If your Mt. Gox account has been compromised, PLEASE READ.

[agedet]

Screw MtGox, moving my money to Tradehill.  Used code TH-R15720 when signing up to get reduced fees.

[1714024808]

1714024808

[1714024808]

1714024808

[1714024808]

1714024808

[SoggyMoggy]

Has anybody been able to confirm that their account balances at MtGox are safe? I have a small about of BTC there (ready for sale - more than 1, less than 10). It's only a small amount (as I don't yet trust MtGox) and I moved it there last week.

I am a newbie, and I'm just experimenting with purchases and sales of smaller amounts before investigating the currency further. The recent events at MtGox are indeed troubling... I hope they haven't lost my BTC...

[PandaMiner]

Now that mtgox closed their exchange, how can I tell if I got hacked?

I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?

EDIT: Google Mail just asked me to verify myself due to suspicious activity.  I did use the same 9 char. password as my email on mtgox.

I'm scared.

[joepie91]

Screw MtGox, moving my money to Tradehill.  Used code TH-R15720 when signing up to get reduced fees.

How do you know Tradehill is any more secure than Mt. Gox?

Quite a lot of people using this opportunity to have people flock to Tradehill (which has no guarantees of being secure either), conveniently including a referal code (which smells a lot like referal spamming.)

[PandaMiner]

I heard TradeHill's referral codes use to give 30% discounts, now they are only 10%.

[GeniuSxBoY]

how the hell do I know tradehill can't get hacked

[BitcoinPorn]

how the hell do I know tradehill can't get hacked

You don't.

There is risk with no insurance.

Welcome to Bitcoin.

[Blackhawke]

Anyone tried 1Password? I've been looking at getting that.

Personally I've been using LastPass over over year and am quite happy with it. They also have smart phone apps for all platforms I think. If you're an Android user, there's even a LastPass plugin for the Dolphin web browser.

Just my 2 DoBits. You can keep the change. 

[joepie91]

I got a gmail notification about account security compomised, meaning someone attempted to password guess their way through google, meaning my shit was in the leak.

Thankfully I use a different password for erryting.

I believe a Bitcoin community member that is working for / related to Google, has flagged all the Gmail accounts in the leaked database, to prevent breakins.

[Technopope]

How much funds did you lose?

17 BTC and a dollar value of under one dollar.


To what address were your stolen funds sent?

There is no way to check, as I couldn't log in with my email address.


What OS are you using (Windows, Linux, Mac OSX ...)?

Windows 7, all updates current.


How long was your old password?

20 characters.


Was your old password random?

Not random, but generally considered "strong". Certainly not guessable.


Was your username the same on Mt. Gox as on the forum?

This is my first post, having just registered for this topic. Same as DeepBit though...


Did you use your Mt. Gox password somewhere else?

No, but a 10 character variation of it was used at DeepBit. Now changed.


Did your old password contain lowercase letters, uppercase letters, special characters and numbers?

A mix of lowercase and numbers.


Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc.

Only GUIMiner v2011-05-21


Please also include a screenshot if possible so we know it's a real report.

No screenshot available, as the MtGox account is inaccessible. I reregistered at MtGox and sent in a ticket describing my situation.

[Technopope]

qft

if they are a financial institution, they have to have fraud recovery efforts.  He is trying to be legit, maybe he will come around when he thinks that hey I should have spent the money on security, now i have to pay for the breach.

But MtGox is not a financial institution. It is just a guy who started trading online game items,  (Magic The Gathering Online eXchange) and progressed to BitCoins. 

Hopefully he will and is financially able to do the right thing. If he doesn't try, MtGox as a BitCoin exchange is over. Of course, if things are as bad as some people are hypothesizing, MtGox is finished anyway.

Let's hope things work out.

[Technopope]

Now that mtgox closed their exchange, how can I tell if I got hacked?

I have read people mention that they checked the "dump" and found their info in it with their email changed (or not changed). Where is this dump?

EDIT: Google Mail just asked me to verify myself due to suspicious activity.  I did use the same 9 char. password as my email on mtgox.

I'm scared.

Yes, you are on the list, along with your gmail address, number 3419 out of 61,016 users listed at MtGox.

Understand that the passwords are not directly readable, and must be run through some fairly intense computational power to crack. Very similar to the way BitCoins are mined, actually. Takes a *long* time...

However, I had a 20 character password, using both letters and numbers, and exclusive to MtGox. Looks like my email address was changed in my account and I can't log into my account. I have to assume it lost.

Just change all your passwords that are similar and associated with that address.

[pharmhero]

First post.

Thankfully I had nothing stolen because I took my coins out just yesterday cause I was afraid MtGox wasn't secure. 

Here is what interested me.  If you look at the leaked list of user accounts it has as the first user jed@thefarwilds.com  Just a little investigative work finds that the first registered user of MtGox is actually Jed McCaleb, creator the the P2P program eDonkey2000! 

What exactly does he have to do with MtGox and what does he know about this.  Was MtGox his coding? I know MtGox stands for "Magic: The Gathering Online Exchange" and Jed's The Far Wilds looks just as dumb.

So is this a coincidence or does he have something he would like to share with the rest of us?

[ErgoOne]

1) I'm a brand new Bitcoin user with no Bitcoins.  According to Mt. Gox, my brand new account and password were compromised, but there was nothing for any intruder to steal.

2) Password: 16+ characters, random, upper-case/lower-case letters, numbers, symbols. (I'm anal about passwords.)

3) I do not reuse any passwords on any account that has access to any financial transactions.  This includes bank, payment processor, Bitcoin trading, and any online business where I do business.  I save my passwords in a GPG-encrypted file, keep copies backed up various locations.

4) Mt. Gox currently indicates that the compromise was through the user account of an auditor who has read-only access to the system.  They aren't sure how yet.  My guess is either a spear phish (personalized "phish" email) claiming to be from Mt. Gox, or a trojan with a keylogger that stole their password.

This is scary. :/  However, I"m glad it happened now and not later.  The entire Bitcoin system needs to be made both more secure and more easily usable while secure than it is currently.  I would like to see Bitcoin gain wide acceptance and use outside of the geek world -- the human race needs a digital replacement for cash, and this is the best idea I've seen yet on how to do it.  But I don't see that happening until the security of wallets is ensured (by encrypting them by default), and online trading and payment methods for Bitcoin approach the security of my bank's online banking system.

[bc4md]

I had nothing on MT gox thank god but I'm still waiting for a transfer from BC market.  

Either that I'm still having generating block issues.

[cconover]

Mt Gox and other Bitcoin markets ought to enable and encourage the use of some form of multi-factor authentication.  I use a Yubikey in conjunction with my Lastpass account (Lastpass generates very strong, unique passwords for every site so I'm not concerned about my Mt Gox password providing access to anything else), and it's a fantastic and open source authentication system.  Since Bitcoin is growing exponentially in usage and legitimacy, trading services should be growing with it and hardening their systems both on the code side, and on the user interaction side.  Many banks offer or require multi-factor authentication, why shouldn't Bitcoin services?

[bitcoin.monger]

Regardless how strong your password is, if it's not stored with a strong hashing method on the server it makes no difference. When MtGox was originally launched, it appears it was using MD5 for hashing. This was a very poor decision, MD5 is not secure (although it has been a de-facto standard for years, and change is hard  ) It appears that lately they have decided to move to something better and offer two-factor authentication etc. Hopefully we will see less incidents in the future.

[chr15m]

Just a heads up that someone is sending a lovely .exe trojan to all mtgox users under the guise of "info@mtgox.com" from wiscointl.com.cn - the subject of the email is "[Mt.Gox] Account Certificate Download."

You probably do not want to run the exe.

[chr15m]

The Reply-To address is "info_@mtgox.com". Does this mean that the mtgox.com machine is compromised too and they have set up a special mailbox there?

This should probably be posted on the non-newbies part of this forum.

[conbitcoin.com]

Just a heads up that someone is sending a lovely .exe trojan to all mtgox users under the guise of "info@mtgox.com" from wiscointl.com.cn - the subject of the email is "[Mt.Gox] Account Certificate Download."

You probably do not want to run the exe.

Thanks alot for the info !