mt gox account stolen, I lost all my money

[girlfawkesy]

I just wanted to make a post, I would have posted this in the main forums but I'm a newb lurker so I signed up to post this.

This morning I got an email from mt gox letting me know there had been a withdrawal on my account.

I didn't authorize one, and I had no idea wtf this was talking about, so I logged in to see the $480 USD I had in there had vaporized. Someone had logged into my account, bought btc, and then transferred it to themselves.

https://blockchain.info/address/1LuLza3QfbXP3GcABCe86MYSAy9jDq3DRm

The fucking wallet is 1LuLz just to taunt me as well.

I dunno what else to say about this other than 'be careful' but I thought I was being careful. I trusted gox with my money and now its gone and nobody has replied to me from them or answered me at all. This was my big attempt at taking my own money investing in BTC and this is where it has gotten me. Those of you that know me from camwhoring on reddit know that i've managed to scrape together a little  btc from tips and such but mostly I invested my own money to daytrade with.

That wallet is kept on my computer in a truecrypt container, yet I still felt it was less secure than keeping it somewhere safe like a big online company like mtgox.

That wallet is

https://blockchain.info/address/1669nJLncdiyuwRYmBfk4D6qF4Dibz7GjQ

and I think the only reason it didn't get raped as well is that it didn't have anything to steal.

So whoever did this. Thanks for stealing my groceries. You're a terrible person.

[1715572381]

1715572381

[1715572381]

1715572381

[1715572381]

1715572381

[joakof2]

sucks men, sorry to hear that, truly.

[escrow.ms]

That really sucks man, try to contact mtgox and scan your pc for viruses and did you installed something or visited any site that have java based chat or something?

[girlfawkesy]

I have two factor authentication on my accounts.

It was stolen despite this.

[ija]

You have Google Authenticator OTP?

Man i use that i thought that was fool proof. It doesnt make sense..

If you did use Google One Time Password... they would have to had access to that... unless you had the back up keys in an easy to find place

[Zaih]

That's a bloody blow to the gut.

Bad luck. At the end of the day.. All forms of hacking have to be due to some sort of fault by the victim. I guess this could be seen as a some what expensive lesson.

I hope you don't give up on Bitcoin though due to this.

[girlfawkesy]

unless this was some sort of inside job. apparently its happened to other people as well.

gox basically sent me their "call the police" form letter. When I explained that I did all their authentications right, they didnt' reply.

I dunno, the whole point of this endeavor was to camwhore on reddit for tips, and then take some of my personal funds and invest with the hope of making ends meet a little easier. Now if anything the situation is far worse.

I think I may leave btc. Nobody ever broke into my USD bank account and stole all my money. Even if they did, I could get it back.

I think the worst part though is seeing the tor exit node and wallet name on blockchain and knowing some bastard did this to me.

[gabriellew]

oh, im very sorry for you.
did they know your password?

[r3wt]

That's a bloody blow to the gut.

Bad luck. At the end of the day.. All forms of hacking have to be due to some sort of fault by the victim. I guess this could be seen as a some what expensive lesson.

I hope you don't give up on Bitcoin though due to this.

oh, the irony

[ija]

i had money sitting in mtgox for days, after i install the 2 step authentication..

Felt pretty safe.

To be honest though it seems a great security method.. the passowrd changes every 30 secounds. So they would need fyour phone to get that data... so maybe theres virus on your phone.. or googles securties been hacked.

Either way ...

Zaih saying its a an expensive lesson to learn is totally unproductive. what has been learned from this?

Nothing, we don't know the exact method to how she lost her coins.

Do a virus scan please Fawksgirl.. also on your phone... would help people alot if we could understand where the leaky part of your securty was...

and sorry this sucks big time....

[bittheodds]

Let me get this straight... they stole from a 2fa protected mtgox account and had the guts to push the funds to a vanity address?

I always want to learn more about this kind of story - if the OP could find out what exactly happened and report back, it might help everyone else down the line...

[girlfawkesy]

I can't tell you much more than what I already have. It was a major player in the btc community who told me it might have been an inside job. Gox continues to ignore me.

All I can do is show you my addresses on blockchain so you can see the theft yourself. I personally will never use gox again for anything.

[ethought]

That sucks! Just out of interest. Do you use Windows, Mac or Linux as your main computer when accessing mt Gox?

[Lastro]

Bad luck. At the end of the day.. All forms of hacking have to be due to some sort of fault by the victim. I guess this could be seen as a some what expensive lesson.

You might as well say; "you left your window opened, you deserved to get raped!"

Trojans and malware are continually being created or updated to get around antivirus applications. Antivirus apps, malwarebytes, etc are continually being updated to clean PCs.

I am sorry this happened to you girlfawkesy. With two-factor authentication that shouldn't have happened.

[mvidetto]

IMO wouldn't leave money like that around on GOX/coinbase etc.  Best bet is to keep it on your computer and not download malicious keyloggers and keep computer up to date on virus software.  That way if the big companies get DDoSed or hacked you can't lose your money.  If you need to exchange the coins then transfer them in and the money out asap or vice versa.

[teamtarp]

this is crazy, but why dont gox have like you have to enter your birth date or something to cash out as well. that would make this bs avoidable. they could also have a setting so you receive e-mail if someone with ip outside your country logs in. just feels to me gox is half assing everything, but when it comes to veryfing account there is no fing limit to their stupid demands. lousey exchange hope a real alternative comes along.

[DeathAndTaxes]

Some technical details would be useful.  There has never been a case of TOTP being "cracked".

Was TOTP (Google Authenticator) enabled on WITHDRAW (settings can be found in security center)?
Was the Google Authenticator installed a second device (i.e. MtGox accessed from home computer,  code generated on android phone)?
Does anyone else have access to the generator (roommate, friend, etc)?

[Surprise]

First off, I'm sorry your funds got stolen. That really sucks. Secondly, you could help prevent other people from suffering this if you provided more details about the security setup you were using so how this attack could have taken place can be discovered/prevented in the future.

[ctlegacy]

This doesn't seem legit. How could someone with 2FA get their account stolen? unless it was someone you live with and you openly have passwords written down.

Dont go on websites you are unsure about... ALWAYS have two factor authentication. It's highly unlikely for 2FA to be broken into.

[bobsmoke]

Its unfortunate to hear. Didnt you got an email from Mt gox like:

There has been a withdrawal from your Mt.Gox account:
Transaction reference: 8ajr341-kjsdf-4f27-8sdb-isjfue739df
Date: 2013-xx-xx 09:26:55 GMT
IP: xxx.xxx.123.254
You can access your account history for more details.
Please contact us as soon as possible by replying to this email if you did not request this withdrawal.

If you contacted them, wouldn't be possible to repudiate the transaction?