*MY* Mt Gox Account was Hacked - lost it all today... now what!?

[freeAgent]

On the subject of Yubikeys, why doesn't MtGox allow plain Yubikeys to be registered with their service?

[1713954152]

1713954152

[1713954152]

1713954152

[1713954152]

1713954152

[1713954152]

1713954152

[1713954152]

1713954152

[1713954152]

1713954152

[casascius]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

Put another way, if MtGox's withdrawal had just the same security we have on our IRC channel we use for chatting, confidence would be increased, as we'd have less fear of being stuck in a situation where money has been withdrawn with no way to convince anyone that we didn't do it ourselves.

I say first hand that anything that can be done to increase the confidence in security of funds stored in MtGox will directly correspond to a greater willingness to leave funds in MtGox.

In fact, implementing this idea would put MtGox in an even better position: in the event a hacker really managed to compromise a PGP key and forge a signature on a withdrawal, I think most people in this community would consider it 100% reasonable for MtGox to say "here's his signed request...sorry he's SOL!...do a better job of securing your PGP key next time"... far more than "sorry you must have gotten keylogged or something."

[MagicalTux]

On the subject of Yubikeys, why doesn't MtGox allow plain Yubikeys to be registered with their service?

Mostly a security reason. Anyone could create a bitcoin-related site that claims to accept yubikeys and actually log the used codes to try these later on other related websites.

It would also make us dependend on Yubico's server, making these an even greater target than they already are. Yubikey allows security by decentralization, allowing each operator to run their own auth servers.

We will still eventually allow people who understand the risks to add their yubikey on MtGox eventually, but this has lower priority.

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

We considered this, but the lack of proper PGP lib (the only few libs around will try to create stuff in $HOME and doesn't allow us to store/provide the public keys easily) or appropriate technical documentation on the signature format (it mostly says "read the source") forced us to delay this.

[DeathAndTaxes]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

We considered this, but the lack of proper PGP lib (the only few libs around will try to create stuff in $HOME and doesn't allow us to store/provide the public keys easily) or appropriate technical documentation on the signature format (it mostly says "read the source") forced us to delay this.

Glad to see you are at least considering it.  For the record if/when you ever implement a PGP signed message system I would prefer it be in addition to 2FA.  I.e. withdraw requires a PGP signed message PLUS sucessful 2FA challenge.  The PGP signed message creates irrevocable proof of the transaction and the 2FA (google authenticator) provides additional security in the event the PGP key is compromised.   While your at it throw in the ability to create multiple logins (w/ different security permissions) for a single account and optional dual authentication (not to be confused with 2FA) for withdrawals and you would have better security than most corporate banking platforms!

Also since you are reading this thread .... Generating a MtGox code can be properly protected by 2FA challenge (I love it you are one of the few exchanges which do it RIGHT) however one can view the "redeem code" page without 2FA authentication.  This create a potential method to compromise codes before redeemed.  User generates a code and before the counterparty redeems it the attacker (possibly alerted due to compromised email) logs in and redeems the code.  There are two simple solutions (one simpler and more limited).  The easiest method is perform a 2FA challenge when viewing the redeem code page.   The more comprehensive option would be to allow viewing the page but the code is redacted.  User can redeem code but clicking "view code" results in a 2FA challenge.

[01BTC10]

If the computer is compromised can we presume the PGP certificate with corresponding password can also get stolen? I use Google Authenticator and I think it's better unless my phone + computer get compromised by the same hacker.

[EuSouBitcoin]

Google Authenticator is Free to use at a few exchanges including Mt Gox. Use it. I wish more exchanges would implement Google Authenticator.

[DeathAndTaxes]

If the computer is compromised can we presume the PGP certificate with and linked password can also get stolen?

True it doesn't provide more security than a strong passphrase (not repeated on any other site) but it does provide irrefutable proof that your key was compromised.   It simply is not possible for a compromise on MtGox end to result in a properly signed message.  The hacked user and the community at large have absolute proof that the fault lies with the user.  2FA should be an optional security enhancement for PGP.  I would also point out that security conscious users can use smart cards with hardware independent keypad to protect PGP private key from keyloggers.

[bitfarmer]

PGP sounds like a great additional feature, the more the better. Allow the end user to decide what is preferable to them.

[jago25_98]

If this guy was using a Ubikey does that mean that Ubikeys are not a reliable protection against Windows virii? It's easy to cloak logging apps and there's a lot of crackers around Bitcoin.

Can this guy assume his install is cracked?
How can he search for whatever may have caused the breach?
Is there a Gox grabbing trojan out there we know about?
Has he installed the Gox app on a phone? (I think that's a risk)

[smracer]

I'm sorry if my posts sound a little all over the place, I'm a little on edge here myself so I'll try to be as clear as possible...

* Yes I did have a Yubikey and *thought* I registered it
* I just spoke with Mt Gox and they are claiming that I never had a registered Yubikey
* They provided the IP Address of the person, but it comes up all over the world when I search it
* I know I tried to register my yubi when I got it so I *suspect* there is a fault where it is not "sticking" the first time around as you stated

Where did you get the Yubikey from?  Could you have bought it from a third party that asked for your username/password and you sent it to them via email or on a website?  Also what is the IP address of the attacker that Mtgox gave you?

[casascius]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

We considered this, but the lack of proper PGP lib (the only few libs around will try to create stuff in $HOME and doesn't allow us to store/provide the public keys easily) or appropriate technical documentation on the signature format (it mostly says "read the source") forced us to delay this.

Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever.  The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address.  All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.

Either way, the benefit to MtGox is instant vindication of any questionable withdrawal that goes through.  Further, the moment anyone releases a hardware bitcoin wallet, you can bet that this will end up supported as a bonus feature.

[molecular]

Thanks for the info guys, this really ruined my day! I am already screwed with bills and stuff and then I log in to find this... ugh

Could this have anything to do with my Yubikey being broken and reported lost? I never got a chance to actually use it on Mt Gox so I don't really know what happened there!?

So you never linked your yubi-key to your mgGox account. Well, don't talk about your account "with yubi-key withdrawal protection activated" being hacked, then, dude.

Sorry 'bout your loss, but don't lie to us.

[molecular]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

That's a good idea.

However: what's the difference of having ones password stolen and having ones pgp key stolen and passphrase key-logged?

In other words: mtgox even in this case has proof the withdrawal was authorized (albeit not as strong, it could be faked by gox) by means of a successful login with password.

So while this puts mtGox in a more comfortable situation, this is only better for the user if he protects his pgp key better than his password.

[russ]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

However: what's the difference of having ones password stolen and having ones pgp key stolen and passphrase key-logged?

The difference is the attacker wouldn't have the PGP private key.

[John (John K.)]

If MtGox could make it so that you could add your PGP public key and then configure your account such that bitcoin withdrawals require PGP signature of a pre-generated message that contained the destination bitcoin address, MtGox would have undisputable conclusive proof in the event of a disagreement as to whether a withdrawal was authorized.

However: what's the difference of having ones password stolen and having ones pgp key stolen and passphrase key-logged?

The difference is the attacker wouldn't have the PGP private key.

By PGP key he would mean the private key, of course. Who needs to steal public keys?

[MagicalTux]

Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever.  The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address.  All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.

We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).

[🏰 TradeFortress 🏰]

Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever.  The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address.  All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.

We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).

Add optional "withdraw to one address only".

Add 48 hour delay before changing the addresses, during which you'd get two emails, and see a giant warning when you log in.

[jago25_98]

OP: Don't listen to people moaning about how we had been thinking we had a Mt.Gox breach even with a Yubikey in use and that turning out not to be the case it's just good that we've been told now and can stop worrying :-)

Sounds like this might have been a generic Ubikey and not the Gox one that has to be used with the site.

Remember though folks, if you're trading on Gox that means you're banking. And fast and highly frequent deposits and withdrawals I don't think are feasible

[Hexadecibel]

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.

[casascius]

You can use google authenticator on your box account. Its free for browser and smart phone.
That's what I resorted to when my yubi key never showed up.

The difference is that MtGox has no way to prove someone's use of GA or Yubikey actually took place. It is on MtGox's honor.

A system where MtGox could respond to allegations of fraudulent withdrawals by publishing a signed withdrawal request totally and instantly exonerates Gox against claims of being hacked, and is good for market confidence all the way around.