Bitcoin Forum
December 05, 2016, 04:38:13 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: My MtGox account has been hacked  (Read 5956 times)
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 08:24:59 AM
 #1

This morning when I tried to login btcguild, it said my password has been changed. Same deal with mtgox. I also cannot login my email which was associated with btcguild and mtgox. I recovered my password and resetted it only to found out that my account in btcguild has been updated with a new wallet id as well as a new email, which is my original email with a 1 appended at the end (eg from xyz@gmail.com to xyz1@gmail.com). Luckily I had payout lock in btcguild which means payout cannot be allowed within 24 hours of a wallet id change.

I then tried recover my password in MtGox by clicking the forgot password option, but the hacker likely changed my email address therefore I cannot receive the mail to reset my password. I've filed a ticket to MtGox support but I don't know how long it will take for them to respond to me. I would very much like them to freeze all my assets on MtGox (worth thousands of USD) until I can regain access to my account.

I'm typing this to let everyone know that I've either been hacked or the security in btcguild and/or MtGox is not secure.

Edit:

I've been contacted by MtGox and they are now on the case.

    Hi,

    We have located your funds. Unfortunately some funds have already been withdrawn ($1000 worth in bitcoins). We are tracking those funds as fast as possible.

    Thanks,
    Mark
    MtGox.com Team

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
1480912693
Hero Member
*
Offline Offline

Posts: 1480912693

View Profile Personal Message (Offline)

Ignore
1480912693
Reply with quote  #2

1480912693
Report to moderator
1480912693
Hero Member
*
Offline Offline

Posts: 1480912693

View Profile Personal Message (Offline)

Ignore
1480912693
Reply with quote  #2

1480912693
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480912693
Hero Member
*
Offline Offline

Posts: 1480912693

View Profile Personal Message (Offline)

Ignore
1480912693
Reply with quote  #2

1480912693
Report to moderator
PLATO
Sr. Member
****
Offline Offline

Activity: 277


Subversive


View Profile WWW
June 15, 2011, 08:26:27 AM
 #2

Did you use the same password on multiple sites? What was it?
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 08:40:47 AM
 #3

No, I did not use the same password on both sites, although both sites had the same user name. My first initial thought is that I have been hacked or keylogged, because whoever that did this cannot do this without access to my email username and password (he changed my email password).

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
Sukrim
Legendary
*
Offline Offline

Activity: 1848


View Profile
June 15, 2011, 08:42:02 AM
 #4

I'm typing this to let everyone know that I've either been hacked or the security in btcguild and/or MtGox is not secure.
Added highlighting... Wink

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
June 15, 2011, 09:02:01 AM
 #5

Unix style permissions: Receive, Send, Operate / View

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 09:14:59 AM
 #6

Unix style permissions: Receive, Send, Operate / View

What do you mean?

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
AntiVigilante
Member
**
Offline Offline

Activity: 98



View Profile
June 15, 2011, 09:16:08 AM
 #7

Unix style permissions: Receive, Send, Operate / View

What do you mean?

I mean I need to talk to developers pronto.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 09:42:07 AM
 #8

I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/

I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).

I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
gongcheng
Member
**
Offline Offline

Activity: 84


View Profile
June 15, 2011, 10:15:21 AM
 #9

Thank you, Mark first.

Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
June 15, 2011, 01:12:24 PM
 #10

Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer.  Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.

Nescio
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 15, 2011, 01:33:35 PM
 #11

Change wallet addresses too, see 'allinvain's thread, he lost his balance too (you might not have enough credit on it worth bothering now, but maybe later). Assume your machine is trojaned. If you have the funds it would perhaps benefit the community if you could have the machine analyzed for the attack vector.
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 01:45:26 PM
 #12

Check your account activity in gmail. At the bottom, it will say "Last account activity: XX minutes ago on this computer.  Details" click on details and it will show you the last IP's to login and when it was. See if you can find out any info from that.

I just checked and it only showed data up to 4 hours ago, and the IP addresses were all me since after I've recovered the password. The attack occurred about 6 hours ago so I couldn't get info on the attacker's IP.

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 15, 2011, 01:46:32 PM
 #13

I suspect that this will not be the end of accounts being hacked. Seeing as the hacker targeted specifically for bitcoins (changing btcguild and mtgox passwords), This is done by someone within the community. I only got a new SSD with a fresh install of windows 2 weeks ago, and since then the programs that I've downloaded are the miners, bitcoin client, and the various sites I've visited are all bitcoin-related, such as http://www.bitcoinwatch.com, http://blog.bitcoinwatch.com/ and http://bitcoincharts.com/markets/

I'm using Microsoft Essentials as my anti-virus, and I have not been going to suspicious sites (as far I'm aware). So the hacker could only get through to me through the above means. I urge everyone that visits the same sites or uses the same programs as I do, change their passwords regularly (and avoid using same username and email for sensitive info).

I'm just enabled the two-step verification process for my gmail account to require a verification code sent to my phone before I can log in - I hope doing so will prevent hackers to have access to my email which then they use to change my passwords for various sites. Those of you that have invested significantly in mtgox should do the same.

Oh wow, so I am starting to now think that my stolen funds were facilitated by a bitcoin community program/util.

This is crazy insane, it's starting to look like a information warfare attempt on the bitcoin community - by targeting its users and selling their bitcoins. Free money for the thieves that's for sure!

Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
June 15, 2011, 01:55:56 PM
 #14

Sheesh lets not make any crazy assumptions here. All we need is another fucking Gawker story. "Bitcoin websites hacking bitcoin walletz!11!"

If your gmail was compromised from another computer I would expect to give the info, maybe even a warning like this:




Is it possible your computer was compromised physically? Do you leave your computer on and stay logged in?

spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 02:35:30 PM
 #15

I didn't see that warning when I reset my password from gmail.

I believe the attack occurred when I was using the computer, i.e. one minute I was logging in btcguild just fine, the next minute my password was changed. Both my mining computer (the one I believe was compromised) and my laptop were physically by my side.

MtGox is in the process of tracing my bitcoins now, I will continue to update this thread when I receive more info.

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 15, 2011, 02:45:45 PM
 #16

I wish you the best of luck spyjai! You and I are in the same boat. I have a strong feeling the same hacker that stole my BTC also hacked you as well.

Bazil
Full Member
***
Offline Offline

Activity: 126


View Profile
June 15, 2011, 02:51:15 PM
 #17

To me it sounds like someone used a brute force program to break in.  Did you use the same PW on mtgox and the btc guild?  People should go through the code of these utilities to see if anyone snuck anything malicious in just in case.  Maybe some kind of key logger or something.

17Bo9a6YpXN2SbwY8mXLCD43Wup9ZE4rwm
spyjai
Newbie
*
Offline Offline

Activity: 19


View Profile
June 15, 2011, 04:10:10 PM
 #18

To me it sounds like someone used a brute force program to break in.  Did you use the same PW on mtgox and the btc guild?  People should go through the code of these utilities to see if anyone snuck anything malicious in just in case.  Maybe some kind of key logger or something.

I used different pw for btcguild and mtgox. I'm now installing KeePass to store my passwords in.

1WangHakHgQU5a3HShP7UFX3eg6rWGQQR
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 16, 2011, 09:31:37 PM
 #19

spyjai, can you keep the infected pc offline? I don't want that hacker guy to be able to delete his traces (in the case he not already did).
What miners do you use? Maybe the attacker gained access to their webhosting and replaced some tool(s) by infected editions. We should compare the md5s of the various exes.
ocharry
Newbie
*
Offline Offline

Activity: 28



View Profile
June 16, 2011, 09:39:38 PM
 #20

This is starting to worry me as well because a few days ago I found out that someone was trying to log in to my email (used on MtGox) but was unsuccessful - the site told me that numerous login attempts failed. The account at MtGox and my email had different passwords so I'm guessing that's what thwarted it.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!