Bitcoin Forum

Economy => Trading Discussion => Topic started by: ForceField on July 19, 2012, 05:09:02 PM



Title: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: ForceField on July 19, 2012, 05:09:02 PM
Received the below two emails today from Mt.Gox:

Quote
There has been new activity on your Mt.Gox account.

A summary of your recent trade(s) is provided below.

Trade Details

Bid(s) (Buy)

        Order Filled at: Thu 19 Jul 2012 04:01:33 PM GMT
        Amount: 3.61950000 BTC
        Price: @$9.17990
        Total: $33.22665

        Order Filled at: Thu 19 Jul 2012 04:01:33 PM GMT
        Amount: 5.83999311 BTC
        Price: @$9.17998
        Total: $53.61102

Happy Trading,
- The Mt.Gox Team

Quote
There has been a withdrawal from your Mt.Gox account:

Transaction reference: XXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Date: 2012-07-19 16:01:46 GMT
IP: 82.50.1.94

You can access your account history for more details.

Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

Thanks,
The Mt.Gox Team

The total withdrawal was about ~$87 USD in Bitcoins to 12TtLmwed4QfPgz91GdHV1NxZE5qMvCWJQ (http://www.blockchain.info/address/12TtLmwed4QfPgz91GdHV1NxZE5qMvCWJQ).

I didn't execute those trades nor withdraw the BTC.

The IP address 82.50.1.94 is in Asti, Italy according to InfoSniper (http://www.infosniper.net/index.php?ip_address=82.50.1.94&map_source=1&overview_map=1&lang=1&map_type=1&zoom_level=7).

Have already sent an email to info@ mtgox.com about this.

Has anyone had any success in recovering their stolen coins from Mt.Gox?
Any advice would be greatly appreciated.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: BCB on July 19, 2012, 05:35:17 PM
You may be out of luck for recovery.  But you are not the first poster here recently to have this happen.

Maybe mods can connect the others to see if there are any similarities.

1.  Weak Password.
2.  Potential Keylogger.
3.  Any similar site (posted on this board) that you may have visited.

As the price continues to rise we're certain to see more of this.

Just a though.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: ForceField on July 19, 2012, 08:02:27 PM
Email response from Mt.Gox:

Quote
Hello,

Sorry for the inconvenience.Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.

Please file a police report in order for the police to investigate the case and make an effort to retrieve their funds and once filing a police report, please send a copy of the police report and their official ID document to Mt.Gox. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.

Thanks,
MtGox.com Team

Is there really a chance that a police report can help in any way to recover the stolen $87?

Quote
make an effort to retrieve their funds

This part of their reply sounded unusual.
Technically, it should have said your funds.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: DeathAndTaxes on July 19, 2012, 08:10:17 PM
The one thing these sad stories have in common is  ... no 2 factor authentication.
I have never seen a report yet of someone account protected by 2 factor being compromised. 


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: augustocroppo on July 19, 2012, 09:08:53 PM
The one thing these sad stories have in common is  ... no 2 factor authentication.
I have never seen a report yet of someone account protected by 2 factor being compromised. 

What that means exactly? You mean 2 or 2nd factor authentication?


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: TehZomB on July 19, 2012, 09:12:47 PM
It means using a Yubikey or Google Authenticator to protect your Mt. Gox account, either by restricting logins, withdrawals, or both.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: Stephen Gornick on July 20, 2012, 02:42:48 AM
I didn't execute those trades nor withdraw the BTC.


A lot of that going on.

"MtGox account got cleared out"
 - http://bitcointalk.org/index.php?topic=85533.0

"All BTC disappeared from my Mt. Gox account"
 - http://bitcointalk.org/index.php?topic=88368.0

Another:
 - http://bitcointalk.org/index.php?topic=80562.msg941759#msg941759

And another:
"My mtgox account got compromised, what can I do?"
 - http://bitcointalk.org/index.php?topic=84585.0

Yet more:
"MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how."
 - http://bitcointalk.org/index.php?topic=89142.0

And more again:
"Bitcoins stolen from MtGox"
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And the biggie:
"Bitcoinica MtGox account compromised"
 - http://bitcointalk.org/index.php?topic=93074.0

And on other services as well.  Here same thing happened to some GLBSE users:
 - http://bitcointalk.org/index.php?topic=84893.0

In none of these was the person using multi-factor authentication.  Mt. Gox has had Yubikey support for a while.  Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: Bigpiggy01 on July 20, 2012, 05:17:11 AM
OP if  you are running windows have a look at the tool I posted in https://bitcointalk.org/index.php?topic=80562.msg1016743#msg1016743 to me it looks like some of the people that earlier more or less exclusively went after LR are now considering BTC a lucrative extra  >:(


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: ForceField on July 21, 2012, 12:39:11 AM
OP if  you are running windows have a look at the tool I posted in https://bitcointalk.org/index.php?topic=80562.msg1016743#msg1016743 to me it looks like some of the people that earlier more or less exclusively went after LR are now considering BTC a lucrative extra  >:(

I haven't used Liberty Reserve so I do not believe that to be the cause in my case.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: rjk on July 21, 2012, 12:48:51 AM
OP if  you are running windows have a look at the tool I posted in https://bitcointalk.org/index.php?topic=80562.msg1016743#msg1016743 to me it looks like some of the people that earlier more or less exclusively went after LR are now considering BTC a lucrative extra  >:(

I haven't used Liberty Reserve so I do not believe that to be the cause in my case.
What he means is that the hackers that are targeting LR users have now decided that it would be a good idea to target bitcoin users as well. He is saying you ought to check for rootkits on your computer that might have been planted by visiting a bad website, and the post he linked to has a scanner link at the end of it.


Title: Re: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
Post by: ForceField on August 30, 2012, 04:09:44 PM
Update:

There has been a transaction from that Bitcoin address (12TtLmwed4QfPgz91GdHV1NxZE5qMvCWJQ (http://blockchain.info/address/12TtLmwed4QfPgz91GdHV1NxZE5qMvCWJQ)):

to 14dry3ihiE6s2gLZWa9Z5HFW6ohMNhXagm (http://blockchain.info/address/14dry3ihiE6s2gLZWa9Z5HFW6ohMNhXagm) & 1FtFaYUfGfie59ETowkyA8aihmCURsAYcM (http://blockchain.info/address/1FtFaYUfGfie59ETowkyA8aihmCURsAYcM).

If anyone knows anything related to those addresses, please post here.