Pages:
Author

Topic: Mt.Gox Account secured with Yubikey but still had 29 BTCs stolen - page 6. (Read 8600 times)

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.

Bitcoin doesn't work like that but exchanges could very easily let you set up your account so that say a BTC transfer won't occur until 24+ hours after requesting it giving you time to cancel such theft attempts.

Bitcoin's *strength* is that it isn't reversible - but that does make it harder when building services that use it to help protect the users (it's always going to be a trade-off between speed and expense).
jr. member
Activity: 121
Merit: 1
The World’s First Blockchain Core
there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
hero member
Activity: 504
Merit: 500
Maybe his computer was on at the time, logged in on his Gox account? Someone might've taken over the computer.
vip
Activity: 756
Merit: 503
Must be the api access you enabled if you had a yubikey configured.
Quote
API key was only granted permissions to get_info and trade.
hero member
Activity: 504
Merit: 500
Must be the api access you enabled if you had a yubikey configured.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
https://blockchain.info/address/1Zq3rJPzNMi9vJ1KqT9SKfAcfHx8NYVds

Just looking for clues...

Why 2.00 + 2.00 + 25.20793 to get them out instead of one transaction?

Then they moved 52 out of their wallet and we get to see a lot of the addresses in their wallet.

Then they moved 101 out of the same wallet and we get to see a lot more of the addresses in their wallet.

So it appears we have a lot to go on here...

47 of the 101 ended up here:  

https://blockchain.info/address/1AYTN944QaxUJiy2kkeyMoue1DNXBtvFTy

56 of the 101 ended up here:  

https://blockchain.info/address/12HXeLmimYVQUz2kojkPcMHHPQYPMaAond

Some of the coins went through this interesting address:  

https://blockchain.info/address/1LBCfs6JUWCgZWzHddHuiZsSMZ7E64YmcP

Does anyone recognize this mixing method?
newbie
Activity: 31
Merit: 0
Go into "Security Center" -> "Current API Keys"

Confirm there's nothing there.



I use the TobbeLino trade bot https://github.com/TobbeLino/GoxTradingBotTobli but its API key was only granted permissions to get_info and trade. This bot was also disabled for over a week so I don't think this is the cause.
full member
Activity: 130
Merit: 100
Go into "Security Center" -> "Current API Keys"

Confirm there's nothing there.
sr. member
Activity: 504
Merit: 250
You don't have Google authenticate or a paired cell phone also on your withdraw methods?

If a Yubikey can be faked every university or other business using them are in trouble and no, you can't sniff the key from a Yubikey it's a hard coded non recursive algorithm that calculates the last characters of you key every time you press the button. The long press used for withdrawals is even more complex.

So Gox hack or inside theft?
vip
Activity: 756
Merit: 503
I know it sounds dumb but I remember reading about someone who had a YubiKey but forgot to activate it in his MtGox security center.

Can you clarify? I see my Yubikey specifically under "Withdrawals".
You should be good then.

Haha, well apparently not since someone still managed to steal from my account. I added screenshots of the Yubikey. Yubikeys aren't supposed to be easy to crack are they? I can only think of Mt. Gox itself doing this so I will never trust them again.
I don't have any clue what went wrong in your case but at least you didn't forget to activate your YubiKey like I've already seen in the past.

Does the OTP value I see is Google Authenticator? If you did a backup of the seed somewhere it could have been stolen.
newbie
Activity: 31
Merit: 0
I know it sounds dumb but I remember reading about someone who had a YubiKey but forgot to activate it in his MtGox security center.

Can you clarify? I see my Yubikey specifically under "Withdrawals".
You should be good then.

Haha, well apparently not since someone still managed to steal from my account. I added screenshots of the Yubikey. Yubikeys aren't supposed to be easy to crack are they? I can only think of Mt. Gox itself doing this so I will never trust them again.
vip
Activity: 756
Merit: 503
I know it sounds dumb but I remember reading about someone who had a YubiKey but forgot to activate it in his MtGox security center.

Can you clarify? I see my Yubikey specifically under "Withdrawals".
You should be good then.
newbie
Activity: 31
Merit: 0
I know it sounds dumb but I remember reading about someone who had a YubiKey but forgot to activate it in his MtGox security center.

Can you clarify? I see my Yubikey specifically under "Withdrawals".
vip
Activity: 756
Merit: 503
I know it sounds dumb but I remember reading about someone who had a YubiKey but forgot to activate it in his MtGox security center.
newbie
Activity: 31
Merit: 0








All of the trade activity in the screenshot are not mine. I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

How hard is it to bypass the Yubikey? I was not even awake at around 4 AM when this happened so I don't think it is malware or plishing. In case this is some form of delayed malware, I'm doing a full scan at the moment with Malwarebytes. I am beginning to suspect Mt.Gox internal operations of doing this especially after hearing all the news about Mt.Gox's financial problems.

When you think about it, the IP address that stole my coins was from China and I am based in the US. Any half decent business would find this to be a red flag and delay the withdrawal. Maybe Mt. Gox is deliberately letting these glaring red flags slide?

I don't want to believe it but the possibility of the largest BTC exchange stealing from its users paints a grim picture for BTC. If my suspicions are correct, I hope this serves as a warning to the rest of the BTC community.
Pages:
Jump to: