Bitcoin Forum

We are excited to announce that our partner AurumXchange is now offering 0% Fees on all Mt.Gox Liberty Reserve deposits.

The offer is only available via AurumXchange.com and is limited to Liberty Reserve at this time. If you use Liberty Reserve through AurumXchange the funds will be added to your account in an instant!!

HOW TO FUND YOUR ACCOUNT USING LIBERTY RESERVE:

• Go to https://www.aurumxchange.com/exchange
• Select Liberty Reserve (USD) in the "From Currency" field.
• Select "MtGox code (USD)" in the "To Currency" field.
• Enter the amount you wish to load into your MtGox account into the amount field
• Enter and confirm your email address, enter the CAPTCHA code and press the "Continue" button
• Your exchange order will be displayed. If everything looks good, press the "Pay Now" button to make your Liberty Reserve payment.

Once you payment is made, AurumXchange will send you the USD MtGox code within seconds.

How do they securely send a MtGox code?

When I transfered money to mtgox through aurumxchange, everything went fine. However, the MtGox code was sent to me in an email, unencrypted.

This is will change pretty soon and you will have a nice little surprise on how things will be implemented. I cannot comment further since I will let AurumXchange the pleasure to do so, still, I am sure you will like it.

Cheers

If I understand the process correctly, that last step in the process concerns me.  Mt. Gox codes are redeemable by the bearer.  Is AurumXChange seriously sending the Mt. Gox code through e-mail?

E-mail messages are transmitted using the SMTP protocol.  SMTP is not a secure method for communicating.  

- http://www.ietf.org/rfc/rfc2487.txt

At some point, some unscrupulous network engineer or sysadmin at one of those router hops or a compromised system somewhere enroute is going to start filtering and capturing the mtgox codes and then redeem them.  The chances of getting caught, if done properly, are likely extremely low -- any hop could have been the one where the sniffing occurred and even then the code, once redeemed, can get converted to bitcoin funds and withdrawn.

Has there ever been an AurumXChange customer that claimed that the code they received showed that it had already been redeemed?  If so, it will be difficult for either AurumXChange or Mt. Gox to determine if it was the customer attempting to double spend that code or if it instead was the result of some cyber thief somewhere between AurumXChange and my open wi-fi connection at this coffee shop.

If e-mail will be the method or transferring the code then, at a minimum, the risks should be explained and I as the customer then be given the option for the message to be sent encrypted (using my PGP public key).

Hello Stephen,

Thank you for your input. While I do agree that email is inherently not secure, in practice, we have not had a single customer complaining about a stolen code (and we have processed over a thousand deposits at the time of this writing).

If email intercept were a common practice, the interception of an MtGox code would be probably the least of my concerns. What about people resetting your password and gaining access to your MtGox account, bank account, etc. by simply requesting a "reset my password by email". How many entities use a "reset password by email" without additional check and constrains? Wouldn't you agree?

Finally, please note that we DO warn the customer (and have always done so) as seen on this example:

http://img545.imageshack.us/img545/5766/scn.png (http://imageshack.us/photo/my-images/545/scn.png/)

In any case, we have recently implemented a new membership system and will move the retrieval of codes behind a password protected area.

Thanks!
Roberto