Bitcoin Forum
December 08, 2016, 04:31:29 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Mt. Gox: If your coins were stolen, please write here  (Read 20149 times)
Twiddle
Newbie
*
Offline Offline

Activity: 11



View Profile
June 19, 2011, 02:16:06 AM
 #41

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?
1481214689
Hero Member
*
Offline Offline

Posts: 1481214689

View Profile Personal Message (Offline)

Ignore
1481214689
Reply with quote  #2

1481214689
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481214689
Hero Member
*
Offline Offline

Posts: 1481214689

View Profile Personal Message (Offline)

Ignore
1481214689
Reply with quote  #2

1481214689
Report to moderator
1481214689
Hero Member
*
Offline Offline

Posts: 1481214689

View Profile Personal Message (Offline)

Ignore
1481214689
Reply with quote  #2

1481214689
Report to moderator
1481214689
Hero Member
*
Offline Offline

Posts: 1481214689

View Profile Personal Message (Offline)

Ignore
1481214689
Reply with quote  #2

1481214689
Report to moderator
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 617


Working on new MtGox features


View Profile WWW
June 19, 2011, 02:20:43 AM
 #42

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Twiddle
Newbie
*
Offline Offline

Activity: 11



View Profile
June 19, 2011, 02:22:35 AM
 #43

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Oh, that's good news. Thanks for keeping your site secure and staying on top of everything.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 19, 2011, 12:13:13 PM
 #44

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.
Then I suppose you have the IP address of the person who logged in to the accounts?

Also, I have not yet received a response to my tickets #957/#1797, nor to the PM I sent you on this forum.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
anatolikostis
Legendary
*
Offline Offline

Activity: 1736



View Profile
June 19, 2011, 12:39:38 PM
 #45

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Oh, that's good news. Thanks for keeping your site secure and staying on top of everything.
You are not alone, I`m with you too... Grin Grin Grin
The same case - correct login/password...
No exchange responsibility - no 13.4BTC

Such a nice mtgox.com exchange  Grin Grin Grin


PS
MagicalTux

Well Mark,
I`d like to know from which IP was made 13.4BTC transaction to fraudster wallet...
Is this a open information for me?
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 19, 2011, 09:06:28 PM
 #46

Magical Tux:

Now that you guys finally admit that you were indeed compromised and usernames/passwords (hashed) were stolen, are you going to refund us customers that had our BTC stolen? (20.19 in my case). I (and others that had BTC stolen while in your care) are angry and frustrated the way this whole thing was denied and handled.  Over the past days, I have seen honest bitcoin users and supporters (of which I am both) accused of lieing, not having secure enough passwords, and of being hacked themselves -- and everything in between.  Are you guys going to own up, do the right thing, and refund us?
(and I will point out again, that I originally reported my stollen BTC to you before any mention of the vulnerabilities and comprimises - without any reply back at all (though, i know you must be busy at the moment, but still))

Quote
UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS

We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback


RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
anatolikostis
Legendary
*
Offline Offline

Activity: 1736



View Profile
June 19, 2011, 09:51:16 PM
 #47

mtgox.com - epic fail  - one by one...hug and cry
 Smiley

You can keep my stolen 13.4BTC for doing reliable protection...

PS It was a joke... Cheesy
idev
Hero Member
*****
Offline Offline

Activity: 846


View Profile WWW
June 19, 2011, 10:02:42 PM
 #48

OMG when did this happen  Huh
no wonder my gmail account got locked  Embarrassed
and how can i find if my coins and lr have been stolen from my account?
_s3v3n_
Member
**
Offline Offline

Activity: 110


View Profile
June 20, 2011, 01:28:41 AM
 #49

Let's all make no mistake about this. ALL accounts in Mt. Gox are affected. Even Tradehill and deepbit already made a universal password change on their side just to make sure this doesn't become much worse.

Let's give Mt. Gox some time to resolve this critical issue. For now, I suggest at least CHANGE ALL YOUR PASSWORDS on accounts related to bitcoin - I mean ALL OF THEM.

If possible change your email account, too. Might as well register a new email account which I already did.



P.S.

This will definitely bring the difficulty down to at least 50%.


RDD RjBUYX75fvQ1yeSDJPkuB5wU35etvZ9JES
snoleo
Member
**
Offline Offline

Activity: 79


A Colt Crossed the River


View Profile
June 20, 2011, 07:51:21 AM
 #50

I also got hacked.

I cannot access my mtgox account June 19th at around 13:00 o'clock (GMT) BEFORE the big incident occurred.

Someone changed my account password and changed the email, so I even cannot recover my password.

I don't know whether the fund (over 200 LR) or BTC (20BTC) are stolen since I cannot access it for about 20 hours.

I have submitted a request at https://support.mtgox.com, it has been marked as "Urgent", but got no reply yet.

Hope you can figure the problem soon.

My account is:
snoleo
Email:
snoleo@gmail.com

I use a very strong password which is only used for mtgox.

btc123.com - bitcoin Info & Web directory
jondecker76
Full Member
***
Offline Offline

Activity: 238


View Profile
June 20, 2011, 03:29:12 PM
 #51

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

RollerBot Advanced Trading Platform
https://bitcointalk.org/index.php?topic=447727.0
BTC Donations for development: 1H36oTJsi3adFh68wwzz95tPP2xoAoTmhC
anatolikostis
Legendary
*
Offline Offline

Activity: 1736



View Profile
June 21, 2011, 07:03:50 AM
 #52

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story... Cry Cry Cry
_s3v3n_
Member
**
Offline Offline

Activity: 110


View Profile
June 21, 2011, 03:02:37 PM
 #53

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story... Cry Cry Cry


Kindda like that now since they said the hacker used correct username/password. But they can match all the IP address with yours and take it from there. Not an easy thing to do but doable.

PROS AND CONS guys. We all know that this is risky in the first place. Let's just all wait for Mt. Gox to sort their service out first. I, too lost some coins and $$$ but I understand what's happening right now at Mt. Gox so I'm waiting for them to finish putting the site up and then will contact them.


RDD RjBUYX75fvQ1yeSDJPkuB5wU35etvZ9JES
snoleo
Member
**
Offline Offline

Activity: 79


A Colt Crossed the River


View Profile
June 21, 2011, 05:11:15 PM
 #54

    Now requesting to recover your Mt.Gox account has been started.
    But since my account has been stolen 5 hours before the "big compromised account incident", now I even cannot request to recover my MtGox account.

I know mtgox has some urgent affairs to handle right now. But it should also set up a way for the users like me to request for recovering the account.

I have post a request to report my stolen account before the the "big compromised account incident". Now 3 days passed, no answer no email. This request is set to Urgent Priority but no one has even given me a reply.

We pay transaction fees to mtgox, I think we deserved to have an account recovery service. But now the fact is that someone entered my account, changed my email address, changed my passwd. And I even do not know whether the fund or the btc is still in my account or not.

When mtgox website open again, I still cannot login to my account. If the price rises, I cannot sell. If the price drops, I cannot buy. I think this is also another lost brought by mtgox.

Do not forget the users just like me.
At least offer a way to handle this problem.
I can provide the proof the I am actually the owner of this account.

btc123.com - bitcoin Info & Web directory
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 21, 2011, 07:51:59 PM
 #55

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story... Cry Cry Cry


Kindda like that now since they said the hacker used correct username/password. But they can match all the IP address with yours and take it from there. Not an easy thing to do but doable.

PROS AND CONS guys. We all know that this is risky in the first place. Let's just all wait for Mt. Gox to sort their service out first. I, too lost some coins and $$$ but I understand what's happening right now at Mt. Gox so I'm waiting for them to finish putting the site up and then will contact them.


Want the benefits (rather high transaction fees), then also take the risks (system getting compromised and having to refund people and/or hire extra staff).
He has been massively profiting off all transactions, then he will also have to bear things like this in a proper manner. This is a for-profit exchange, and the same rules go for that as for every other company.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
RandyMarsh
Full Member
***
Offline Offline

Activity: 237



View Profile
June 21, 2011, 09:25:51 PM
 #56

Whats the story with the claims? I claimed about an hour after you started and nothing yet, but there was already threads on the other board of people having gotten their accounts back?
how about prioritizing  the folk who have half a years wages in your site, rather than randomly sorting out people with 20$ in there for the laugh?

Stan?! STAN?!?!
Jdumond
Member
**
Offline Offline

Activity: 81



View Profile
June 21, 2011, 10:32:07 PM
 #57

Whats the story with the claims? I claimed about an hour after you started and nothing yet, but there was already threads on the other board of people having gotten their accounts back?
how about prioritizing  the folk who have half a years wages in your site, rather than randomly sorting out people with 20$ in there for the laugh?

You sir, need to be smarter.

I dont like the guy. How many reasons do I have? alot.
How many reasons do I need? none.
I just dont like the guy.

Donate here: 1Juv5x7PHcNQdRzdUpWK1DHMKwMy7j7zxj
Tradehill: TH-R11447
Loozik
Sr. Member
****
Offline Offline

Activity: 378


Born to chew bubble gum and kick ass


View Profile
April 30, 2013, 04:27:28 AM
 #58

I suspect my account was compromised or I am just paranoid.

I have an account at MtGox and visit this account very frequently (3-5 times a day) to check my number in a verification queue.

I went to Mtgox website 40 minutes ago, typed my Username and Password, and a red small window told me my password was incorrect and if I forgot it I could type in my e-mail address to recover it or to get a new one. I thought I just simply made a typo in my password. I repeated the action 2 times more and the red window kept on popping up and telling me ''incorrect password''.

I shut down my computer and my modem. Then I restarted the computer and the modem, went to MtGox's website entered the Username and the Password and could log in without any problems.

I searched the website, while logged in, for ''you were logged in on ...(date and time)...'' information to check if someone else was logged in using my Username and Password, and I couldn't find such an information.

Could someone tell me:
a) if I should consider it a problem not having being able to log in three times using the correct Username and Password (there is of course an unlikely possibility I typped in a wrong password);
b) is there a log in history for an account at MtGox's website available to account holders?

Thanks.
mc_lovin
Legendary
*
Offline Offline

Activity: 1134


www.bitcointrading.com


View Profile WWW
April 30, 2013, 10:44:43 PM
 #59

I suspect my account was compromised or I am just paranoid.

I have an account at MtGox and visit this account very frequently (3-5 times a day) to check my number in a verification queue.

I went to Mtgox website 40 minutes ago, typed my Username and Password, and a red small window told me my password was incorrect and if I forgot it I could type in my e-mail address to recover it or to get a new one. I thought I just simply made a typo in my password. I repeated the action 2 times more and the red window kept on popping up and telling me ''incorrect password''.

I shut down my computer and my modem. Then I restarted the computer and the modem, went to MtGox's website entered the Username and the Password and could log in without any problems.

I searched the website, while logged in, for ''you were logged in on ...(date and time)...'' information to check if someone else was logged in using my Username and Password, and I couldn't find such an information.

Could someone tell me:
a) if I should consider it a problem not having being able to log in three times using the correct Username and Password (there is of course an unlikely possibility I typped in a wrong password);
b) is there a log in history for an account at MtGox's website available to account holders?

Thanks.

Omg so it's true.  There are people dialing up modems to get bitcoins. 

Congrats on the epic 2 year old thread bump.  Good read.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!