Author

Topic: MtGox: Unauthorized withdrawal - someone just stole some of my Bitcoins! (Read 1645 times)

hero member
Activity: 756
Merit: 522
Mircea, my little diva, why so grumpy today? Have your male-period?

You still with the MPOE-PR = MP nonsense? That's so 2012, srsly.
hero member
Activity: 546
Merit: 500
sr. member
Activity: 255
Merit: 250
Stop with the entitlement bullshit.

Mircea, my little diva, why so grumpy today? Have your male-period?


Quote
The service op should nothing for your own comfort.

Care to explain what fees are for?
hero member
Activity: 756
Merit: 522
You can log in your account from a VPS or whatever, does not mean anything.

I could. But what's the probability that I log in from home and at the same time use my VPN connection and log me in again?

MtGox should at least check those suspicious cases - and ask for (email) confirmation.

Stop with the entitlement bullshit. The service op should nothing for your own comfort. You should, if you care and are willing to pay for it. If not stfu.

That aside: the website model does not work. It's okay for blogs, it's okay for stupid shit nobody cares about (twitter, facebook, whatever). It is not okay for BTC.
sr. member
Activity: 392
Merit: 250
Bitcoin is worldwide. The main avantage is for international wire. So you can give your details to a family member (or anyone) abroad for sending him money (even if it's probably against their ToS).
Still, if your computer is compromised, a double authen with an email, or an email before processing to the payment would be useless: if they got your email password, which is probably the same, or not a problem if you got keylogged, that won't change anything. And they probably took your email first, in order to change your mtgox password. So, email is a false protection. It gives a secure feeling, but it does not provide any valuable protection.


When you bough bitcoins, or when you mined you knew that they were just pixels or internet and can disappear as fast as they came in.
Even if it's sad to lose some money, if you really have something "worth" it, you should never use btc, but euros.
sr. member
Activity: 255
Merit: 250
You can log in your account from a VPS or whatever, does not mean anything.

I could. But what's the probability that I log in from home and at the same time use my VPN connection and log me in again?

MtGox should at least check those suspicious cases - and ask for (email) confirmation.
sr. member
Activity: 392
Merit: 250
BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.

I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.

I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.

They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.

You can log in your account from a VPS or whatever, does not mean anything.
If you wanted a secure way of payment, you would use euros, or usd.

You can't do shit now, your bitcoins are lost forever and there is no way you will have they back.
I could say "sorry for your loss" but that would be hypocrite.
sr. member
Activity: 255
Merit: 250
BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.

I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.

I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.

They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.
member
Activity: 85
Merit: 10
BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.
legendary
Activity: 858
Merit: 1000
Use 2FA and Google the address.
hero member
Activity: 840
Merit: 1000
If the password was really complex I would say you probably got hit some Java exploit or other virus, better scan your computer.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Using 2FA?

The most complex password (say a 256 bit random key generated using a qRNG) provides no more protection then "password123" against keyloggers, other malware, Man In the Middle attacks and phishing attempts.

PSA to anyone else.  If you don't use 2FA you are just one exploit away from losing all your funds.
sr. member
Activity: 255
Merit: 250
Someone just stole Bitcoins (about $50) from my MtGox account!

I have a very complex password, no idea how he could compromise my account.

The address of the thief is: 1ES1pZSPWT8cXpB1eqaV79CXzzYqDVqXc1
Transaction: 95b48439eed4c1d13768be2aa3dc37808e399a2f047cddf75152b29e973f46f2

I was using MtGox for over a year without any problems. Anyone else having problems lately?
Jump to: