JMcGrath (OP)
Member
 Offline
Activity: 72
Merit: 10
|
 |
January 21, 2013, 09:10:52 PM
Last edit: February 02, 2013, 09:40:58 AM by JMcGrath |
|
I can't figure out how considering I have an impossible to guess password and have setup yubikey for withdrawels but someone emptied out my account for about 80 BTC today!
Luckily I keep most of my BTC in my own wallet but wtf can I do now? Anything? I've been trying to contact Mt Gox all day but it just keeps saying "getting an agent..."
BTW, the person that hacked my account's address is:
1JgqPGJCJWzgeMiTFbmeLi3cpKC9jahPS4
I'll give a reward if I can find out who this person is so I can beat the **** out of them!
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
January 21, 2013, 09:13:57 PM |
|
you need gox' help to see what's happened. The fact that you had yubikey activated for withdrawals makes it very unlikely you got hacked.
Did you do any other withdrawals during that time?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 09:16:30 PM |
|
No I haven't logged into this account at all for like 5 days - this just happened like 20 min before I logged in too! I was going to cashout a little today  Just looked over my settings and somehow Yubikey isn't linked to my account anymore either!? Somehow that either disappeared or wasn't setup properly and I didn't notice it. How do you contact gox anyways? I can't get them on chat! |
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
January 21, 2013, 09:16:40 PM |
|
Keep us posted. AFAIK if verified this would be the first fraudulent withdraw with 2nd factor authentication enabled. A very clever hack indeed. On edit: hmm looks like yubikey wasn't enabled. Still interesting to see the history on this one. How do you contact gox anyways? I can't get them on chat! I have never seen the chat work. You need to create a support ticket ... and wait.  |
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 09:21:02 PM |
|
Anyone know how to contact gox though?
Would they even do anything about this??
|
|
|
|
|
|
Deafboy
|
|
January 21, 2013, 09:28:24 PM |
|
Try #mtgox on IRC. I've got a replay in few minutes there yesterday.
|
|
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
January 21, 2013, 10:02:28 PM |
|
Can you create a support ticket with your account login details and post the ticket number here ?
|
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:19:55 PM |
|
Umm why would I post my login credentials and ticket number here?!
|
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
January 21, 2013, 10:20:49 PM |
|
Umm why would I post my login credentials and ticket number here?!
He said to open a ticket with that info and then post the ticket number here, not the info itself. Only gox staff (supposedly) can look at the tickets. |
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:21:03 PM |
|
Sorry, not sure who you are - plenty of people out their claiming they are someone they are not...
I'm too new to these forums to know who is who
|
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:22:39 PM |
|
Gotcha, I guess I could post the ticket number here - no sensitive info in that ticket Not to mention, nothing left in my account now anyways! #50629 Haven't heard anything back from anyone at Mt Gox yet on it though... |
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
January 21, 2013, 10:24:13 PM |
|
MagicalTux runs Mt Gox so if your yubi key was indeed compromised or not active it will be addressed.
Again pls keep us posted.
|
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:26:03 PM |
|
Thanks for the info guys, this really ruined my day! I am already screwed with bills and stuff and then I log in to find this... ugh
Could this have anything to do with my Yubikey being broken and reported lost? I never got a chance to actually use it on Mt Gox so I don't really know what happened there!?
|
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
January 21, 2013, 10:30:43 PM |
|
Now you sound sketchy.
Just tell the truth to mt gox and report back.
I would be very surprised if you intact and activated yubikey was indeed compromised.
|
|
|
|
|
|
Luno
|
|
January 21, 2013, 10:35:45 PM |
|
A question: Is it possible to un-link your yubikey from your account without use of your yubikey?
If the connection is hijacked, and the hacker keeps the connection after the customer has locked out will he be able to un-link the yubikey without needing to use it to verify?
Maybe Gox could be more proactive:
Disallow withdrawals without yubikey or google auth completely, make it mandetory for both BTC and cash maybe after a trial period?
have a ping trace log on each account, which they might already have, but with automation to block account withdrawls if routing is different and let it demand a new yubikey press. (you can still trade while on vaccation).
Is the API authentication safe? They don't use yubikeys.
Mt.Gox has a kind of panic button now. If you fail log in 3 times, you are locked out for 24 hours. Is that protection if people start posting about a massive hack underway?
|
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:37:42 PM |
|
I sound sketchy?
I lost a good amount of money today and I'm kinda freakin out I'm just trying to figure out wtf happened! I don't know if that yubi was ever actually activated, I set it for withdrawals only but I never withdrew any money or bitcoins yet so I never actually got to "use" it. I'm trying to figure out if it was ever indeed registered or not...
Anyways, there is a support ticket and they have the information. Basically they told me I'm screwed and to file a police report and send them a copy. Still waiting to hear back about the status of the yubikey however.
Oh btw, that was my question as well - do they lock you out for using the wrong pw x amount of times? If so, then this person got my info in some other way but considering I don't use that same password ANYWHERE ELSE, it would have to be a keylogger or something for them to have gotten the PW. If it was a bruteforce attack, why didn't gox stop the repeated attempts? It wasn't an easy PW to figure out!
|
|
|
|
|
|
meowmeowbrowncow
|
|
January 21, 2013, 10:38:45 PM |
|
No I haven't logged into this account at all for like 5 days - this just happened like 20 min before I logged in too! I was going to cashout a little today Just looked over my settings and somehow Yubikey isn't linked to my account anymore either!? Somehow that either disappeared or wasn't setup properly and I didn't notice it. How do you contact gox anyways? I can't get them on chat! In my case on initial enabling of 2FA for withdrawals the setting did not stick. Although the security center reported 2FA was enabled I had to cycle, disable it, then re-enable for it to take effect. So, I'm suspicious. |
"Bitcoin has been an amazing ride, but the most fascinating part to me is the seemingly universal tendency of libertarians to immediately become authoritarians the very moment they are given any measure of power to silence the dissent of others." - The Bible
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
January 21, 2013, 10:43:14 PM |
|
JMcGrath,
First you state yubikey was active
then you state maybe it wasn't
Not this new posts state it didn't stick for them the first time they activate it so maybe that happened to you.
Point it bitcoin hacks happen. Could be a virus or keylogger on your system or a MIM attack.
Regardless this is almost impossible with yubikey activated.
If you were hacked with yubike active that it a problem
If mt gox's yubikey activation process it faulty that it a problem.
Just looking for the Facts.
|
|
|
|
|
JMcGrath (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
January 21, 2013, 10:53:37 PM |
|
I'm sorry if my posts sound a little all over the place, I'm a little on edge here myself so I'll try to be as clear as possible...
* Yes I did have a Yubikey and *thought* I registered it
* I just spoke with Mt Gox and they are claiming that I never had a registered Yubikey
* They provided the IP Address of the person, but it comes up all over the world when I search it
* I know I tried to register my yubi when I got it so I *suspect* there is a fault where it is not "sticking" the first time around as you stated
|
|
|
|
|
MagicalTux
VIP
Hero Member
Offline
Activity: 608
Merit: 501
-
|
|
January 21, 2013, 10:56:41 PM |
|
As we could see thanks to this ticket number, the hacker gained access to the account on first try (ie. already had the correct password on hand). We also confirmed there was no Yubikey linked to this account nor was one ever registered. * Yes I did have a Yubikey and *thought* I registered it
I wonder if JMcGrath is not talking about a Yubikey he bought himself separately, in which case there is no way to "link it" to a MtGox account (only Yubikeys delivered by MtGox work on MtGox). Either way there was no order for a MtGox Yubikey on the account's history. I would rather suspect phishing or hacked computer (key logger/etc). As usual, having a Yubikey or TOTP device linked to the account and enabled would have helped a lot. |
|
|
|
|
|
