Bitcoin Forum
October 26, 2025, 05:05:08 PM *
News: Pumpkin carving contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: MtGox possibly stolen account with bitcoins on it  (Read 3381 times)
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 19, 2011, 01:55:22 AM
 #1

Unable to post in to this topic http://forum.bitcoin.org/index.php?topic=18858.0;all so will post here.

I exchanged some my WMZ to BTC on #bitcoin-otc with decent exchange rate. I tried to cash out it to dwolla, created account on mtgox.com and sent coins to it. I had to go to work so I closed browser and came back to mtgox.com after 3-4 hours and found I am unable to loggin - it says that login/password invalid.

I know about recent CSRF attacks - I was offline, so I could not visit site with exploit. My account was brand new, so no hackers could get to it so quick. I did not use email in mtgox.com but I wrote down login/password so I am sure I am using correct one.

I sent 50.56 to http://blockexplorer.com/address/18Pu9zLDzviyzjMFvH4NMZjpHiq5JrgiYU address. Looks like they are gone, so somehow hacker was able to get into this account and looks like mtgox.com db was really hacked! Probably hacker tries to slowly withdraw all money, but $1000 daily limit do not allow it to do quickly so he targets smaller accounts.

mtgox login: steve3
btc address used to fund mtgox.com account 18Pu9zLDzviyzjMFvH4NMZjpHiq5JrgiYU
amount - 50.56

I wrote several times to mtgox.com support via info@ email and via support widget on their site - nothing =(

So bewared. I think it's time for tradehill.com and better and more secure websites.
xali
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
June 19, 2011, 04:14:46 AM
 #2

what do you mean you closed your browser... do you think maybe someone accessed it and found that mt gox was already logged in and stole it?

this seems most likely...

someone else had been posting on my account for over a year; Every post from January 10 2017 to June 18 2018 is NOT ME
Whoever this person was that got access to my account, felt the need to shill something called "bidium" in my signature
very surreal. is this normal? the internet is full of crooks... watch out
ymgve
Newbie
*
Offline Offline

Activity: 24
Merit: 0


View Profile
June 19, 2011, 04:19:36 AM
 #3

That money went out of the address doesn't mean anything. Any money sent into mtgox gets pooled together, so if someone took out your 50.56 it would most likely not come out of the same address you used to add it. I suggest you try the support forum on mtgox too.
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 19, 2011, 04:39:23 AM
 #4

what do you mean you closed your browser... do you think maybe someone accessed it and found that mt gox was already logged in and stole it?

this seems most likely...

I meant - there was CSRF vulnerability on mtgox.com. In order to exploit it - I had to have active session and visit some site with exploit. But I shutdown laptop and did not visit any websites. So CSRF is not my case. Looks like some one got hands on their DB with all balances and passwords etc.
OCedHrt
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile
June 19, 2011, 07:48:55 AM
 #5

what do you mean you closed your browser... do you think maybe someone accessed it and found that mt gox was already logged in and stole it?

this seems most likely...

I meant - there was CSRF vulnerability on mtgox.com. In order to exploit it - I had to have active session and visit some site with exploit. But I shutdown laptop and did not visit any websites. So CSRF is not my case. Looks like some one got hands on their DB with all balances and passwords etc.

You also could simply have a key logger on your system.

ALL.ME  ●●●  SOCIAL NETWORK OF THE BLOCKCHAIN TIME ●●●
▄▄▄▬▬▄▄▄  Bounty all.me ▶ Jan 29th - May 8th 2018  ▄▄▄▬▬▄▄▄
Facebook   ▲   Twitter   ▲   Telegram
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 19, 2011, 03:37:53 PM
 #6

what do you mean you closed your browser... do you think maybe someone accessed it and found that mt gox was already logged in and stole it?

this seems most likely...

I meant - there was CSRF vulnerability on mtgox.com. In order to exploit it - I had to have active session and visit some site with exploit. But I shutdown laptop and did not visit any websites. So CSRF is not my case. Looks like some one got hands on their DB with all balances and passwords etc.

You also could simply have a key logger on your system.

i am pretty good about security. +nod32 did not find anything. so I highly doubt it was from my side. Just read http://forum.bitcoin.org/index.php?topic=18050 topic. So many accounts had changed password/email. This is definitely something bigger then just random local computers hacked. Plus - mtgox did not answer my ticket after 6 days! I'd say they have huge issue and lost all their coins or are close to it.
Jazkal
Sr. Member
****
Offline Offline

Activity: 319
Merit: 250



View Profile
June 19, 2011, 04:58:30 PM
 #7

i am pretty good about security. +nod32 did not find anything. so I highly doubt it was from my side.
Ok, so you are good with security, so what else besides nod32 have you tried running on your system?

mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 19, 2011, 11:17:57 PM
 #8

i am pretty good about security. +nod32 did not find anything. so I highly doubt it was from my side.
Ok, so you are good with security, so what else besides nod32 have you tried running on your system?

believe me, I am very good regarding security. It just can't be coincedence if so many accounts were hacked into from users machines. Just read all reports around forum. And read this post - https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback?page=2#post_20249476 - they admit they had issue where all information was leaked from their db!
anatolikostis
Legendary
*
Offline Offline

Activity: 2026
Merit: 1005



View Profile
June 20, 2011, 01:25:57 PM
Last edit: June 21, 2011, 07:02:27 AM by anatolikostis
 #9

CSRF is a fake...In my opinion... Roll Eyes 
I think in that way exchange covers their own impotance to prevent attacks...

I didn`t use any site at 16-40 14/06/2011 during hard DDoS attack, but my 13.4 BTC were successfully stolen...

So Mark says the same things everytime: "transaction was made from your account with the correct login/password, we are not responce for this"
Of course with correct!!!
How It could be with incorrect?

:facepalm:
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 20, 2011, 03:38:21 PM
 #10

CSRF is a fake...In my opinion... Roll Eyes 
I think in that way exchange covers their own impotance to prevent attacks...

I didn`t use any site at 16-40 14/06/2011 during hard DDoS attack, but my 13.4 BTC was successfully stolen...

So Mark says the same things everytime: "transaction was made from your account with the correct login/password, we are not responce for this"
Of course with correct!!!
How It could be with incorrect?

:facepalm:

At least he says something to you. I still do not know what happened to my account at all. I simply can not login and no body answered during last week on any of my tickets =(
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
June 20, 2011, 05:28:52 PM
 #11

You guys are late to the party.
MtGox's whole user database was compromised.

Since the database has been leaked I will prove it to you:
steve3, you are the customer #52107
Your password hash: !$1$7u9tG3ex$KkKOgkgdJTknIARmG3SBS1

The password has been hashed with FreeBSD salted MD5. It is a tough cookie but not unbreakable.
The salting prevents time-memory trade off (Rainbow Tables), so a dedicated cracker should crack every each one of them individually.
As long as your password is complex and long enough, it will resist cracking by bruteforcing.

Interestingly it seems that your account steve3 were locked back then.
Cheers,
anatolikostis
Legendary
*
Offline Offline

Activity: 2026
Merit: 1005



View Profile
June 21, 2011, 06:56:47 AM
 #12

You guys are late to the party.
MtGox's whole user database was compromised.

Since the database has been leaked I will prove it to you:
steve3, you are the customer #52107
Your password hash: !$1$7u9tG3ex$KkKOgkgdJTknIARmG3SBS1

The password has been hashed with FreeBSD salted MD5. It is a tough cookie but not unbreakable.
The salting prevents time-memory trade off (Rainbow Tables), so a dedicated cracker should crack every each one of them individually.
As long as your password is complex and long enough, it will resist cracking by bruteforcing.

Interestingly it seems that your account steve3 were locked back then.
Cheers,
I`m not late, my coins were stolen at 16-40 14/06/2011  Grin
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 22, 2011, 03:02:40 PM
 #13

You guys are late to the party.
MtGox's whole user database was compromised.

Since the database has been leaked I will prove it to you:
steve3, you are the customer #52107
Your password hash: !$1$7u9tG3ex$KkKOgkgdJTknIARmG3SBS1

The password has been hashed with FreeBSD salted MD5. It is a tough cookie but not unbreakable.
The salting prevents time-memory trade off (Rainbow Tables), so a dedicated cracker should crack every each one of them individually.
As long as your password is complex and long enough, it will resist cracking by bruteforcing.

Interestingly it seems that your account steve3 were locked back then.
Cheers,


So it is locked, not stolen? How I can check if this password hash = to my password? Is there any online resource to get this type of hash from my password? If it is locked - at least money should be there and I have slight chance.. But when I tried claims.mtgox.com they just told that password incorrect, which I am sure I did correct.
jheregidpa
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 23, 2011, 01:37:04 PM
 #14

You guys are late to the party.
MtGox's whole user database was compromised.

Since the database has been leaked I will prove it to you:
steve3, you are the customer #52107
Your password hash: !$1$7u9tG3ex$KkKOgkgdJTknIARmG3SBS1

The password has been hashed with FreeBSD salted MD5. It is a tough cookie but not unbreakable.
The salting prevents time-memory trade off (Rainbow Tables), so a dedicated cracker should crack every each one of them individually.
As long as your password is complex and long enough, it will resist cracking by bruteforcing.

Interestingly it seems that your account steve3 were locked back then.
Cheers,


So it is locked, not stolen? How I can check if this password hash = to my password? Is there any online resource to get this type of hash from my password? If it is locked - at least money should be there and I have slight chance.. But when I tried claims.mtgox.com they just told that password incorrect, which I am sure I did correct.

The theory is they will release your account once they verify you.  I've sent them the verification info and have received no reply.  I'm starting to think it's a scam.  Lock all the accounts.  Require people to "claim" something they already had.  Either ignore people or deny them as often as possible.  Profit.   I know one person who got his account back right away, but he had no balance in BTC or $$.   I've got a small balance of BTC in mine.  If my theory is correct no balance would get reclaimed because there is no profit.  BTC might be least likely because they aren't money.   Don't have a theory on accounts w/ $$, but that might get them in more trouble legally than BTC.   It'll be interesting to watch.
hashme
Member
**
Offline Offline

Activity: 115
Merit: 10


View Profile
June 28, 2011, 01:54:16 PM
 #15

I still do not know what happened to my account at all. I simply can not login and no body answered during last week on any of my tickets =(
Same situation... I've got No Access & No Feedback... Sad

I pay back 50% commissions to my referrals
https://www.okcoin.com/?invid=2013370
Fair sites only.
moneyforschoolat
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
June 29, 2011, 04:56:06 AM
 #16

Same problem  can not get in my account this is getting very old. They need a number where we can call and talk to a person.  THIS SUCKS
mahun (OP)
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
June 29, 2011, 07:25:35 PM
 #17

Same problem  can not get in my account this is getting very old. They need a number where we can call and talk to a person.  THIS SUCKS

Why? They need to steal your money. They do not need phone number for that. They can just lock your account and take your money.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!