Bitcoin Forum
October 18, 2017, 11:57:58 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: MtGox: Unauthorized withdrawal - someone just stole some of my Bitcoins!  (Read 1488 times)
Radacoin
Sr. Member
****
Offline Offline

Activity: 255


View Profile
May 23, 2013, 06:06:30 PM
 #1

Someone just stole Bitcoins (about $50) from my MtGox account!

I have a very complex password, no idea how he could compromise my account.

The address of the thief is: 1ES1pZSPWT8cXpB1eqaV79CXzzYqDVqXc1
Transaction: 95b48439eed4c1d13768be2aa3dc37808e399a2f047cddf75152b29e973f46f2

I was using MtGox for over a year without any problems. Anyone else having problems lately?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508327878
Hero Member
*
Offline Offline

Posts: 1508327878

View Profile Personal Message (Offline)

Ignore
1508327878
Reply with quote  #2

1508327878
Report to moderator
1508327878
Hero Member
*
Offline Offline

Posts: 1508327878

View Profile Personal Message (Offline)

Ignore
1508327878
Reply with quote  #2

1508327878
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
May 23, 2013, 06:09:03 PM
 #2

Using 2FA?

The most complex password (say a 256 bit random key generated using a qRNG) provides no more protection then "password123" against keyloggers, other malware, Man In the Middle attacks and phishing attempts.

PSA to anyone else.  If you don't use 2FA you are just one exploit away from losing all your funds.
relm9
Hero Member
*****
Offline Offline

Activity: 840



View Profile
May 23, 2013, 06:13:36 PM
 #3

If the password was really complex I would say you probably got hit some Java exploit or other virus, better scan your computer.
HeroC
Hero Member
*****
Offline Offline

Activity: 840


GPG: FA122C1A | IRC: HeroCC


View Profile WWW
May 23, 2013, 10:50:01 PM
 #4

Use 2FA and Google the address.
Stefan
Member
**
Offline Offline

Activity: 80


View Profile
May 24, 2013, 09:25:54 AM
 #5

BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

Do you feel like my contribution helped you a lot? Express your thanks by sending a tip here: 1STEFAN4c7ZW5wqrxKdHyLsxZAKaa947j
Radacoin
Sr. Member
****
Offline Offline

Activity: 255


View Profile
May 24, 2013, 09:34:40 AM
 #6

BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.

I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.

I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.

They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.
naphto
Sr. Member
****
Offline Offline

Activity: 392


View Profile
May 24, 2013, 09:51:43 AM
 #7

BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.

At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.

I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.

I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.

They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.

You can log in your account from a VPS or whatever, does not mean anything.
If you wanted a secure way of payment, you would use euros, or usd.

You can't do shit now, your bitcoins are lost forever and there is no way you will have they back.
I could say "sorry for your loss" but that would be hypocrite.
Radacoin
Sr. Member
****
Offline Offline

Activity: 255


View Profile
May 24, 2013, 10:11:31 AM
 #8

You can log in your account from a VPS or whatever, does not mean anything.

I could. But what's the probability that I log in from home and at the same time use my VPN connection and log me in again?

MtGox should at least check those suspicious cases - and ask for (email) confirmation.
naphto
Sr. Member
****
Offline Offline

Activity: 392


View Profile
May 24, 2013, 10:18:52 AM
 #9

Bitcoin is worldwide. The main avantage is for international wire. So you can give your details to a family member (or anyone) abroad for sending him money (even if it's probably against their ToS).
Still, if your computer is compromised, a double authen with an email, or an email before processing to the payment would be useless: if they got your email password, which is probably the same, or not a problem if you got keylogged, that won't change anything. And they probably took your email first, in order to change your mtgox password. So, email is a false protection. It gives a secure feeling, but it does not provide any valuable protection.


When you bough bitcoins, or when you mined you knew that they were just pixels or internet and can disappear as fast as they came in.
Even if it's sad to lose some money, if you really have something "worth" it, you should never use btc, but euros.
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
May 24, 2013, 10:48:13 AM
 #10

You can log in your account from a VPS or whatever, does not mean anything.

I could. But what's the probability that I log in from home and at the same time use my VPN connection and log me in again?

MtGox should at least check those suspicious cases - and ask for (email) confirmation.

Stop with the entitlement bullshit. The service op should nothing for your own comfort. You should, if you care and are willing to pay for it. If not stfu.

That aside: the website model does not work. It's okay for blogs, it's okay for stupid shit nobody cares about (twitter, facebook, whatever). It is not okay for BTC.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Radacoin
Sr. Member
****
Offline Offline

Activity: 255


View Profile
May 24, 2013, 11:14:38 AM
 #11

Stop with the entitlement bullshit.

Mircea, my little diva, why so grumpy today? Have your male-period?


Quote
The service op should nothing for your own comfort.

Care to explain what fees are for?
mgio
Hero Member
*****
Offline Offline

Activity: 546


View Profile
May 24, 2013, 06:10:36 PM
 #12

No yubikey?
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
May 24, 2013, 07:49:51 PM
 #13

Mircea, my little diva, why so grumpy today? Have your male-period?

You still with the MPOE-PR = MP nonsense? That's so 2012, srsly.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!