Bitcoin Forum

Hello,

All my bitcoins are gone from my bitcoin address... Received an e-mail 10 minute ago here:

Transaction reference: 27fb49c7-72d4-4e88-9bb0-d2646d403e97
Date: 2013-10-11 07:43:40 GMT
IP: 209.21.68.151

How is that even possible? I have a very strong password and no viruses... Can't be true!

The IP is in California and I am in Switzerland. Jeez....

Perhaps the credentials of your email account or password manager are compromised?

I thought about that, but would be strange that the guy doesn't even change the password afterwards... And where would he have found my e-mail address?

That's too much to be true...

Email provider should let you check last few IP addresses which accessed your account so you can double-check. (Usually in a "tools" or sometimes "settings" tab - though with smaller providers, you' may have to email support)

No connections whatsoever outside of Switzerland...

And I guess that MtGox will just tell me that it's my fault of course...

By the way, it was sent to: 155SfFNjcqVZdoHDM6M3uR1hSjJtuW3xRf

If anyone can help finding back the guy, I'll reward!

Well, it's not the first time it's been used... http://blockchain.info/address/155SfFNjcqVZdoHDM6M3uR1hSjJtuW3xRf

If I were MtGox, I'd log the accounts and IPs trying to withdraw to that address, and try to alert the account owners directly before the withdrawals are allowed to execute.

Let me guess. No 2FA?


How would you even know that?

Because I ran a full check with 4 different anti malware / anti virus tools?

That would only protect you from common threats, which the highly specialiced trojans/keyloggers out for bitcoin exchange login data most definitely are not.

The only way to confidently deny the presence of bitcoin malware is if you'd exclusively accessed exchanges via a fresh and clean VM.

antivirus tools can not kill the real cracker's backdoors, your PC using habit is the best safeguard for you private information

Their stealing their money because your to stupid to secure your shit?  Interesting.   How many btc were taken?  Was your password 1234?

No, I have a strong password. 3 BTCs were taken... Not that much but hey, that sucks...

oh, you have a strong password.  that is all you have to say?  now I know its your own fault and not theirs.  typical end user.  ya, they are going to risk it all to steal 3 btc from you.   change the thread title to I don't understand how to use a computer, game over.

Well, I actually know how to use a computer...

Anyways, complaint has been open at the FBI, hope they find the guy :-)

At least I have an IP address to start with...

Did you have 2FA?

I believe you don't have 2FA? anyway bye bye 3 BTC. Most likely its hacker and not MTGOX :)

It wouldn't be enough if the host OS wasn't "fresh and clean" too.

It would probably be enough if he used the host OS exclusively for accessing exchanges and the guest OS for other Internet-interacting stuff. Though it may still be sometimes possible to compromise the host OS from the guest OS (or other guests if they aren't properly isolated).

http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf
http://media.blackhat.com/bh-us-11/Elhage/BH_US_11_Elhage_Virtunoid_WP.pdf

Just did a quick check and this might help too, looks like a gmail user is connected to that IP for sending spam for the site discountflitflopshoes.com:

https://webcache.googleusercontent.com/search?q=cache:g2xvH6u5lVMJ:http://cleantalk.org/blacklists/discountflitflopshoes.com%2B209.21.68.151

it's pretty well known that Mt.Gox is stealing Bitcoins from its users to pay for its insolvency.

it's called common sense something you clearly lack.

https://bitcointalk.org/index.php?topic=312923.0

Okay, tell me, how do you arbitrarily set the withdrawal fee using MtGox's web interface? (to something like 2.2btc)

Okay, go...

http://s23.postimg.org/7av5g2ctn/Mt_Gox_Crazy_Fees.jpg

Beware of Mt. Gox - can't get Bitcoin out now without photo ID!

https://bitcointalk.org/index.php?topic=313343.0

Now this...

Anyone have any charts that estimate MtGox's liquidity level?

I'd love to see one to, but I wouldn't hold my breath.  Mt. Gox has a long history which makes it probably impossible to come up with any meaningful estimates of what they might be sitting on.

It is interesting to watch whether liquidity comes off of the public order-book when large trades happen.  Some of these within the last few days did not seem to.  So it was either BTC that had not been on the market, was in a dark pool, or was newly arrived from quasi-whale contacts of theirs.  The most interesting thing to know would be whether they are burning through their own (probably) substantial pool which they've accumulated over the years.  These things can only be guessed at and inferred absent a whistle-blower, hack, or something like that.  Even then the info would have to be taken with a grain of salt.

Who says hackers use a web page?

https://en.bitcoin.it/wiki/MtGox/API/HTTP/v1#Withdraw_bitcoins
Withdraw bitcoins

https://data.mtgox.com/api/1/generic/bitcoin/send_simple

Send bitcoins from your account to a bitcoin address.

Parameters:

    Name    Value    Required    Example
    address    string    Yes    N/A
    amount_int    int    Yes    N/A
    fee_int    int    No    N/A
    no_instant    bool    No    N/A
    green    bool    No    N/A

Being ignorant doesn't make either of you right.

You can't use the Api without the keys. So that would not be likely.

{"result":"error","error":"Identification required to access private APINULL","token":"login_error_missing_rest_key"}

"Being ignorant doesn't make either of you right"

Did he also fake the receiving address amounts at roughly the same time frame?