Bitcoin Forum

Someone just stole Bitcoins (about $50) from my MtGox account!

I have a very complex password, no idea how he could compromise my account.

The address of the thief is: 1ES1pZSPWT8cXpB1eqaV79CXzzYqDVqXc1
Transaction: 95b48439eed4c1d13768be2aa3dc37808e399a2f047cddf75152b29e973f46f2

I was using MtGox for over a year without any problems. Anyone else having problems lately?

Using 2FA?

The most complex password (say a 256 bit random key generated using a qRNG) provides no more protection then "password123" against keyloggers, other malware, Man In the Middle attacks and phishing attempts.

PSA to anyone else.  If you don't use 2FA you are just one exploit away from losing all your funds.

If the password was really complex I would say you probably got hit some Java exploit or other virus, better scan your computer.

Use 2FA and Google the address.

BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.

I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.

I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.

They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.

You can log in your account from a VPS or whatever, does not mean anything.
If you wanted a secure way of payment, you would use euros, or usd.

You can't do shit now, your bitcoins are lost forever and there is no way you will have they back.
I could say "sorry for your loss" but that would be hypocrite.

I could. But what's the probability that I log in from home and at the same time use my VPN connection and log me in again?

MtGox should at least check those suspicious cases - and ask for (email) confirmation.

Bitcoin is worldwide. The main avantage is for international wire. So you can give your details to a family member (or anyone) abroad for sending him money (even if it's probably against their ToS).
Still, if your computer is compromised, a double authen with an email, or an email before processing to the payment would be useless: if they got your email password, which is probably the same, or not a problem if you got keylogged, that won't change anything. And they probably took your email first, in order to change your mtgox password. So, email is a false protection. It gives a secure feeling, but it does not provide any valuable protection.


When you bough bitcoins, or when you mined you knew that they were just pixels or internet and can disappear as fast as they came in.
Even if it's sad to lose some money, if you really have something "worth" it, you should never use btc, but euros.

Stop with the entitlement bullshit. The service op should nothing for your own comfort. You should, if you care and are willing to pay for it. If not stfu.

That aside: the website model does not work. It's okay for blogs, it's okay for stupid shit nobody cares about (twitter, facebook, whatever). It is not okay for BTC.

Mircea, my little diva, why so grumpy today? Have your male-period?



Care to explain what fees are for?

No yubikey?

You still with the MPOE-PR = MP nonsense? That's so 2012, srsly.