Bitcoin Forum
December 04, 2016, 02:34:53 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Hacker got to my MTGOX account, he converted the USD I had......  (Read 12651 times)
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 17, 2011, 10:43:21 AM
 #61

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?
I am not in the dump, nor do I reuse passwords. So *if* the Lulzsec DB is in some way related (which I doubt as that dump was released after accounts started getting broken into) it is at least not the only attack vector.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
1480862093
Hero Member
*
Offline Offline

Posts: 1480862093

View Profile Personal Message (Offline)

Ignore
1480862093
Reply with quote  #2

1480862093
Report to moderator
1480862093
Hero Member
*
Offline Offline

Posts: 1480862093

View Profile Personal Message (Offline)

Ignore
1480862093
Reply with quote  #2

1480862093
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 17, 2011, 11:47:25 AM
 #62

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?

What is this?

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 12:05:57 PM
 #63

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?

What is this?

Lulzsec is a group that have been hacking quite a number of well know networks and systems in the last week or so. They've exposed many security flaws, and gottn hold of many many username password combinations.

A lot of fairly new forum users have supposedly had their MT.Gox account hacked, and had their bitcoin taken, or if USD it's exchanged for bitcoin and taken.

There's nothing wrong with MT.Gox's security, only that a great number of users have been using the same username:password combination as another website that's been hacked.

EDIT

Another possibility is that the user with the hacked system had a password stealing trojan on their system.

The only options for what is happening are:

1)MTGox are themselves stealing users money
2)Users are reusing password/username combinations from other sites that have been hacked
3)Users have a compromised system that has resulted in their username/password being lifted.
4)MTGox has some major security holes

1 is not likely as MTGox make enough money as it is, also why then wouldn't they steal everyonese instead of just a few accounts worth?

4 is more likely but still not probable. MTGox have a simple but robust system that has been strengthened through attacks almost since it's inception.

They use username:password authentication over https, so that's not leaked.

Again because it's over https there is little to no chance of having your session hijacked.

They limit the number of password attempts so accounts cannot be brute forced.

The system itself isn't likely easily hacked, otherwise everyones bitcoin in MTGox would be gone.

Options 2 & 3 are the most likely and most common in these situations.

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
June 17, 2011, 12:18:06 PM
 #64

I know what LulzSec is. Again, what is this about a dump of 62,000 passwords?

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
diven
Newbie
*
Offline Offline

Activity: 14


View Profile
June 17, 2011, 12:18:58 PM
 #65

Options 2 & 3 are the most likely and most common in these situations.

Fair enough, but what about the daily (monthly) withdraw limits being circumvented?
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 17, 2011, 12:25:25 PM
 #66

I bet this is related to lulzsec's recent dump of 62,000 passwords. Password reuse anyone?

What is this?

Lulzsec is a group that have been hacking quite a number of well know networks and systems in the last week or so. They've exposed many security flaws, and gottn hold of many many username password combinations.

A lot of fairly new forum users have supposedly had their MT.Gox account hacked, and had their bitcoin taken, or if USD it's exchanged for bitcoin and taken.

There's nothing wrong with MT.Gox's security, only that a great number of users have been using the same username:password combination as another website that's been hacked.
If you look at the stickied thread in Newbies you can see that most people don't seem to reuse both their username and password on Mt. Gox.
Quote
EDIT

Another possibility is that the user with the hacked system had a password stealing trojan on their system.
I know that at least for me that is not the case.
Quote
The only options for what is happening are:

1)MTGox are themselves stealing users money
2)Users are reusing password/username combinations from other sites that have been hacked
3)Users have a compromised system that has resulted in their username/password being lifted.
4)MTGox has some major security holes

1 is not likely as MTGox make enough money as it is, also why then wouldn't they steal everyonese instead of just a few accounts worth?
I don't think Mt. Gox stole it themselves. Besides them indeed getting more gain from running a business, there are a lot more "invisible" ways to make money disappear from accounts if you have access to the system. So that's extremely unlikely.
Quote
4 is more likely but still not probable. MTGox have a simple but robust system that has been strengthened through attacks almost since it's inception.

They use username:password authentication over https, so that's not leaked.
They are vulnerable to a CSS history sniffing attack because they use GET requests for their forms, to just name a vulnerability I found (which can be thwarted by having a long non-dictionary password, by the way). So no, it's not as robust as you seem to imply.
Quote
Again because it's over https there is little to no chance of having your session hijacked.

They limit the number of password attempts so accounts cannot be brute forced.
I believe that that only works per IP, and that you have a practically infinite amount of attempts per account if you do distributed bruteforce (aka, let every bot in your botnet do 5 tries).
Quote
The system itself isn't likely easily hacked, otherwise everyones bitcoin in MTGox would be gone.
It would be a much better to stay relatively low-profile, and not give the impression that Mt. Gox were compromised, if it's indeed unsafe. That way you can slowly keep stealing more and more funds, while other people just attribute it to user error.
Quote
Options 2 & 3 are the most likely and most common in these situations.
I know that at least for me both 2 and 3 are not applicable. I don't reuse passwords, and I've turned my entire system pretty much upside down to see if there was anything suspicious - which there wasn't.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 17, 2011, 12:30:16 PM
 #67

I know what LulzSec is. Again, what is this about a dump of 62,000 passwords?

http://latimesblogs.latimes.com/technology/2011/06/lulzsec-publishes-62000-email-and-password-combinations.html

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 17, 2011, 12:59:32 PM
 #68

Add me to the mtgox hacked list.

I just found out someone hacked in and stole my full balance there of 20 BTC on the 14th(about 1/4 of what I own Sad  )
I'm running Linux behind 2 firewalls, so I highly doubt i was compromised at home.
Though I do a pretty good job of using different passwords, I can think of one thing i signed for lately where I was stupid enough to use the login combo.

I'm NOT pointing any fingers here, but that site was www.btcprizes.com
Can anyone else that has been hacked through MtGox recall if they registered there?

RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 17, 2011, 05:27:33 PM
 #69

I'd bet that the hacker(s) hacked a lot of btc related sites and stole the username/password combos to try them at more valuable sites like mtgox. No offence to all the site admins but most sites look like total noob stuff from a security point of view. That's simply because web site security isn't as trivial as many may think because of various possible attack vectors (think of session hijacking/fixation/riding, invalid input sanitazion, incorrect output encoding, multiple encodings to bypass filters, buggy php functions which stop at a 0-byte, ....).
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 17, 2011, 07:08:08 PM
 #70

Just sharing a PM i got, also with the same theme.

Quote
I can't post yet, seeing as how I havent made the 5 minimum, I am sure I must be close to the 4 hours but I digress... last night I bought, only 6 BTC in mtgox, basically as a learning tool to see how things work. and immediately, I mean immediately after the purchase went through, 5.55 BC were "withdrawn" to 1H2RBCBBTEGtWs4rDEGEqJLzKgcKrN8VdpI have since changed al my passwords, emails, and everything to all my accounts, but the only thing I can think of was the fact that I too used the same username and password combo, that at the time I used for mtgox on the btcprizes registration...


Again, no accusations but it would be interesting to hear from others if this is a common theme going on...

RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
NO_SLAVE
Jr. Member
*
Offline Offline

Activity: 56


DEBT IS SLAVERY


View Profile
June 17, 2011, 07:13:44 PM
 #71

Just sharing a PM i got, also with the same theme.

Quote
I can't post yet, seeing as how I havent made the 5 minimum, I am sure I must be close to the 4 hours but I digress... last night I bought, only 6 BTC in mtgox, basically as a learning tool to see how things work. and immediately, I mean immediately after the purchase went through, 5.55 BC were "withdrawn" to 1H2RBCBBTEGtWs4rDEGEqJLzKgcKrN8VdpI have since changed al my passwords, emails, and everything to all my accounts, but the only thing I can think of was the fact that I too used the same username and password combo, that at the time I used for mtgox on the btcprizes registration...


Again, no accusations but it would be interesting to hear from others if this is a common theme going on...
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 17, 2011, 11:47:39 PM
 #72

Sooo any real word from mtgox yet?
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 18, 2011, 12:24:55 AM
 #73

.... To the guys that got hacked, how secure did you think your password was? Did it use names, numbers, words, etc etc, how long was it, did you ever reuse it, are all your passwords stored somewhere presumed safe?
Maybe you simply tell us the passwords you used, I mean, if you still use that password ANYWHERE, you desire to be hacked.
BTCPrizes
Newbie
*
Offline Offline

Activity: 28



View Profile WWW
June 18, 2011, 12:31:28 AM
 #74

Hello,

I highly doubt our site has been compromised in any way. Although, we have been DDoS'ed 3 times already since we have been up. We used very strong hashed passwords for all of all users. Not to mention the attacks started weeks before we launched the site.

The moment we learned that a lot of people have been compromised on MTGOX we began working on increasing the security on the site and have reset the passwords of all users.

I don't doubt that Bitcoin has attracted a few talented hackers that are behind the recent attacks on our site, mtgox, bitcoin, and others.

- Avoid all downloads
- Avoid all of the smaller mining pools
- Avoid every other poorly created Bitcoin websites being spammed on the forums

If anyone has any questions feel free to send us a private message.


btcprizes.com  - free bitcoins.
ibisy70
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 18, 2011, 02:01:24 AM
 #75

I got hacked 2 days ago but luckily I only had 4 BTC in mtgox at the time.

I used the same password for MtGox, Tradehill, and Deepbit. The password was randomly generated and wrote down on a sticky note next to my PC.

What is even more strange is that I ONLY access these three sites from one of my mining rigs for the specific reason of security. The only programs I have installed is a browser and the basic mining essentials. I believe there is a hacker targeting one of those three sites, there is no way I had a virus.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 18, 2011, 02:09:18 AM
 #76

has anyone suspected the mining programs..anyone audited them yet?

ibisy70
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 18, 2011, 02:20:00 AM
 #77

I only use GUIMiner - What did you use?



Some other information:

http://www.pcpro.co.uk/news/security/368149/symantec-warns-of-trojan-targeting-bitcoin

http://www.symantec.com/connect/blogs/all-your-bitcoins-are-ours
broker11
Jr. Member
*
Offline Offline

Activity: 30


View Profile
June 18, 2011, 03:22:46 AM
 #78

Mt. Gox Cross-Site Request Forgery vulnerability Fixed:

http://forum.bitcoin.org/index.php?topic=18709.0
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 18, 2011, 10:38:13 AM
 #79

Egg on my face  Embarrassed

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 18, 2011, 10:42:46 AM
 #80

Again, to everyone who had his account compromised, please post in http://forum.bitcoin.org/index.php?topic=18050.0 .
As that topic is posted in Newbies (on purpose), anyone should be able to post in it regardless of post count.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!