Bitcoin Forum
December 11, 2017, 04:49:05 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MtGox hacked? I am locked out of my account  (Read 2277 times)
Derechef
Newbie
*
Offline Offline

Activity: 7


View Profile
April 12, 2013, 10:23:31 AM
 #1

There is one new reason to stop using MtGox.

When I woke up on Wednesday morning there were emails from MtGox in my inbox: emails saying there had been trades on my account (I had no open orders), emails saying that there had been withdrawals, non-BTC redeemable codes deprecation notices and one last email saying that my password had been reset.

My password was very secure, I NEVER told anyone my password, I was not using this password on any other website, I have never been on a phishing website or on websites like mtgox-chat, there is no key-logger on my computer, my OS is Linux, etc.
I am quite security-aware and I never had a problem with any of my account being hacked. I also checked the activity on my Gmail account and there were no suspicious connection.
I could not understand what happened the issue is almost certainly on MtGox side.

So I tried the password recovery procedure and it was not working. I then sent an email to the support explaining everything. I also sent a message on Twitter.

I had not a single answer for two days nor could I connect to my account. These were two very painful days. This morning I finally received a message from the support saying they cannot do anything and I will not be refunded.

I am not familiar with non-BTC redeemable codes but it means the hacker is transferring some funds to an other MtGox account, right? I cannot understand why they are saying they cannot do anything. Beside the password recovery procedure is still NOT working. I still do not know if there is anything left on my account.

I had been selling Bitcoins for a couple of weeks and there were around 20,000€ and 63 bitcoins on my account. I received 6 withdrawals emails and 4 non-BTC redeemable codes deprecation notices.
According to the emails, the hacker bought 100 BTC then sold 70 BTC then bought 70 BTC. The trades were done at around 180€ per Bitcoin.
My account had a "Verified" status. Anyone know what are the withdrawal limits? I hope there is something left on my account...

Of course I sent an other message to the support but they are so slow to answer. I will keep you updated...

In the meantime be very careful with your MtGox accounts. If you do not have a Yubikey you should move your money NOW.
1512967745
Hero Member
*
Offline Offline

Posts: 1512967745

View Profile Personal Message (Offline)

Ignore
1512967745
Reply with quote  #2

1512967745
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512967745
Hero Member
*
Offline Offline

Posts: 1512967745

View Profile Personal Message (Offline)

Ignore
1512967745
Reply with quote  #2

1512967745
Report to moderator
1512967745
Hero Member
*
Offline Offline

Posts: 1512967745

View Profile Personal Message (Offline)

Ignore
1512967745
Reply with quote  #2

1512967745
Report to moderator
shibaji
Full Member
***
Offline Offline

Activity: 196



View Profile
April 12, 2013, 10:29:54 AM
 #2

Wow! Very sorry to hear that.

BTC: 1G4FWK6U3qQb2ikgdcYZovLzyQ7xmWotBP  LTC: LUnQFuhQKNjhrsK4HSdcsn6Bf3wcT3tW2y  DVC: 1EKz74j7xNBYunJ77wQVD8DE843PwZaRFF
My reputation thread: https://bitcointalk.org/index.php?topic=183806.0
Shibaji's Your Man In USA Service: https://bitcointalk.org/index.php?topic=191303.msg1980889#msg1980889
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
April 12, 2013, 10:40:04 AM
 #3

GoxUSD can be redeemed in places other than Gox, and is indeed considered currency in OTC trades for PPUSD, WU, BTC, etc.

There have been no other account compromises I'm aware of in the past few days.

Did you have 2FA enabled? If so, it's likely an indication this might not be isolated. Maybe you used a service like LastPass?

Don't mix your coins someone said isn't legal
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
April 12, 2013, 10:49:55 AM
 #4

Maybe not isolated. https://bitcointalk.org/index.php?topic=174556.0;topicseen

Don't mix your coins someone said isn't legal
Derechef
Newbie
*
Offline Offline

Activity: 7


View Profile
April 12, 2013, 10:53:32 AM
 #5

GoxUSD can be redeemed in places other than Gox, and is indeed considered currency in OTC trades for PPUSD, WU, BTC, etc.

 Embarrassed

Did you have 2FA enabled? If so, it's likely an indication this might not be isolated. Maybe you used a service like LastPass?

No I don't use services like LastPass. And unfortunately I did not had 2FA enabled. I was not using my MtGox account until very recently when I began selling my Bitcoins.
Crazy
Full Member
***
Offline Offline

Activity: 168


View Profile
June 04, 2013, 08:32:44 AM
 #6

Maybe you used a service like LastPass?
What's this about LastPass? Was there a security breach I'm not aware of?
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
June 04, 2013, 04:25:40 PM
 #7

Maybe you used a service like LastPass?
What's this about LastPass? Was there a security breach I'm not aware of?
Not that I know of. In the event of an account breach anywhere, it's standard procedure for the clever ones to try those passwords on password management services and, of course, email accounts. Account breaches somewhere else should always be considered when wondering how credentials were taken -- that's all I was getting at.  Smiley

Don't mix your coins someone said isn't legal
EuroTrash
Hero Member
*****
Offline Offline

Activity: 728



View Profile
June 04, 2013, 07:48:08 PM
 #8

Maybe you used a service like LastPass?
What's this about LastPass? Was there a security breach I'm not aware of?
Not that I know of. In the event of an account breach anywhere, it's standard procedure for the clever ones to try those passwords on password management services and, of course, email accounts. Account breaches somewhere else should always be considered when wondering how credentials were taken -- that's all I was getting at.  Smiley

Derechef, sorry for your loss.
Was your MtGox password used only on Gox?

<=== INSERT SMART SIGNATURE HERE ===>
edd
Donator
Legendary
*
Offline Offline

Activity: 1386



View Profile WWW
June 04, 2013, 08:02:15 PM
 #9

I could not understand what happened the issue is almost certainly on MtGox side.

If you don't understand what happened, why are you so certain the issue is with Mt. Gox?

You don't know what happened so I would suggest looking for some evidence before suggesting that Mt. Gox was hacked and, for some reason, your account was the only one targeted.


How is that related? Stereotype claims to now have more BTC than when he started and had no trouble accessing his account.

Still around.
Distribution
Hero Member
*****
Offline Offline

Activity: 713


Fight fire with photos.


View Profile
July 04, 2013, 01:58:13 AM
 #10

There is one new reason to stop using MtGox.

When I woke up on Wednesday morning there were emails from MtGox in my inbox: emails saying there had been trades on my account (I had no open orders), emails saying that there had been withdrawals, non-BTC redeemable codes deprecation notices and one last email saying that my password had been reset.

My password was very secure, I NEVER told anyone my password, I was not using this password on any other website, I have never been on a phishing website or on websites like mtgox-chat, there is no key-logger on my computer, my OS is Linux, etc.
I am quite security-aware and I never had a problem with any of my account being hacked. I also checked the activity on my Gmail account and there were no suspicious connection.
I could not understand what happened the issue is almost certainly on MtGox side.

So I tried the password recovery procedure and it was not working. I then sent an email to the support explaining everything. I also sent a message on Twitter.

I had not a single answer for two days nor could I connect to my account. These were two very painful days. This morning I finally received a message from the support saying they cannot do anything and I will not be refunded.

I am not familiar with non-BTC redeemable codes but it means the hacker is transferring some funds to an other MtGox account, right? I cannot understand why they are saying they cannot do anything. Beside the password recovery procedure is still NOT working. I still do not know if there is anything left on my account.

I had been selling Bitcoins for a couple of weeks and there were around 20,000€ and 63 bitcoins on my account. I received 6 withdrawals emails and 4 non-BTC redeemable codes deprecation notices.
According to the emails, the hacker bought 100 BTC then sold 70 BTC then bought 70 BTC. The trades were done at around 180€ per Bitcoin.
My account had a "Verified" status. Anyone know what are the withdrawal limits? I hope there is something left on my account...

Of course I sent an other message to the support but they are so slow to answer. I will keep you updated...

In the meantime be very careful with your MtGox accounts. If you do not have a Yubikey you should move your money NOW.

I just had a similar situation. I'm locked out waiting for them to reply. Weird thing is, I never got an email saying my password was changed nor that my email was changed. I never got emails saying that there trades either. And yes, my password sounds like it was as secure as yours. There could be a few things going on here. But in any case, I'm waiting to get into my account to see if everything's gone. I really hope that the account got frozen. But I'm not going to hold my breath. If it works out, I'm going to get the 2fa like you said. If not, I'm done with exchanges.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!