Bitcoin Forum
November 23, 2017, 11:39:01 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: *MY* Mt Gox Account was Hacked - lost it all today... now what!?  (Read 9643 times)
molecular
Donator
Legendary
*
Offline Offline

Activity: 2408



View Profile
January 22, 2013, 03:44:44 PM
 #41

OP: Don't listen to people moaning about how we had been thinking we had a Mt.Gox breach even with a Yubikey in use and that turning out not to be the case it's just good that we've been told now and can stop worrying :-)

yeah, true, sorry JMcGrath for being a bit harsh before. Thanks for telling us you probably hadn't linked the yubikey.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511437141
Hero Member
*
Offline Offline

Posts: 1511437141

View Profile Personal Message (Offline)

Ignore
1511437141
Reply with quote  #2

1511437141
Report to moderator
1511437141
Hero Member
*
Offline Offline

Posts: 1511437141

View Profile Personal Message (Offline)

Ignore
1511437141
Reply with quote  #2

1511437141
Report to moderator
1511437141
Hero Member
*
Offline Offline

Posts: 1511437141

View Profile Personal Message (Offline)

Ignore
1511437141
Reply with quote  #2

1511437141
Report to moderator
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1358


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 22, 2013, 05:14:30 PM
 #42

Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever.  The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address.  All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.

We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).

This would still be a much easier problem to solve than, say, adding a dependency on PGP, given that all the necessary code can be lifted directly from the current build of bitcoind.

And signing aside, simply allowing one the option to restrict their account so that instant bitcoin withdrawals can only go to a single bitcoin address would be of trivial complexity and yet would result in an enormous leap in practical security.  That may not work for some, but for others, it is so simple to understand as to be a meaningful confidence builder.  If you ask people to write that bitcoin address on their AML docs as they send them in, you've got a bulletproof paper trail connecting the withdrawal address to the customer.

The unspoken underlying fear is that one might have their funds disappear and be in a "he said she said" war with Gox as to how the withdrawal actually occurred.  If MtGox adopts policy and procedures that ensures that all withdrawals can be positively accounted for, and that instant withdrawals to arbitrary addresses are easy to limit, it literally reduces the customers negative fear of unauthorized withdrawal.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
misterbigg
Hero Member
*****
Offline Offline

Activity: 924


GET IN - Smart Ticket Protocol - Live in market!


View Profile
January 23, 2013, 01:06:38 AM
 #43

I'll give a reward if I can find out who this person is so I can beat the **** out of them!

If there's anyone who should be beat, it should be YOU for this fucking misleading thread title!

MtGox DID NOT GET HACKED and all you're doing is stirring shit.



               ████
             ███  ███
           ████     ███
         ███  ███    ███
       ████     ███    ███
     ███  ███     ███    ███
   ████     ███     ███   ██
 ███  ███     █████████████████
███     ███     ███           ██
 ███      ███     ██          ██
   ███      ██████████      ███
     ███      ██████      ███
       ███      ██      ███
         ███          ███
           ███      ███
             ███  ███
               ████

GUTS
    ███
███
███
███
███
███
███
███
███
███
███
███
███
███
   
smart-ticket protocol for events
live product with market traction!
    ███
███
███
███
███
███
███
███
███
███
███
███
███
███
   
  BTC ANN
  WEBSITE
  BLOG
   
  SANDBOX
  WHITEPAPER
  BOUNTY
   
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1036


BCJ


View Profile
January 23, 2013, 01:26:41 AM
 #44

title should read:

"I was surfing porn, downloaded a key logger and now I don't have anymore coins in my Mt. Gox account. "
Jaw3bmasters
Full Member
***
Offline Offline

Activity: 196


Another block in the wall


View Profile
January 23, 2013, 02:28:28 AM
 #45

title should read:

"I was surfing porn, downloaded a key logger and now I don't have anymore coins in my Mt. Gox account. "

LOL.

In Cryptography we trust.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
January 23, 2013, 08:18:35 AM
 #46

title should read:

"I was surfing porn, downloaded a key logger and now I don't have anymore coins in my Mt. Gox account. "

MY PRONSITE WAS HACKED

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Ghostofkobra
Full Member
***
Offline Offline

Activity: 156



View Profile
January 23, 2013, 10:40:26 AM
 #47

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?


I am also surprised that Mt Gox has such a high standing in the community that anyone that does not talk favorably about them get
their threads spammed and again are called names and worse.


Please, think before you post and dont post drunk.

/GoK


Coin Reaper @ http://coinreaper.com - Your expressway to FREE Bitcoins!
Bunny Run @ http://bunnyrun.us and win every time. No Bets required
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
January 23, 2013, 12:30:06 PM
 #48

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?

Actually I was considering starting a fund to pay people to abuse those who "got hacked" further. There's certainly not enough of it being done naturally.

That aside, wasn't muchly aware of such a great standing of MtGox? Perhaps you're confusing Inaba's unpopularity with MtGox's popularity?

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 742



View Profile
January 23, 2013, 01:22:04 PM
 #49

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?


I am also surprised that Mt Gox has such a high standing in the community that anyone that does not talk favorably about them get
their threads spammed and again are called names and worse.


Please, think before you post and dont post drunk.

/GoK
Title is misleading. He got hacked not MtGox.
deadweasel
Sr. Member
****
Offline Offline

Activity: 364



View Profile
January 23, 2013, 01:32:33 PM
 #50

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?


I am also surprised that Mt Gox has such a high standing in the community that anyone that does not talk favorably about them get
their threads spammed and again are called names and worse.


Please, think before you post and dont post drunk.

/GoK
Title is misleading. He got hacked not MtGox.

Very Misleading, Please fix!

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1190


Will read PM's. Have more time lately


View Profile
January 23, 2013, 04:39:26 PM
 #51

I am really astonished about the level of abuse that some Forum members subject the people that get their accounts hacked for.

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.

Is it not enough that he/she lost their Bitcoins?


I am also surprised that Mt Gox has such a high standing in the community that anyone that does not talk favorably about them get
their threads spammed and again are called names and worse.


Please, think before you post and dont post drunk.

/GoK
Title is misleading. He got hacked not MtGox.

Very Misleading, Please fix!

Agreed. Added a single word.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
January 24, 2013, 12:55:50 AM
 #52

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.
Read the posts again, and you will notice that your comment is out of place. He makes a false claim that MtGox is "hacked" and that he was using Yubikey. He did not yet correct the title of the thread as of this moment. It is misleading, it spreads unjustified panic, and it is everybody's waste of time.
I am sorry for his loss, and I do hope the thief is caught, but please act with some integrity.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
twolifeinexile
Full Member
***
Offline Offline

Activity: 154



View Profile
January 28, 2013, 03:28:46 PM
 #53

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.
How is google authenticator different from Yubi Key?
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
January 28, 2013, 03:38:34 PM
 #54

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.
How is google authenticator different from Yubi Key?
You can back up the code at the time if setup, if your phone is lost or broken you can set everything up again easily. Not so easy with yubikey. Having said that, yubikey introduces less risk of security holes than an android phone.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
kokojie
Legendary
*
Offline Offline

Activity: 1694



View Profile
January 28, 2013, 03:38:52 PM
 #55

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.
How is google authenticator different from Yubi Key?

I think it's more convenient since you always have your phone. Plus it's free.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
Ghostofkobra
Full Member
***
Offline Offline

Activity: 156



View Profile
January 29, 2013, 10:19:14 PM
 #56

Someone posts that their account gets hacked and all of a sudden that person is called a lot of names ranging from stupid to much worse.
Read the posts again, and you will notice that your comment is out of place. He makes a false claim that MtGox is "hacked" and that he was using Yubikey. He did not yet correct the title of the thread as of this moment. It is misleading, it spreads unjustified panic, and it is everybody's waste of time.
I am sorry for his loss, and I do hope the thief is caught, but please act with some integrity.


First off, my comment was not about the correct or incorrect title, it was about all those other posts that was made.

Secondly i wrote "their account gets hacked" which is a neutral term as to where the security break was, his pwd or Mt Gox.


Bottom line is, that thread, as well as many other "Gox account hacked" threads are full of namecalling and unintelligent BS in order to belittle the OP.

I am not saying that the Mob should turn on Gox, but i see a systematic behavior of "some elements in the community" that kicks on ppl that gets hacked, calling them stupid and worse.

And i figured i would at least write one post that says that this behavior should end.


/GoK

Coin Reaper @ http://coinreaper.com - Your expressway to FREE Bitcoins!
Bunny Run @ http://bunnyrun.us and win every time. No Bets required
Puppet
Legendary
*
Offline Offline

Activity: 966


View Profile
January 30, 2013, 08:51:39 AM
 #57

How much security does Yubi key really add if your PC is compromised?

Im not sure I fully understand this; if the attacker has root access to my PC, he can show me whatever he wants, and send something else to Mt Gox. All he would have to do is wait for me to do whatever transaction that requires the yubi key, provide Mt gox with a different transaction instead, show me the challenge for that fraudulent transaction and make me confirm it.

Im no expert, never used mtgox or yubi key,  but what am I missing?
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
January 30, 2013, 09:22:19 AM
 #58

The unspoken underlying fear is that one might have their funds disappear and be in a "he said she said" war with Gox as to how the withdrawal actually occurred.  If MtGox adopts policy and procedures that ensures that all withdrawals can be positively accounted for, and that instant withdrawals to arbitrary addresses are easy to limit, it literally reduces the customers negative fear of unauthorized withdrawal.

Doesn't seem there's much better a way to do this than PGP really.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1036


BCJ


View Profile
January 30, 2013, 02:37:34 PM
 #59

PGP won't be widely used until there are better libraries and it is easier to implement and use.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 742



View Profile
January 30, 2013, 05:05:01 PM
 #60

How much security does Yubi key really add if your PC is compromised?

Im not sure I fully understand this; if the attacker has root access to my PC, he can show me whatever he wants, and send something else to Mt Gox. All he would have to do is wait for me to do whatever transaction that requires the yubi key, provide Mt gox with a different transaction instead, show me the challenge for that fraudulent transaction and make me confirm it.

Im no expert, never used mtgox or yubi key,  but what am I missing?
You are right in the case of a sophisticated attacker but most of them are script kiddies who log only username and password. With Yubi key or Google Authenticator you prevent most attack imo.
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!