nwbitcoin
|
|
April 11, 2013, 12:49:43 PM |
|
But all the technical details aside, it's CLEAR that this site is built and targeted methodically at mtgox users
The reason I chose mtgox is because they are the biggest and most well known.
The second sentace could have been a quote from the scammers. Really sorry for your loss, but just like Windows gets hacked because everyone and his dog uses it, MTGox suffers exactly the same way - for the same reason. If your story helps someone else, at least it will not have been a complete disaster.
|
*Image Removed* I use Localbitcoins to sell bitcoins for GBP by bank transfer!
|
|
|
Dervie
Newbie
Offline
Activity: 42
Merit: 0
|
|
April 11, 2013, 12:50:44 PM |
|
"In order to see Chatbox or to communicate with us. Please Update java at the top of the page. - If the Download did not worked, Click Here" View Source > <h3><a href=" http://g2f.nl/0lczsoo"> - If the Download did not worked, Click Here <a/></h3> I never knew Adobe changed their domain to g2f.nl. Anyway, I'm sorry for your loss.
|
|
|
|
running
Newbie
Offline
Activity: 40
Merit: 0
|
|
April 11, 2013, 01:22:31 PM |
|
Disable Java in the browser.
There is no reason to run Java in browser nowadays. (Not JavaScript. Java.)
|
|
|
|
mobile4ever
|
|
April 11, 2013, 01:23:38 PM |
|
I then realized that I only received my notification email from them much after the fact apparently because their servers are overloaded and not functioning correctly.
I sound like a broken record, but this is coming up again, in yet another thread. Bitcoin, and all of us, deserve decentralized markets.
|
|
|
|
VeeMiner
|
|
April 11, 2013, 01:30:33 PM Last edit: April 11, 2013, 01:41:14 PM by VeeMiner |
|
I concur, this is very unfortunate and it sucks, but I can understand if MtGox refuses to pay your damages...
|
|
|
|
bitbully (OP)
Jr. Member
Offline
Activity: 47
Merit: 1
|
|
April 11, 2013, 01:31:14 PM |
|
I understand some people are getting prompts to run the Java applet, this was not the case with me. I was browsing the web and am aware not to run random applets, scripts, etc..and I did not lower any security restrictions at any point in time. I am very security conscious, so if I can become a victim, so can many others who are none the less wiser.
Finally it does seem the site was added to the google phishing directory which is good.
Thank you all for helping me to figure this out. I really don't want anyone to experience what I went through today.
|
|
|
|
chip1
Newbie
Offline
Activity: 28
Merit: 0
|
|
April 11, 2013, 01:36:45 PM |
|
Did mtgox refund you? What are they saying.
|
|
|
|
SteamGamesBTC.com
|
|
April 11, 2013, 01:37:35 PM Last edit: April 11, 2013, 01:48:22 PM by steamgames |
|
That's why I have always Java disabled on webbrowsers. Don't know it's true, but someone cliams that MtGox is hacked:http://pastebin.com/ZSqRN3RK
|
►SteamGamesBTC.com◄ > Automatic 24/7 bot: purchase any Steam game 20% cheaper with Bitcoin! <
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
April 11, 2013, 01:38:49 PM |
|
My heart goes out to you there. Everyones nightmare. Get a yubikey. Seriously. Nothing can be without 2fa.
Oh shit! My bitstamp doesn't have it enabled! RUN! RUN! RUN!....
....whew, that was close.
|
more or less retired.
|
|
|
phr0stbyt3
|
|
April 11, 2013, 01:41:27 PM |
|
TLDR +1 for 2FA. On a related note, it seems like several accounts were compromised over @ BTC-e within the last few days. Sorry to hear about your coins OP.
|
|
|
|
juice
Newbie
Offline
Activity: 56
Merit: 0
|
|
April 11, 2013, 02:14:09 PM Last edit: May 15, 2013, 07:41:07 AM by juice |
|
|
|
|
|
|
Fuyuki_Wataru
Member
Offline
Activity: 167
Merit: 10
|
|
April 11, 2013, 02:37:13 PM |
|
Javascript drive-by, cost's nearly nothing. With 300 USD you can easily buy pre-made keyloggers, java driveby, and other useful blackhat items/scripts to get someones account information. It really doesn't take a brain anymore to 'hack'.
I use google chrome no-cookies browser, and got about 15 different passwords. It's really annoying because I never know which one is for what website... Though I must admit the ones I use for forums and such are easy. Did you know that there's basically a list of 5 billion or more passwords? Start thinking out of the box, and make random passwords like Xfha25ADmw-_215s. Still though... OP post shows that even if you have a good password you can be stolen from. Think wisely.
Also, here is a tip for those who read this; once you have added your creditcard or any other form of payment on a website, immediately delete it once finished. Else it might stay registered there, and once someone finds out that it's there... your fucked.
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
April 11, 2013, 02:39:18 PM |
|
Can't see how MtGox can be liable if you have malware executing orders in your computer. It's impossible that all this happened just for entering that website.
1) You installed something from that site. 2) Or; You gave it extra permissions to run something on your browser.
Look at the site. JAVA. Chrome asks permission to run Java. #2 Most likely he just clicked "ok" as most people blindly do. Still a pity though.
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
antibanker
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 11, 2013, 02:49:11 PM |
|
|
|
|
|
Herodes
|
|
April 11, 2013, 02:54:36 PM |
|
Firstly, let me say that I am truly sorry for your loss - nobody deserves to lose that amount of money. This is my genuine opinion, then unfortunately I have to wave my finger at you and point out the following:
* When having an account at MtGox, you should use two-factor authentication (yubikey). I've heard you can use Google and your cell phone too, but I haven't tried that. * When operating MtGox, do so with it's own browser and have the rest of the sites you have open in another browser, with no other tabs open. This will ensure that any cross site exploit can't take place. * Unless it's a link you recognize (youtube.com, reddit.com etc), then don't click any link in that trollbox. Even better would be never to click anything from that trollbox. It's dangerous - as you now with great pain has experienced.
Btc-e.com is facilitating this to happen. Actually, no links in the trollbox should be clickable. People will click on links, and they will become exploited. There are skilled hackers aka predators, just waiting like crocodiles in the water for the kettle to come and drink in their water hole (clicking links). Even if links clicked are not exploitable, if the hacker controls the server where you click the link, he can collect informaiton about your btc-e.com user account (username, your ip) and then target an attack directly at your ip to see if there's any vulnerabilities on your network.
If in doubt - always be careful - and as this incident shows - it's very easy to be exploited. This is just an alternative to the msn, skype and facebook viruses. When there's something to steal or exploit, there will always be cyber criminals lined up to take advantage of this.
The trollbox can also be disabled when using the site. Also, most of the info in the trollbox is of extremely low quality, and when someone uses a bait as 'click here to see MtGox accepting litecoins', the smart malicious hackers knows this will trigger the curiosity of people, which will then click that link, and subsequently become infected. If you see any such news, then rather than clicking that link, go to reddit/r/bitcoin or bitocintalk.org and see if there's any mention of it there. If it isn't, then it's probably just a hoax. Also, be very careful when clicking on links to unknown bitcoin sites in general.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 11, 2013, 03:14:22 PM |
|
I use Windows XP and Firefox. I don't get virus'd often, or very rarely, and usually is because I intentionally run something I'm not supposed to. Although two factor authentication is nice, I find that I personally don't need it, since I never access any important sites insecurely, and all have good long unguessable passwords.
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
April 11, 2013, 03:24:15 PM |
|
I use Windows XP and Firefox. I don't get virus'd often, or very rarely, and usually is because I intentionally run something I'm not supposed to. Although two factor authentication is nice, I find that I personally don't need it, since I never access any important sites insecurely, and all have good long unguessable passwords.
FAIL
|
|
|
|
Anvi
Newbie
Offline
Activity: 40
Merit: 0
|
|
April 11, 2013, 03:33:00 PM |
|
This is why everyone should always browse the web with Firefox and NoScript addon... You have to manually whitelist sites/domains that you trust.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 11, 2013, 03:51:03 PM |
|
What part is the fail? or everything I guess? To others and to you maybe.
I also use Deep Freeze. Turns my whole computer into it's own sandboxed VM, so any malware disappears on reboot.
|
|
|
|
|