Bitcoin Forum

Economy => Marketplace => Topic started by: cupo on June 01, 2013, 04:02:21 AM



Title: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: cupo on June 01, 2013, 04:02:21 AM
It's amazing that an account under 2FA in Mt.gox can be hacked. This guy found his money withdrawn on May 31, 2013. Someone changed his password and cancelled all 2FA in Security Center. He says he didn't use his mobile phone to get on Mt.gox. How did the hacker get his private key of 2FA?? I don't know whether there is someone experience the same.
It's so terrible which means the 2FA maybe not safe.

Link to this post:https://bitcointalk.org/index.php?topic=221098.0


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: YaCoinYeah on June 01, 2013, 04:05:16 AM
Wish I could read gibberish in the original thread.


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: cupo on June 01, 2013, 04:19:14 AM
The point is whether it's possible to break 2FA protection and how?


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: 🏰 TradeFortress 🏰 on June 01, 2013, 06:48:07 AM
Stop spreading FUD, you already posted this in trading discussion. I've already explained it, but I'll explain it again possible compromises:

1) Physical compromise - someone got access to his phone, used it, or saved the 2FA secret so he can generate new 2FAs at any time
2) Malware on mobile phone
3) Special malware on computer - sends transaction when someone logs in and enters 2FA code.

You sure this is $7000 USD or 7000 yuan (which is $1110)


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: cupo on June 01, 2013, 07:08:40 AM
$7000+, USD definitely


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: sinx91 on June 01, 2013, 02:39:17 PM
Happened to me to, but i was a idiot and thought a long and complex password were enough, but at this time i didnt know about the security problems at mtgox.
Now iam using google authenticator on everything on mtgox, withdrawal, security center etc., so my password cant be changed.

Also i dont let more then for some hours my money on mtgox.

I lost over 50 bitcoins.

If the "hacker" made a normal withdrawal you can cancel it if you tell it the support fast.


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: TheOrri on June 02, 2013, 10:46:57 AM
Couldn't read the comments other post, perhaps someone can give an update so we all may learn. In the case of a withdrawel MTGOX sends out an email confirming it. You still have some time to cancel it if you're fast.
Like mentioned before 2FA is very secure, but if someone has physical access to your phone or malware is installed you're still at risk. Personally, I use a cheap phone without any 3rd party software installed, solely for the purpose of google authenticator. Of course, nothing is 100% secure.

Still it would be nice if it's possible to get a sms alert from mtgox if a withdraw is made, just as an extra measure.


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: escrow.ms on June 02, 2013, 11:06:07 AM
As tradefortress told you, 2FA is safe as long as your pc,mobile etc are safe.

I use mtgox without 2FA like a boss..





Why??





Because it's empty. :D


Title: Re: Is 2FA safe enough??Bad News. A guy with 2FA in Mt has been stolen for $7000+
Post by: Dabs on June 03, 2013, 01:26:09 AM
As long as your computer is not compromised, you don't even "need" 2FA. It's a good idea, just in case.