Bitcoin Forum

I had around 300 Bitcoins stolen from my MT Gox account on Sep 8th/9th 2011. I found out after receiving an email to say that my account was up for review and eventually getting a working password from them that got me into my account. I reported the theft to Mt Gox and their response was to say that transactions are irreversible and the only thing they can do is to give me a free yubikey to stop it happening again. My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.

I don't expect (and surely won't receive!) any sympathy from fellow posters. I knew this was a risky business before I got in; I naively trusted the security and integrity of such a large exchange; I should have transferred the coins to an application; I could have sold at a good profit and got out quickly; I gambled and lost - learn and move on.

What remains slightly surprising however is that such a cowboy outfit should be handling so many transactions and retaining the trust of so many traders. Their website boasts of trading securely and with confidence; this apparently stated without irony. Yet, when a customer's account is hacked, it's just tough luck, one of those things....

In conclusion, if you hold bitcoins or cash with Mt Gox, be very careful. If you should suddenly find your balance is unaccountably zero, you'll wait a long time for any redress or even sympathy. Meanwhile, if anyone does have any ideas on how I might retrieve my Bitcoins, I would be very grateful.

Regards

Trickle.

 

proof please!

The exchanges are one of the worst problems with bitcoin right now.  I seen some developers working on a p2p version of an exchange, but sadly nothing has been released yet as far as I know.  There is a large opportunity out there for exchanging bitcoin into cash for anyone with the know-how and money to back it up.  The ideal use of bitcoin though is for us to exchange it as we do fiat currencies.  Keep it in your digital wallet and spend it as needed.  Investing/trading as of now is risky.

As far as MtGox....yea they suck.  It's the same reason I go to any shit store/service provider.  There are no options.

That's a big problem. 

This +1. I'm guessing that your own computer was compromised by a keylogger.

are you sure that your computer is not compromised?

I was going to say you were compromised as well.  Or unfortunaty it could be something slightly different.  Do you use the same password anywhere else?  Most humans are creatures of habit, so if one site with your account on it was compromised the hacker would have a good start to logging in elsewhere.  I remember back in january when slush got hacked, luckily this time the intruder did not take user/pass combos, but if he did we would all be in trouble!

Many thanks to all for your responses.

In answer to why I waited so long: having bought at around $13 last June, I was waiting until the price got back somewhere near that until I did anything with them. I simply put them to one side as I would a company's shares. Obviously I should have kept them in a wallet, but naively thought they were safe. My password was very strong and unique to my Mt Gox account.

I take it that Mt Gox is completely accountable to no-one?

Regards

Trickle

I hesitate to say it but... I don't believe it.

You say you have a unique strong password.

The only possibility if that is true is that there is a serious security fault in Mt.Gox that lets an attacker log in as someone else.  Why then did they stop with you?  Why haven't they stolen from lots and lots of accounts?  Let's recall that after the break-in the full Mt.Gox user list and hashes were made public, so there is plenty of scope for abuse of such a vulnerability to go through thousands of known account names.

It's more likely that your password isn't as secure as you think it is, or you have logged in from a compromised computer at some point.

They're accountable to the government of Japan.  If you think you have standing there, feel free to file a complaint.

My guess is your password was compromised by phishing. These phishing emails are very realistic looking, I nearly fell for it myself. Check your inbox for any emails appearing to be from MtGox, and see if there are any links to .ru domains.

Keyword : June = mtgox hack

The Mtgox user/encrypted password list was stolen, and if the password wasn't changed on the account, it would be just a matter of time before a hacker cracked the password.

"no mun, no fun, your son"

"too bad, so sad, your dad"

-Sinbad :P

I really am sorry for your loss. Regardless if it was there fault or yours, losing that much can really hurt and you have my sympathy. :(

did you think they would?

use CampBX

yep...
this:
screams phishing victim to me.

If you are going to keep substantial funds at a website not under your own control, such as Mt.Gox or any one of these wallet services; then please use the two-step authentication (i.e. yubikey).  If they don't have it & don't use split wallets (i.e. they keep your secret keys at the server) just don't use that service.  It's money people!  Act like there are people out there who want your personal data, because there are.  Bitcoin isn't Facebook!  There really is something to be gained from stealing your data!

Oops.  Sounds like you fell for a phish.  :(  Sorry, that definitely sucks.

Bears repeating.


Bitcoin is freedom, and freedom requires responsibility.

1.
Assume your computer -any computer- is infected with a trojan. Don't use those computers for important things. Use your laptop or desktop to boot a Live session of Ubuntu. I've gone so far as to run the live session from a 4GB SD card on my laptop and it operates without a hard drive. Every time I boot my machine its clean. The SD card is read only, and everything the OS loads goes to RAM which is also wiped when you power off. Its basically a banking terminal :)

Learn how to boot a live session here:
http://www.ubuntu.com/download/help/try-ubuntu-before-you-install (http://www.ubuntu.com/download/help/try-ubuntu-before-you-install)

This is the only means I use to do any banking business online.
There are windows options that can do similar things but I believe this is cheapest and easiest.

2.
Make strong passwords. strong passwords don't have to be hard to remember.

http://imgs.xkcd.com/comics/password_strength.png

Further, DO NOT USE THE SAME PASSWORD FOR EVERYTHING.

3.
Don't give your passwords out. Not even to your mother.

You forgot the relevant XKCD comic:

http://imgs.xkcd.com/comics/password_reuse.png

What sort of p2p systems exist?

Many thanks for the info on safer use of the laptop. I did regard Bitcoins as more a bet than an investment and it's not the end of the world, but I certainly accept your general points here: there are some bad people out there, and being less than extremely vigilant with security is inviting them to help themselves.

The key thing for me is to learn from this and be a lot more careful in the future.

Trickle