Mt. Gox: If your coins were stolen, please write here

[Twiddle]

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?

[1714174549]

1714174549

[1714174549]

1714174549

[1714174549]

1714174549

[MagicalTux]

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

[Twiddle]

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Oh, that's good news. Thanks for keeping your site secure and staying on top of everything.

[joepie91]

The coins stolen from Mt.Gox were not stolen using any CSRF exploit.

So they were stolen from Mt.Gox using another exploit...?

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Then I suppose you have the IP address of the person who logged in to the accounts?

Also, I have not yet received a response to my tickets #957/#1797, nor to the PM I sent you on this forum.

[anatolikostis]

No, they logged in on users account using the correct login and password. We have logs showing the loggin succeed on first try.

Oh, that's good news. Thanks for keeping your site secure and staying on top of everything.

You are not alone, I`m with you too...
The same case - correct login/password...
No exchange responsibility - no 13.4BTC

Such a nice mtgox.com exchange  


PS
MagicalTux

Well Mark,
I`d like to know from which IP was made 13.4BTC transaction to fraudster wallet...
Is this a open information for me?

[jondecker76]

Magical Tux:

Now that you guys finally admit that you were indeed compromised and usernames/passwords (hashed) were stolen, are you going to refund us customers that had our BTC stolen? (20.19 in my case). I (and others that had BTC stolen while in your care) are angry and frustrated the way this whole thing was denied and handled.  Over the past days, I have seen honest bitcoin users and supporters (of which I am both) accused of lieing, not having secure enough passwords, and of being hacked themselves -- and everything in between.  Are you guys going to own up, do the right thing, and refund us?
(and I will point out again, that I originally reported my stollen BTC to you before any mention of the vulnerabilities and comprimises - without any reply back at all (though, i know you must be busy at the moment, but still))

UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS

We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.

https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback

[anatolikostis]

mtgox.com - epic fail  - one by one...hug and cry
 

You can keep my stolen 13.4BTC for doing reliable protection...

PS It was a joke...

[idev]

OMG when did this happen 
no wonder my gmail account got locked 
and how can i find if my coins and lr have been stolen from my account?

[_s3v3n_]

Let's all make no mistake about this. ALL accounts in Mt. Gox are affected. Even Tradehill and deepbit already made a universal password change on their side just to make sure this doesn't become much worse.

Let's give Mt. Gox some time to resolve this critical issue. For now, I suggest at least CHANGE ALL YOUR PASSWORDS on accounts related to bitcoin - I mean ALL OF THEM.

If possible change your email account, too. Might as well register a new email account which I already did.



P.S.

This will definitely bring the difficulty down to at least 50%.

[snoleo]

I also got hacked.

I cannot access my mtgox account June 19th at around 13:00 o'clock (GMT) BEFORE the big incident occurred.

Someone changed my account password and changed the email, so I even cannot recover my password.

I don't know whether the fund (over 200 LR) or BTC (20BTC) are stolen since I cannot access it for about 20 hours.

I have submitted a request at https://support.mtgox.com, it has been marked as "Urgent", but got no reply yet.

Hope you can figure the problem soon.

My account is:
snoleo
Email:
snoleo@gmail.com

I use a very strong password which is only used for mtgox.

[jondecker76]

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

[anatolikostis]

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story...

[_s3v3n_]

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story...

Kindda like that now since they said the hacker used correct username/password. But they can match all the IP address with yours and take it from there. Not an easy thing to do but doable.

PROS AND CONS guys. We all know that this is risky in the first place. Let's just all wait for Mt. Gox to sort their service out first. I, too lost some coins and $$$ but I understand what's happening right now at Mt. Gox so I'm waiting for them to finish putting the site up and then will contact them.

[snoleo]

    Now requesting to recover your Mt.Gox account has been started.
    But since my account has been stolen 5 hours before the "big compromised account incident", now I even cannot request to recover my MtGox account.

I know mtgox has some urgent affairs to handle right now. But it should also set up a way for the users like me to request for recovering the account.

I have post a request to report my stolen account before the the "big compromised account incident". Now 3 days passed, no answer no email. This request is set to Urgent Priority but no one has even given me a reply.

We pay transaction fees to mtgox, I think we deserved to have an account recovery service. But now the fact is that someone entered my account, changed my email address, changed my passwd. And I even do not know whether the fund or the btc is still in my account or not.

When mtgox website open again, I still cannot login to my account. If the price rises, I cannot sell. If the price drops, I cannot buy. I think this is also another lost brought by mtgox.

Do not forget the users just like me.
At least offer a way to handle this problem.
I can provide the proof the I am actually the owner of this account.

[joepie91]

So Magical Tux,
Are you ever going to answer,  what are MtGox's plans for those of us who got bitcoins stolen in the days preceding the sell off?  You know, those if us that have been telling you since before the compromise was made public.  It should be easy to validate our claims by comparing ip address history,  as I have only logged in to your site from home, work and my phone (verizon)

You know their answer very well - correct login/pass, so they are not responce for this, It`s a very sad story...

Kindda like that now since they said the hacker used correct username/password. But they can match all the IP address with yours and take it from there. Not an easy thing to do but doable.

PROS AND CONS guys. We all know that this is risky in the first place. Let's just all wait for Mt. Gox to sort their service out first. I, too lost some coins and $$$ but I understand what's happening right now at Mt. Gox so I'm waiting for them to finish putting the site up and then will contact them.

Want the benefits (rather high transaction fees), then also take the risks (system getting compromised and having to refund people and/or hire extra staff).
He has been massively profiting off all transactions, then he will also have to bear things like this in a proper manner. This is a for-profit exchange, and the same rules go for that as for every other company.

[RandyMarsh]

Whats the story with the claims? I claimed about an hour after you started and nothing yet, but there was already threads on the other board of people having gotten their accounts back?
how about prioritizing  the folk who have half a years wages in your site, rather than randomly sorting out people with 20$ in there for the laugh?

[Jdumond]

Whats the story with the claims? I claimed about an hour after you started and nothing yet, but there was already threads on the other board of people having gotten their accounts back?
how about prioritizing  the folk who have half a years wages in your site, rather than randomly sorting out people with 20$ in there for the laugh?

You sir, need to be smarter.

[Loozik]

I suspect my account was compromised or I am just paranoid.

I have an account at MtGox and visit this account very frequently (3-5 times a day) to check my number in a verification queue.

I went to Mtgox website 40 minutes ago, typed my Username and Password, and a red small window told me my password was incorrect and if I forgot it I could type in my e-mail address to recover it or to get a new one. I thought I just simply made a typo in my password. I repeated the action 2 times more and the red window kept on popping up and telling me ''incorrect password''.

I shut down my computer and my modem. Then I restarted the computer and the modem, went to MtGox's website entered the Username and the Password and could log in without any problems.

I searched the website, while logged in, for ''you were logged in on ...(date and time)...'' information to check if someone else was logged in using my Username and Password, and I couldn't find such an information.

Could someone tell me:
a) if I should consider it a problem not having being able to log in three times using the correct Username and Password (there is of course an unlikely possibility I typped in a wrong password);
b) is there a log in history for an account at MtGox's website available to account holders?

Thanks.

[mc_lovin]

I suspect my account was compromised or I am just paranoid.

I have an account at MtGox and visit this account very frequently (3-5 times a day) to check my number in a verification queue.

I went to Mtgox website 40 minutes ago, typed my Username and Password, and a red small window told me my password was incorrect and if I forgot it I could type in my e-mail address to recover it or to get a new one. I thought I just simply made a typo in my password. I repeated the action 2 times more and the red window kept on popping up and telling me ''incorrect password''.

I shut down my computer and my modem. Then I restarted the computer and the modem, went to MtGox's website entered the Username and the Password and could log in without any problems.

I searched the website, while logged in, for ''you were logged in on ...(date and time)...'' information to check if someone else was logged in using my Username and Password, and I couldn't find such an information.

Could someone tell me:
a) if I should consider it a problem not having being able to log in three times using the correct Username and Password (there is of course an unlikely possibility I typped in a wrong password);
b) is there a log in history for an account at MtGox's website available to account holders?

Thanks.

Omg so it's true.  There are people dialing up modems to get bitcoins. 

Congrats on the epic 2 year old thread bump.  Good read.