Bitcoin Forum

CLARIFICATION OF MT. GOX COMPROMISED ACCOUNTS AND MAJOR BITCOIN SELL-OFF

Dear members of the press and Bitcoin community,


I. Background

March, 2011 – MtGox.com (Mt. Gox), now the world’s leading Bitcoin exchange, was purchased by Tibanne Co. Ltd. As part of the purchase agreement, for a period of time, Tibanne Co. Ltd was required to pay the previous owner a percentage of commissions. In order to audit and verify this percentage, the previous owner retained an admin level user account. This account was compromised. So far we have not been able to determine how this account’s credentials were obtained.

II. Bitcoin Sell-Off

On June 20th at approximately 3:00am JST (Japan Time), an unknown person logged in to the compromised admin account, and with the permissions of that account was able to arbitrarily assign himself a large number of Bitcoins, which he subsequently sold on the exchange, driving the price from $17.50 to $0.01 within the span of 30 minutes. With the price low, the thief was able to make a larger withdrawal (approximately 2000 BTC) before our security measures stopped further action.

We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet. Normally, this should be impossible. Unfortunately, the 2000 BTC withdrawn did have real wallet backing and they will be replaced at Mt. Gox’s expense. Again, apart from the compromised admin account, no individual user’s account was manipulated in any way. All BTC and cash balances remain intact.

Given the relatively small amount of damage considering what was potentially possible, we have to question what the true motives of the attacker were. Perhaps the attack simply was not well-orchestrated but the possibility exists that the attacker was more interested in making a statement, hurting Mt. Gox’s reputation, or hurting the public image of Bitcoins in general than he was in any monetary gain.

III. Database Breach

Late last week we discovered a SQL injection vulnerability in the mtgox.com code that we suspect is responsible for allowing an attacker to gain read-only access to the Mt. Gox user database. The information retrieved from that database included plain text email addresses and usernames, unsalted MD5 passwords on accounts that had not logged in since prior to the Mt. Gox ownership transfer, and salted MD5 passwords on those accounts created or logged in to post-ownership transfer. We speculate that the credentials of the compromised admin account responsible for the market crash were obtained from this database. The password would have been hashed but it may not have been strong enough to prevent cracking.

Regrettably, we can confirm that our list of emails, usernames and hashed passwords has been released on the Internet. Our users and the public should know that these hashed passwords can be cracked, and many of our users’ more simple passwords have been cracked. This event highlights the importance of having a strong password, which we will now be enforcing. We strongly encourage all our users to immediately change the passwords of any other accounts that now or previously shared a password with their Mt. Gox account, if they have not done so already.

IV. Present Steps

We have been working tirelessly with other service providers in order to mitigate the potential damage to our users caused by the security breach. We’ve been informing our users to be especially cautious of Bitcoin-related phishing attempts at the email addresses associated with their Mt. Gox accounts. Users should continue to be especially observant of indicators of account compromise with other services—especially email and financial services.

We would like to give a special thanks to the Google team who were extremely proactive about flagging and temporarily locking customer accounts that appeared in our stolen user list. Their quick response no doubt significantly reduced unauthorized account access to Gmail addresses associated with Mt. Gox user accounts.

We’ve been actively researching the origin of the attack that led to the compromise of Mt. Gox’s previous owner’s admin account; however, our priority has been getting the Mt. Gox service back online and getting people access to their funds. We were finally able to simultaneously relaunch the service and launch our new site, with greatly improved security and back end, on June 26th, 2011.

V. Future Steps

The new Mt. Gox site features SHA-512 multi-iteration, triple salted hashing and soon will have an option for users to enable a withdraw password that will be separate from their login passwords. Other security measures such as one-time password keys are planned for release very soon as well.

The recent successful attacks on huge institutions like Sony and Citibank remind us that nobody is impenetrable. We are now operating under the presumption that another security breach will happen at some point in the future and we are implementing layers of fail-safe mechanisms to greatly limit the amount of damage possible. Of course, we’re doing our best to make sure those fail-safe mechanisms are never necessary.

While we are making great strides with the advancement of our security, we should remind our users that they too play an important role in securing their accounts. Please use a long password—the standard is not whether a person could guess it but rather whether a computer could guess it—and computers can guess pretty fast. Please do not share passwords across services—where passwords are shared, a compromise at one service means a compromise at all services. Help us help you.

VI. Apology

The truth is that Mt. Gox was unprepared for Bitcoin’s explosive growth. Our dated system was built as a hobby when Bitcoins were worth pennies a piece. It was not built to be a Fort Knox capable of securely handling millions of dollars in transactions each day.
We can attempt to blame the owner of the compromised account for the recent events but at the end of the day the responsibility to secure the site and protect our users rests with us. The admin account responsible had more permissions than necessary, and our security triggers were not as tight as they could have been.

Since the change of ownership, we have actively been patching holes while at the same time building a new Bitcoin exchange from the ground up. Going forward, we are certain that the launch of the new site will exceed the rightful expectations our users have of the service. We only hope that we can once again earn the trust of the Bitcoin community. In the meantime, we sincerely appreciate the patience all our users have shown.

We’ve got a backlog of emails we’re catching up on now but if you have any questions or comments about the recent security breaches and events, Mt. Gox in general, its founder or Bitcoin, please do not hesitate to contact us. We’re reading every message and we’ll get back to you as soon as we can.


Mark Karpeles - CEO
Tibanne Co. Ltd.

Being forthcoming does help. I may be a little less critical of MtGox now but they still have a long way to go to regain my trust. But this is a step in the right direction. Thanks OP for posting the MtGox statement.

This is more or less what I've figured all along (although it's interesting to hear that the admin account could just grant himself arbitrary bitcoins; I reckoned instead that somebody had used an admin account to collect bitcoins together from other accounts).

Has anybody checked whether jed's password was one that's been publicly leaked yet? I'm interested in how strong it was...

Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.

> If someone gained admin level user account why would they go to the lengths of SQLi to get the database?
My account still had admin access. They were able to get my account password because of the SQLi

In order to audit and verify this percentage, the previous owner retained an admin level user account. This account was compromised. So far we have not been able to determine how this account’s credentials were obtained.

Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.

The server has been down for more than two weeks now and I can't get a response from him despite sending several emails

413,Gox Bot,,$1$my2/Mvxi$kC7BKl1xKgYlbadc/GHSN1
6177,BotBot,jed@mtgox.com,$1$Xqluv5Eq$nkN99S/5DRqbNqUii3oEF1

We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet.

mewantsbitcoins:
Your password was probably brute forced from the user dump like mine was. Mine wasn't super simple either.
> If someone gained admin level user account why would they go to the lengths of SQLi to get the database?
My account still had admin access. They were able to get my account password because of the SQLi

I'm sure Mark is very busy with mtgox so has been neglecting Kalyhost.

Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.

Some degree of withholding information to be expected when you are compromised. Gox may have been concerned that immediately releasing all they knew could aid the people who did this.

I call this BS. My hash is up there - go and try to brute force it. I guess I'll see you in several years/decades.

Then please disclose your password - if it was anything but totally random & a-z/A-Z/0-9/special & >9 chars you were definately at risk.

I'm glad they posted this. I trust them a lot more after seeing this. The only thing missing is the exact number of coins stolen and the address they were sent to. I can't imagine why they didn't make that public.

- If you maintain proper password policies, you shouldn't have to worry about disclosing a password which you're not using anymore (you weren't reusing it anywhere, were you?)
- If it was actually 'random' and 'long' enough you should be able to determine the average time required to crack it - ie. the feasibility of a brute force attack (dictionary should be useless) given am average set of cracking hardware (GPUs).

All that, without having to resort to calling me retarded. ;)

Those are quite possibly the same thing. The blurb is, perhaps intentionally, unclear on the exact details. Where it says "was able to arbitrarily assign himself a large number of Bitcoins" it could be that that large number is the total number of Bitcoins in the system, which would effectively be a pooling of all user balances (not necessarily zeroing out user balances, just a sum/view).

We would like to note that the Bitcoins sold were not taken from other users’ accounts—they were simply numbers with no wallet backing. For a brief period, the number of Bitcoins in the Mt. Gox exchange vastly outnumbered the Bitcoins in our wallet.

I'm glad to see this release, only I wish it was made a week ago. Hopefully it'll put to bed at least some of the conspiracy theories and accusations.

Has anybody checked whether jed's password was one that's been publicly leaked yet? I'm interested in how strong it was...

Ah. One major thing that's bugging me is this - if the person doing this had so much access, why couldn't they change their limits and withdraw a large chunk of their freshly-created bitcoin balance?

Even if the password is cryptographically strong, it doesn't mean that it can't actually allow you to predict his future passwords by the style of it.
For example, I have a specific method to remember passwords without storing it anywhere.

I know that my passwords would never be cracked within a millenium since it is base96+1 (alphanumeric+upper/lower case+symbols+foreign language characters) even in a Class F which is the highest level of cracking possible (1,000,000,000 Passwords/sec) normally possible with supercomputers and distributed cracking.

I know that my passwords are not in dictionaries.
But I am not a computer so I can't memorize random characters, therefore I use some heuristics and mnemonics to remember them.

If you saw my password, you could deduce from my style the rules I set for myself for all the passwords I am using on every single site and the future ones I'll generate.
You might not guess it right away, but you could tailor an attack for me, launching a statistical attack, or just making a password generating algorithm based on what type of rules I set up in my mind for new passwords.
It would considerably narrow down the possible passwords and accelerating considerably the cracking speed with a extremely higher degree of success.

Yes, it is security through obscurity, but this obscurity is in my brain, and as long as you don't have a mind reader the password will remain cryptographically secure.
(for the record, my password wasn't cracked, and I am also cracking it myself to test it out. I got more than 2000+ passwords cracked mine is still holding up pretty well and it should remain that way)

Therefore I totally agree with mewantsbitcoins, telling your password is stupid.
It can be really secure and be impossible to crack with current means, but knowing his mindset it might reveal everything.

You must be retarded. Why would I disclose my password and my thinking pattern? So it can be added to dictionaries and future attacks? No thank you.

Many of the passwords that *have* been cracked look pretty damn strong.  Like, 14 characters long with alpha/numeric/symbol and no obvious patterns or weaknesses.  Scads of them are 12-characters long.  It's pretty scary, actually.

# Pairs of hash, password from http://www.nanaimogold.com/microlionsec.txt
$1$etIDyZ49$n26Qa/PPbQ5f3I8GIJhQM.         \(]|A>9{&jp013
$1$77SRs6hW$XCXcyCNwraMZ3QY8L2eRT.         hkjkGR^&$EOI(*&T
$1$WCha0X9J$71nHggA.X8/RhAB.gjY//1         vfp7U0fdl"v"LgK
$1$e/mzYsP.$H5DNwD4Njp6JNt1Kv2N.Y0         Y!m4g6s3j*

This statement indicates that your password was insecure.

If all it takes to risk guessing your password is to know your password generation logic, then the breach of any of the dozens of websites on which you have a password-protected account, may have helped the attacker in guessing your password. What happens when a password hash leak occur is that attackers generate candidate passwords based on bruteforcing results from previous leaks (Gawker, phpbb, MySpace, etc). They read them, try to understand how users picked them, and they adjust the mangling rules in their bruteforcers.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy (http://forum.bitcoin.org/index.php?topic=25389) claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

precisely what i've been thinking.  i truly think a major financial institution or gov't related entity hacked the system with its sole purpose to drive down the price of btc.

stealing the btc outright which would have been the logical and easiest first move for an individual.  why go to the trouble of creating a selloff lasting 30 min?  stealing the btc for an institution or gov't would have been an international crime whereas a creating a selloff could just be considered "national security".  stealing the DB would also be information gathering.

If you believe the individual was still subject to the withdrawl limits, the selloff makes sense and enabled him/her/them to escape with 2000BTC.  It is conceivable that the limits were 'hard coded'.  Why would a financial institution or gov't related entity want to drive down the price?  AFAIK there are not many short sales in play at the moment.  

The statement from MtGox is helpful, however it doesn't address some of the anomalies identified in the transaction ledger.  Why the sudden motion of 500k BTC immediately after the selloff?  Why the sudden play of the very old accounts with 50BTC each?  


  

That statement does not indicate shit.
I don't have any account with your mentioned sites or sites that have been hacked. I am extremely paranoid and use one time identities and one time passwords for different sites/forums/communities. Even if some site was hacked that we don't know about, attackers would never be able to tie them to this one. Go ahead and try to find info about mewantsbitcoins or any other identifies tied to it.

Anyway, I'm not here to argue about security practices. I don't think my password was secure - I know it was.

Attackers don't need to tie identities. Previously broken passwords are added to dictionary lists and are blindly tried against all newly leaked accounts.

This contradicts your first post which says "my password was not the most secure". So which is it?

Don't be so negative with me. I am just trying to help you understand how your account was hacked. Multiple possibilities:
1) The majority of MtGox users who were hacked were knowingly using insecure passwords. Not your case.
2) A smaller but still considerable fraction of users had a misconception of what a secure password is. May be your case.
3) Finally, a minority were using perfectly secure passwords (see examples in my last post). These users either shared passwords with other sites that have been hacked, or were phished (eg. even experienced IT security professionals may fall for tabnabbing (http://www.azarask.in/blog/post/a-new-type-of-phishing-attack)!), or were the victim of targeted attacks on their personal computers (eg. malware installing a keylogger). May be your case.

As one of the few users with ~1k posts on this forum, therefore a likely valuable Bicoin-rich target, I think you should envisage the possibility that you have been the victim of a targeted attack (not necessarily via an MtGox flaw). You wouldn't be the first one --you remember allinvain and his 25k BTC stolen... Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)

On the other hand, I have no idea how security-proficient you really are. You know Snort and firewalls, but the fact you exaggerate (few sites/apps accept "random >60characters password") makes it difficult for me to evaluate you. You say your MtGox pw was shorter than usual; would you mind sharing its exact length?

...
I'm sure Mark is very busy with mtgox so has been neglecting Kalyhost.

Mistakes were obviously made but I don't think Mark is being greedy or incompetent here. He needs to hire more people and he knows this. But which if you have ever tried to do you know takes time which he doesn't have much of these days.

Also you would not be the first one to think your password was relatively secure when in fact it turned out to be complete crap (this guy (http://forum.bitcoin.org/index.php?topic=25389) claimed his password was secure, and even lied about its length, when it was in fact "rascal101").

Gandlaf: I didn't say I was bored with mtgox. I said I didn't have enough time to do it correctly.

Kind of the opposite of bored.
I've never faced legal action because of anything having to do with mtgox. Baron was clearly lying since we have never heard from his lawyers.

Gandlaf: I didn't say I was bored with mtgox. I said I didn't have enough time to do it correctly. Kind of the opposite of bored.
I've never faced legal action because of anything having to do with mtgox. Baron was clearly lying since we have never heard from his lawyers.
I haven't gotten any money from mtgox since the sale so there is no danger of not being able to cover this loss.

Gandlaf: yes required to pay but not yet paid.

Gandlaf: [...]
I haven't gotten any money from mtgox since the sale so there is no danger of not being able to cover this loss.

Gandlaf: No that isn't my statement. You seem to really want to add to what you read. My statement is this:
MtGox has enough funds to cover any losses from the recently stolen coins and has enough to cover what it owes me to date.
MtGox will cover any debt to its customers before it pays me.
The fact that I haven't been paid yet has nothing to do with mtgox's ability to pay. It only has to do with the fact that neither I nor Mark have made time to complete the payment.

In that case, I do want to apologize for ever having even harboured the slightest doubts! You Jed, are quite obviously a saint(or as close as one gets nowadays without divine intervention). Giving up a multimillion dollar business, signing a contract, not insistiting on payment, it sounds like a fairytale. You must be a truely wonderful and completely selfless individual to just wait for payment for your idea if/when it  comes.

The only question for me would be the following: Why keep an admin account to audit payments, if everything is dandy, if your first concern is the bitcoin community and you really don´t want to see a penny before everyone has been paid?

Furthermore, I don´t really get your final point:
"The fact that I haven't been paid yet has nothing to do with mtgox's ability to pay. It only has to do with the fact that neither I nor Mark have made time to complete the payment."

A BTC transfer should be fairly easy(if you don´t know how to do it just ask in the forum), or is it that you aren´t really willing to invest in BTC? In that case I do get it, the MtGox $1000 limit can be a bit of a nuisance.
Apart from the technicalities, let me get this right: You did not make time for/to complete a payment with 6 or 7 figures(by early June)???

I love fairytales, but this response is BS.

You would be a truly unique individual to just let a multimillion $ business go.

So why not cut the crap and just disclose in how far you are still involved with MtGox?

So why not cut the crap and just disclose in how far you are still involved with MtGox?

if i have to explain why a financial inst or gov't would want to drive down the price of btc to you heaven help you.  

Well, heaven help me then.  Perhaps you could be my angel and tell me what you mean.  Do these individuals have a target price in mind?  Or do you mean they just want to break it?  Breaking the network is not the same as driving the price down.  Some of the institutions you mention want to drive the value of the dollar down.  Is that for the same reason?  Would a lower rate of USD per BTC make it easier for the number of real BTC transactions to grow?  Somehow I feel (guessing) you are referring to currency monopolists who don't want to see any competition, but a lower price per BTC probably wouldn't make much difference to them.  Anyway, I don't think that's what happened to MtGox in this instance.       

again, i ask the same question, why wouldn't the hacker just have changed the withdrawal limit to unlimited and just stolen all the wallet keys asap?  he instead ignored the wallet, and manipulated the DB to sell the price down to 0 over a 30 min time period risking potential intervention by Mark.  i think Kevin Day and others who were able to take money out are just red herrings.

Why wouldn't a government or financial industry attacker have changed the withdrawal limit to unlimited and stolen all available bitcoins ASAP? Crashing the price to zero was spectacular, but in the longer term leaving Mt Gox without enough bitcoins to back its liabilities would be much more damaging...

b/c that would be an international crime and as bad as they might be, i don't think they can afford to get caught  stealing to accomplish their objectives.  OTOH, if they were caught manipulating prices they could just write it off as "national security".

Except whoever did this did steal enough money to get themselves in serious legal hot water already... not to mention all the money they attempted to steal and give away at knock-down prices.

Even Snort + fw + browsing in a VM would not have protected you against, say, a tabnabbing phishing attempt. (I mention this example again because of how deceptively efficient it is...)

For fuck's sake - it's been more than three weeks and the server is still down. That's what I get for supporting someone in bitcoin business.
Stay away from Mt.gox and Kalyhost. They are scammers and incompetent beyond belief!