Pages:
Author

Topic: MtGox Collapsing (and taking bitcoin down with them?) (Read 13643 times)

donator
Activity: 29
Merit: 252
If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.

Or, there's an easier way that can be implemented right now without a drastic change in policy.

I feel that the TFA is useless when you can permit unlimited btc withdrawals to *arbitrary* adresses  via the API. Mt. Gox should restrict BTC api withdrawals to withdraw methods (BTC addresses, in this case) that have been set up *through* the withdraw center.  The latter can be configured by the user to require two-factor auth.


That way, I can use the API and still be sure that any withdrawals are  *only* happening to addresses configured via TFA.

The currently advertized "two-factor auth." is not really so when API can be used to withdraw.  Currently, the only way to force TFA on our accounts is to disable the API.

hero member
Activity: 900
Merit: 1000
Crypto Geek
If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.

The first exchange to bring this out would for sure get a decent % of my business  Grin

Or at least support bitcoin address signatures. On OTC, Gribble already supports authenticating by using this feature of the Bitcoin software.

I can't use $bitcoind gethelp as I'm behind a heavily firewalled connection on a heavily restricted machine...
 but I'd like to know more about that...
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.

The first exchange to bring this out would for sure get a decent % of my business  Grin

Or at least support bitcoin address signatures. On OTC, Gribble already supports authenticating by using this feature of the Bitcoin software.
hero member
Activity: 1138
Merit: 523
If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.

The first exchange to bring this out would for sure get a decent % of my business  Grin
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.
hero member
Activity: 1138
Merit: 523
I just don't understand how this happened Huh

I scanned my pc with several AV's & nothing,my email isn't compromised(dosen't appear to be).

If my PC was hacked they would've gotten my wallet too,if my email was hacked they would've gotten my pool info & coins from there too.

I'm SOOO confused............

The only thing I can think of is MTgox security is freakin lame.

 Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh
Did you click on any links in emails from MtGox?

EDIT:  Also, check your browser history for any sites with "mtgox" in it, and see what the base domain of each is (everything before .com).

They never have links in thier emails so no.rjk said my PW was weak,so I guess thats why.

Heres the info on the trade,I changed my PW & will no longer keep ANY coins or cash in there ever:

There has been a withdrawal from your Mt.Gox account:

Transaction reference: 020c4071-151d-4ac6-11fa-14d1fb9df1a4
Date: 2012-06-04 11:05:02 GMT
IP: 82.198.47.30

You can access your account history for more details.

Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

Thanks,
The Mt.Gox Team

The IP looks like it's in spain,like that means anything  Roll Eyes

Here's the wallet my coins went to:



2012/06/04 07:05:02

Withdraw


36.17303753 BTC

0.00000000 BTC



Bitcoin withdraw to 1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P


There are a bunch of peeps targeting LR exchangers that are also looking at BTC atm www.paygold.com for example used to be full of crap (rootkits and funny exploits). They used a modified version of the TDSS rootkit I was stupid and went to buy some LR while working on a miner  Embarrassed this shit spread over most of my local network fairly quickly and the clean up was a bitch. One nice little utility that worked well was http://support.kaspersky.com/faq/?qid=208283363 I got off cheaply as they only managed to stick on that addy switcher trojan on one box so it cost me 0.83btc.

However the whole mess was down to me being stupid. And trying to use an unhardened miner to buy some LR  Embarrassed
hero member
Activity: 546
Merit: 500

Bitcoin withdraw to 1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P


It's still sitting there untouched for a month?

http://www.blockchain.info/address/1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P
full member
Activity: 237
Merit: 100
Bitcoin withdraw to 1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P

Hey, that's my address!. Thanks man!
(joke)
legendary
Activity: 2212
Merit: 1001
I just don't understand how this happened Huh

I scanned my pc with several AV's & nothing,my email isn't compromised(dosen't appear to be).

If my PC was hacked they would've gotten my wallet too,if my email was hacked they would've gotten my pool info & coins from there too.

I'm SOOO confused............

The only thing I can think of is MTgox security is freakin lame.

 Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh
Did you click on any links in emails from MtGox?

EDIT:  Also, check your browser history for any sites with "mtgox" in it, and see what the base domain of each is (everything before .com).

They never have links in thier emails so no.rjk said my PW was weak,so I guess thats why.

Heres the info on the trade,I changed my PW & will no longer keep ANY coins or cash in there ever:

There has been a withdrawal from your Mt.Gox account:

Transaction reference: 020c4071-151d-4ac6-11fa-14d1fb9df1a4
Date: 2012-06-04 11:05:02 GMT
IP: 82.198.47.30

You can access your account history for more details.

Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

Thanks,
The Mt.Gox Team

The IP looks like it's in spain,like that means anything  Roll Eyes

Here's the wallet my coins went to:



2012/06/04 07:05:02

Withdraw


36.17303753 BTC

0.00000000 BTC



Bitcoin withdraw to 1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P
legendary
Activity: 1400
Merit: 1005
I just don't understand how this happened Huh

I scanned my pc with several AV's & nothing,my email isn't compromised(dosen't appear to be).

If my PC was hacked they would've gotten my wallet too,if my email was hacked they would've gotten my pool info & coins from there too.

I'm SOOO confused............

The only thing I can think of is MTgox security is freakin lame.

 Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh
Did you click on any links in emails from MtGox?

EDIT:  Also, check your browser history for any sites with "mtgox" in it, and see what the base domain of each is (everything before .com).
full member
Activity: 182
Merit: 100
What is the best bitcoin trading site beside Mt. gox?
hero member
Activity: 812
Merit: 1001
-
As a further remedy, if you wish to retrieve your funds, we ask that you file a police report for the stolen goods. It is preferable for the police to inspect your computer, but not necessary. Once this investigation has occurred and a copy of the police report issued, please send a copy of it along with a notarized copy of your passport or Government issued photo ID to Mt.Gox and have the police contact us so that we can cooperate with their investigation by providing any requested information.

Actually this is quite reasonable position. I would do the same in mtgox's position.
legendary
Activity: 2212
Merit: 1001
I just don't understand how this happened Huh

I scanned my pc with several AV's & nothing,my email isn't compromised(dosen't appear to be).

If my PC was hacked they would've gotten my wallet too,if my email was hacked they would've gotten my pool info & coins from there too.

I'm SOOO confused............

The only thing I can think of is MTgox security is freakin lame.

 Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh Huh


legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Well, Goat recently got his 400 BTC, so you can start there.
legendary
Activity: 2212
Merit: 1001
Did you ever log on via any kind of unsecured network, and have you verified that your system is malware-free?

Nope,I only login from my main PC & scan my PC regularly.

Edit:

Well I'm SOL,I thought so:

Thank you for your inquiry. We would recommend you to change your password as soon as possible. Unfortunately, bitcoin transactions are irreversible and we can not refund any amount of the stolen funds. As a business if Mt.Gox were to offer you a cash or bitcoin refund in compensation of this extremely unfortunate event, there would be a large increase in the number of hacking attempts to capitalize upon the possibility of financial reward.

As a further remedy, if you wish to retrieve your funds, we ask that you file a police report for the stolen goods. It is preferable for the police to inspect your computer, but not necessary. Once this investigation has occurred and a copy of the police report issued, please send a copy of it along with a notarized copy of your passport or Government issued photo ID to Mt.Gox and have the police contact us so that we can cooperate with their investigation by providing any requested information.

Please let us know how you wish to proceed, and again we apologize for the frustration and inconvenience caused.

Like the police can help,now THATS FUNNY !!!!!!!!!!!!!!!!!

I've got the IP & a wallet address the coins went to,anyone willing (or know how to) to do some detective work?? Not sure how much I could pay,but we can work something out.

Oh well,I'll earn more & keep them well hidden.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Did you ever log on via any kind of unsecured network, and have you verified that your system is malware-free?
legendary
Activity: 2212
Merit: 1001
Has anyone hacked Mtgox?? My account got cleaned out Shocked

How do I go about getting help with this.I emailed them just now.So,I'm waiting for a response,but maybe you guys know a faster way to results.

This sucks   Cry
Another one? Did you happen to use an insecure password, OR did you happen to use the same password on both Bitcoinica and MtGox?

Repeat after me: The value of the Yubikey is greater than the loss of all my funds!

Nope,my PW is different on any & all accounts.I never had a Bitcoinia account,thank god.None of my PW's have been changed either,soo............

 Huh Huh Huh Huh Huh
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Has anyone hacked Mtgox?? My account got cleaned out Shocked

How do I go about getting help with this.I emailed them just now.So,I'm waiting for a response,but maybe you guys know a faster way to results.

This sucks   Cry
Another one? Did you happen to use an insecure password, OR did you happen to use the same password on both Bitcoinica and MtGox?

Repeat after me: The value of the Yubikey is greater than the loss of all my funds!
legendary
Activity: 2212
Merit: 1001
Has anyone hacked Mtgox?? My account got cleaned out Shocked

How do I go about getting help with this.I emailed them just now.So,I'm waiting for a response,but maybe you guys know a faster way to results.

This sucks   Cry
legendary
Activity: 1204
Merit: 1015
Heh, thanks.
Pages:
Jump to: