My MTGOX account was hacked!

[Ampix0]

I just got an email saying I made a withdrawal. I go log in and all $250 of my USD is gone! and they tried to make 3 bids. Their online support is not connecting me with anyone and I did reply to their email. Now I have to go to work. Please someone tell me this can all be reversed. Im sweating bullets.
I just changed my password and am waiting for an email back from MTgox. WHY DO THEY NOT HAVE A PHONE NUMBER! THEY ARE A HUGE TRANSACTION SERVICE!

[Remember remember the 5th of November]

Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.

[Chet]

Another day, another MtGox account hacked.
Isn't anybody learning anything? Ever?

[naphto]

Sorry for your loss

[Ampix0]

Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.

I already sold the bitcoins. The USD was stolen. Also they sent me an email saying to reply as soon as possible if I did not authorize the withdrawal. Are transactions not given some kind of grace period? It's been a few ours with still no answer.

[Ampix0]

I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.

[Stephen Gornick]

I just got an email saying I made a withdrawal. I go log in and all $250 of my USD is gone!

Incidentally, they do have a method that is secure against this ... Yubikey, and Google Authenticator.

Happens a lot:

MtGox account got cleared out
 - http://bitcointalk.org/index.php?topic=85533.0

All BTC disappeared from my Mt. Gox account
 - http://bitcointalk.org/index.php?topic=88368.0

Another:
 - http://bitcointalk.org/index.php?topic=80562.msg941759#msg941759

And another: My mtgox account got compromised, what can I do?
 - http://bitcointalk.org/index.php?topic=84585.0

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - http://bitcointalk.org/index.php?topic=89142.0

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - http://bitcointalk.org/index.php?topic=119816.0

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - http://bitcointalk.org/index.php?topic=93074.0

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - http://bitcointalk.org/index.php?topic=94140.0

And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!?
 - http://bitcointalk.org/index.php?topic=137795.0

Ditto: My MtGox account was just exploited - 3 BTC stolen
 - http://bitcointalk.org/index.php?topic=141816.0

Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox
 - http://bitcointalk.org/index.php?topic=141831.0

And other ones get added to the list: Unauthorized withdrawal on Mt. Gox
 - http://bitcointalk.org/index.php?topic=147070.0

And then here: How I got robbed of 34 btc on Mt.Gox today
 - http://bitcointalk.org/index.php?topic=173227.0

And now this: My MTGOX account was hacked!
 - http://bitcointalk.org/index.php?topic=186422.0

And another recent one: My funds and BTC have just disappeared from my Gox account!
 - http://bitcointalk.org/index.php?topic=174556

And on other services as well. Here same thing happened to some GLBSE users:
 - http://bitcointalk.org/index.php?topic=84893.0

And elsewhere, BitMarket.eu in this instance:
 - http://bitcointalk.org/index.php?topic=5441.msg1259168#msg1259168

And on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - http://bitcointalk.org/index.php?topic=130264.0


In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Also, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - http://bitcointalk.org/index.php?topic=111943.0

[lerelerele]

Today Google Authenticator give me the key 123456 was like WTF!!!!!

[redwraith]

Thankyou Stephen Gornick for that authenticator link!!  That was exactly what I was looking for! And to BitcoinBull for such a well thought out and easy to follow guide!

[repentance]

Bitcoin transactions are irrevirsible, in the meantime you can post the address to where the funds were withdrawn AND the IP. All should be there. Likely chance is you have a trojan on the PC from some Java 0day exploit.

I already sold the bitcoins. The USD was stolen. Also they sent me an email saying to reply as soon as possible if I did not authorize the withdrawal. Are transactions not given some kind of grace period? It's been a few ours with still no answer.

What you've posted makes it look like someone accessed your account, bought BTC with your dollars and then transferred BTC out of your account - which isn't the same as a USD theft.

Also, bear in mind that MtGox is located in Japan and that you need to take into account time differences when waiting for responses.  It was the middle of the night in Japan when you first started this thread and 5am when you made your post saying that it had "been a few hours" with no response.

It might be worth trying to catch MagicalTux on IRC.  It's late Thursday morning in Japan now, MtGox support doesn't usually work weekends and Monday 29 April is a public holiday in Japan.

[DeathAndTaxes]

To any noob reading ... if you don't have 2FA activated on your account there is a very good chance this will be you in the future.  Look at the like Stephen compiled and those are just recent ones and probably less than a third of the ones reported. 

USE 2FA.  If you don't and your computer is compromised to a 0-day vulnerability you will be like the OP (who BTW has 0.0000% chance of getting funds back).  Long passwords don't protect you from trojans and phishing attempts.   When setting up 2FA I set it up to only require it for security center and withdrawals.  That makes logins easy and protects against CSRF attacks.  http://en.wikipedia.org/wiki/Cross-site_request_forgery

[DeathAndTaxes]

I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.

It doesn't matter how your account was compromised.  The funds have been withdrawn by BTC.  They are irreversible you have lost the full amount.  I know it is tough medicine but in the future use 2FA to protect financial sites (banks, paypal, exchanges, eWallets, etc).

[repentance]

I guarantee there are no viruses on my computer. My day job is virus removal. Here is the trade details. Every transaction on the 24th is fraudulent.

It doesn't matter how your account was compromised.  The funds have been withdrawn by BTC.  They are irreversible you have lost the full amount.  I know it is tough medicine but in the future use 2FA to protect financial sites (banks, paypal, exchanges, eWallets, etc).

Given that exchanges and e-Wallets aren't insured, you should also keep your funds on them for the shortest amount of time possible.  2FA might offer some protection for your individual account but it's not going to help you if the service's hot wallet is emptied, their bank accounts get frozen, their database gets trashed, or they just pack up and abscond with your funds.

[guugll]

ok , so count me in for the robbed ones.

[danympp81]

tonight my account was compromised. lost 0.1 BTC and sent emails, tweets, tickets, everything and they didn´t bother to reply yet.

[tvbcof]

My account may have been hacked as well.  I may have lost like .0004 BTC and about $3.00 left over from when I ditched these cock suckers months ago.  I cannot see compelling reason to log on again so I'll probably never know.

[danympp81]

i am still waiting to mtgox to say someting or give me some info. but nothing at all.

[danympp81]

finally a reply. just said the following....

"We’ve checked our system and confirm that the transaction in question was initiated after a normal login procedure using the registered login name and password.

We advise you to contact with your local police authorities. We will cooperate with them should they have questions on this transaction.

We advise you to use OTP for a more secure environment.

Best regards,

MtGox Team
https://www.mtgox.com

[Attention: Please protect your account using OTP to ensure that your funds are safe and secure. Failing to do so makes your information vulnerable to hackers.
Please visit https://mtgox.com/security]"

the hacker forgot to change the email  and when i received the email with the withdrawal information you can see another ip than the usual.... in this case he used a TOR system.