Author

Topic: My MTGOX account was hacked! (Read 8159 times)

full member
Activity: 196
Merit: 100
February 02, 2014, 04:10:30 PM
#18
finally a reply. just said the following....

"We’ve checked our system and confirm that the transaction in question was initiated after a normal login procedure using the registered login name and password.

We advise you to contact with your local police authorities. We will cooperate with them should they have questions on this transaction.

We advise you to use OTP for a more secure environment.

Best regards,

MtGox Team
https://www.mtgox.com

[Attention: Please protect your account using OTP to ensure that your funds are safe and secure. Failing to do so makes your information vulnerable to hackers.
Please visit https://mtgox.com/security]"

the hacker forgot to change the email  and when i received the email with the withdrawal information you can see another ip than the usual.... in this case he used a TOR system.
full member
Activity: 196
Merit: 100
February 02, 2014, 08:33:28 AM
#17
i am still waiting to mtgox to say someting or give me some info. but nothing at all.
legendary
Activity: 4690
Merit: 1276
January 31, 2014, 07:54:10 PM
#16

My account may have been hacked as well.  I may have lost like .0004 BTC and about $3.00 left over from when I ditched these cock suckers months ago.  I cannot see compelling reason to log on again so I'll probably never know.

full member
Activity: 196
Merit: 100
January 31, 2014, 07:49:20 PM
#15
tonight my account was compromised. lost 0.1 BTC and sent emails, tweets, tickets, everything and they didn´t bother to reply yet.
full member
Activity: 190
Merit: 100
January 30, 2014, 06:34:07 AM
#14
ok , so count me in for the robbed ones.
hero member
Activity: 868
Merit: 1000
April 24, 2013, 09:31:51 PM
#13
I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.

It doesn't matter how your account was compromised.  The funds have been withdrawn by BTC.  They are irreversible you have lost the full amount.  I know it is tough medicine but in the future use 2FA to protect financial sites (banks, paypal, exchanges, eWallets, etc).

Given that exchanges and e-Wallets aren't insured, you should also keep your funds on them for the shortest amount of time possible.  2FA might offer some protection for your individual account but it's not going to help you if the service's hot wallet is emptied, their bank accounts get frozen, their database gets trashed, or they just pack up and abscond with your funds.
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 24, 2013, 09:01:07 PM
#12
I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.

It doesn't matter how your account was compromised.  The funds have been withdrawn by BTC.  They are irreversible you have lost the full amount.  I know it is tough medicine but in the future use 2FA to protect financial sites (banks, paypal, exchanges, eWallets, etc).
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 24, 2013, 08:59:40 PM
#11
To any noob reading ... if you don't have 2FA activated on your account there is a very good chance this will be you in the future.  Look at the like Stephen compiled and those are just recent ones and probably less than a third of the ones reported. 

USE 2FA.  If you don't and your computer is compromised to a 0-day vulnerability you will be like the OP (who BTW has 0.0000% chance of getting funds back).  Long passwords don't protect you from trojans and phishing attempts.   When setting up 2FA I set it up to only require it for security center and withdrawals.  That makes logins easy and protects against CSRF attacks.  http://en.wikipedia.org/wiki/Cross-site_request_forgery
hero member
Activity: 868
Merit: 1000
April 24, 2013, 08:54:34 PM
#10
Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.

I already sold the bitcoins. The USD was stolen. Also they sent me an email saying to reply as soon as possible if I did not authorize the withdrawal. Are transactions not given some kind of grace period? It's been a few ours with still no answer.

What you've posted makes it look like someone accessed your account, bought BTC with your dollars and then transferred BTC out of your account - which isn't the same as a USD theft.

Also, bear in mind that MtGox is located in Japan and that you need to take into account time differences when waiting for responses.  It was the middle of the night in Japan when you first started this thread and 5am when you made your post saying that it had "been a few hours" with no response.

It might be worth trying to catch MagicalTux on IRC.  It's late Thursday morning in Japan now, MtGox support doesn't usually work weekends and Monday 29 April is a public holiday in Japan.
full member
Activity: 188
Merit: 102
April 24, 2013, 07:40:47 PM
#9
Thankyou Stephen Gornick for that authenticator link!!  That was exactly what I was looking for! And to BitcoinBull for such a well thought out and easy to follow guide!
sr. member
Activity: 336
Merit: 250
April 24, 2013, 07:12:44 PM
#8
Today Google Authenticator give me the key 123456 was like WTF!!!!!
legendary
Activity: 2506
Merit: 1010
April 24, 2013, 07:07:24 PM
#7
I just got an email saying I made a withdrawal. I go log in and all $250 of my USD is gone!

Incidentally, they do have a method that is secure against this ... Yubikey, and Google Authenticator.

Happens a lot:

MtGox account got cleared out
 - https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533

All BTC disappeared from my Mt. Gox account
 - https://bitcointalksearch.org/topic/all-btc-disappeared-from-my-mt-gox-account-88368

Another:
 - https://bitcointalksearch.org/topic/m.941759

And another: My mtgox account got compromised, what can I do?
 - https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - https://bitcointalksearch.org/topic/mtgox-account-hacked-lost-2k-usd-mtgox-will-not-explain-how-89142

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - https://bitcointalksearch.org/topic/stolen-from-mtgox-coins-help-return-the-coins-119816

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - https://bitcointalksearch.org/topic/bitcoinica-mtgox-account-compromised-93074

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - https://bitcointalksearch.org/topic/unauthorized-account-activity-on-my-mtgox-account-account-compromisedhacked-94140

And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!?
 - https://bitcointalksearch.org/topic/my-mt-gox-account-was-hacked-lost-it-all-today-now-what-137795

Ditto: My MtGox account was just exploited - 3 BTC stolen
 - https://bitcointalksearch.org/topic/my-mtgox-account-was-just-exploited-3-btc-stolen-old-news-141816

Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox
 - https://bitcointalksearch.org/topic/just-lost-190-bitcoins-through-mt-gox-141831

And other ones get added to the list: Unauthorized withdrawal on Mt. Gox
 - https://bitcointalksearch.org/topic/unauthorized-withdrawal-on-mt-gox-147070

And then here: How I got robbed of 34 btc on Mt.Gox today
 - https://bitcointalksearch.org/topic/how-i-got-robbed-of-34-btc-on-mtgox-today-173227

And now this: My MTGOX account was hacked!
 - https://bitcointalksearch.org/topic/my-mtgox-account-was-hacked-186422

And another recent one: My funds and BTC have just disappeared from my Gox account!
 - https://bitcointalksearch.org/topic/my-funds-and-btc-have-just-disappeared-from-my-gox-account-174556

And on other services as well. Here same thing happened to some GLBSE users:
 - https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893

And elsewhere, BitMarket.eu in this instance:
 - https://bitcointalksearch.org/topic/m.1259168

And on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - https://bitcointalksearch.org/topic/bitcoins-stolen-from-bitcoinde-130264


In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Also, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - https://bitcointalksearch.org/topic/how-to-use-2-factor-auth-on-mtgox-even-without-a-smartphone-111943
full member
Activity: 168
Merit: 100
April 24, 2013, 03:33:38 PM
#6
I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.



full member
Activity: 168
Merit: 100
April 24, 2013, 03:21:03 PM
#5
Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.

I already sold the bitcoins. The USD was stolen. Also they sent me an email saying to reply as soon as possible if I did not authorize the withdrawal. Are transactions not given some kind of grace period? It's been a few ours with still no answer.
sr. member
Activity: 392
Merit: 250
April 24, 2013, 10:07:56 AM
#4
Sorry for your loss Sad
full member
Activity: 121
Merit: 100
April 24, 2013, 09:47:15 AM
#3
Another day, another MtGox account hacked.
Isn't anybody learning anything? Ever?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
April 24, 2013, 09:41:44 AM
#2
Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.
full member
Activity: 168
Merit: 100
April 24, 2013, 09:41:03 AM
#1
I just got an email saying I made a withdrawal. I go log in and all $250 of my USD is gone! and they tried to make 3 bids. Their online support is not connecting me with anyone and I did reply to their email. Now I have to go to work. Please someone tell me this can all be reversed. Im sweating bullets.
I just changed my password and am waiting for an email back from MTgox. WHY DO THEY NOT HAVE A PHONE NUMBER! THEY ARE A HUGE TRANSACTION SERVICE!
Jump to: