Just lost 190 bitcoins through Mt. Gox

[sublime5447]

This really sucks. It is to hard to use, get, trust, and secure bitcoin transactions. Another black eye for bitcoin.

[sublime5447]

No one cares about that, what people care about is being able to use it as money. Thefts and scams are black eyes for bitcoin. Every person who loses 4k because of scammy bitcoin tells 100 people about it and do you know what they say?....They say well f@#$ bitcoin they dont ask.. well was it double encryption with yubikey did you have finger print verification, did you have retinal scans? did you print out your paper wallet then bury it in your back yard?   

[fcmatt]

This really sucks. It is to hard to use, get, trust, and secure bitcoin transactions. Another black eye for bitcoin.

No, it's not a black eye for Bitcoin at all. This had absolutely nothing to do with Bitcoin, neither the protocol nor the client.

It kinda is. Look at asic ppl wanting a refund. Cc payers got it. Bitcoin users just cry.
It might not be the client or protocol... But it is def bitcoin's irreversible nature. A victim has no chance in the world to figure out where their money went. That is a big problem for most people.

I am surprised no one mentioned inside job. An employee just slowly milks an account here and there for profit.

[gweedo]

No one cares about that, what people care about is being able to use it as money. Thefts and scams are black eyes for bitcoin. Every person who loses 4k because of scammy bitcoin tells 100 people about it and do you know what they say?....They say well f@#$ bitcoin they dont ask.. well was it double encryption with yubikey did you have finger print verification, did you have retinal scans? did you print out your paper wallet then bury it in your back yard?   

So a person robs a bank, do they go oh no the dollar is unsafe, lets not use it, or identify theft in a credit card scam. This is so false, doing transactions with a web site in any matter currency or just information, with out the proper security is at risk.

[n8rwJeTt8TrrLKPa55eU]

Paper wallets having private keys printed incorrectly is an extremely unlikely problem.

It would be like having a dollar print incorrectly.

Careful with that analogy, it happens more often than people think...

http://www.usarare.com/index22.htm

[CIYAM]

So a person robs a bank, do they go oh no the dollar is unsafe, lets not use it, or identify theft in a credit card scam. This is so false, doing transactions with a web site in any matter currency or just information, with out the proper security is at risk.

A bank is insured - it seems Mt. Gox has *zero* insurance for their BTC and another huge difference is that every other type of internet payment *can* be reversed (as anyone trying to *sell* BTC with another payment system knows all too well).

[Monster Tent]

Paper wallets having private keys printed incorrectly is an extremely unlikely problem.

It would be like having a dollar print incorrectly.

The stock bitcoin client should have a built-in print-to-paper button. Perhaps clicking it opens a html page on your local machine.

[gweedo]

So a person robs a bank, do they go oh no the dollar is unsafe, lets not use it, or identify theft in a credit card scam. This is so false, doing transactions with a web site in any matter currency or just information, with out the proper security is at risk.

A bank is insured - it seems Mt. Gox has *zero* insurance for their BTC and another huge difference is that every other type of internet payment *can* be reversed (as anyone trying to *sell* BTC with another payment system knows all too well).

I think you missed the point but I really getting annoyed by people that don't want to take responsibility this is kinda why our economy is messed up. BUT lets say you mail money to someone and someone intercepts it, no one cries the dollar is unsafe they blame the mailman and the person for not securing it properly.

[CIYAM]

I think you missed the point but I really getting annoyed by people that don't want to take responsibility this is kinda why our economy is messed up. BUT lets say you mail money to someone and someone intercepts it, no one cries the dollar is unsafe they blame the mailman and the person for not securing it properly.

That point is of course quite true, however, it is basically illegal to send money through the mail for that very reason.

Although I agree with taking personal responsibility unfortunately I think that the majority of people in the world simply do not (that's why we have unions and government handouts, etc.).

Bitcoin is not going to win any supporters if it just takes the attitude "sorry but you are just too stupid to use this" (this last was about attitude at not any sort of attack on the OP btw).

[gweedo]

I think you missed the point but I really getting annoyed by people that don't want to take responsibility this is kinda why our economy is messed up. BUT lets say you mail money to someone and someone intercepts it, no one cries the dollar is unsafe they blame the mailman and the person for not securing it properly.

That point is of course quite true, however, it is basically illegal to send money through the mail for that very reason.

Although I agree with taking personal responsibility unfortunately I think that the majority of people in the world simply do not (that's why we have unions and government handouts, etc.).

Bitcoin is not going to win any supporters if it just takes the attitude "sorry but you are just too stupid to use this" (this last was about attitude at not any sort of attack on the OP btw).

I don't think we are calling anyone stupid or something like that. It is like the internet in general, you have to teach people a new type of security to protect themselves. I think people hate to learn those new steps and procedures to do that, but that is the price of this currency and really any new security or attack point should change your thinking.

[CIYAM]

I don't think we are calling anyone stupid or something like that. It is like the internet in general, you have to teach people a new type of security to protect themselves. I think people hate to learn those new steps and procedures to do that, but that is the price of this currency and really any new security or attack point should change your thinking.

I think it is *such a radical new way of thinking* that for most it just won't even make sense ("Whoa... you tell me that there is no way to make a charge back at all and if someone steals my account then I'm screwed - will stick to the credit card and my government backed bank account then thanks buddy!").

Personally I really think a much more likely long term *usage* of BTC will be just as some sort an investment account (and yes *in your bank*) rather than people doing any sort of day to day transactions with it (and btw you can already do that with Gold in China).

[b!z]

Is your computer infected? Scan for rootkits etc. manually, take a look at GMER

[Luno]

The last Mtgox thefts mentioned here has been from from other IP's than the account holders.

Why don't Mtgox have a option to only withdraw Bitcoin to an IP from the same geo location, or there is some email confirmation from your known email required?

They could also insist that withdrawals only can be done when you have required a Yubikey.

One thing is that they don't care to reimburse people that have had their money stolen, but that they don't take more steps to prevent future thefts will backfire on their ass, the day they get a serious hack like in 2011.

[Zomdifros]

MtGox really should increase their security policy. Since they are so crucial to the Bitcoin economy I consider them as one of the greatest vulnerabilities of the whole system.
 
Two-factor authentication should be required for every withdrawal over 1000 USD in 24 hours or the equivalent in BTC. Also, like the Blockchain wallet, they should add sms authentication. They should mail you a warning whenever someone logs in from a previously unused IP-adress and withdrawals should be restricted from this address for 24 hours.

For now I would recommend using Blockchain to store your Bitcoins. A paper wallet is fine as well, though slightly more inconvenient.

[Lethn]

I'm sure a person who is an expert in security can explain this better than me but there is no 100% defence against hacking and I suspect with Bitcoin the hack attempts on peoples internet accounts etc. will only get worse, if you have a large amount of Bitcoins, store them offline and transfer them only when you're going to sell them off immediately and as usual the rule of "Never invest what you can't afford to lose" applies here too.

This reminds me that I need to properly look at how to store Bitcoins offline on a USB myself, then the only risk is on my own head for getting it lost or stolen.

[Prattler]

MtGox really should increase their security policy. Since they are so crucial to the Bitcoin economy I consider them as one of the greatest vulnerabilities of the whole system.

This is very much true! There is no reason why they don't have options to lock IP and/or bitcoin address.

[Zomdifros]

MtGox really should increase their security policy. Since they are so crucial to the Bitcoin economy I consider them as one of the greatest vulnerabilities of the whole system.

This is very much true! There is no reason why they don't have options to lock IP and/or bitcoin address.

And of course, having the option will not suffice, these safeguards should be activated by default. I would even go as far that it would be strictly impossible to make any withdrawal above 10.000 USD without two-factor authentication.
 
The goal should be that I can safely recommend Bitcoin to my grandmother. If these security practices are implemented it would even be possible to insure Bitcoin wallets so there is no risk whatsoever that anybody would become broke overnight due to malicious intent. Only then will Bitcoin be able to substitute fiat money.

[BitStick]

Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.

Now that's a neat idea, double the security.
If you could do that with any client it would be awesome, only withdrawing coins to a spending account as you need them.

[Flatlinezor]

Yeah, so far Yubikey seems to be the only solution, even regular sweeps with netsec and antivir would not guarantee you safety. :/

[no name]

Let me guess.... no two factor authentication?

But next time two factor authentication is the only way to go.

Yea beat me too it... I wont put more than 1 BTC anywhere that doesnt support two factor.

I think im up to 20 accounts now with two factor or yubikey

how I can activate two factor authentication on mtgox?

I would like to see ip restriction and confirmation options/alerts on demand too!