@ Original poster
Could you please post in the topic at http://forum.bitcoin.org/index.php?topic=18050.0 as well?
Topic: My MtGox account has been hacked (Read 6399 times)
Is your mtgox username your forum name? I wonder how he gets knowledge about the mtgox usernames and especially about the related email addresses.
This is starting to worry me as well because a few days ago I found out that someone was trying to log in to my email (used on MtGox) but was unsuccessful - the site told me that numerous login attempts failed. The account at MtGox and my email had different passwords so I'm guessing that's what thwarted it.
spyjai, can you keep the infected pc offline? I don't want that hacker guy to be able to delete his traces (in the case he not already did).
What miners do you use? Maybe the attacker gained access to their webhosting and replaced some tool(s) by infected editions. We should compare the md5s of the various exes.
What miners do you use? Maybe the attacker gained access to their webhosting and replaced some tool(s) by infected editions. We should compare the md5s of the various exes.
To me it sounds like someone used a brute force program to break in. Did you use the same PW on mtgox and the btc guild? People should go through the code of these utilities to see if anyone snuck anything malicious in just in case. Maybe some kind of key logger or something.
I used different pw for btcguild and mtgox. I'm now installing KeePass to store my passwords in.
To me it sounds like someone used a brute force program to break in. Did you use the same PW on mtgox and the btc guild? People should go through the code of these utilities to see if anyone snuck anything malicious in just in case. Maybe some kind of key logger or something.
I wish you the best of luck spyjai! You and I are in the same boat. I have a strong feeling the same hacker that stole my BTC also hacked you as well.
I didn't see that warning when I reset my password from gmail.
I believe the attack occurred when I was using the computer, i.e. one minute I was logging in btcguild just fine, the next minute my password was changed. Both my mining computer (the one I believe was compromised) and my laptop were physically by my side.
MtGox is in the process of tracing my bitcoins now, I will continue to update this thread when I receive more info.
I believe the attack occurred when I was using the computer, i.e. one minute I was logging in btcguild just fine, the next minute my password was changed. Both my mining computer (the one I believe was compromised) and my laptop were physically by my side.
MtGox is in the process of tracing my bitcoins now, I will continue to update this thread when I receive more info.
Sheesh lets not make any crazy assumptions here. All we need is another fucking Gawker story. "Bitcoin websites hacking bitcoin walletz!11!"
If your gmail was compromised from another computer I would expect to give the info, maybe even a warning like this:
Is it possible your computer was compromised physically? Do you leave your computer on and stay logged in?
If your gmail was compromised from another computer I would expect to give the info, maybe even a warning like this:
Is it possible your computer was compromised physically? Do you leave your computer on and stay logged in?
I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/
I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).
I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.
I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).
I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.
Oh wow, so I am starting to now think that my stolen funds were facilitated by a bitcoin community program/util.
This is crazy insane, it's starting to look like a information warfare attempt on the bitcoin community - by targeting its users and selling their bitcoins. Free money for the thieves that's for sure!
Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer. Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.
I just checked and it only showed data up to 4 hours ago, and the IP addresses were all me since after I've recovered the password. The attack occurred about 6 hours ago so I couldn't get info on the attacker's IP.
Change wallet addresses too, see 'allinvain's thread, he lost his balance too (you might not have enough credit on it worth bothering now, but maybe later). Assume your machine is trojaned. If you have the funds it would perhaps benefit the community if you could have the machine analyzed for the attack vector.
Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer. Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.
Thank you, Mark first.
I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/
I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).
I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.
I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).
I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.
Unix style permissions: Receive, Send, Operate / View
What do you mean?
I mean I need to talk to developers pronto.
Unix style permissions: Receive, Send, Operate / View
What do you mean?
Unix style permissions: Receive, Send, Operate / View
I'm typing this to let everyone know that I've either been hacked or the security in btcguild and/or MtGox is not secure.
Added highlighting... 
No, I did not use the same password on both sites, although both sites had the same user name. My first initial thought is that I have been hacked or keylogged, because whoever that did this cannot do this without access to my email username and password (he changed my email password).
Jump to: