Pages:
Author

Topic: My MtGox account has been hacked (Read 6412 times)

sr. member
Activity: 294
Merit: 250
June 16, 2011, 05:07:45 PM
#22
@ Original poster
Could you please post in the topic at http://forum.bitcoin.org/index.php?topic=18050.0 as well?
hero member
Activity: 527
Merit: 500
June 16, 2011, 04:47:43 PM
#21
Is your mtgox username your forum name? I wonder how he gets knowledge about the mtgox usernames and especially about the related email addresses.
newbie
Activity: 28
Merit: 0
June 16, 2011, 04:39:38 PM
#20
This is starting to worry me as well because a few days ago I found out that someone was trying to log in to my email (used on MtGox) but was unsuccessful - the site told me that numerous login attempts failed. The account at MtGox and my email had different passwords so I'm guessing that's what thwarted it.
hero member
Activity: 527
Merit: 500
June 16, 2011, 04:31:37 PM
#19
spyjai, can you keep the infected pc offline? I don't want that hacker guy to be able to delete his traces (in the case he not already did).
What miners do you use? Maybe the attacker gained access to their webhosting and replaced some tool(s) by infected editions. We should compare the md5s of the various exes.
newbie
Activity: 19
Merit: 0
June 15, 2011, 11:10:10 AM
#18
To me it sounds like someone used a brute force program to break in.  Did you use the same PW on mtgox and the btc guild?  People should go through the code of these utilities to see if anyone snuck anything malicious in just in case.  Maybe some kind of key logger or something.

I used different pw for btcguild and mtgox. I'm now installing KeePass to store my passwords in.
full member
Activity: 126
Merit: 100
June 15, 2011, 09:51:15 AM
#17
To me it sounds like someone used a brute force program to break in.  Did you use the same PW on mtgox and the btc guild?  People should go through the code of these utilities to see if anyone snuck anything malicious in just in case.  Maybe some kind of key logger or something.
legendary
Activity: 3080
Merit: 1080
June 15, 2011, 09:45:45 AM
#16
I wish you the best of luck spyjai! You and I are in the same boat. I have a strong feeling the same hacker that stole my BTC also hacked you as well.
newbie
Activity: 19
Merit: 0
June 15, 2011, 09:35:30 AM
#15
I didn't see that warning when I reset my password from gmail.

I believe the attack occurred when I was using the computer, i.e. one minute I was logging in btcguild just fine, the next minute my password was changed. Both my mining computer (the one I believe was compromised) and my laptop were physically by my side.

MtGox is in the process of tracing my bitcoins now, I will continue to update this thread when I receive more info.
sr. member
Activity: 364
Merit: 252
June 15, 2011, 08:55:56 AM
#14
Sheesh lets not make any crazy assumptions here. All we need is another fucking Gawker story. "Bitcoin websites hacking bitcoin walletz!11!"

If your gmail was compromised from another computer I would expect to give the info, maybe even a warning like this:




Is it possible your computer was compromised physically? Do you leave your computer on and stay logged in?
legendary
Activity: 3080
Merit: 1080
June 15, 2011, 08:46:32 AM
#13
I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/

I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).

I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.

Oh wow, so I am starting to now think that my stolen funds were facilitated by a bitcoin community program/util.

This is crazy insane, it's starting to look like a information warfare attempt on the bitcoin community - by targeting its users and selling their bitcoins. Free money for the thieves that's for sure!
newbie
Activity: 19
Merit: 0
June 15, 2011, 08:45:26 AM
#12
Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer.  Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.

I just checked and it only showed data up to 4 hours ago, and the IP addresses were all me since after I've recovered the password. The attack occurred about 6 hours ago so I couldn't get info on the attacker's IP.
jr. member
Activity: 56
Merit: 1
June 15, 2011, 08:33:35 AM
#11
Change wallet addresses too, see 'allinvain's thread, he lost his balance too (you might not have enough credit on it worth bothering now, but maybe later). Assume your machine is trojaned. If you have the funds it would perhaps benefit the community if you could have the machine analyzed for the attack vector.
sr. member
Activity: 364
Merit: 252
June 15, 2011, 08:12:24 AM
#10
Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer.  Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.
member
Activity: 84
Merit: 10
June 15, 2011, 05:15:21 AM
#9
Thank you, Mark first.
newbie
Activity: 19
Merit: 0
June 15, 2011, 04:42:07 AM
#8
I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/

I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).

I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.
member
Activity: 98
Merit: 10
June 15, 2011, 04:16:08 AM
#7
Unix style permissions: Receive, Send, Operate / View

What do you mean?

I mean I need to talk to developers pronto.
newbie
Activity: 19
Merit: 0
June 15, 2011, 04:14:59 AM
#6
Unix style permissions: Receive, Send, Operate / View

What do you mean?
member
Activity: 98
Merit: 10
June 15, 2011, 04:02:01 AM
#5
Unix style permissions: Receive, Send, Operate / View
legendary
Activity: 2618
Merit: 1007
June 15, 2011, 03:42:02 AM
#4
I'm typing this to let everyone know that I've either been hacked or the security in btcguild and/or MtGox is not secure.
Added highlighting... Wink
newbie
Activity: 19
Merit: 0
June 15, 2011, 03:40:47 AM
#3
No, I did not use the same password on both sites, although both sites had the same user name. My first initial thought is that I have been hacked or keylogged, because whoever that did this cannot do this without access to my email username and password (he changed my email password).
Pages:
Jump to: