Thank you all for donation , this little means a lot to me !

It is not email problem , they never find my email account , it is classic physhing over the site above . That site is not active now , but i know that he loks the same as MtGox .

I hope that this topic will help other people NOT TO DO same thing as i did .

I am now few months behind , almost no BTC  :/

If anybody have some btc to spare  , please donate some and help me  :   1AJ8rchBsBtXUqMSRwD12A9PFhg6pg6wKL

I didn't get mail , i never use links from mail ... i get this address on google first page !

I find the way how they did it ...

As a fact , it is my guilty ...

One day MtGox wasn't online , over the phone i get adress : www.mtgoxcom.info/login  (Mt Gox - Buy and Sell Bitcoins  http://mtgoxcom.info/uo/mtgox/html )

All that i have in my phone as a prove .


Then i gave them user and pass  

From IP 76.181.209.35 changed my email and password , junkies from MtGox DO NOT sent email that email is changed ( to old mail )  , and afther 24h logged in using proxy from Latvia ( Litvania ) : 46.109.13.62

Also find who is owner of the page   :


Domain ID:D50014060-LRMS
Domain Name:MTGOXCOM.INFO
Created On:31-May-2013 20:25:39 UTC
Last Updated On:31-May-2013 20:25:39 UTC
Expiration Date:31-May-2014 20:25:39 UTC
Sponsoring Registrar:GoDaddy.com LLC (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:CR144402040
Registrant Name:Barbara Graves
Registrant Organization:
Registrant Street1:11231 Macaw Ct
Registrant Street2:
Registrant Street3:
Registrant City:Chicago
Registrant State/Province:Illinois
Registrant Postal Code:60601
Registrant Country:US
Registrant Phone:+1.3153123920
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:xiangkaiha365@gmail.com




Now, i can contact Chigago police and prepare to sue this lady ( if it is lady ) ,or contact my friend in Chicago to have a little chat with this person ...


This addres need to be sticky in this forum , to prevent somebody else to be fraudulent





I find also logging time from near Chicago to my MtGox acc from IP listed in earlyer posts  :  http://en.utrace.de/?query=76.181.209.35

"Dear Marion ,

(3) No, we do not send mail, since in order to be able to change the mail you must know the account password.

If you send mail , even if mail changed , i will see that mail , i  have 24h to stop robery ...

I can not beleive , that tousends sites on internet , working with money , have that security measure , but MtGox do not have one ...

Best regards

Vlada
"

I think this is with purpose  ...

new answer :


Hello,

(1) I was not thinking to an order when i let you know about the change made by the robber.
Replace "Then" by "And".

(2) Yes, hackers write script to hack. It is a very difficult script to develop and your account is banned for investigations.
The hackers seems really really smart...

(3) No, we do not send mail, since in order to be able to change the mail you must know the account password.

(4) Robber made the withdrawal the 16th :
Sun 16 Jun 2013 04:35:54 PM JST withdraw Bitcoin withdraw to 15pxUjQ6TmKyTfu1PJ6DSNR6C2mEFhJoFH 4.90400000 BTC 0.00521564 BTC 46.109.13.62

(5) IP address list :
91.105.76.111
46.109.13.62
178.148.140.36
24.135.200.122
76.181.209.35
77.243.22.9
82.145.211.16
85.222.178.126

Hackers seems to be from Latvia. But he could have used a proxy, or vpn or compromised computer...

Best regards,

Mt.Gox Team

Stole stole stole  ... edited .. My bad english ...

Hmmm i tried few tricky thing ...

Make new account - get confirmation on mail 1
password reset - get confirmation on mail 1

then , when logged in change email to email 2 - no confirmation on any mail  !!!
change password - also no confirmation on mail 1 or mail 2

Just this : '"Warning: As a security measure, you will be unable to make any
withdrawals for 24 hours after changing your email address or
password. "

That means , that they not even sent mail , when mail changed ??  O_o    I can't beleive that this is true ...  I have to do one more time to be shure ...

No way that hapened !

If somebody do that , do you get a least one mail ?  I did not get any

One day a could not logg on my account on MtGox with sam username and password .

I contacted support and get this email :

Hello,
We sincerely regret for the inconvenience.
As per your account records, can see that your Mt-GoX password and mail address has been changed now.
Someone got an access to your Mt.Gox account and made a withdraw of 4.90400000 BTC.
How someone get your login and password ?
- Change your mailbox password
- Protect your mailbox and mtgox account with OTP
- Scan your computer with an antivirus
- Victim of physhing ?
Please file a police report and have them contact us, and we will gladly provide any documentation for the investigation. We apologize for any inconvenience caused.
Get back to us for further assistance.
Best regards,
Mt.Gox Team

Afther that i mailed them again :


Dear Marion ,
I did not log on account , and didn't do any withdraw in any time , i
have just few paying to MtGox , 4 times ...
Is there any posibility to back 4.9 btc , or to trace , contact that
person , block that person or something like that ?
Best regards

Vlada


and answer :

Hello,

Mt.Gox cannot do anything to get back the money. The money was withdrawn to a wallet external to Mt.Gox.
Only the police is able to launch an investigation and do something outside of Mt.Gox property.
Of course, Mt.Gox cooperate with police investigations.

Your account is compromised since the 14th June 2013. Your account was locked the 16th June for abnormal activity.
You did not get mail, because the robber change your mail, then your password.
He had an access to your login and password, he never made a mistake...
Fri Jun 14 2013
3:53:38 AM GMT+09:00Password has been changed
3:53:38 AM GMT+09:00Email changed from vlada@xxxxxxxxxxxx.net to makesha@mail.com
3:53:37 AM GMT+09:00Password verified successfully
3:49:37 AM GMT+09:00Password verified successfully
Apologies, we cannot give you back this account, we can propose you to create a new account on Mtgox and we will move the remaining balance on the new account.
What do you think of this proposal ?
Please, in order to strongly protect your account, use an OTP.
Best regards,

Mt.Gox Team


After that i start to investigate about mail account that i have . Mail server is in Belgrade , on my luck , and my friend is hosting server .

He send me all logs to mail account ( that i used for registration on MtGox ) and there is no logs of third person on my mail account for all this month  :


maillog.processed.10.gz:Jun 10 03:38:05 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:03 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:11 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:49:15 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.2.gz:Jun 18 02:39:30 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:40:16 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:41:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:46:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:56:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:23 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:07:01 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:16:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:23:41 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:26:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:27:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:32:59 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.2.gz:Jun 18 03:33:13 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.8.gz:Jun 11 18:50:55 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.8.gz:Jun 11 18:51:17 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.9.gz:Jun 10 21:06:56 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:07:31 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:16:55 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:27:35 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:37:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:47:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:57:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:18:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:28:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:38:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:48:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:58:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:08:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:28:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]

You wil see by the date , that there is not any conenction to my mail account on 13.6 and 14.6  , they sad that is time when pass and mail changed ...

Also you know , that on mail changing , you HAVE TO GET mail on old mail IN ANY CASE !

You know also that when you change mail on MtGox , you can not withdraw anything next 24 hours !!!





After my question to MtGox  :

Dear Marion ,

You just said  : robber change your mail, then your password.

Than this :

3:49:37 AM GMT+09:00Password verified successfully
3:53:37 AM GMT+09:00Password verified successfully
3:53:38 AM GMT+09:00Email changed from vlada@xxxxxxxxxxx.net to makesha@mail.com
3:53:38 AM GMT+09:00Password has been changed

All this in two seconds ?

If you change mail to new one , automaticly mail has to be sent to old mail ?

Then , how he can do withdraw ? that is impossible 24 h after making change of email ?

Also i have list of connection to this mail , there is no any connection that is not familiar to me , no strange conections any time , or from other place than Belgrade . Serbia .

Can you please give me all information about withdraw , or ip , so i can present to police  in my country  ?
best regards ,

Vlada



Afher this THEY DO NOT answer ,

So my conclusion is that MtGox  ( or someone who works there ) STOLE MY 5 BTC   that i have earning 5 months !!!

Please share this to all people you know mining and using MtGox