Bitcoin Forum
December 06, 2016, 08:15:07 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Hacker got to my MTGOX account, he converted the USD I had......  (Read 12655 times)
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 10:01:34 AM
 #41

My password was a KeePass-generated password of 20 randomly generated alphanumerical characters (mixed case). Needless to say the password has been changed.

I've done a full antivirus scan of my system which found nothing. I've also used various tools such as TCPView, Wireshark, and Security Task Manager (as well as the Windows Task Manager) to see if any suspicious services or processes were running, and it seems my system is clean. I'm not sure what happened here, but it seems unlikely that the issue was on my end.

You are assuming your system is OK after *something* got compromised? Any password is useless against a keylogger (that includes a future Bitcoin cient offering wallet encryption).

Today crimeware kits are sold with a nice GUI for the thump your head variety criminal who barely knows left from right mouse button. A Bitcoin tailored kit will have some kind of exploit to get in, a module for uploading wallet.dat, keylogger/VNC etc. functionality if needed, a module for cleaning up after itself as if it had never existed and one for hiding itself from the usual suspects (all antiviruses, Spybot S&D, Wireshark, process explorer etc.) until such time that your wallet contains enough coin. Hell, the specialists already own a sizable number of machines and the crimeware might function as a search engine for interesting data on the botnet. They may even fix other vulnerabilities to keep the competition out and keep your system in shape to guarantee uptime (a dead zombie is worthless, heh).

The only way to be sure is to start completely fresh. Including BIOS flashes and viewing old backups as compromised too. And changing Bitcoin addresses, obviously.
I'm aware of how malware works, thank you. My bitcoins in my wallet have already been moved to a different machine, and seeing as this is not the machine I usually work on (I usually use my Windows machine for websites testing purposes only) the system being compromised is really not that big of an issue.

Regarding "hiding until there are enough coins" - you do realize the theft was from a Mt. Gox account and not from a wallet file? Did you even completely read my post?

What does KeePass do, is that one of those things that saves your passwords so you don't have to type them in?  Sort of defeats the point, no?

I would say good thing you learned your lesson at 10 BTC instead of 100 BTC or 1000 BTC.
KeePass (and other password safes) are actually one of the few proper methods to manage randomly generated passwords. You can't just "grab someones passwords".

Mt. Gox also really needs to add some sort of secondary verification.
Yes, I was thinking about this too - maybe a confirmation e-mail for every account withdrawal, whether in BTC or USD?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481055307
Hero Member
*
Offline Offline

Posts: 1481055307

View Profile Personal Message (Offline)

Ignore
1481055307
Reply with quote  #2

1481055307
Report to moderator
1481055307
Hero Member
*
Offline Offline

Posts: 1481055307

View Profile Personal Message (Offline)

Ignore
1481055307
Reply with quote  #2

1481055307
Report to moderator
1481055307
Hero Member
*
Offline Offline

Posts: 1481055307

View Profile Personal Message (Offline)

Ignore
1481055307
Reply with quote  #2

1481055307
Report to moderator
aral
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 16, 2011, 10:46:06 AM
 #42

The only way to be sure is to start completely fresh. Including BIOS flashes and viewing old backups as compromised too. And changing Bitcoin addresses, obviously.

Perhaps I misunderstand but there have been a few threads like this and it seems a common presumption here that the user is compromised.   People have every reason to be wary of a site like mt gox that suddenly has huge volumes of money moving through it and the operators are relatively inexperienced.  I'm not saying they have a security problem for sure, I just think it would be unwise to leave large balances on there.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 11:14:39 AM
 #43

The only way to be sure is to start completely fresh. Including BIOS flashes and viewing old backups as compromised too. And changing Bitcoin addresses, obviously.

Perhaps I misunderstand but there have been a few threads like this and it seems a common presumption here that the user is compromised.   People have every reason to be wary of a site like mt gox that suddenly has huge volumes of money moving through it and the operators are relatively inexperienced.  I'm not saying they have a security problem for sure, I just think it would be unwise to leave large balances on there.
Which is also why I find it unlikely that the compromise was on my side. For example:


I don't see how a login sent using GET should ever be considered secure - someone looking over your shoulder, being saved in browser history, to name a few.
There is no two factor authentication of any kind either.

Now I'm not directly accusing Mt. Gox of being "at fault" here, don't get me wrong, but I think it is reasonable to consider the issue being on Mt. Gox' side as well.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 12:03:15 PM
 #44

Some other people that claim to have had their Mt. Gox account compromised in the past few days (I don't know whether these threads are true or just FUD, just posting them here for the sake of having everything in 1 thread):

http://forum.bitcoin.org/index.php?topic=17595.0 (in the Newbies forum)
http://forum.bitcoin.org/index.php?topic=16526.0 (college funds lost)
http://forum.bitcoin.org/index.php?topic=17226.0 (Mt. Gox plus BTCGuild compromised, response from MagicalTux)
http://forum.bitcoin.org/index.php?topic=17082.0 (can not access account anymore)
http://forum.bitcoin.org/index.php?topic=17335.0 (can not access account anymore)

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
diven
Newbie
*
Offline Offline

Activity: 14


View Profile
June 16, 2011, 01:36:02 PM
 #45

Same thing happened to me last night, someone purchased BTC with all USD and withdrew the BTC.  5K in USD and  600 BTC gone with the wind.  Change your passwords people.
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 16, 2011, 05:20:00 PM
 #46

Same thing happened to me last night, someone purchased BTC with all USD and withdrew the BTC.  5K in USD and  600 BTC gone with the wind.  Change your passwords people.

How strong was your password?
diven
Newbie
*
Offline Offline

Activity: 14


View Profile
June 16, 2011, 05:58:43 PM
 #47

Strong by most standards, letters, number, special characters.  Nothing in a dictionary.
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 16, 2011, 06:30:35 PM
 #48

This is scary. How many chars did you use? And did you use this password somewhere else?
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 16, 2011, 06:33:46 PM
 #49

keep your money in dwolla, not on the mt.gox account....at least with dwolla it is FDIC insured.

bad bad juju building for BTC with these stories.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 08:53:27 PM
 #50

Another case:

http://forum.bitcoin.org/index.php?topic=17930.0

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 09:25:26 PM
 #51

If your account was broken into, also look here: http://forum.bitcoin.org/index.php?topic=18050.0

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322



View Profile
June 16, 2011, 11:42:00 PM
 #52

maybe no more putting your wallet addresses in signatures as well...

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 11:59:58 PM
 #53

maybe no more putting your wallet addresses in signatures as well...
That should not matter.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
bitcoinminer
Sr. Member
****
Offline Offline

Activity: 322



View Profile
June 17, 2011, 12:07:58 AM
 #54

maybe no more putting your wallet addresses in signatures as well...
That should not matter.

"Should" doesn't really apply in cases of identity theft... everyone's money SHOULD be safe... I'm just saying - too easy to track who's got what where, etc.  If you see somebody withdrawing 500 BTC from somewhere if you're a hacker, and you search for their wallet ID and come up with their forum name, etc. is what I'm getting at.

Be fearful when others are greedy, and greedy when others are fearful.

-Warren Buffett
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 17, 2011, 12:50:39 AM
 #55

maybe no more putting your wallet addresses in signatures as well...
That should not matter.

"Should" doesn't really apply in cases of identity theft... everyone's money SHOULD be safe... I'm just saying - too easy to track who's got what where, etc.  If you see somebody withdrawing 500 BTC from somewhere if you're a hacker, and you search for their wallet ID and come up with their forum name, etc. is what I'm getting at.
Yes, but if you cannot link that address to other addresses, it won't really do much.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 17, 2011, 05:07:44 AM
 #56

Wow, flashing your BIOS? Are there actual cases of BIOS malware being used in the wild by hackers/fraudsters?

Not that I know of, but since it's possible you might as well. If you are really paranoid of course, you would need to reflash externally, since it might protect itself against reflashing by immediately reflashing the attack code from memory Smiley

It's less likely a generic botnet operator would go to the trouble but that's only because of 'low hanging fruit' being readily available.

I guess the bottom line is that most people will do the minimum for protection, i.e. whatever the client already offers, and malware will focus on the lowest common denominator as long as it's profitable enough, but go the extra mile if it's worth it (and evolve when the client gets better protection etc.).

Quote from: joepie91
Regarding "hiding until there are enough coins" - you do realize the theft was from a Mt. Gox account and not from a wallet file?

Yes, and my point was that it's a mistake to discount all possibilities. Your original post didn't say anything about a separate machine BTW. But it hardly matters, unless that machine has not been connecting to your network, or to any network in general, it too cannot be considered as provably clean. Your account has been hacked, you don't know where from, assume the worst.
Maxxx
Member
**
Offline Offline

Activity: 70



View Profile
June 17, 2011, 05:27:36 AM
 #57

So who's selling that mt. gox database? Share the wealth. Amirite?

I think it's fairly obvious at this point. Changing your password won't help if they are not hashing passwords either. This is speculation btw, but with so many account breaches...

Time is money. This means that if you have spare time, you can use it to make money.

Modular, open, and stack-able miner case.
Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 17, 2011, 05:31:27 AM
 #58

Perhaps I misunderstand but there have been a few threads like this and it seems a common presumption here that the user is compromised.   People have every reason to be wary of a site like mt gox that suddenly has huge volumes of money moving through it and the operators are relatively inexperienced.  I'm not saying they have a security problem for sure, I just think it would be unwise to leave large balances on there.

Well yeah, if the exchange is compromised you can't do much, but given the fact that a lot of people are using Windows and use it for regular network access at the same time I'm inclined to give them the benefit of the doubt for now.

I'm more curious right now about how they do it, because there is supposedly a $1000 limit a day on transfers, in BTC too.
dirtyfilthy
Member
**
Offline Offline

Activity: 75


View Profile
June 17, 2011, 05:32:14 AM
 #59

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?

Address: 1EkSP5Uqf5Fhs8Gg4XJG2b3hrFS7Vm8WFz
Maxxx
Member
**
Offline Offline

Activity: 70



View Profile
June 17, 2011, 05:33:35 AM
 #60

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?

You could prolly ask joepie91 Wink

Time is money. This means that if you have spare time, you can use it to make money.

Modular, open, and stack-able miner case.
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!