Hello,
It seems that there is an attack going on right now on MtGox from attackers in Poland. The timing of the attack is well chosen: MtGox support service is off in the week-end, the account holders cannot contact MtGox, thus leaving the attackers free to withdraw any money they want.
THE SITUATION:
We are an MtGox customer. We use it to transfer relatively large amounts of money.
In the last few weeks, MtGox has surprisingly stopped processing withdrawals, some of our withdrawals have been pending for 3 weeks now. These are international wire transfers. For Euro SEPA transfer, MtGox warns that it could take months to have it processed. MtGox is blaming a "large backlog". It might or might not be true, this is MtGox after all.
Today, we received an email about a password reset.
Of course, we never initiated this password reset. MtGox mentions the IP address of the attacker in the password reset email: 178.42.125.117 . This IP address comes from Poland. It seems that the attackers don't even bother using proxies. This request from a IP in Poland didn't worry MtGox, although we consistently access our MtGox account from the UK, and only the UK.
Now, this wouldn't be that worrying, but the thing is we never gave the user ID of our account to anyone or publicly. The only way for an attacker to initiate this password reset would be to have access to the MtGox database.
Furthermore, MtGox sends the password reset email in CLEAR over the internet.
TO SUM UP:
So we have this situation where:
- MtGox doesn't process withdrawals anymore, so all our money sits on the MtGox account.
- MtGox database has been compromised by attackers, presumably in Poland.
- MtGox sends password reset emails in clear.
- MtGox customer service is off in the weekend.
THE RESULT:
Now, if an attacker got access to the MtGox database (at the very least they've got the list of user IDs, since they've got ours), he can also put a server in the same colocation areas as MtGox servers, sniffing their traffic, thus the password reset emails and validation code.
This is presumably what the attacker did.
At the moment, we have no access to our account (but surely the attacker has), and we have no way to contact MtGox, even sending them an email to urgently freeze our account is impossible, as they don't work in the weekend. Meanwhile, the attacker is surely enjoying his new bitcoins, since the bitcoin withdrawal system works very well, even in the weekend.
If anyone has any idea how to handle this type of issue, I would be very thankful.
It seems that there is an attack going on right now on MtGox from attackers in Poland. The timing of the attack is well chosen: MtGox support service is off in the week-end, the account holders cannot contact MtGox, thus leaving the attackers free to withdraw any money they want.
THE SITUATION:
We are an MtGox customer. We use it to transfer relatively large amounts of money.
In the last few weeks, MtGox has surprisingly stopped processing withdrawals, some of our withdrawals have been pending for 3 weeks now. These are international wire transfers. For Euro SEPA transfer, MtGox warns that it could take months to have it processed. MtGox is blaming a "large backlog". It might or might not be true, this is MtGox after all.
Today, we received an email about a password reset.
Of course, we never initiated this password reset. MtGox mentions the IP address of the attacker in the password reset email: 178.42.125.117 . This IP address comes from Poland. It seems that the attackers don't even bother using proxies. This request from a IP in Poland didn't worry MtGox, although we consistently access our MtGox account from the UK, and only the UK.
Now, this wouldn't be that worrying, but the thing is we never gave the user ID of our account to anyone or publicly. The only way for an attacker to initiate this password reset would be to have access to the MtGox database.
Furthermore, MtGox sends the password reset email in CLEAR over the internet.
TO SUM UP:
So we have this situation where:
- MtGox doesn't process withdrawals anymore, so all our money sits on the MtGox account.
- MtGox database has been compromised by attackers, presumably in Poland.
- MtGox sends password reset emails in clear.
- MtGox customer service is off in the weekend.
THE RESULT:
Now, if an attacker got access to the MtGox database (at the very least they've got the list of user IDs, since they've got ours), he can also put a server in the same colocation areas as MtGox servers, sniffing their traffic, thus the password reset emails and validation code.
This is presumably what the attacker did.
At the moment, we have no access to our account (but surely the attacker has), and we have no way to contact MtGox, even sending them an email to urgently freeze our account is impossible, as they don't work in the weekend. Meanwhile, the attacker is surely enjoying his new bitcoins, since the bitcoin withdrawal system works very well, even in the weekend.
If anyone has any idea how to handle this type of issue, I would be very thankful.
But you have 2-Factor Authentication enabled right???
Then they couldnt get into your account with just your email and password/
Right
