Bitcoin Forum
November 03, 2024, 12:52:02 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 »  All
  Print  
Author Topic: *MY* Mt Gox Account was Hacked - lost it all today... now what!?  (Read 9984 times)
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 09:10:52 PM
Last edit: February 02, 2013, 09:40:58 AM by JMcGrath
 #1

I can't figure out how considering I have an impossible to guess password and have setup yubikey for withdrawels but someone emptied out my account for about 80 BTC today!

Luckily I keep most of my BTC in my own wallet but wtf can I do now? Anything? I've been trying to contact Mt Gox all day but it just keeps saying "getting an agent..."

BTW, the person that hacked my account's address is:

1JgqPGJCJWzgeMiTFbmeLi3cpKC9jahPS4


I'll give a reward if I can find out who this person is so I can beat the **** out of them!
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
January 21, 2013, 09:13:57 PM
 #2

you need gox' help to see what's happened. The fact that you had yubikey activated for withdrawals makes it very unlikely you got hacked.

Did you do any other withdrawals during that time?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 09:16:30 PM
 #3

No I haven't logged into this account at all for like 5 days - this just happened like 20 min before I logged in too! I was going to cashout a little today  Cry

Just looked over my settings and somehow Yubikey isn't linked to my account anymore either!? Somehow that either disappeared or wasn't setup properly and I didn't notice it.

How do you contact gox anyways? I can't get them on chat!
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
January 21, 2013, 09:16:40 PM
 #4

Keep us posted.  AFAIK if verified this would be the first fraudulent withdraw with 2nd factor authentication enabled.  A very clever hack indeed.  On edit: hmm looks like yubikey wasn't enabled.  Still interesting to see the history on this one.

How do you contact gox anyways? I can't get them on chat!

I have never seen the chat work.  You need to create a support ticket ... and wait.  Sad
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 09:21:02 PM
 #5

Anyone know how to contact gox though?

Would they even do anything about this??
Deafboy
Hero Member
*****
Offline Offline

Activity: 482
Merit: 502



View Profile WWW
January 21, 2013, 09:28:24 PM
 #6

Try #mtgox on IRC. I've got a replay in few minutes there yesterday.
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
January 21, 2013, 10:02:28 PM
 #7

Can you create a support ticket with your account login details and post the ticket number here ?
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:19:55 PM
 #8

Umm why would I post my login credentials and ticket number here?!
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
January 21, 2013, 10:20:49 PM
 #9

Umm why would I post my login credentials and ticket number here?!

He said to open a ticket with that info and then post the ticket number here, not the info itself. Only gox staff (supposedly) can look at the tickets.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:21:03 PM
 #10

Sorry, not sure who you are - plenty of people out their claiming they are someone they are not...

I'm too new to these forums to know who is who
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:22:39 PM
 #11

Gotcha, I guess I could post the ticket number here - no sensitive info in that ticket

Not to mention, nothing left in my account now anyways!  Cry

#50629

Haven't heard anything back from anyone at Mt Gox yet on it though...
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
January 21, 2013, 10:24:13 PM
 #12

MagicalTux runs Mt Gox so if your yubi key was indeed compromised or not active it will be addressed.

Again pls keep us posted.
JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:26:03 PM
 #13

Thanks for the info guys, this really ruined my day! I am already screwed with bills and stuff and then I log in to find this... ugh

Could this have anything to do with my Yubikey being broken and reported lost? I never got a chance to actually use it on Mt Gox so I don't really know what happened there!?
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
January 21, 2013, 10:30:43 PM
 #14

Now you sound sketchy.  

Just tell the truth to mt gox and report back.

I would be very surprised if you intact and activated yubikey was indeed compromised.
Luno
Sr. Member
****
Offline Offline

Activity: 504
Merit: 250


View Profile
January 21, 2013, 10:35:45 PM
 #15

A question: Is it possible to un-link your yubikey from your account without use of your yubikey?

If the connection is hijacked, and the hacker keeps the connection after the customer has locked out will he be able to un-link the yubikey without needing to use it to verify?

Maybe Gox could be more proactive:

Disallow withdrawals without yubikey or google auth completely, make it mandetory for both BTC and cash maybe after a trial period?

have a ping trace log on each account, which they might already have, but with automation to block account withdrawls if routing is different and let it demand a new yubikey press. (you can still trade while on vaccation).

Is the API authentication safe? They don't use yubikeys.

Mt.Gox has a kind of panic button now. If you fail log in 3 times, you are locked out for 24 hours. Is that protection if people start posting about a massive hack underway?









JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:37:42 PM
 #16

I sound sketchy?

I lost a good amount of money today and I'm kinda freakin out I'm just trying to figure out wtf happened! I don't know if that yubi was ever actually activated, I set it for withdrawals only but I never withdrew any money or bitcoins yet so I never actually got to "use" it. I'm trying to figure out if it was ever indeed registered or not...

Anyways, there is a support ticket and they have the information. Basically they told me I'm screwed and to file a police report and send them a copy. Still waiting to hear back about the status of the yubikey however.


Oh btw, that was my question as well - do they lock you out for using the wrong pw x amount of times? If so, then this person got my info in some other way but considering I don't use that same password ANYWHERE ELSE, it would have to be a keylogger or something for them to have gotten the PW. If it was a bruteforce attack, why didn't gox stop the repeated attempts? It wasn't an easy PW to figure out!
meowmeowbrowncow
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
January 21, 2013, 10:38:45 PM
 #17

No I haven't logged into this account at all for like 5 days - this just happened like 20 min before I logged in too! I was going to cashout a little today  Cry

Just looked over my settings and somehow Yubikey isn't linked to my account anymore either!? Somehow that either disappeared or wasn't setup properly and I didn't notice it.

How do you contact gox anyways? I can't get them on chat!



In my case on initial enabling of 2FA for withdrawals the setting did not stick.  Although the security center reported 2FA was enabled I had to cycle, disable it, then re-enable for it to take effect.


So, I'm suspicious.

"Bitcoin has been an amazing ride, but the most fascinating part to me is the seemingly universal tendency of libertarians to immediately become authoritarians the very moment they are given any measure of power to silence the dissent of others."  - The Bible
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
January 21, 2013, 10:43:14 PM
 #18

JMcGrath,

First you state yubikey was active
then you state maybe it wasn't
Not this new posts state it didn't stick for them the first time they activate it so maybe that happened to you.

Point it bitcoin hacks happen.  Could be a virus or keylogger on your system or a MIM attack. 

Regardless this is almost impossible with yubikey activated.

If you were hacked with yubike active that it a problem

If mt gox's yubikey activation process it faulty that it a problem.

Just looking for the Facts.


JMcGrath (OP)
Member
**
Offline Offline

Activity: 72
Merit: 10



View Profile
January 21, 2013, 10:53:37 PM
 #19

I'm sorry if my posts sound a little all over the place, I'm a little on edge here myself so I'll try to be as clear as possible...

* Yes I did have a Yubikey and *thought* I registered it
* I just spoke with Mt Gox and they are claiming that I never had a registered Yubikey
* They provided the IP Address of the person, but it comes up all over the world when I search it
* I know I tried to register my yubi when I got it so I *suspect* there is a fault where it is not "sticking" the first time around as you stated
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
January 21, 2013, 10:56:41 PM
 #20

As we could see thanks to this ticket number, the hacker gained access to the account on first try (ie. already had the correct password on hand). We also confirmed there was no Yubikey linked to this account nor was one ever registered.

* Yes I did have a Yubikey and *thought* I registered it
I wonder if JMcGrath is not talking about a Yubikey he bought himself separately, in which case there is no way to "link it" to a MtGox account (only Yubikeys delivered by MtGox work on MtGox). Either way there was no order for a MtGox Yubikey on the account's history.

I would rather suspect phishing or hacked computer (key logger/etc). As usual, having a Yubikey or TOTP device linked to the account and enabled would have helped a lot.
Pages: [1] 2 3 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!