Bitcoin Forum
December 10, 2016, 12:49:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: I was scammed by MtGox.  (Read 7269 times)
kiwiasian
Full Member
***
Offline Offline

Activity: 168


View Profile
June 17, 2011, 01:16:30 PM
 #21

Why would I lie?

I even provided a picture for proof

Tradehill referral link, save 10% | http://www.tradehill.com/?r=TH-R12328
www.payb.tc/kiwiasian | 1LHNW1JGMBo2e7rKiiFz7KJPKE57bqCdEC
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
1481374176
Hero Member
*
Offline Offline

Posts: 1481374176

View Profile Personal Message (Offline)

Ignore
1481374176
Reply with quote  #2

1481374176
Report to moderator
AtlasONo
Hero Member
*****
Offline Offline

Activity: 551



View Profile
June 17, 2011, 01:33:49 PM
 #22

What password did you use? No real reason to keep it a secret now that it's compromised.
InstaGx
Member
**
Offline Offline

Activity: 70



View Profile
June 17, 2011, 01:59:58 PM
 #23

Why would I lie?

You might want people to switch to the exchange in your signature.

Because you want people to switch to
I even provided a picture for proof

That picture only shows that bitcoins were withdrawn. It doesn't tell us who did it. Could be yourself just as easily.

Buy High - Sell Low
mweather
Newbie
*
Offline Offline

Activity: 8


View Profile
June 17, 2011, 02:40:22 PM
 #24

My money is on it being a lie. Tradehill has been aggressively viral marketing all over the place. They're not very good at it, either. It's pretty transparent.
kiwiasian
Full Member
***
Offline Offline

Activity: 168


View Profile
June 17, 2011, 09:01:51 PM
 #25

My signature has nothing to do with stolen money. I could care less about TradeHill right now, the only important thing to me right now is getting my stolen money back. I haven't even used TH, and I don't plan to use any market in the future that involves depositing my coins. In the future I will always use trustworthy BitcoinExchange for a direct person-to-person exchange.

My password was an alphanumeric sequence. There were no dictionary words and it would take a very long time to brute-force my account.

You also have no proof that it wasn't me. I can show you a screenshot of my wallet, that address is not present nor is the transaction present.

Update: looks like the stealer has sold/sent the BTC to someone else.

Tradehill referral link, save 10% | http://www.tradehill.com/?r=TH-R12328
www.payb.tc/kiwiasian | 1LHNW1JGMBo2e7rKiiFz7KJPKE57bqCdEC
sturle
Legendary
*
Offline Offline

Activity: 1418

http://bitmynt.no


View Profile WWW
June 17, 2011, 09:39:05 PM
 #26

My password was an alphanumeric sequence. There were no dictionary words and it would take a very long time to brute-force my account.
An alphanumeric sequence like abcd1234?  That would be one of the first ten passwords a brute force attacker will try.  There are many such sequences in top 100 lists of common passwords.  It would generally take much shorter time to bruteforce a sequence than a rarely used dictionary word.

My four rules of passwords are:
  • Never base your password on dictionary words or sequences of any kind, including keyboard sequences, periodic table, etc.
  • Use at least three of the categories capital letters, normal letters, numbers and special characters.
  • If your password contain one capital letter, don't place it first.
  • If your password contains only one number (one or more digits) or special character, don't place it last.

And remember that trivial transcribations like $ for s, 3 for e, etc, or using the characters above, below or next to a word on the keyboard, are not novel ideas.  Those ideas, and many more stupid tricks to transcribe dictionary words, are known among crackers as well.  Don't even think about words or sequences when you make a password.

Sjå http://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
I support the roadmap.  If a majority of miners ever try to forcefully take control of Bitcoin through a hard fork without 100% consensus, I will immediately split out and dump all my forkcoins, and buy more real Bitcoin.
kiwiasian
Full Member
***
Offline Offline

Activity: 168


View Profile
June 17, 2011, 10:19:16 PM
 #27

My password was an alphanumeric sequence. There were no dictionary words and it would take a very long time to brute-force my account.
An alphanumeric sequence like abcd1234?  That would be one of the first ten passwords a brute force attacker will try.  There are many such sequences in top 100 lists of common passwords.  It would generally take much shorter time to bruteforce a sequence than a rarely used dictionary word.

My four rules of passwords are:
  • Never base your password on dictionary words or sequences of any kind, including keyboard sequences, periodic table, etc.
  • Use at least three of the categories capital letters, normal letters, numbers and special characters.
  • If your password contain one capital letter, don't place it first.
  • If your password contains only one number (one or more digits) or special character, don't place it last.

And remember that trivial transcribations like $ for s, 3 for e, etc, or using the characters above, below or next to a word on the keyboard, are not novel ideas.  Those ideas, and many more stupid tricks to transcribe dictionary words, are known among crackers as well.  Don't even think about words or sequences when you make a password.

No, that is not what I meant. I meant that it was a random alphanumeric sequence. I.e. 47329fdj91954fss.

Tradehill referral link, save 10% | http://www.tradehill.com/?r=TH-R12328
www.payb.tc/kiwiasian | 1LHNW1JGMBo2e7rKiiFz7KJPKE57bqCdEC
neptop
Sr. Member
****
Offline Offline

Activity: 314


View Profile
June 18, 2011, 01:09:09 AM
 #28

Some math about passwords:

We start with a password using eight characters form a - z (no capitals).
26^8 = 208827064576

This happens when you also use numbers.
36^8 = 2821109907456

This happens when you add common symbols (! " # $ % & ' ( ) * + - . , / [ ] ^ < > { })
48^8 = 28179280429056

This happens when you add capitals.
52^8 = 53459728531456

This happens when you add one single character
26^9 = 5429503678976

For most people adding capitals is easier and therefore more secure than adding categories.

If you want to create REALLY secure passwords on can easily remember there's diceware.

BitCoin address: 1E25UJEbifEejpYh117APmjYSXdLiJUCAZ
SlaveInDebt
Hero Member
*****
Offline Offline

Activity: 701


Your Minion


View Profile
June 18, 2011, 02:07:46 AM
 #29

Request title change as you were not scammed by Mt.Gox but had by someone else.

"A banker is a fellow who lends you his umbrella when the sun is shining, but wants it back the minute it begins to rain." - Mark Twain
cronopio
Jr. Member
*
Offline Offline

Activity: 59


View Profile
June 18, 2011, 02:57:00 AM
 #30

Request title change as you were not scammed by Mt.Gox but had by someone else.

I agree.

Someone login with your credentials and transfer de money.

I dont see any scammed

12FKPNwQUS6Em7Ar6wc1GnzpU4NWBKhTAK

WARNING! This game its so addictive
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
June 18, 2011, 03:44:05 AM
 #31

Looks like it was a security problem at mtgox.com

http://forum.bitcoin.org/index.php?topic=18709.0

You probably visited another site that had custom code that used your active mtgox.com session to get in and do the transfer.


sturle
Legendary
*
Offline Offline

Activity: 1418

http://bitmynt.no


View Profile WWW
June 18, 2011, 06:48:02 AM
 #32

Some math about passwords:

We start with a password using eight characters form a - z (no capitals).
26^8 = 208827064576

This happens when you also use numbers.
36^8 = 2821109907456

This happens when you add common symbols (! " # $ % & ' ( ) * + - . , / [ ] ^ < > { })
48^8 = 28179280429056

This happens when you add capitals.
52^8 = 53459728531456

This happens when you add one single character
26^9 = 5429503678976
Another point -- it can be hard to remember long random passwords, but very long passwords can be simple.  If you have problems remembering long strings of random characters, try using random words.  At least three or four chosen randomly from a long wordlist.  Think of the wordlist as your alphabet.  /usr/share/dict/words on Ubuntu has 98569 words.

This happens if you choose three words from the list:
98569^3 = 957681397954009

This happens if you choose four words from the list:
98569^4 = 94397697714928713121

But please choose words which do not form a meaningful sentence or are logically connected in other ways, and make sure it is at least 12 characters long in total.  "one two three" is a terrible password.  "lion Malaysia snow cutlery" is a very good one.

Sjå http://bitmynt.no for veksling av bitcoin mot norske kroner.  Trygt, billig, raskt og enkelt sidan 2010.
I buy with EUR and other currencies at a fair market price when you want to sell.  See http://bitmynt.no/eurprice.pl
I support the roadmap.  If a majority of miners ever try to forcefully take control of Bitcoin through a hard fork without 100% consensus, I will immediately split out and dump all my forkcoins, and buy more real Bitcoin.
Enky1974
Sr. Member
****
Offline Offline

Activity: 250



View Profile
June 18, 2011, 08:43:25 AM
 #33

I use this http://strongpasswordgenerator.com/ for strong password generator to generate secure passwords

__________________________________
My Blog at http://btctrading.wordpress.com/ | « O Fortuna,velut Luna statu variabilis, semper crescis aut decrescis »
cunicula
Hero Member
*****
Offline Offline

Activity: 756


Stack-overflow Guru


View Profile WWW
June 18, 2011, 09:04:23 AM
 #34

I'm concerned that negative comments directed at people whose money has been stolen are driven by self-interested concern about their effects on the exchange rate. Of course thefts affect the exchange rate, but it is much better to have hacking problems exposed, so that Mt. Gox can be fixed or abandoned instead of shutting everyone up and waiting for something really serious to happen (again Allinvain counts as serious in my book). Some of you people are like listening to directives from the CCP Ministry of Truth. 'This is all a conspiracy of the imperialist bankers seeking to discredit bitcoin' Covering up problems until they explode is not a good approach. Thanks to everyone who is reporting thefts and vulnerabilities for helping to improve security.

▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁▁
        AltCoinInternalExperts                Get Your Altcoin Promoted On Social Media       
▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔▔
jjiimm_64
Legendary
*
Offline Offline

Activity: 1680


View Profile
June 18, 2011, 02:50:26 PM
 #35


It does seam suspicious that the poster is advertising for tradehill!!!!!

1jimbitm6hAKTjKX4qurCNQubbnk2YsFw
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 18, 2011, 03:28:40 PM
 #36

I have stepped forward on a few other posts - I also had money stolen from my MtGox account (20.19 BTC)
I even reported it to MtGox with no reply (this report was made before it was announced that there was a security exploit found).
It has recently been revealed that MtGox did in fact have a vulnerability, and someone even showed them the exploit by using it to prove it was there. There are also a dozen or so of us that have had this happen. Yet, the owner claimed that he can see no evidence in his logs that our money was lost due to the exploit, and that he is not going to refund anybody for the BTC stolen from his (insecure) site.
I for one will never use MtGox again.  Its one thing to make a mistake and have such a simple exploit left open it happens. Its another thing to not own up to your responsibilities as a responsible business owner. Look at the number of trades on his market, look at his fee and do the math.  Bottom line is that he makes very good money from his userbase, and should be trivial to do the right thing for a few handfuls of users that lost modest amounts of bitcoins.  I don't know if it can be proven one way or another whether or not the withdrawn funds were via an exploit or not - but honestly, look at the evidence

Edit:
Also, I want to point out that I'm not claiming that I was "scammed" by MtGox.  I do however believe that the lack of security features on the site, and the exploit that was discovered are responsible for my stolen bitcoins, and I believe that he should reimburse those affected.  To those mentioning brute force attacks on passwords, I think its a security vulnerability in its self that an account isn't suspended after X failed login attempts.

RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
joan
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 18, 2011, 06:25:47 PM
 #37

I believe that he should reimburse those affected.
Well… Anyone having done a withdrawal recently could claim thief.
We see the limits of 2-way trust here… That is the price we pay for enhanced privacy I guess.
BBanzai
Member
**
Offline Offline

Activity: 84



View Profile
June 18, 2011, 06:45:03 PM
 #38

The whole point of digital cash is that it has the same benefits and liabilities as real cash.  If you want security, stay with bank notes and credit cards.  If you want freedom, it is riskier by definition.
Garrett Burgwardt
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 18, 2011, 06:48:30 PM
 #39

Looks like it was a security problem at mtgox.com

http://forum.bitcoin.org/index.php?topic=18709.0

You probably visited another site that had custom code that used your active mtgox.com session to get in and do the transfer.



MagicalTux went through the logs for Mt. Gox and confirmed that was never exploited except in the test.
Bit_Happy
Legendary
*
Offline Offline

Activity: 1442


A Great Time to Start Something!


View Profile
June 19, 2011, 07:05:30 PM
 #40

@OP: MtGox made over $40,000 in legit profits on the days when BTC was around $30. They did not steal your coins.


So you created an account (that's the complete history, right?), just to put some coins there and about two hours later that money disappeared? I am sorry for my distrust, but with hat kind of title and TradeHill in your signature I think it all looks somewhat suspicious to me.

This is either a dirt-bag phoney (no offense intended) or the OP has a serious keylogger/virus on their PC.
@OP: If you are honest, then you honestly need to clean up your computer, IMO.

15DYJpWJe9H1YofsNQbP9JEWWNn7XPZgbS
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!