|
Title: Unauthorized withdrawal on Mt. Gox Post by: iBug on February 26, 2013, 12:50:51 PM I just found out that there was an unauthorized withdrawal of exactly 60 BTC from my Mt. Gox account. :(
I could still access my account and change my password. Weirdly (but luckily), only 60 BTC were transferred - which is about half of my bitcoins. I know that at current market price, 60 BTC isn't a lot for some of you - but they are of high value for me, a student without regular income. Now the big question is: Was my password stolen (if so, why weren't over 120 bitcoins stolen, but only 60 ?) or did Mt. Gox make a mistake ? >:( (previous password: 15 upper- and lowercase letters, symbols and numbers) I contacted Mt. Gox, but they're only saying that I should report it to the police and send them a copy of the police report. I think you can all understand, that I'm pissed right now... Has the same happened to any of you before ? I fear there is absolutely no way that I'll ever get those 60 BTC back... right ? Title: Re: Unauthorized withdrawal on Mt. Gox Post by: painlord2k on February 26, 2013, 01:00:44 PM I just found out that there was an unauthorized withdrawal of exactly 60 BTC from my Mt. Gox account. :( I could still access my account and change my password. Weirdly (but luckily), only 60 BTC were transferred - which is about half of my bitcoins. I know that at current market price, 60 BTC isn't a lot for some of you - but they are of high value for me, a student without regular income. Now the big question is: Was my password stolen (if so, why weren't over 120 bitcoins stolen, but only 60 ?) or did Mt. Gox make a mistake ? >:( (previous password: 15 upper- and lowercase letters, symbols and numbers) I contacted Mt. Gox, but they're only saying that I should report it to the police and send them a copy of the police report. I think you can all understand, that I'm pissed right now... Has the same happened to any of you before ? I fear there is absolutely no way that I'll ever get those 60 BTC back... right ? I would suggest you remember the times when you used the account in some ways. The account/password couple could be store somewhere and someone could have used it without knowing it. I had a similar problem with a C/C in the recent past (I had used my C/C card to pay an item he bought). The data was dormant for over an year and then, bang, the person went shopping without realizing he was using my C/C instead of his. This is the reason I prefer accounts that use a double authorization with a changing code every time like blockchain and bitstamp. Title: Re: Unauthorized withdrawal on Mt. Gox Post by: Zomdifros on February 26, 2013, 01:03:40 PM Let me guess, you didn't use two-factor authentication?
This happens A LOT, unfortunately MtGox isn't very active in enforcing 2FA with their users or providing services such as IP warnings or restricting withdrawals to single addresses. My advice would be to use MtGox only for buying and selling bitcoins and store them either offline or in a hybrid wallets such as Blockchain's MyWallet. Title: Re: Unauthorized withdrawal on Mt. Gox Post by: RaTTuS on February 26, 2013, 01:04:04 PM who has access to your shared computer ?
yubikey? Title: Re: Unauthorized withdrawal on Mt. Gox Post by: 🏰 TradeFortress 🏰 on February 26, 2013, 01:07:27 PM There's being way too many mt gox account hacks. 2FA should be a requirement honestly, otherwise a lot or people won't enable it till they get hacked.
What address was the withdraw to? Title: Re: Unauthorized withdrawal on Mt. Gox Post by: iBug on February 26, 2013, 01:09:01 PM As you all guessed, I'm not using two-factor authentication / yubikey.
But nobody else knows/knew my username/password combination and I'm the only one using my computer, from home. Geolocation of the IP (that requested the withdrawal), leads to Egypt. I'm in Europe. Why exactly 60 bitcoins, why not all 129 ? Title: Re: Unauthorized withdrawal on Mt. Gox Post by: 🏰 TradeFortress 🏰 on February 26, 2013, 01:10:47 PM As you all guessed, I'm not using two-factor authentication / yubikey. No, what Bitcoin address was the withdraw to?But nobody else knows/knew my username/password combination and I'm the only one using my computer, from home. Geolocation of the IP (that requested the withdrawal), leads to Egypt. I'm in Europe. Why exactly 60 bitcoins, why not all 129 ? Title: Re: Unauthorized withdrawal on Mt. Gox Post by: iBug on February 26, 2013, 01:12:19 PM What address was the withdraw to? 18o624Pe3C1rPXuDFietaAyiMojguqizez2013/02/26, 02:39:40 41.215.241.147 Title: Re: Unauthorized withdrawal on Mt. Gox Post by: Stephen Gornick on February 26, 2013, 02:15:43 PM Let me guess, you didn't use two-factor authentication? This happens A LOT, It sure does ... MtGox account got cleared out - http://bitcointalk.org/index.php?topic=85533.0 All BTC disappeared from my Mt. Gox account - http://bitcointalk.org/index.php?topic=88368.0 Another: - http://bitcointalk.org/index.php?topic=80562.msg941759#msg941759 And another: My mtgox account got compromised, what can I do? - http://bitcointalk.org/index.php?topic=84585.0 Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how. - http://bitcointalk.org/index.php?topic=89142.0 And more again: Bitcoins stolen from MtGox - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox And yet more: Stolen from Mt.Gox coins. Help return the coins. - http://bitcointalk.org/index.php?topic=119816.0 Or more here: Email from Mt.Gox this morning. - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning And even more here: I just had $715 stolen out of my Mt. Gox account. - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account And the biggie: Bitcoinica MtGox account compromised - http://bitcointalk.org/index.php?topic=93074.0 With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked? - http://bitcointalk.org/index.php?topic=94140.0 And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!? - http://bitcointalk.org/index.php?topic=137795.0 Ditto: My MtGox account was just exploited - 3 BTC stolen - http://bitcointalk.org/index.php?topic=141816.0 Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox - http://bitcointalk.org/index.php?topic=141831.0 And now this one gets added to the list: Unauthorized withdrawal on Mt. Gox - http://bitcointalk.org/index.php?topic=147070.0 And on other services as well. Here same thing happened to some GLBSE users: - http://bitcointalk.org/index.php?topic=84893.0 And elsewhere, BitMarket.eu in this instance: - http://bitcointalk.org/index.php?topic=5441.msg1259168#msg1259168 And now on bitcoin.de as well: Bitcoins stolen from bitcoin.de. - http://bitcointalk.org/index.php?topic=130264.0 In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator: - https://mtgox.com/press_release_20120605.html If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange: - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges If you are storing funds in an EWallet, consider using a paper wallet. Also, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on). - http://bitcointalk.org/index.php?topic=111943.0 Title: Re: Unauthorized withdrawal on Mt. Gox Post by: Stephen Gornick on February 26, 2013, 02:20:31 PM As you all guessed, I'm not using two-factor authentication / yubikey. Did you mean to say you weren't or that you still aren't? Because unless you can say with certainty that you aren't using a machine that has been compromised, then even after changing your password your remaining coins are no safer now than before. Get 2FA. If you don't have a smartphone or other second device that can run it then move the funds to an EWallet that uses SMS-based 2FA. Title: Re: Unauthorized withdrawal on Mt. Gox Post by: ironcross360 on February 26, 2013, 02:35:06 PM the person who did it was smart, They used a hosting service/vpn http://www.ip-tracker.org/locator/ip-lookup.php?ip=41.215.241.147
Title: Re: Unauthorized withdrawal on Mt. Gox Post by: iBug on February 26, 2013, 03:08:44 PM As you all guessed, I'm not using two-factor authentication / yubikey. Did you mean to say you weren't or that you still aren't? Because unless you can say with certainty that you aren't using a machine that has been compromised, then even after changing your password your remaining coins are no safer now than before. Get 2FA. If you don't have a smartphone or other second device that can run it then move the funds to an EWallet that uses SMS-based 2FA. I wasn't, but I am now. I guess many of us just have to lose bitcoins or money, until we realize that a 15-20 characters/letters/symbols password isn't enough and that two-factor authentication IS necessary with Mt. Gox. (and any other trading sites) :( But as I've lost confidence in Mt. Gox, maybe I'll even transfer my coins somewhere else, and then later transfer them back to sell them... |