My money on MT.Gox was transferred out ~2k USD on the 31th of may.
And there are no logins that match the withdraw. Did you check if
the logins to your account match the withdraws before you beat yourself up
about your password?
My thread: https://bitcointalksearch.org/topic/mtgox-account-hacked-lost-2k-usd-mtgox-will-not-explain-how-89142
//GoK
Topic: My mtgox account got compromised, what can I do? (Read 4431 times)
Reminds me, it's about time that I rotated my main passwords. I'm starting to use LastPass more with generated passwords, but the master password for LastPass is a few years old at this point. Although it is more than 20 characters with caps and numbers, it's still based on a phrase and doesn't have symbols. I'll need to come up with a suitable replacement.
It sucks people are getting hacked, but nobody can do anything about it 
so just try make sure it never happens again.
Of course people can do things to prevent it, but sometimes it takes getting hacked to knock some common sense into them. so just try make sure it never happens again.
Well,with nothing backing BTC like the dollar or other fiat (police or fed gov think BTC is "play" money & don't care),you have no recourse in getting your coins or cash back.Its a hackers paradise (they can suffer no conciqences)& will continue to be so.Illegal activities are too easy to get away with in the make believe land of BTC.
If the exchanges were to make it mandatory for PW's to be ________________(insert digit amount) or something to that effect,maybe it would make it harder for hackers.Most folks aren't cryoto phreaks or super software savvy like alot of you on this forum.Sorry for me/most of us "outsiders" being so ignorant..............
Hell,even exchanges are getting hacked for very large amounts & you'll never see a penny recovered.Will the local gov come & help,yeah right.
Chalk it up to experience
You bet,I don't trust anyone or anyplace anymore..............My coins stay on my PC & if I do go to trade,it's only long enough for that trade............ It sucks people are getting hacked, but nobody can do anything about it so just try make sure it never happens again.
Of course people can do things to prevent it, but sometimes it takes getting hacked to knock some common sense into them. so just try make sure it never happens again. 
i use piece of paper and password kfdJO$3jO:CXZMnfkcxM$L#@:!
It sucks people are getting hacked, but nobody can do anything about it so just try make sure it never happens again.
so just try make sure it never happens again. I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator.
As of a few hours before your post, they do. 
Sweet! Ask and ye shall receive. I'm going to set up authentication now.
I got hacked too.So did a new guy that PM'ed me.
This is something to do with MTgox
It was a poor password choice.This is something to do with MTgox
Maybe so,but I use something similar with banks & had no problems ever.............putting on flame retardent suit
It just dawned on me that Deepbit always sends an email with a confirm link when changing info or withdrawing coins,MTgox needs something similar.
I got hacked too.So did a new guy that PM'ed me.
This is something to do with MTgox
It was a poor password choice. This is something to do with MTgox
I got hacked too.So did a new guy that PM'ed me.
This is something to do with MTgox
This is something to do with MTgox
I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator.
As of a few hours before your post, they do. could just as easily happen again if you don't take precautions.
I'ld like to see some measures made for those whose account value is too small to justify the cost of a Yubikey. I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator.
The following Bitcoin exchanges currently do offer optional two-factor authentication
BitFloor
Camp BX
Crypto X Change
Mercado Bitcoin
Mt Gox
I think this is a nice optional layer of security to offer for your clients. The 3 methods offered are:
Google Authenticator
SMS Text Message
Yubikey
Of the 3 methods listed above, personally, I prefer Google Authenticator
http://en.wikipedia.org/wiki/Google_Authenticator
I don't like the yubikey because I don't want another piece of hardware.
SMS text message is OK, but I use a prepaid cellphone and have to pay for every text I receive. Being somewhat of a tightwad, I don't like that.
Google Authenticator works on my iPod touch and it's free.
If the cost is free even small accounts can afford to be secure. While it's probably best to just make this an optional level of security, Bitcoin exchanges could make it mandatory for accounts above a certain BTC or fiat currency balance.
Another one:
- https://bitcointalksearch.org/topic/m.941759
And one more even:
- https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533
- https://bitcointalksearch.org/topic/m.941759
And one more even:
- https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533
Possibly related - two GLBSE accounts have been compromised recently:
- https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585
My initial thought, too. Proper link is https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893 - https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585
Withdrawal to bitcoin address is the exchange function/API call that is most prone to theft.
Other withdrawal methods have at least some level of traceability and/or reversibility.
Therefore, I propose the following solution:
1) create a completely separate right for both the web and the API for withdrawal to bitcoin address, separate from all the other withdrawal methods.
2) allow the owner of the account to have a whitelist of bitcoin addresses to which it is allowed to withdraw from both the web AND the API.
3) require two-factor authentication for adding or removing addresses to and from the whitelist.
This simple feature means that even in the event of an attacker gaining access to the user's web dashboard or the user's API keys,
the attacker will not be able to withdraw bitcoins to addresses of his choice.
Simple fix to a significant security risk.
Other withdrawal methods have at least some level of traceability and/or reversibility.
Therefore, I propose the following solution:
1) create a completely separate right for both the web and the API for withdrawal to bitcoin address, separate from all the other withdrawal methods.
2) allow the owner of the account to have a whitelist of bitcoin addresses to which it is allowed to withdraw from both the web AND the API.
3) require two-factor authentication for adding or removing addresses to and from the whitelist.
This simple feature means that even in the event of an attacker gaining access to the user's web dashboard or the user's API keys,
the attacker will not be able to withdraw bitcoins to addresses of his choice.
Simple fix to a significant security risk.
Possibly related - two GLBSE accounts have been compromised recently:
- https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585
- https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585
possibly bad link - circular link to this thread
Possibly related - two GLBSE accounts have been compromised recently:
- https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893 [URL fixed, thanks Casascius, Kluge]
- https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893 [URL fixed, thanks Casascius, Kluge]
could just as easily happen again if you don't take precautions.
Exactly. I'ld switch to the assumption that my system was compromised unless I could prove otherwise. That usually would mean a reinstall and proper security.
I'ld like to see some measures made for those whose account value is too small to justify the cost of a Yubikey. Like offering to have a separate password for doing a withdrawal, or the ability to set a grace period on all BTC or redeemable code withdrawals (e.g., an e-mail gets sent out, and the withdraw can be cancelled up to NN hour hours before the BTC gets sent or the code gets created.)
please do share so that we can learn from this.
What was your password ?
have you always used the same computer to access MTGOX?
What was your password ?
have you always used the same computer to access MTGOX?
Opening more accounts won't help you if you don't fix the problem(s) that caused the issue in the first place. So if you have a strong password and computer has no viruses etc, there are other ways this could have happened that could just as easily happen again if you don't take precautions.
So do you have any other clues?
So do you have any other clues?
Jump to: