How I got robbed of 34 btc on Mt.Gox today

[nwbitcoin]

But all the technical details aside, it's CLEAR that this site is built and targeted methodically at mtgox users

The reason I chose mtgox is because they are the biggest and most well known.

The second sentace could have been a quote from the scammers.

Really sorry for your loss, but just like Windows gets hacked because everyone and his dog uses it, MTGox suffers exactly the same way - for the same reason.

If your story helps someone else, at least it will not have been a complete disaster.

[Dervie]

"In order to see Chatbox or to communicate with us. Please Update java at the top of the page.

- If the Download did not worked, Click Here"

View Source > <h3><a href="http://g2f.nl/0lczsoo"> - If the Download did not worked, Click Here <a/></h3>

I never knew Adobe changed their domain to g2f.nl. Anyway, I'm sorry for your loss.

[running]

Disable Java in the browser.

There is no reason to run Java in browser nowadays. (Not JavaScript. Java.)

[mobile4ever]

I then realized that I only received my notification email from them much after the fact apparently because their servers are overloaded and not functioning correctly.

I sound like a broken record, but this is coming up again, in yet another thread. Bitcoin, and all of us, deserve decentralized markets.

[VeeMiner]

Please don't blame MtGox, this is what you accepted, you allowed a Java executable to run and gave it permission to run outside the sandbox.

https://news.ycombinator.com/item?id=5531507

I concur, this is very unfortunate and it sucks, but I can understand if MtGox refuses to pay your damages...

[bitbully]

I understand some people are getting prompts to run the Java applet, this was not the case with me. I was browsing the web and am aware not to run random applets, scripts, etc..and I did not lower any security restrictions at any point in time. I am very security conscious, so if I can become a victim, so can many others who are none the less wiser.

Finally it does seem the site was added to the google phishing directory which is good.

Thank you all for helping me to figure this out. I really don't want anyone to experience what I went through today.

[chip1]

Did mtgox refund you? What are they saying.

[SteamGamesBTC.com]

That's why I have always Java disabled on webbrowsers.

Don't know it's true, but someone cliams that MtGox is hacked:
http://pastebin.com/ZSqRN3RK

[crazy_rabbit]

My heart goes out to you there. Everyones nightmare. Get a yubikey. Seriously. Nothing can be without 2fa.

Oh shit! My bitstamp doesn't have it enabled! RUN! RUN! RUN!....


....whew, that was close.

[phr0stbyt3]

TLDR
+1 for 2FA. On a related note, it seems like several accounts were compromised over @ BTC-e within the last few days.
Sorry to hear about your coins OP.  

[juice]

https://defuse.ca/bitcoin-pool-ddos.htm

[rme]

That's why I have always Java disabled on webbrowsers.

Don't know it's true, but someone cliams that MtGox is hacked:
http://pastebin.com/ZSqRN3RK

FAKE

All the logins come from http://pastebin.com/Kd093NQi and are not MtGox users.

[Fuyuki_Wataru]

Javascript drive-by, cost's nearly nothing. With 300 USD you can easily buy pre-made keyloggers, java driveby, and other useful blackhat items/scripts to get someones account information. It really doesn't take a brain anymore to 'hack'.

I use google chrome no-cookies browser, and got about 15 different passwords. It's really annoying because I never know which one is for what website... Though I must admit the ones I use for forums and such are easy. Did you know that there's basically a list of 5 billion or more passwords? Start thinking out of the box, and make random passwords like Xfha25ADmw-_215s. Still though... OP post shows that even if you have a good password you can be stolen from. Think wisely.


Also, here is a tip for those who read this; once you have added your creditcard or any other form of payment on a website, immediately delete it once finished. Else it might stay registered there, and once someone finds out that it's there... your fucked.

[muyuu]

Can't see how MtGox can be liable if you have malware executing orders in your computer.

It's impossible that all this happened just for entering that website.

1) You installed something from that site.
2) Or; You gave it extra permissions to run something on your browser.

Look at the site.

JAVA.

Chrome asks permission to run Java.
#2

Most likely he just clicked "ok" as most people blindly do.

Still a pity though.

[antibanker]

http://sitecheck.sucuri.net/results/www.mtgox-chat.info


they say its clean 

[Herodes]

Firstly, let me say that I am truly sorry for your loss - nobody deserves to lose that amount of money. This is my genuine opinion, then unfortunately I have to wave my finger at you and point out the following:

* When having an account at MtGox, you should use two-factor authentication (yubikey). I've heard you can use Google and your cell phone too, but I haven't tried that.
* When operating MtGox, do so with it's own browser and have the rest of the sites you have open in another browser, with no other tabs open. This will ensure that any cross site exploit can't take place.
* Unless it's a link you recognize (youtube.com, reddit.com etc), then don't click any link in that trollbox. Even better would be never to click anything from that trollbox. It's dangerous - as you now with great pain has experienced.

Btc-e.com is facilitating this to happen. Actually, no links in the trollbox should be clickable. People will click on links, and they will become exploited. There are skilled hackers aka predators, just waiting like crocodiles in the water for the kettle to come and drink in their water hole (clicking links). Even if links clicked are not exploitable, if the hacker controls the server where you click the link, he can collect informaiton about your btc-e.com user account (username, your ip) and then target an attack directly at your ip to see if there's any vulnerabilities  on your network.

If in doubt - always be careful - and as this incident shows - it's very easy to be exploited. This is just an alternative to the msn, skype and facebook viruses. When there's something to steal or exploit, there will always be cyber criminals lined up to take advantage of this.

The trollbox can also be disabled when using the site. Also, most of the info in the trollbox is of extremely low quality, and when someone uses a bait as 'click here to see MtGox accepting litecoins', the smart malicious hackers knows this will trigger the curiosity of people, which will then click that link, and subsequently become infected. If you see any such news, then rather than clicking that link, go to reddit/r/bitcoin or bitocintalk.org and see if there's any mention of it there. If it isn't, then it's probably just a hoax. Also, be very careful when clicking on links to unknown bitcoin sites in general.

[Dabs]

I use Windows XP and Firefox. I don't get virus'd often, or very rarely, and usually is because I intentionally run something I'm not supposed to. Although two factor authentication is nice, I find that I personally don't need it, since I never access any important sites insecurely, and all have good long unguessable passwords.

[Rampion]

I use Windows XP and Firefox. I don't get virus'd often, or very rarely, and usually is because I intentionally run something I'm not supposed to. Although two factor authentication is nice, I find that I personally don't need it, since I never access any important sites insecurely, and all have good long unguessable passwords.

FAIL

[Anvi]

This is why everyone should always browse the web with Firefox and NoScript addon... You have to manually whitelist sites/domains that you trust.

[Dabs]

What part is the fail? or everything I guess? To others and to you maybe.

I also use Deep Freeze. Turns my whole computer into it's own sandboxed VM, so any malware disappears on reboot.