Bitcoin Forum

Economy => Service Discussion => Topic started by: donkeybozo on May 02, 2013, 07:41:30 PM



Title: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: donkeybozo on May 02, 2013, 07:41:30 PM
Yesturday my mtgox account was finally verified and i had cash in the account. After my account was verified I requested to make deposit withdrawl using Dwolla possible in the future. and the system needed to verify that. Minutes after the system verified Dwolla someone purchased bitcoins with my cash and then transferred the btc to a outside address.


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: 2x0ninja on May 02, 2013, 07:55:27 PM
Your computer is probably compromised. Not sure what you can do to get your money back.

Burn yourself a live CD (like ubuntu) and change your password from that. Then you'll probably want to backup your files (non executable only), reformat and reinstall your main OS. REFORMAT, DON'T JUST REINSTALL WINDOWS THAT MIGHT LEAVE FILES THAT COULD REINFECT YOU.
I'd recommend using a sandbox program for running downloaded files and your web browser. Sandboxie is my favorite and, last I checked, the most secure. It has a 30 day trail, but when it expires there's just a 5 sec nag screen and you still get full protection. There's also browser plugins that can help prevent you being hacked as well. Firefox with NoScript is a great start. Request Policy is another great one. Only allow sites you really trust, never allow things you just clicked on off of google. Also it's smart not to just google for porn or "free" downloads, find a few well established sites and stick to them.


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: donkeybozo on May 02, 2013, 08:01:48 PM
Only used my smartphone when I would log on to GOX


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: dwolfman on May 02, 2013, 08:07:02 PM
You sure it was Mt Gox account that was compromised?  Maybe Dwolla was compromised.

Did you use different passwords everywhere?


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: donkeybozo on May 02, 2013, 08:17:55 PM
Yes I did. I'm trying to understand the timing of the situation. Why would it happen minutes after I request deposit withdraw dwolla capability ?


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: tHash on May 02, 2013, 10:44:01 PM
It has to be a coincidence.   For future reference, the only safe thing to do is use two factor authentication.


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: virtualfaqs on May 02, 2013, 10:47:57 PM
Get a Yobe key.


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: uuidman on May 03, 2013, 12:21:40 AM
Only used my smartphone when I would log on to GOX
What OS, android or IOS ? Is the phone rooted or not ? How strong was the password used ?


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: DeathAndTaxes on May 03, 2013, 12:24:18 AM
You were using 2FA right?

Rhetorical questions as these events which happen on an almost daily basis never involve 2FA.  To any noob reading if you don't use 2FA you are one malware, 0-day java exploit, or phishing attack from losing your entire bitcoin savings in a split second.


Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: ProfMac on May 03, 2013, 12:30:35 AM
You were using 2FA right?

Rhetorical questions as these events which happen on an almost daily basis never involve 2FA.  To any noob reading if you don't use 2FA you are one malware, 0-day java exploit, or phishing attack from losing your entire bitcoin savings in a split second.

Mt. Gox sent me a Yubikey.  They paid the entire cost, and it was about 3 days from the time I submitted my street address until the package was at the front door.

The guy who lost 60 BTC last week had a rooted android.



Title: Re: mtgox account compromised minutes after requesting dwolla dep/with ability
Post by: coastermonger on May 03, 2013, 02:43:46 AM
OP, most importantly were you using 2 factor authorization?