Reddit user /u/sockinabox recently awoke to an email from Mt. Gox informing him that his funds had been withdrawn. About $12,000 of his personal funds are now gone with absolutely no way for the rightful owner to recover them. Just like the many times before that this has happened and been reported on /r/bitcoin, Mt. Gox’s email support is unresponsive which only adds to the frustration. However, even if Mt. Gox responded to every email they received about stolen funds, can they actually do anything to recover funds that have already been stolen?
Any Bitcoiner will realize that once the coins are sent, Mt. Gox can’t do anything more than the victim can. This is a feature of Bitcoin, not a flaw, and part of being a Bitcoiner is realizing that putting your bitcoins online puts one password between the world and the bitcoins. Obviously, the first step to securing ones bitcoins if one plans to store them in an online exchange is to choose a secure and never-before-cracked password. Such a password would probably be incredibly long and not contain any combination of letters that has ever before been written in Wikipedia. While this is general good practice, many other online services have started to offer Two-Factor Authentication [2FA] through a separate device or email account for withdrawals and/or logging in. Some view this as a crutch, while others view it as an adequate tool in the arsenal against black-hat actors. Mt. Gox has previously only offered 2FA through Yubikey, a paid solution that cost $30 and frankly was not widely adopted by exchange users.
Read more here:
http://www.cryptocoinsnews.com/2013/12/01/mt-gox-security-introducing-new-otp/What do you think of Mt. Gox' security?
