Bitcoin Forum

My MtGox account was hacked about two hours ago this morning. Password is secure, computer uninfected. (Password changed immediately) MtGox shows a large number of support requests. Is this just my account or is something larger going on? Luckily, I didn't lose much, but I certainly would rather not have. The bitcoins were sent to address 1ffaB9W2hj2pzp9djKupFfsaNn1L215FE. Not likely that it will ever be used again, but I thought it prudent to keep record.

So, two questions. I was away from Bitcoin for awhile and have just come back, so I'm somewhat unfamiliar with the much-changed MtGox. Is it possible for me to somehow recover my Bitcoins, and if not, what security steps do I need to take to prevent this happening again, assuming the problem was on my end? My computer is firewalled and virus-protected. My password was alphanumeric, random, and long enough to make brute forcing astronomically unlikely. I use Peerblock and Tor, though not one-hundred-percent of the time. Any tips?

Oh, and I'm sorry if this is in the wrong forum; I wasn't entirely sure where to put it.

EDIT: Thanks to some helpful users, this problem has been solved. Turns out I just behaved stupidly and fell for a phishing scam. Thank you to everyone for your excellent help!

Did you have the same money sitting on it while you were away?  Just seems strange, if so, that it would have sat there and then get snatched after you come back.

Sounds like you are taking appropriate steps. I assume you have an email that is used just for Gox and it is/was using a different password from your Gox account?

Yes, I did have it on my account, probably for about four months. It was minimal and I'd never bothered to withdraw it. My email is not used for solely Mt.Gox, but it has and always has had a different password and two-step verification, so I doubt it's been hacked. (And it's a Gmail account, not hosted locally, so as secure as Google's servers are)

  its just weird the money would sit there for 4 months and then disappear shortly after you come back. My gut tells me you got 'sniffed' somehow.

Certainly possible. If so, what steps should I take to prevent it happening again, other than changing my password, which I've already done? My computer is on wireless, but I live essentially in the middle of nowhere; no one else lives within my wireless range, and I would certainly know if anyone got close enough to access it.

Agreed.  You had to have a keylogger or spyware on your computer.  The most recent time you logged on, a hacker got your login info, then used it to steal your coins.

Just because you have an antivirus application installed does not mean you don't have a virus!  I'd throw several scanners at it (Malwarebytes included) to see if it finds anything.

ha!  Whoever hacked you is a major idiot.  Rather than waiting for more money, they withdrew your 0.3 BTC and alerted you to their presence ;D

Why is this on the main discussion section?

Should have guarded your account better, moving on..

Ran a full scan with Malwarebytes and ESET. Found nothing out of the ordinary. (Flagged some files in Metasploit install directory and the Ufasoft bitcoin miner, none of which were actual viruses)


Yeah, I agree, it wasn't a good move. Lucky me.


I must say I'm not entirely sure what the point of your post was. I put it in the general section because I wasn't sure where to put it, as I stated in the first post. If you can tell me where I should have put it, please do so, but just saying that it's in the wrong section doesn't help me much; I'm afraid I'm not psychic. I obviously didn't guard my account well enough, as it was hacked, and that is why I came for advice on how to guard it better. If you have any tips, they would be much appreciated.

Possible that it's a new piece of malware not yet detected by A/V too... you never know.

Oh, did you receive any emails from MtGox?  Did you click on any of them?

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago :P

Oh damn. That would be it. I thought that was a strange email. Had just been getting back into Bitcoins, hadn't yet read the forums, thought it was some verification program because my account had been inactive for awhile. I probably did indeed click the link in that email. Seemed to take me to their actual website. Well, I'm at least glad they only got about a dollar worth of BTC. What nature of hack was that, and should changing my password be enough?

oh wow... so they managed to get someone with that. :\

  Good catch, Rassah.  Yea, change your gox password and of course your email password. Do the email first. I'd probably go as far as just making a new email acct and changing that too for Gox.

  Only good advice I can give you, since you use peerblock and tor, is of course to make sure to use them that 100% of the time. And, never respond to emails. Any time you get an email informing you to do something go to the site directly and not via the email itself.  I'm suspicious of ANY email I get these days. The guys phishing spend a lot more time than they used to on making it look as legit as possible. Another option, depending on how strong your mail client is, would be to block ALL emails except those that originate from the mail host of the service/site you are using that email for. And here, I am not sure off hand which mail services check the source to rule out spoofed headers. So, check those headers, always. =)

  Cheers

The link in that email just takes you to something like mlgox.ni or something, instead of MtGox.com. Just standard phishing email with an address that looks legit if you don't look too close. Someone else was complaining about how they almost fell for it because they couldn't quite make out the url on their small mobile phone screen.

At least we found the source of the problem... that doesn't always happen!

Yup. Man, do I feel stupid... First time I've ever fallen prey to that sort of thing. Ah well, losses were minor; it ended much better than it could have.


Alright, thank you for the advice. I must have just not been paying attention... Usually I do check the headers, but apparently not this time... I suppose I'm also used to seeing phishing scams written in bad English. Seems Bitcoin at least has a higher class of phishers.


Yeah, I thought it was a Japanese TLD. Or, to put it more accurately, I didn't think.... And then it redirected to the main site, so I didn't think much of it...

Thank you all for your excellent advice! It's wonderful to find the cause of this so quickly. It is quite refreshing to be back to these forums, one of the few places on the internet where you can expect civil, intelligent replies.

No need to feel stupid, imho. Everyone has clicked on one of those damn things. Most people are just to proud to admit it. ;p

Btw why is that page loading fine in browsers ?

Come on everyone, you know about http://www.google.com/safebrowsing/report_phish/ right ?

Being too proud to admit it is only one step away from being too proud to rectify it. And the latter is truly dangerous.

One other thing I would do as well if you suspect that they had access to your gmail account is to check the filtering/forwarding settings for anything suspicious.

Did that, nothing suspicious. Thanks for the tip!

That is real risky, I better check all emails before clicking.  But it is quite hard to distinguish the real from the spoof sometimes.

One of the best deterents is to create a new email for just that one purpose. Especially in this case since it is likely that email address was on the old leaked list. Otherwise how would anyone be able to mail a phish mail to it anyhows? Atleast not one so specific.

If in doubt, just e-mail mtGox and ask about the said e-mail. Usually, you can see if there's any funny business by looking at the url of any links. View source of message.

Please get a Yubikey, that would have prevented this.

And sorry, I didn't mean to sound like a prick in my first post, but honestly this isn't the best place to post for MTGOX Account related questions nor should we encourage it as a community.

If you ever need help with anything MTGOX related (including getting a Yubikey for your account) go to there support page here https://support.mtgox.com/home

Thanks for the tip! I honestly wasn't sure where to post it. I will do it there next time.

o.O

Why isn't it a good place to discuss MtGox account related questions?  I never go look at the MtGox forums, but I had helpful information to provide regarding this case.  Isn't that what a forum is all about?

This is by far the best place for something like this to keep people alert to the issues. I didn't even know about this phishing thing until I read this, so point taken.  :P

Well, in that case, I will discuss this sort of thing here. I think FlipPro just meant not to post in the general discussion section, which he was correct on. Glad my posting this helped inform someone else!