Here are the dates (UTC) of the emails I've sent that have been ignored so far:
3/4/2011 22:29  -  support@bitcoin-central.net
3/2/2011 20:11  -  david@webflows.fr
3/1/2011 06:46  -  support@bitcoin-central.net

That doesn't justify keeping our money though. So something else must have happened.

It appears that no withdrawal of any currency from Bitcoin-Central is possible, and davout no longer replies to emails. I and at least one other person have a significant amount of money there. Should we be worried that davout has disappeared with it, or that someone hacked his site and stole the money? I have been trying to withdraw both BTC and LRUSD since March 2, and always get an error.

Does anyone know davout personally? Can anyone find him in person and ask him what's going on?

Did you go to that meeting? Did you see davout? Has anyone heard from davout in the last few weeks?

Convenient...  I have money there that I've been unable to withdraw for days. I understand it takes manual effort to process EUR, but LRUSD/LREUR and BTC should be no problem. It seems something is wrong on the server, preventing even LR and BTC withdrawal. If he's not going to keep the site working, he needs to shut it down and return everyone's money. Or at least let us know what he is going to do about it.

Both BTC and LR withdrawal is now working just fine for me. Both processed completely right away.

I'll buy your LR $ with PayPal $. Interested?

The new server appears to be fully functional. You just need to add the new IP 174.121.74.59 to your hosts file until your favorite DNS provider refreshes.

All is well for me now. The LRUSD withdrawal completed and is now in my LR account. And BTC withdrawal works fine.

I'll remove the entry from my hosts file in a day when I'm sure all DNS servers have updated.

If you're using windows, just add to your c:\windows\system32\drivers\etc\hosts   EDIT: I use Win XP. The path might be different in newer versions.
174.121.74.59   mtgox.com

It should solve all access problems right away. If not, restart your web browser to clear its possible DNS cache.

No need to mess with manually adding www to every url, if you use the hosts file to point to the new server.


BTC withdrawal works now for me. LR withdrawal is still stuck in limbo though.

Will LR and BTC withdrawal be fixed soon?

Just before my post.

Yes, I get that error now also. Hopefully the site will be back up at a new host soon.

I just transferred $10 from my MtGox account to my LR account, and verified it right away. No problems.

But I am unable to withdraw BTC from MtGox. It gives a bogus error saying Invalid Bitcoin Address. Hopefully that's just a temporary software glitch. That's bound to happen occasionally.

Is it really a problem, having the password in the url when https is used? I thought that the browser checks the certificate and starts encrypting before the url is transmitted.

I ask because although "8 characters, numbers and letters" isn't very strong, it would take a huge number of attempts to purely brute-force if it were random. Or is the point here that it was a single word and a couple digits, easily broken by a dictionary attack? How weak was it really?

I use unique random 16-character passwords (upper, lower, and digits) most places. I assume I'm totally safe from the kind of attack that compromised cryptofo's account.

cryptofo:
Would you be willing to tell us the password you used, that the thief managed to guess? I assume you no longer use it anywhere. :-)

mtgox:
Could you tell us approximately how many login attempts were made by the thief before successfully guessing cryptofo's password? If it was less than say 10000, then we'd know it was just a really weak/guessable password.

I notice that there's now a delay when logging into mtgox.com, which I think is a great way to prevent major brute-force/dictionary attacks. But I'm wondering if you've implemented any additional login protections, such as longer delays after a certain number of failed attempts from a single IP?

160 BTC

800 BTC

So now the big question is: Will mtgox back MTGUSD with LRUSD 1:1 less fees? In other words, will I be able to withdraw the "USD" from my Mt Gox account into my LR account at a fixed 1:1 rate? Or will the rate be market-determined (i.e. a third tradeable currency at Mt Gox)? If the latter, and if there will never be a way to directly withdraw our existing MTGUSD except by trading to LRUSD first within Mt Gox with another Mt Gox user, then MTGUSD will become worthless. If mtgox is offering direct withdrawal of MTGUSD as LRUSD without trading first, then MTGUSD will be fine.

But I am still concerned about PayPal possibly never giving back the stolen (ok, "frozen") funds. If therefore there is not enough liquid funds backing up all MTGUSD, without mtgox dipping into personal funds, there's a possibility of a "bank run" on MTGUSD.

I second twobit's question. I would definitely prefer to withdraw my USD to my US bank account, preferably by ACH, or as a second-best option, by mailed check. I'm confused by mtgox's last post.

The reason I do not like LiqPay is it appears that every login and many activities require me to receive a one-time password by SMS. My only cell phone charges me $0.20 for each SMS received, and Google Voice won't accept SMS from outside the US. Paying $0.20 multiple times every time I want to use LiqPay (even if just checking account balance) seems ridiculous. Is SMS really more secure than email (free)?

And I do realize that many people have free SMS service, but I'm sure there are also many like myself who don't. Also, many don't have a cell phone. Unless there's a way to get around LiqPay's SMS requirement, there really needs to be another method of depositing and withdrawing from Mt Gox.