Bitcoin Forum

Dear forum,

my Mt.Gox account was hacked on friday.
I only noticed it by recieving the following mail from Mt.Gox

There has been a withdrawal from your Mt.Gox account:
Transaction reference: 5f417f82-9b99-4be8-abfe-03df1c8f0de8
 
Date: 2013-05-24 17:00:46 GMT
IP: 173.252.211.150
 
You can access your account history for more details.
Please contact us as soon as possible by replying to this email if you did not request this withdrawal.


I immediately contacted Mt.Gox. and recieved the following answer from support:

Hello,
Sorry for the inconvenience. Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.

Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.

Thanks,
MtGox.com Team

What I do not understand is that this IP adress is clearly not mine and Mt.Gox will not cancel
the transaction ? The IP which hacked me sits somewhere in China.....

How and where can I file for police investigation ? I am from Austria - Mt.Gox sits in Japan - the hacker in China using
an United States ISP

On blockchain.info I can even see the transaction of the 15 BTC which have been stolen
https://blockchain.info/address/18XPnyZsxj5FpdDXTLvRPSwdpuvVVuJLgW

Looking forward to any advice.....

Thanks in advance

Did you have two-factor authentication enabled?

if the transaction is complete the money is gone, mtgox doesnt do anything, they asking you to file a police report is just an inside joke.

Either you had a weak password and people knew about your username or you might got infected somehow.

I have some questions:
1. Did you visited any suspicious site recently or downloaded some exe file.
2. Did you used same password and username on some other website?


Check link in my signature if you think your pc is infected.

 >:( no I did not have two-factor authentication enabled - I have been naiv
thinking that funds on Mt.Gox would be safe

yes - I have used the same password on my windows live account
maybe that is why it was easy to find out....

So even if I can find out who stole my BTC I can't do anything about it ???

sorry buddy, you are pretty much out of luck. While there have been cases of stolen coins being caught and returned..for the most part, you have to look at it as a loss. Gotta write it off as a lesson learned..  Hopefully it is the last time this happens to you!

Mt gox security is shit. I'm now moving to btc-e.

Well Mtgox is safe but you need to be secure from your end too.If someone found your password you can't blame mtgox for that but yeah their security sucks, they don't have much options to secure peoples funds.

Never use online wallets until you are damn sure that you are using a strong password /new username and your pc is really secure and clean.

In your case, probably they found bitcoin related something in your live account and tried to log on mtgox and got your bitcoins.

but main thing is, how they got password? Either your pc is infected with some malware or someone knew that you have bitcoins in mtgox account.

Btw how do you know he's from china?

But there are some extra fee vs. MTgox and the most important think is that you can't withdraw your money so simple as from MT gox. Especially for EU.

Sorry to hear this, another unfortunate case of this. Doesn't seem like there is any way to recover your coins either unfortunately.  :(


I'd suggest focusing on securing your next wallet as much as possible.

You really gotta turn on the 2-factor security, otherwise it's just a matter of time before a password you use somewhere else is stolen and tested on MtGox for validity.  Sorry for your loss.

Well on mtgox there is no email based 2 factor security, they have a device based 2factor authentication and if you don't have any smartphone you can't use that.

this is too common happens at MtGox. My 2 friends accts hacked too. My account has no money, so doesn't really matter.

one of my friend is a computer security guru, he said it's a joke, he suspect that someone inside the MtGox did it. Anyway I will not use it. I'd prefer to pay more at ebay to buy bitcoins.

Are you installing alt coins wallet lately? Someone is reporting that yacoin and gldcoin has trojans on it.

I feel sorry for you for losing your coins, I've seen enough of this type of messages to urge me not to leave any funds on any exchange too long (more then one reason not to do that).
I am not an IT security expert but I do read security related blogs and news sites on a daily basis just out of interest.
From what i can see, it is mind blowing to see how many threats are out there, that are known and found by the good guys.
Now add to that your own estimation of the amount of threats that have not been detected and rest assured, the risk of getting infected is very real, even for security conscious ppl.
I urge everyone to think about how safe their funds are and what extra steps they could take to secure them some more, the risk is very real, you'll be sorry for not taking a few hours now that could have saved you a lot of money.....
Find out about some of the things you can do to secure your btc better, like paper wallets and two factor authentication, and play around with them with small amounts until you feel comfortbale using them.

I would run some scans on your PC.. Malwarebytes is free and can help keep it clean.

That sucks mate.

But yeah not much you can do now obviously.

Most people involved with BTC get scammed/hacked sooner or later....i'm just sad yours was 15BTC.....

Yubikey works to.  $30 would have saved you 15 BTC.

An ipod touch or ipad (WIFI off!) with Google Authenticator works, too. That's what I use to log in to mtgox.

And I use a different one time password for withdrawals and security center settings.

If they somehow break into my account, they can trade all they want but can't withdraw!

2FA is a must for these kind of sites!
i hope MTGOX will implement the email authentication at least for BTC withdraws as BTC-e does ;)

People are reporting that trojans etc. are coming from Altcoin clients, and dodgy click throughs, where the API on Gox is activated to send coins to the hacker. People are also reporting that the two factor log in, is still not secure enough to deal with this threat.
Check your API's.

Sorry to hear this, another unfortunate case of this. Doesn't seem like there is any way to recover your coins either unfortunately.   

MTGox security really sucks..

Sorry to hear of this. As others have said, with any online bitcoin wallet, you really need 2 factor authentication enabled wherever possible. A password by itself, no matter how long, is not sufficient to keep your money safe. You should also have 2 factor auth on the email account associated with your exchange account. Without these kinds of measures, you are low hanging fruit.

Mine was hacked Saturday, also from China but a different IP.
I'm wondering how this happened, MtGox was always accessed using a secure computer and I had not logged in to the account for weeks. I've not taken any interest in any alt-coins or similar programs that might have held a trojan.