Topic: MtGox Collapsing (and taking bitcoin down with them?) (Read 13621 times)

Or, there's an easier way that can be implemented right now without a drastic change in policy.

I feel that the TFA is useless when you can permit unlimited btc withdrawals to *arbitrary* adresses  via the API. Mt. Gox should restrict BTC api withdrawals to withdraw methods (BTC addresses, in this case) that have been set up *through* the withdraw center.  The latter can be configured by the user to require two-factor auth.


That way, I can use the API and still be sure that any withdrawals are  *only* happening to addresses configured via TFA.

The currently advertized "two-factor auth." is not really so when API can be used to withdraw.  Currently, the only way to force TFA on our accounts is to disable the API.

I can't use $bitcoind gethelp as I'm behind a heavily firewalled connection on a heavily restricted machine...
 but I'd like to know more about that...

Or at least support bitcoin address signatures. On OTC, Gribble already supports authenticating by using this feature of the Bitcoin software.

The first exchange to bring this out would for sure get a decent % of my business 

If accounts in MtGox could be enabled so that a PGP-signed message was required to do a withdrawal, MtGox would conclusively be able to prove that any withdraw request was signed.  It is a pity no exchange does this, the only place we have iron-clad security like this is on a chat bot.

There are a bunch of peeps targeting LR exchangers that are also looking at BTC atm www.paygold.com for example used to be full of crap (rootkits and funny exploits). They used a modified version of the TDSS rootkit I was stupid and went to buy some LR while working on a miner  this shit spread over most of my local network fairly quickly and the clean up was a bitch. One nice little utility that worked well was http://support.kaspersky.com/faq/?qid=208283363 I got off cheaply as they only managed to stick on that addy switcher trojan on one box so it cost me 0.83btc.

However the whole mess was down to me being stupid. And trying to use an unhardened miner to buy some LR 

It's still sitting there untouched for a month?

http://www.blockchain.info/address/1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P

Hey, that's my address!. Thanks man!
(joke)

They never have links in thier emails so no.rjk said my PW was weak,so I guess thats why.

Heres the info on the trade,I changed my PW & will no longer keep ANY coins or cash in there ever:

There has been a withdrawal from your Mt.Gox account:

Transaction reference: 020c4071-151d-4ac6-11fa-14d1fb9df1a4
Date: 2012-06-04 11:05:02 GMT
IP: 82.198.47.30

You can access your account history for more details.

Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

Thanks,
The Mt.Gox Team

The IP looks like it's in spain,like that means anything  

Here's the wallet my coins went to:



2012/06/04 07:05:02

Withdraw


36.17303753 BTC

0.00000000 BTC



Bitcoin withdraw to 1NSwYqg5DmrJS1cEnXHw3dJKDtZmHg4d5P

Did you click on any links in emails from MtGox?

EDIT:  Also, check your browser history for any sites with "mtgox" in it, and see what the base domain of each is (everything before .com).

What is the best bitcoin trading site beside Mt. gox?

Actually this is quite reasonable position. I would do the same in mtgox's position.

I just don't understand how this happened

I scanned my pc with several AV's & nothing,my email isn't compromised(dosen't appear to be).

If my PC was hacked they would've gotten my wallet too,if my email was hacked they would've gotten my pool info & coins from there too.

I'm SOOO confused............

The only thing I can think of is MTgox security is freakin lame.

 

Well, Goat recently got his 400 BTC, so you can start there.

Nope,I only login from my main PC & scan my PC regularly.

Edit:

Well I'm SOL,I thought so:

Thank you for your inquiry. We would recommend you to change your password as soon as possible. Unfortunately, bitcoin transactions are irreversible and we can not refund any amount of the stolen funds. As a business if Mt.Gox were to offer you a cash or bitcoin refund in compensation of this extremely unfortunate event, there would be a large increase in the number of hacking attempts to capitalize upon the possibility of financial reward.

As a further remedy, if you wish to retrieve your funds, we ask that you file a police report for the stolen goods. It is preferable for the police to inspect your computer, but not necessary. Once this investigation has occurred and a copy of the police report issued, please send a copy of it along with a notarized copy of your passport or Government issued photo ID to Mt.Gox and have the police contact us so that we can cooperate with their investigation by providing any requested information.

Please let us know how you wish to proceed, and again we apologize for the frustration and inconvenience caused.

Like the police can help,now THATS FUNNY !!!!!!!!!!!!!!!!!

I've got the IP & a wallet address the coins went to,anyone willing (or know how to) to do some detective work?? Not sure how much I could pay,but we can work something out.

Oh well,I'll earn more & keep them well hidden.

Did you ever log on via any kind of unsecured network, and have you verified that your system is malware-free?

Nope,my PW is different on any & all accounts.I never had a Bitcoinia account,thank god.None of my PW's have been changed either,soo............

 

Another one? Did you happen to use an insecure password, OR did you happen to use the same password on both Bitcoinica and MtGox?

Repeat after me: The value of the Yubikey is greater than the loss of all my funds!

Has anyone hacked Mtgox?? My account got cleaned out

How do I go about getting help with this.I emailed them just now.So,I'm waiting for a response,but maybe you guys know a faster way to results.

This sucks   

Heh, thanks.