Author

Topic: Unauthorized withdrawal on Mt. Gox (Read 29705 times)

newbie
Activity: 55
Merit: 0
February 26, 2013, 10:08:44 AM
#12
As you all guessed, I'm not using two-factor authentication / yubikey.

Did you mean to say you weren't or that you still aren't?

Because unless you can say with certainty that you aren't using a machine that has been compromised, then even after changing your password your remaining coins are no safer now than before.   Get 2FA.  If you don't have a smartphone or other second device that can run it then move the funds to an EWallet that uses SMS-based 2FA.

I wasn't, but I am now.
I guess many of us just have to lose bitcoins or money, until we realize that a 15-20 characters/letters/symbols password isn't enough and that two-factor authentication IS necessary with Mt. Gox. (and any other trading sites)  Sad

But as I've lost confidence in Mt. Gox, maybe I'll even transfer my coins somewhere else, and then later transfer them back to sell them...
full member
Activity: 140
Merit: 100
Troll of the Fourth Reich.
February 26, 2013, 09:35:06 AM
#11
the person who did it was smart, They used a hosting service/vpn http://www.ip-tracker.org/locator/ip-lookup.php?ip=41.215.241.147
legendary
Activity: 2506
Merit: 1010
February 26, 2013, 09:20:31 AM
#10
As you all guessed, I'm not using two-factor authentication / yubikey.

Did you mean to say you weren't or that you still aren't?

Because unless you can say with certainty that you aren't using a machine that has been compromised, then even after changing your password your remaining coins are no safer now than before.   Get 2FA.  If you don't have a smartphone or other second device that can run it then move the funds to an EWallet that uses SMS-based 2FA.
legendary
Activity: 2506
Merit: 1010
February 26, 2013, 09:15:43 AM
#9
Let me guess, you didn't use two-factor authentication?

This happens A LOT,

It sure does ...

MtGox account got cleared out
 - https://bitcointalksearch.org/topic/mtgox-account-got-cleared-out-85533

All BTC disappeared from my Mt. Gox account
 - https://bitcointalksearch.org/topic/all-btc-disappeared-from-my-mt-gox-account-88368

Another:
 - https://bitcointalksearch.org/topic/m.941759

And another: My mtgox account got compromised, what can I do?
 - https://bitcointalksearch.org/topic/my-mtgox-account-got-compromised-what-can-i-do-84585

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - https://bitcointalksearch.org/topic/mtgox-account-hacked-lost-2k-usd-mtgox-will-not-explain-how-89142

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - https://bitcointalksearch.org/topic/stolen-from-mtgox-coins-help-return-the-coins-119816

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - https://bitcointalksearch.org/topic/bitcoinica-mtgox-account-compromised-93074

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - https://bitcointalksearch.org/topic/unauthorized-account-activity-on-my-mtgox-account-account-compromisedhacked-94140

And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!?
 - https://bitcointalksearch.org/topic/my-mt-gox-account-was-hacked-lost-it-all-today-now-what-137795

Ditto: My MtGox account was just exploited - 3 BTC stolen
 - https://bitcointalksearch.org/topic/my-mtgox-account-was-just-exploited-3-btc-stolen-old-news-141816

Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox
 - https://bitcointalksearch.org/topic/just-lost-190-bitcoins-through-mt-gox-141831

And now this one gets added to the list: Unauthorized withdrawal on Mt. Gox
 - https://bitcointalksearch.org/topic/unauthorized-withdrawal-on-mt-gox-147070

And on other services as well. Here same thing happened to some GLBSE users:
 - https://bitcointalksearch.org/topic/i-suspect-gpumax-was-compromised-and-passwords-stolen-84893

And elsewhere, BitMarket.eu in this instance:
 - https://bitcointalksearch.org/topic/m.1259168

And now on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - https://bitcointalksearch.org/topic/bitcoins-stolen-from-bitcoinde-130264

In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Also, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - https://bitcointalksearch.org/topic/how-to-use-2-factor-auth-on-mtgox-even-without-a-smartphone-111943
newbie
Activity: 55
Merit: 0
February 26, 2013, 08:12:19 AM
#8
What address was the withdraw to?
18o624Pe3C1rPXuDFietaAyiMojguqizez

2013/02/26, 02:39:40
41.215.241.147
vip
Activity: 1316
Merit: 1043
👻
February 26, 2013, 08:10:47 AM
#7
As you all guessed, I'm not using two-factor authentication / yubikey.

But nobody else knows/knew my username/password combination and I'm the only one using my computer, from home.

Geolocation of the IP (that requested the withdrawal), leads to Egypt. I'm in Europe.

Why exactly 60 bitcoins, why not all 129 ?
No, what Bitcoin address was the withdraw to?
newbie
Activity: 55
Merit: 0
February 26, 2013, 08:09:01 AM
#6
As you all guessed, I'm not using two-factor authentication / yubikey.

But nobody else knows/knew my username/password combination and I'm the only one using my computer, from home.

Geolocation of the IP (that requested the withdrawal), leads to Egypt. I'm in Europe.

Why exactly 60 bitcoins, why not all 129 ?
vip
Activity: 1316
Merit: 1043
👻
February 26, 2013, 08:07:27 AM
#5
There's being way too many mt gox account hacks. 2FA should be a requirement honestly, otherwise a lot or people won't enable it till they get hacked.

What address was the withdraw to?
hero member
Activity: 792
Merit: 1000
Bite me
February 26, 2013, 08:04:04 AM
#4
who has access to your shared computer ?
yubikey?
full member
Activity: 210
Merit: 100
February 26, 2013, 08:03:40 AM
#3
Let me guess, you didn't use two-factor authentication?

This happens A LOT, unfortunately MtGox isn't very active in enforcing 2FA with their users or providing services such as IP warnings or restricting withdrawals to single addresses. My advice would be to use MtGox only for buying and selling bitcoins and store them either offline or in a hybrid wallets such as Blockchain's MyWallet.
sr. member
Activity: 453
Merit: 254
February 26, 2013, 08:00:44 AM
#2
I just found out that there was an unauthorized withdrawal of exactly 60 BTC from my Mt. Gox accountSad

I could still access my account and change my password. Weirdly (but luckily), only 60 BTC were transferred - which is about half of my bitcoins.
I know that at current market price, 60 BTC isn't a lot for some of you - but they are of high value for me, a student without regular income.

Now the big question is: Was my password stolen (if so, why weren't over 120 bitcoins stolen, but only 60 ?) or did Mt. Gox make a mistake ?  Angry
(previous password: 15 upper- and lowercase letters, symbols and numbers)

I contacted Mt. Gox, but they're only saying that I should report it to the police and send them a copy of the police report. I think you can all understand, that I'm pissed right now...

Has the same happened to any of you before ? I fear there is absolutely no way that I'll ever get those 60 BTC back... right ?

I would suggest you remember the times when you used the account in some ways.
The account/password couple could be store somewhere and someone could have used it without knowing it.
I had a similar problem with a C/C in the recent past (I had used my C/C card to pay an item he bought). The data was dormant for over an year and then, bang, the person went shopping without realizing he was using my C/C instead of his.

This is the reason I prefer accounts that use a double authorization with a changing code every time like blockchain and bitstamp.
newbie
Activity: 55
Merit: 0
February 26, 2013, 07:50:51 AM
#1
I just found out that there was an unauthorized withdrawal of exactly 60 BTC from my Mt. Gox accountSad

I could still access my account and change my password. Weirdly (but luckily), only 60 BTC were transferred - which is about half of my bitcoins.
I know that at current market price, 60 BTC isn't a lot for some of you - but they are of high value for me, a student without regular income.

Now the big question is: Was my password stolen (if so, why weren't over 120 bitcoins stolen, but only 60 ?) or did Mt. Gox make a mistake ?  Angry
(previous password: 15 upper- and lowercase letters, symbols and numbers)

I contacted Mt. Gox, but they're only saying that I should report it to the police and send them a copy of the police report. I think you can all understand, that I'm pissed right now...

Has the same happened to any of you before ? I fear there is absolutely no way that I'll ever get those 60 BTC back... right ?
Jump to: