choose an account with only 600$ :/

Sorry for your loss though
newbie
Activity: 19
Merit: 0
August 28, 2013, 06:24:50 AM
#4
i didnot made any transaction of withdrawl to bitcoin... actually i added bitcoin traded it for dollars, added a bank account ... and for waiting for bank addition verification i logged out of my account
     next day i logged into my email and get the mail of withdrawl information with ip information
Transaction reference: 530f092e-dda9-4404-86a2-5d3c8b8c44e7
Date: 2013-08-27 22:31:32 GMT
IP: 121.233.121.219

   i have the same password for bitmit.net and i think they are a trusted compay .....
My old password is working .... the person only withdrawn the fund to its btc
hero member
Activity: 792
Merit: 1000
Bite me
August 28, 2013, 06:19:34 AM
#3
2FA
use lastpass
Kaspersky  Roll Eyes
used the same login details elsewhere
sr. member
Activity: 350
Merit: 250
August 28, 2013, 06:17:49 AM
#2
Do you have any proof that mt.gox was compromised?
It would be much more probable that it was you.

Maybe you registered on an other website with the same password, and the website was a scam ...
newbie
Activity: 19
Merit: 0
August 28, 2013, 06:13:35 AM
#1
My Mtgox account has been hacked .... it had $600+ .... someone with china ip address accessed the account ... move funds to BTC and withdraw it to bitcoin
      I am a developer and i m pretty sure that my system is secure with Kaspersky internet security ... and i dont get scammed with any type of phishing attack
     i don't know which type of security they had ... that anyone can access any other account....i didn't used any OTP/yubikey .... but cracking a website password indicates their bad security issues....as my system is secure, whom should i blame? me? add funds to mtgox or their website security
 
Jump to: