Pages:
Author

Topic: Mt.Gox Account secured with Yubikey but still had 29 BTCs stolen - page 5. (Read 8600 times)

newbie
Activity: 31
Merit: 0
what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:



My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I personally never had a need for it.

so you were using SMS based GA or running the GA app on your phone?

Will

GA app.

OP, can you ask MtGox to check and confirm:

a) that funds can only be withdrawn from your account when the yubikey is used.
b) that their logs show a 3-sec (long-press) was actually performed on this withdrawal.

I will ask them right away on these specific points.
hero member
Activity: 767
Merit: 500
what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:



My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I never personally had a need for it.

so you were using SMS based GA or running the GA app on your phone?

Will
newbie
Activity: 31
Merit: 0
what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:



My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I never personally had a need for it.
legendary
Activity: 966
Merit: 1000
You guys are killing me all these security measures. The questions you have asked of the OP I could never answer.

If this guy gets screwed what chance does the average person have?
newbie
Activity: 31
Merit: 0
I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

Out of curiosity, what verification level is your account?
 - http://en.bitcoin.it/wiki/Mt._Gox#AML



Verified level 1. I did the whole verification process and sent them my info.
legendary
Activity: 2506
Merit: 1010
I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

Out of curiosity, what verification level is your account?
 - http://en.bitcoin.it/wiki/Mt._Gox#AML
legendary
Activity: 1078
Merit: 1006
100 satoshis -> ISO code
OP, can you ask MtGox to check and confirm:

a) that funds can only be withdrawn from your account when the yubikey is used.
b) that their logs show a 3-sec (long-press) was actually performed on this withdrawal.
hero member
Activity: 767
Merit: 500
what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will
newbie
Activity: 31
Merit: 0
check you didn't have any extensions installed that had full access to your computer (NPAPI) or had access to contents of tabs, or mtgox.

an extension such as this could inject malicious javascript into your mtgox page.

Will



I really don't think its the trade bot. Anyone can take a look at the source code https://github.com/TobbeLino/GoxTradingBotTobli.
hero member
Activity: 767
Merit: 500
check you didn't have any extensions installed that had full access to your computer (NPAPI) or had access to contents of tabs, or mtgox.

an extension such as this could inject malicious javascript into your mtgox page.

Will
vip
Activity: 756
Merit: 503
I don't leave any coins on any exchange unless I need to trade.
newbie
Activity: 31
Merit: 0
There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.




Thank you guys for your input thus far. I think I will have to distance myself from BTC since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.
Long term investment should never be left on a exchange, use a paper wallet or an offline computer with Armory.

If this was Mt. Gox's doing and was a result of their financial situation, wouldn't it still be unsafe in the short term if their financial situation got desperate enough? I'd imagine it would be something similar to Russian roulette with risks increasing every second when they have your BTCs.
vip
Activity: 756
Merit: 503
There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.




Thank you guys for your input thus far. I think I will have to distance myself from BTC since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.
Long term investment should never be left on an exchange, use a paper wallet or an offline computer with Armory.
newbie
Activity: 31
Merit: 0
There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.




Thank you guys for your input thus far. I think I will have to distance myself from BTC now since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.
legendary
Activity: 966
Merit: 1000
there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.

vip
Activity: 756
Merit: 503
There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.
newbie
Activity: 31
Merit: 0
You do have a lot of annoying AdWare, this shouldn't be found on a "secure" computer.

I've did a bit of digging into these AdWare but none of them seems to be able to take over my computer or is even related to bitcoin. I'm running MSE atm but it never recorded any attacks in its log. The logged ip address that did the transfer was from China; is this really something that originated from my PC? I'm still not sure how my Yubikey was bypassed unless it was by Mt. Gox employees.
vip
Activity: 756
Merit: 503
You do have a lot of annoying AdWare, this shouldn't be found on a "secure" computer.
newbie
Activity: 31
Merit: 0
Maybe his computer was on at the time, logged in on his Gox account? Someone might've taken over the computer.



My PC is located in my home but the person who withdrew had an ip address from China. Malwarebytes did not detect anything that I think would take over my computer. I'm not sure what it could be.

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Holes via Google auth? Can you clarify?

https://blockchain.info/address/1Zq3rJPzNMi9vJ1KqT9SKfAcfHx8NYVds

Just looking for clues...

Why 2.00 + 2.00 + 25.20793 to get them out instead of one transaction?

Maybe someone was testing if they got around my Yubikey but I still don't know how. I am still suspecting Mt. Gox itself doing this.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.
Pages:
Jump to: