Bitcoin Forum
August 24, 2016, 01:48:58 PM *
News: When 0.13.0 is released in the near future, make sure that you carefully verify it.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 7 8 9  All
  Print  
Author Topic: If your Mt. Gox account has been compromised, PLEASE READ.  (Read 32567 times)
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 09:19:25 PM
 #1

EDIT: If you cannot access your account and your e-mail address on your account has been changed, please post here as well with as much information as you have.

EDIT2: Added a question about password reuse, please update your posts

Ok, so I've seen a lot of topics appearing about Mt. Gox accounts getting compromised, and had it happen to myself as well - and I'm wondering what the scale of this is.

First, a few things:

My Mt. Gox account got broken into, what do I do?
First of all, do a virus scan, there are plenty of free antivirus applications that work fine - for example, Avast, Antivir/Avira, and AVG.
If you are tech-savvy or know someone who is, and you are on Windows, use applications like TCPView, Wireshark, and Security Task Manager to determine whether any suspicious network activity is taking place, or whether there are any suspicious processes running. Also check your Services for suspicious services.
Change your password. It should be:
* At least 12 characters long, more is better
* Contain letters (both lower and upper case), numbers, and if possible special characters
* Not have any dictionary words, names, or dates in it. The best password is a seemingly random password
* MOST IMPORTANTLY, not a password that you use somewhere else!
* Make sure your new password has a different length than your old one!
After you changed your password, check in your Mt. Gox account if your e-mail address is still correct.
Make sure that your password is NOT saved in your browsers "password manager"! If your browser asks you whether it should remember your password, choose No.
Be sure to read this post to the end!

How could this happen? Is Mt. Gox safe?
Right now it appears to be unclear on where this "attack" is coming from. At least some accounts had complex and/or long passwords, so bruteforcing seems unlikely, but it's possible.
If you had a short password and use an outdated browser (or Internet Explorer, or another browser that does not have this vulnerability patches), it is possible you got hit by the so called "CSS History Sniffer" vulnerability. Get an up-to-date browser that has this vulnerability patched - I believe at least Chrome and Firefox 3 are safe from this - and use a longer password.
While Mt. Gox being compromised is a possibility, there is no proof for it, and it's best NOT to assume that is the case - this may be an attempt at spreading fear and getting people to leave Mt. Gox.
It's best to wait for a response from MagicalTux on this. Personally I normally don't leave any funds in Mt. Gox (or any web wallet / exchange) any longer than necessary, exactly to avoid things like this. The only reason it happened now was because I was unable to access Mt. Gox at all for a long time, and thus didn't have the chance to withdraw my funds.

And now?
I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions:
* How much funds did you lose?
* To what address were your stolen funds sent?
* What OS are you using (Windows, Linux, Mac OSX ...)?
* How long was your old password?
* Was your old password random?
* Was your username the same on Mt. Gox as on the forum?
* Did you use your Mt. Gox password somewhere else?
* Did your old password contain lowercase letters, uppercase letters, special characters and numbers?
* Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.
* Please also include a screenshot if possible so we know it's a real report.


I'll start out with myself.

Lost funds: about $200
Sent to: 16MHJtHA1dVJQZYcFf3iRAeF3dCFQeqTCi
OS: Windows 7 Home Premium
Password length: 20 characters
Random: Yes
Username the same: Yes
Password reused: No
Characters: uppercase, lowercase, and numbers.
Software: used Diablo Miner and pocblm
Screenshot:

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
1472046538
Hero Member
*
Offline Offline

Posts: 1472046538

View Profile Personal Message (Offline)

Ignore
1472046538
Reply with quote  #2

1472046538
Report to moderator
             ▄▄▄▄██████████▄▄▄▄
         ▄▄██▀▀▀               ▀▀▄▄
      ▄▄█▀                         ▀▀▄
    ▄█▀                        ▄▄▀▀▀▀▀█
  ▄██                     ▄▄█▀▀     ▄▀
 ██▀                 ▄▄██████▄    ▄▀
███               ▄▄██████████▄  ▀
██             ▄▄█████████████▀
██          ▄▄█████████████▀
██        ▄ ▀██████████████
██▄    ▄██▀▀  ▀▀████████▀
 ██   ██▀        ▀▀████▀
  ██ █▀
   ▀█
  █▄ ▀▄
 ▄▀    ▀▄
 
SatoshiGames.io
██████

█████

████

████

█████

██████
               ▄▀▀▀▀▀▄▄▄▄
           ▄▄▄▄█  ▄█     ▀▀▀▀▄▄▄▄
▄▄▀▀▀▀▀▀▀▀▀   █  ▀ █            ▀▀▀▀▄
█  █▄        ▄▀                    ▄▀
▀▄ █ ▀       █         ▄           █
 █          █        ▄██▄         ▄▀
 █         ▄▀     ▄██████▄       ▄▀
 ▀▄        █    ▄█████████▄      █
  █       █      ██████████▄    ▄▀
  █      ▄▀        ▀████████   ▄▀
  ▀▄     █        ▄████▀▀▀▀    █
   █    █          ▀▀▀█       ▄▀
   █   ▄▀                    ▄▀
   ▀▄  █                     █
    █  ▀▄▄              █ ▄ ▄▀
    █     ▀▀▀▀▄▄▄       █▀ ▄▀
    ▀▄▄▄▄▄▄▄▄▀▀▀▀▀▀▀▀▀▀▄▄▄▄█


▄▄▄▄██████▄▄█▄▄██████▄▄▄▄
███████████████████████████████
▄▀▄           █           ▄▀▄
█   █         ▄█▄         █   █
█     █        ███        █     █
█       █       ███       █       █
█         █     █████     █         █
█           █    █████    █           █
█             █   █████   █             █
█▄▄▄▄▄▄▄▄▄▄▄▄▄█   █████   █▄▄▄▄▄▄▄▄▄▄▄▄▄█
▀███████████▀    █████    ▀███████████▀
▀▀▀▀▀▀▀▀▀       ███       ▀▀▀▀▀▀▀▀▀

▄███▄
▄▄▄█████████████▄▄▄
BTC
██████

█████

████

████

█████

██████

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1472046538
Hero Member
*
Offline Offline

Posts: 1472046538

View Profile Personal Message (Offline)

Ignore
1472046538
Reply with quote  #2

1472046538
Report to moderator
1472046538
Hero Member
*
Offline Offline

Posts: 1472046538

View Profile Personal Message (Offline)

Ignore
1472046538
Reply with quote  #2

1472046538
Report to moderator
1472046538
Hero Member
*
Offline Offline

Posts: 1472046538

View Profile Personal Message (Offline)

Ignore
1472046538
Reply with quote  #2

1472046538
Report to moderator
aherron
Newbie
*
Offline Offline

Activity: 5


View Profile
June 16, 2011, 10:09:01 PM
 #2

Got compromised this morning.

Lost funds: about $2000
Sent to: 1PYrg3rujFzuczePRwdW8RV27s5cbRU1hE
OS: OSX 10.6 and Xubuntu 11.04
Password length: 11 characters
Random: No, non-dictionary word
Characters: lowercase, and numbers.
Software: Only the native mac client with no mining.
Screenshot: I'll have this up shortly.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 10:14:39 PM
 #3

Got compromised this morning.

Lost funds: about $2000
Sent to: 1PYrg3rujFzuczePRwdW8RV27s5cbRU1hE
OS: OSX 10.6 and Xubuntu 11.04
Password length: 11 characters
Random: No, non-dictionary word
Characters: lowercase, and numbers.
Software: Only the native mac client with no mining.
Screenshot: I'll have this up shortly.
I just ninja-edited the first post, so it was probably not in the list you copied... do you have the same username on Mt. Gox as on the forums here?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
HaRRo
Newbie
*
Offline Offline

Activity: 14


View Profile WWW
June 16, 2011, 10:16:01 PM
 #4

MtGox or Bitcoin7?

FREE http://bitcoinboom.org! Get 50 BTC in Your First Day!
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 10:18:25 PM
 #5

MtGox or Bitcoin7?
The main focus is Mt. Gox but if your account on another exchange/webwallet/mining pool got compromised, it might be useful to post here as well. There may be a targeted attack at multiple services.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Slab Squathrust
Full Member
***
Offline Offline

Activity: 171


View Profile
June 16, 2011, 10:21:39 PM
 #6

This taken with the allinvain events of the past few days are making me worried.  Nowhere is truly 100% safe.  Drives fail, websites get hacked, and natural disasters destroy houses.  While this shouldn't turn anyone off, it is important to remember no backup system is completely secure.  Sorry to hear that happened.  I almost put some Bitcoins in Mt Gox last night...   
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
June 16, 2011, 10:34:19 PM
 #7

Perhaps people are reusing passwords from other sites?

I'd recommend KeePass (haven't actually used it), LastPass, or SuperGenPass in order to combat this.
officialsavage
Full Member
***
Offline Offline

Activity: 154



View Profile
June 16, 2011, 10:43:33 PM
 #8

This hacking seems to be getting out of control.  People are losing a lot of money.  What can we do other than the above suggestions?  Strong passwords are no longer doing the trick.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
June 16, 2011, 10:45:03 PM
 #9

This hacking seems to be getting out of control.  People are losing a lot of money.  What can we do other than the above suggestions?  Strong passwords are no longer doing the trick.

Strong passwords don't help if there's some other attack vector. For instance, if you are using that same strong password on a site that is hacked and MtGox.
randomguy7
Hero Member
*****
Offline Offline

Activity: 528


View Profile
June 16, 2011, 10:53:43 PM
 #10

Please edit your posts to show if the mtgox password was used somewhere else. Is your mtgox email address something which could be easily guessed, like [mtgox-user-name]@[some-well-known-email-provider]?
done
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 16, 2011, 11:26:38 PM
 #11

any newbie reading this please keep your bitcoins seperated in many individual places in case one of your locations is compromised
passenger
Newbie
*
Offline Offline

Activity: 6


View Profile
June 16, 2011, 11:57:25 PM
 #12

any newbie reading this please keep your bitcoins seperated in many individual places in case one of your locations is compromised

...and make sure no one else has access to the places you stored your files in.
pippipcheerio
Jr. Member
*
Offline Offline

Activity: 42


View Profile
June 17, 2011, 12:45:31 AM
 #13

Thanks, I may have a account hacked in the future. So this will help.
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 17, 2011, 01:07:27 AM
 #14

The recent hacking spree might be due to LulzSec releasing over 60k passwords + emails a week...be careful and change password often, never use the same password for different services.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
kwukduck
Legendary
*
Offline Offline

Activity: 1535


View Profile
June 17, 2011, 01:28:17 AM
 #15

Lost funds: $500
Sent to: 1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg
OS: Windows 7 Ultimate / Ubuntu 11.04
Password length: 9 characters alphanumeric
Random: contains dictionary words but mixed
Characters: lowercase, and numbers.
Same username on forum: yes
Software: native windows and linux client, diablo on ubuntu, phoenix on windows.
Screenshot:
these are the malicious transactions.



14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 17, 2011, 01:38:21 AM
 #16

The recent hacking spree might be due to LulzSec releasing over 60k passwords + emails a week...be careful and change password often, never use the same password for different services.
I know I don't reuse passwords myself (plus, I was not in the dump), so if that is related, that is at least not the only attack vector.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
wallet_dat
Newbie
*
Offline Offline

Activity: 8


View Profile
June 17, 2011, 02:17:13 AM
 #17

was hacked and everything stolen this afternoon:

Lost funds: $1300
OS: Microsoft Windows Vista
Password length: 5 characters
Random: no
Characters: lowercase
Software: native client
Screenshot: working on it
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 17, 2011, 02:44:56 AM
 #18

was hacked and everything stolen this afternoon:

Lost funds: $1300
OS: Microsoft Windows Vista
Password length: 5 characters
Random: no
Characters: lowercase
Software: native client
Screenshot: working on it

No wonder, I could've bruteforced that in 2 minutes.
BitterTea
Sr. Member
****
Offline Offline

Activity: 294



View Profile
June 17, 2011, 02:47:33 AM
 #19

Was anyone using this app, by any chance? I downloaded it the other day but decided against giving them my password. Noticed today that there is a new version that is now closed source. Coincidence?
kiwiasian
Full Member
***
Offline Offline

Activity: 168


View Profile
June 17, 2011, 03:50:33 AM
 #20

Lost 17.18 worth of BTC, valued at about $300 at the time.

http://forum.bitcoin.org/index.php?topic=18182.0

Tradehill referral link, save 10% | http://www.tradehill.com/?r=TH-R12328
www.payb.tc/kiwiasian | 1LHNW1JGMBo2e7rKiiFz7KJPKE57bqCdEC
Pages: [1] 2 3 4 5 6 7 8 9  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!