Bitcoin Forum
November 08, 2024, 06:56:24 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
Author Topic: Just lost 190 bitcoins through Mt. Gox  (Read 6837 times)
Zomdifros
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
February 08, 2013, 08:44:15 PM
 #61

So, I guess we all agree that MtGox is making a half-assed job of their security, can anybody tell us why they aren't upgrading this?

Half-assed job of security is kinda strong don't you think? I mean where does security on the consumer side start? 2 factor auth is the saving grace if you don't have that you can kiss your coins goodbye. Then you don't need all those bells and whistles which would probably cause more issues then they are worth. I think as long as Mt Gox isn't getting hack and leaking bitcoins from there wallet, I say security is good then. Take some responsibility, don't make Mt Gox your mom.

Well perhaps it's a bit too strong worded, they did gave me a free yubikey after all. However, since Bitcoin transactions are non-reversible and it is a lot harder to find out who stole your coins compared to fiat, I think their security should at the very least match that of traditional banks. And when I see that simple solutions as IP restriction aren't implemented and 2FA isn't required, even for very large transactions, I can only say their security just isn't good enough. And let's face it, there is ample evidence of people losing their money on MtGox, so much that it's hard to maintain it's all the consumers fault.



You guys need to vote with your wallet. Stop using services which don't provide you with the product you desire!

Exactly, I'm using MtGox to buy coins and other services to store them.

gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
February 08, 2013, 08:51:03 PM
 #62

So, I guess we all agree that MtGox is making a half-assed job of their security, can anybody tell us why they aren't upgrading this?

Half-assed job of security is kinda strong don't you think? I mean where does security on the consumer side start? 2 factor auth is the saving grace if you don't have that you can kiss your coins goodbye. Then you don't need all those bells and whistles which would probably cause more issues then they are worth. I think as long as Mt Gox isn't getting hack and leaking bitcoins from there wallet, I say security is good then. Take some responsibility, don't make Mt Gox your mom.

Well perhaps it's a bit too strong worded, they did gave me a free yubikey after all. However, since Bitcoin transactions are non-reversible and it is a lot harder to find out who stole your coins compared to fiat, I think their security should at the very least match that of traditional banks. And when I see that simple solutions as IP restriction aren't implemented and 2FA isn't required, even for very large transactions, I can only say their security just isn't good enough. And let's face it, there is ample evidence of people losing their money on MtGox, so much that it's hard to maintain it's all the consumers fault.

So can you show me an example of someone that has used 2FA and has been rob? It is the carelessness of people that use the service. I am sorry but I don't see any reason why they need all these bells and whistles when they have something that is proven and works the best. You also can't require 2FA cause not everyone has a smart phone, trust google, or can afford an yikuby key.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
February 08, 2013, 08:54:17 PM
 #63

So, I guess we all agree that MtGox is making a half-assed job of their security, can anybody tell us why they aren't upgrading this?

Half-assed job of security is kinda strong don't you think? I mean where does security on the consumer side start? 2 factor auth is the saving grace if you don't have that you can kiss your coins goodbye. Then you don't need all those bells and whistles which would probably cause more issues then they are worth. I think as long as Mt Gox isn't getting hack and leaking bitcoins from there wallet, I say security is good then. Take some responsibility, don't make Mt Gox your mom.
People WANT to take some responsibility, they just want more options to do it.  2FA is good for some things, but having some way to delay withdrawals to a new address seems like a sensible option to add.

You guys need to vote with your wallet. Stop using services which don't provide you with the product you desire!
I will as soon as something better comes along.  Wink  In the meantime, I will continue to suggest that they implement measures to satisfy my desires.
farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
February 08, 2013, 09:21:36 PM
 #64

Id like to know if everyone that keeps losing gox funds, did the wallet on your computers get raided also? It would only seem logical to raid the .dat on the hard drive too.
mintymark
Sr. Member
****
Offline Offline

Activity: 286
Merit: 251


View Profile
February 09, 2013, 12:28:58 AM
 #65

Two-factor Authorisation is useful for some people, but other things that have been suggested are useful too and would stop this. Its possible to make the account secure, even IF the password becomes known to a dishonest person, so why not do that? 2FA certainly does not suit everybody.

Actually its hard to say vote with your feet because thats the problem: there are not that many exchanges, and for many practical reasons the choice often comes down to 1 or 2. The exchanges therefore become complacent because people dont vote with their feet.

But you can be sure it reflects or will reflect badly on bitcoin even though actually it has nothing to do with Bitcoin. If someone using Bitcoin for a year can loose 200 BTC, then they are hardly a Noob.

I would strongly and politely suggest to the exchanges that it is very much in their own interest to implement these things. And it will be all the better for Bitcoin if they do, so lets start writing emails to our favourite exchange. I already have!

[[ All Tips gratefully received!!  ]]
15ta5d1N8mKkgC47SRWmnZABEFyP55RrqD
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
February 09, 2013, 01:56:46 AM
 #66

Two-factor Authorisation is useful for some people, but other things that have been suggested are useful too and would stop this. Its possible to make the account secure, even IF the password becomes known to a dishonest person, so why not do that? 2FA certainly does not suit everybody.

Actually its hard to say vote with your feet because thats the problem: there are not that many exchanges, and for many practical reasons the choice often comes down to 1 or 2. The exchanges therefore become complacent because people dont vote with their feet.

But you can be sure it reflects or will reflect badly on bitcoin even though actually it has nothing to do with Bitcoin. If someone using Bitcoin for a year can loose 200 BTC, then they are hardly a Noob.

I would strongly and politely suggest to the exchanges that it is very much in their own interest to implement these things. And it will be all the better for Bitcoin if they do, so lets start writing emails to our favourite exchange. I already have!

So when do you actually take responsibility for securing your funds?

First off IP geo will be a pain for most people, I know I change my location a lot thru my VPN's and just internet connections, now if I am using Mt Gox, I can't. So that option is out.

Second now you want to setup withdrawling that takes a couple days, that defeats the purpose of bitcoins. It suppose to be quick transfer of wealth.

Do you not see how these while you may think better protects the user, are the users responsibility and if you can't setup up Google 2 Factor Auth or buy a Yikub key then maybe you shouldn't be using an exchange.

Look at ATM's it is one pin code, that you have and if someone gets hold of it then your screwed but do you line up at the bank going add that they have to show there driver's licenses no you accepted it because you know that is your responsibility to not share it. You expect the job of the bank to be secure inside, you deal with outside.

TAKE RESPONSIBILITY FOR YOURSELF, I THINK TOO MANY BITCOINERS DON"T UNDERSTAND IT and frankly it is boring to keep iterating this point to people.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
February 09, 2013, 02:00:41 AM
 #67

TAKE RESPONSIBILITY FOR YOURSELF, I THINK TOO MANY BITCOINERS DON"T UNDERSTAND IT and frankly it is boring to keep iterating this point to people.

Your point has been made clearly again and again - and sadly *this* is *why* Bitcoin will *never* be used by average people *ever*.

Average people want *government guaranteed* money that will be refunded in the event of *theft* - so I think we can see clearly where the situation stands (and why no serious investors will actually invest a serious amount of money in BTC - the risk is simply too high).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
February 09, 2013, 02:16:45 AM
 #68

TAKE RESPONSIBILITY FOR YOURSELF, I THINK TOO MANY BITCOINERS DON"T UNDERSTAND IT and frankly it is boring to keep iterating this point to people.

Your point has been made clearly again and again - and sadly *this* is *why* Bitcoin will *never* be used by average people *ever*.

Average people want *government guaranteed* money that will be refunded in the event of *theft* - so I think we can see clearly where the situation stands (and why no serious investors will actually invest a serious amount of money in BTC - the risk is simply too high).

Your twisting my words again. How is the risk too high? If you follow security protocols you have no issues, even average people can figure out a 2 factor auth system. Also you said no serious investors will actually invest, yet I have seen a number of articles of day traders and stock people investing. Plus Fred Wilson VC has invested in a bitcoin company and in bitcoins. So your pretty false on those claims and your very off track.

And lets be honest, how many people are going to buy bitcoins to trade on Mt Gox.
CurbsideProphet
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
February 09, 2013, 02:19:46 AM
 #69


Let me guess.... no two factor authentication?


how I can activate two factor authentication on mtgox?


ID verify your Mt.Gox account, you should than receive the offer to obtain a yubikey - FOR FREE.



I never received this offer.

1ProphetnvP8ju2SxxRvVvyzCtTXDgLPJV
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
February 09, 2013, 02:31:55 AM
 #70

Your twisting my words again. How is the risk too high? If you follow security protocols you have no issues, even average people can figure out a 2 factor auth system. Also you said no serious investors will actually invest, yet I have seen a number of articles of day traders and stock people investing. Plus Fred Wilson VC has invested in a bitcoin company and in bitcoins. So your pretty false on those claims and your very off track.

I am not trying to twist your words but you just *keep* missing the point. NO GUARANTEE - got it yet?

If my 2FA key from my bank gets stolen I *can still* get my money *refunded* - you *cannot* do this at any BTC exchange (and won't *be* able to for very good reason as we all know well).

By serious investments I am talking 10-100M USD - seen any of those yet?

In any case I think this is all getting rather OT and starting to look a bit silly and I do *agree* if you want to *day trade* at Mt. Gox you really *must* get yourself a Yubikey.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
February 09, 2013, 02:37:09 AM
 #71

Your twisting my words again. How is the risk too high? If you follow security protocols you have no issues, even average people can figure out a 2 factor auth system. Also you said no serious investors will actually invest, yet I have seen a number of articles of day traders and stock people investing. Plus Fred Wilson VC has invested in a bitcoin company and in bitcoins. So your pretty false on those claims and your very off track.

I am not trying to twist your words but you just *keep* missing the point. NO GUARANTEE - got it yet?

If my 2FA key from my bank gets stolen I *can still* get my money *refunded* - you *cannot* do this at any BTC exchange (and won't *be* able to for very good reason as we all know well).

WAIT a second, you verify your ID, just like you would have to at a bank. Now lets look at the real point how many people are going to use Mt Gox. Only investors and day traders, and we have proven that many of them are on Mt Gox today! So while there is *NO GUARANTEE* people are fine with it and adapt to the security needed.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
February 09, 2013, 02:39:36 AM
 #72

Quote
[/input]

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
ProfMac
Legendary
*
Offline Offline

Activity: 1246
Merit: 1002



View Profile
February 09, 2013, 02:49:12 AM
 #73

This really sucks. It is to hard to use, get, trust, and secure bitcoin transactions. Another black eye for bitcoin.

No, it's not a black eye for Bitcoin at all. This had absolutely nothing to do with Bitcoin, neither the protocol nor the client.

It kinda is. Look at asic ppl wanting a refund. Cc payers got it. Bitcoin users just cry.
It might not be the client or protocol... But it is def bitcoin's irreversible nature. A victim has no chance in the world to figure out where their money went. That is a big problem for most people.

I am surprised no one mentioned inside job. An employee just slowly milks an account here and there for profit.

Isn't there a trail for the address the money went to? 

I try to be respectful and informed.
hamdi
Hero Member
*****
Offline Offline

Activity: 826
Merit: 500



View Profile
February 09, 2013, 03:39:54 AM
 #74

Wish MtGox offered a way to lock withdrawals to a single address. This would solve so much.
!
ProfMac
Legendary
*
Offline Offline

Activity: 1246
Merit: 1002



View Profile
February 09, 2013, 04:59:12 AM
 #75

MtGox really should increase their security policy. Since they are so crucial to the Bitcoin economy I consider them as one of the greatest vulnerabilities of the whole system.
 
Two-factor authentication should be required for every withdrawal over 1000 USD in 24 hours or the equivalent in BTC. Also, like the Blockchain wallet, they should add sms authentication. They should mail you a warning whenever someone logs in from a previously unused IP-adress and withdrawals should be restricted from this address for 24 hours.

For now I would recommend using Blockchain to store your Bitcoins. A paper wallet is fine as well, though slightly more inconvenient.

I was looking over my MtGox account, and I don't see how to turn on 2 factor authentication.  Can someone walk through the process really slowly?

I try to be respectful and informed.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
February 09, 2013, 05:32:56 AM
 #76

MtGox really should increase their security policy. Since they are so crucial to the Bitcoin economy I consider them as one of the greatest vulnerabilities of the whole system.
 
Two-factor authentication should be required for every withdrawal over 1000 USD in 24 hours or the equivalent in BTC. Also, like the Blockchain wallet, they should add sms authentication. They should mail you a warning whenever someone logs in from a previously unused IP-adress and withdrawals should be restricted from this address for 24 hours.

For now I would recommend using Blockchain to store your Bitcoins. A paper wallet is fine as well, though slightly more inconvenient.

I was looking over my MtGox account, and I don't see how to turn on 2 factor authentication.  Can someone walk through the process really slowly?


Login > Security Center

Add YubiKey and/or Software Authenticator (Google Smartphone)
Save

Add the credential you just created to login, withdraw, and/or security center.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
February 09, 2013, 06:11:56 AM
 #77

Two-factor Authorisation is useful for some people, but other things that have been suggested are useful too and would stop this. Its possible to make the account secure, even IF the password becomes known to a dishonest person, so why not do that? 2FA certainly does not suit everybody.

Actually its hard to say vote with your feet because thats the problem: there are not that many exchanges, and for many practical reasons the choice often comes down to 1 or 2. The exchanges therefore become complacent because people dont vote with their feet.

But you can be sure it reflects or will reflect badly on bitcoin even though actually it has nothing to do with Bitcoin. If someone using Bitcoin for a year can loose 200 BTC, then they are hardly a Noob.

I would strongly and politely suggest to the exchanges that it is very much in their own interest to implement these things. And it will be all the better for Bitcoin if they do, so lets start writing emails to our favourite exchange. I already have!

So when do you actually take responsibility for securing your funds?

First off IP geo will be a pain for most people, I know I change my location a lot thru my VPN's and just internet connections, now if I am using Mt Gox, I can't. So that option is out.

Second now you want to setup withdrawling that takes a couple days, that defeats the purpose of bitcoins. It suppose to be quick transfer of wealth.

Do you not see how these while you may think better protects the user, are the users responsibility and if you can't setup up Google 2 Factor Auth or buy a Yikub key then maybe you shouldn't be using an exchange.

Look at ATM's it is one pin code, that you have and if someone gets hold of it then your screwed but do you line up at the bank going add that they have to show there driver's licenses no you accepted it because you know that is your responsibility to not share it. You expect the job of the bank to be secure inside, you deal with outside.

TAKE RESPONSIBILITY FOR YOURSELF, I THINK TOO MANY BITCOINERS DON"T UNDERSTAND IT and frankly it is boring to keep iterating this point to people.
Do the words "optional" not mean anything to you?

2FA is optional.
If IP geo was implemented, it should be optional.
If withdrawal delays of any kind are implemented, they should be adjustable and, of course, optional.

There.  No inconvenience to people like you who don't find those options useful, but better security for those who do.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
February 09, 2013, 08:08:14 AM
 #78

Do the words "optional" not mean anything to you?

2FA is optional.
If IP geo was implemented, it should be optional.
If withdrawal delays of any kind are implemented, they should be adjustable and, of course, optional.

There.  No inconvenience to people like you who don't find those options useful, but better security for those who do.

2FA while optional is the only way to properly secure your Mt Gox and should be told to everyone, I will admit that is a failure on Mt Gox's part to not reforce that to new users more. BUT it is a false security those options, and we all know someone will easily get thru those if they want too. Lets face it they get your password, the only thing stoping them is 2FA. COME ON you have to agree. Those options are too niche, maybe stop 10% maybe 15% if lucky.
Huh?

If they get my password, and I have some sort of IP lock on my account, then I could receive an email notification of someone else logging into my account from Russia or wherever, indicating there is a problem.  They couldn't withdraw because of the lock though, which would be undone with password + email verification.

If I had a withdrawal address change delay of 7 days, then I could get an email as soon as someone else changed the withdrawal address on my account.  I would then have 7 days to do something about it.

Ok, so maybe my email account is compromised as well.  I'd figure that out once I was no longer able to log in.  Or maybe the attacker is really clever and doesn't change my password, but simply deletes the email so I wouldn't see it.  MtGox could, upon login, still display a very large colorful warning for the next 7 days that the IP lock was removed or that a new withdrawal address was created.  And if I didn't have access to my MtGox account, ideally, support could reset the password for me and send me an email link.  If I didn't have access to my email and attempts to regain access were futile, support could freeze the account in the interim and I could resend identity docs to prove I am the proper owner of it.  But in the meantime, my Bitcoins are SAFE.  They could not be touched with this sort of delay in place, whereas as soon as an attacker compromises an account right now, they can empty it out to the extent of the daily withdrawal restrictions.

So no, I don't "have to agree", nor do I agree with you at all.  I think the more security options we have, the more secure we can make our accounts.
Zomdifros
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
February 09, 2013, 03:29:29 PM
 #79

Do the words "optional" not mean anything to you?

2FA is optional.
If IP geo was implemented, it should be optional.
If withdrawal delays of any kind are implemented, they should be adjustable and, of course, optional.

There.  No inconvenience to people like you who don't find those options useful, but better security for those who do.

2FA while optional is the only way to properly secure your Mt Gox and should be told to everyone, I will admit that is a failure on Mt Gox's part to not reforce that to new users more. BUT it is a false security those options, and we all know someone will easily get thru those if they want too. Lets face it they get your password, the only thing stoping them is 2FA. COME ON you have to agree. Those options are too niche, maybe stop 10% maybe 15% if lucky.
Huh?

If they get my password, and I have some sort of IP lock on my account, then I could receive an email notification of someone else logging into my account from Russia or wherever, indicating there is a problem.  They couldn't withdraw because of the lock though, which would be undone with password + email verification.

If I had a withdrawal address change delay of 7 days, then I could get an email as soon as someone else changed the withdrawal address on my account.  I would then have 7 days to do something about it.

Ok, so maybe my email account is compromised as well.  I'd figure that out once I was no longer able to log in.  Or maybe the attacker is really clever and doesn't change my password, but simply deletes the email so I wouldn't see it.  MtGox could, upon login, still display a very large colorful warning for the next 7 days that the IP lock was removed or that a new withdrawal address was created.  And if I didn't have access to my MtGox account, ideally, support could reset the password for me and send me an email link.  If I didn't have access to my email and attempts to regain access were futile, support could freeze the account in the interim and I could resend identity docs to prove I am the proper owner of it.  But in the meantime, my Bitcoins are SAFE.  They could not be touched with this sort of delay in place, whereas as soon as an attacker compromises an account right now, they can empty it out to the extent of the daily withdrawal restrictions.

So no, I don't "have to agree", nor do I agree with you at all.  I think the more security options we have, the more secure we can make our accounts.

+1

robocoin
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
February 09, 2013, 05:49:58 PM
 #80

Mt. Gox sent me a free Yubikey after I made some trades.

KeePass password vault should be used for this sort of thing.  It creates complex passwords and pastes them into the box so they are never typed in and then it wipes your clipboard so a keylogger won't work.

Yes you might have to flip a coin to get a key  Cheesy
Pages: « 1 2 3 [4] 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!