Mt.Gox Account secured with Yubikey but still had 29 BTCs stolen - page 5.

JRam

newbie

Activity: 31

Merit: 0

Quote from: willphase on September 14, 2013, 07:39:46 PM

Quote from: JRam on September 14, 2013, 07:39:05 PM

Quote from: willphase on September 14, 2013, 06:19:52 PM

what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:

My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I personally never had a need for it.

so you were using SMS based GA or running the GA app on your phone?

Will

GA app.

Quote from: solex on September 14, 2013, 06:45:01 PM

OP, can you ask MtGox to check and confirm:

a) that funds can only be withdrawn from your account when the yubikey is used.
b) that their logs show a 3-sec (long-press) was actually performed on this withdrawal.

I will ask them right away on these specific points.

willphase

hero member

Activity: 767

Merit: 500

Quote from: JRam on September 14, 2013, 07:39:05 PM

Quote from: willphase on September 14, 2013, 06:19:52 PM

what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:

My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I never personally had a need for it.

so you were using SMS based GA or running the GA app on your phone?

Will

JRam

newbie

Activity: 31

Merit: 0

Quote from: willphase on September 14, 2013, 06:19:52 PM

what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

Here it is straight from my T-Mobile personal account although I had to black out my name and number:

My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I never personally had a need for it.

sublime5447

legendary

Activity: 966

Merit: 1000

You guys are killing me all these security measures. The questions you have asked of the OP I could never answer.

If this guy gets screwed what chance does the average person have?

JRam

newbie

Activity: 31

Merit: 0

Quote from: Stephen Gornick on September 14, 2013, 06:59:02 PM

Quote from: JRam on September 14, 2013, 09:11:05 AM

I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

Out of curiosity, what verification level is your account?
- http://en.bitcoin.it/wiki/Mt._Gox#AML

Verified level 1. I did the whole verification process and sent them my info.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: JRam on September 14, 2013, 09:11:05 AM

I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

Out of curiosity, what verification level is your account?
- http://en.bitcoin.it/wiki/Mt._Gox#AML

solex

legendary

Activity: 1078

Merit: 1006

100 satoshis -> ISO code

OP, can you ask MtGox to check and confirm:

a) that funds can only be withdrawn from your account when the yubikey is used.
b) that their logs show a 3-sec (long-press) was actually performed on this withdrawal.

willphase

hero member

Activity: 767

Merit: 500

what device is your GA stored on?

Is the device rooted?

Did you make backups of the GA seed somehow or somewhere, and if so, where were those stored?

Will

JRam

newbie

Activity: 31

Merit: 0

Quote from: willphase on September 14, 2013, 05:56:04 PM

check you didn't have any extensions installed that had full access to your computer (NPAPI) or had access to contents of tabs, or mtgox.

an extension such as this could inject malicious javascript into your mtgox page.

Will

I really don't think its the trade bot. Anyone can take a look at the source code https://github.com/TobbeLino/GoxTradingBotTobli.

willphase

hero member

Activity: 767

Merit: 500

check you didn't have any extensions installed that had full access to your computer (NPAPI) or had access to contents of tabs, or mtgox.

an extension such as this could inject malicious javascript into your mtgox page.

Will

01BTC10

vip

Activity: 756

Merit: 503

I don't leave any coins on any exchange unless I need to trade.

JRam

newbie

Activity: 31

Merit: 0

Quote from: 01BTC10 on September 14, 2013, 05:09:15 PM

Quote from: JRam on September 14, 2013, 05:07:38 PM

Quote from: 01BTC10 on September 14, 2013, 05:02:54 PM

There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

Quote from: sublime5447 on September 14, 2013, 05:03:35 PM

Quote from: niko on September 14, 2013, 02:40:59 PM

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.

Thank you guys for your input thus far. I think I will have to distance myself from BTC since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.

Long term investment should never be left on a exchange, use a paper wallet or an offline computer with Armory.

If this was Mt. Gox's doing and was a result of their financial situation, wouldn't it still be unsafe in the short term if their financial situation got desperate enough? I'd imagine it would be something similar to Russian roulette with risks increasing every second when they have your BTCs.

01BTC10

vip

Activity: 756

Merit: 503

Quote from: JRam on September 14, 2013, 05:07:38 PM

Quote from: 01BTC10 on September 14, 2013, 05:02:54 PM

There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

Quote from: sublime5447 on September 14, 2013, 05:03:35 PM

Quote from: niko on September 14, 2013, 02:40:59 PM

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.

Thank you guys for your input thus far. I think I will have to distance myself from BTC since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.

Long term investment should never be left on an exchange, use a paper wallet or an offline computer with Armory.

JRam

newbie

Activity: 31

Merit: 0

Quote from: 01BTC10 on September 14, 2013, 05:02:54 PM

There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

Quote from: sublime5447 on September 14, 2013, 05:03:35 PM

Quote from: niko on September 14, 2013, 02:40:59 PM

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.

Thank you guys for your input thus far. I think I will have to distance myself from BTC now since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.

sublime5447

legendary

Activity: 966

Merit: 1000

Quote from: niko on September 14, 2013, 02:40:59 PM

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Cash payments are reversible it is called small claims court.

Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.

It makes me sick that this happened to you.

01BTC10

vip

Activity: 756

Merit: 503

There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.

JRam

newbie

Activity: 31

Merit: 0

Quote from: 01BTC10 on September 14, 2013, 04:53:04 PM

You do have a lot of annoying AdWare, this shouldn't be found on a "secure" computer.

I've did a bit of digging into these AdWare but none of them seems to be able to take over my computer or is even related to bitcoin. I'm running MSE atm but it never recorded any attacks in its log. The logged ip address that did the transfer was from China; is this really something that originated from my PC? I'm still not sure how my Yubikey was bypassed unless it was by Mt. Gox employees.

01BTC10

vip

Activity: 756

Merit: 503

You do have a lot of annoying AdWare, this shouldn't be found on a "secure" computer.

JRam

newbie

Activity: 31

Merit: 0

Quote from: ardana123 on September 14, 2013, 01:19:22 PM

Maybe his computer was on at the time, logged in on his Gox account? Someone might've taken over the computer.

My PC is located in my home but the person who withdrew had an ip address from China. Malwarebytes did not detect anything that I think would take over my computer. I'm not sure what it could be.

Quote from: niko on September 14, 2013, 02:40:59 PM

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Holes via Google auth? Can you clarify?

Quote from: BurtW on September 14, 2013, 10:38:39 AM

https://blockchain.info/address/1Zq3rJPzNMi9vJ1KqT9SKfAcfHx8NYVds

Just looking for clues...

Why 2.00 + 2.00 + 25.20793 to get them out instead of one transaction?

Maybe someone was testing if they got around my Yubikey but I still don't know how. I am still suspecting Mt. Gox itself doing this.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: rufusBTC on September 14, 2013, 01:33:23 PM

there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Yeah, that's the same reason why nobody in the world uses cash... huge weakness.

@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.

Topic: Mt.Gox Account secured with Yubikey but still had 29 BTCs stolen - page 5. (Read 8565 times)