Bitcoin Forum
November 16, 2024, 04:30:11 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Mt. Gox account hacked  (Read 5207 times)
foxtrottcharly (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
May 26, 2013, 05:57:54 PM
 #1

Dear forum,

my Mt.Gox account was hacked on friday.
I only noticed it by recieving the following mail from Mt.Gox

There has been a withdrawal from your Mt.Gox account:
Transaction reference: 5f417f82-9b99-4be8-abfe-03df1c8f0de8
 
Date: 2013-05-24 17:00:46 GMT
IP: 173.252.211.150
 
You can access your account history for more details.
Please contact us as soon as possible by replying to this email if you did not request this withdrawal.


I immediately contacted Mt.Gox. and recieved the following answer from support:

Hello,
Sorry for the inconvenience. Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.

Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.

Thanks,
MtGox.com Team


What I do not understand is that this IP adress is clearly not mine and Mt.Gox will not cancel
the transaction ? The IP which hacked me sits somewhere in China.....

How and where can I file for police investigation ? I am from Austria - Mt.Gox sits in Japan - the hacker in China using
an United States ISP

On blockchain.info I can even see the transaction of the 15 BTC which have been stolen
https://blockchain.info/address/18XPnyZsxj5FpdDXTLvRPSwdpuvVVuJLgW

Looking forward to any advice.....

Thanks in advance

datascape
Newbie
*
Offline Offline

Activity: 49
Merit: 0



View Profile
May 26, 2013, 06:09:42 PM
 #2

Did you have two-factor authentication enabled?
newguy05
Hero Member
*****
Offline Offline

Activity: 1316
Merit: 503


Someone is sitting in the shade today...


View Profile WWW
May 26, 2013, 06:11:43 PM
 #3

if the transaction is complete the money is gone, mtgox doesnt do anything, they asking you to file a police report is just an inside joke.

         ▄██████
       ▄████████
     ▄██████████
   ▄█▀     █████
 ▄███      █████
█████      ███████████████████████████
█████      ███████████████████████████
█████      ███████████████████████████
█████                           ████▀
█████                           ██▀
█████                          ▄▀   
██████████████████████████████▀
████████████████████████████▀
L I N K
by BLOCKMASON





..CREATE WEB APIS........
..FROM ANY SMART........
..CONTRACT.........................






█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█
█  ██████    ▄▄▄▄▄▄▄▄ █
█  ██████    ▄▄▄▄▄▄▄▄ █
█  ██████    ▄▄▄▄▄▄▄▄ █
█            ▄▄▄▄▄▄▄▄ █
█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █
█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █
█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █
█ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █
█                     █
█ ▄▄▄▄▄▄              █
█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█

READ THE
WHITEPAPER

>>>






▄          █▄                         ▄
██▄        ███▄                     ▄██
████▄      █████▄                 ▄████
██████▄    ███████▄             ▄██████
████████▄   ▀███████▄         ▄███████▀
██████████▄   ▀███████▄     ▄███████▀
████████████▄   ▀███████▄ ▄███████▀  
██████████████▄   ▀█████████████▀   ▄██
████████████████▄   ▀█████████▀   ▄████
██████████████████▄   ▀█████▀   ▄██████
████████████████████▄   ▀█▀   ▄████████
BLOCKMASON
BUILDING THE FUTURE









FACEBOOK
REDDIT
TWITTER

LINKEDIN
GITHUB
MEDIUM
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
May 26, 2013, 06:17:16 PM
 #4

Either you had a weak password and people knew about your username or you might got infected somehow.

I have some questions:
1. Did you visited any suspicious site recently or downloaded some exe file.
2. Did you used same password and username on some other website?


Check link in my signature if you think your pc is infected.
foxtrottcharly (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
May 26, 2013, 07:42:01 PM
 #5

 Angry no I did not have two-factor authentication enabled - I have been naiv
thinking that funds on Mt.Gox would be safe

yes - I have used the same password on my windows live account
maybe that is why it was easy to find out....

So even if I can find out who stole my BTC I can't do anything about it Huh
betaknight
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
May 26, 2013, 07:45:51 PM
 #6

sorry buddy, you are pretty much out of luck. While there have been cases of stolen coins being caught and returned..for the most part, you have to look at it as a loss. Gotta write it off as a lesson learned..  Hopefully it is the last time this happens to you!
iram9096
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile WWW
May 26, 2013, 08:03:36 PM
 #7

Mt gox security is shit. I'm now moving to btc-e.
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
May 27, 2013, 06:26:22 AM
 #8

Angry no I did not have two-factor authentication enabled - I have been naiv
thinking that funds on Mt.Gox would be safe

yes - I have used the same password on my windows live account
maybe that is why it was easy to find out....

So even if I can find out who stole my BTC I can't do anything about it Huh

Well Mtgox is safe but you need to be secure from your end too.If someone found your password you can't blame mtgox for that but yeah their security sucks, they don't have much options to secure peoples funds.

Never use online wallets until you are damn sure that you are using a strong password /new username and your pc is really secure and clean.

In your case, probably they found bitcoin related something in your live account and tried to log on mtgox and got your bitcoins.

but main thing is, how they got password? Either your pc is infected with some malware or someone knew that you have bitcoins in mtgox account.

Btw how do you know he's from china?
deforse
Newbie
*
Offline Offline

Activity: 20
Merit: 0



View Profile
May 27, 2013, 06:59:09 AM
 #9

Mt gox security is shit. I'm now moving to btc-e.
But there are some extra fee vs. MTgox and the most important think is that you can't withdraw your money so simple as from MT gox. Especially for EU.
Stunna
Legendary
*
Offline Offline

Activity: 3192
Merit: 1279


Primedice.com, Stake.com


View Profile
May 27, 2013, 07:06:09 AM
 #10

Sorry to hear this, another unfortunate case of this. Doesn't seem like there is any way to recover your coins either unfortunately.  Sad


I'd suggest focusing on securing your next wallet as much as possible.

Stake.com Fastest growing crypto casino & sportsbook
Primedice.com The original bitcoin instant dice game
fandango
Newbie
*
Offline Offline

Activity: 7
Merit: 0



View Profile
May 27, 2013, 07:06:22 AM
 #11

You really gotta turn on the 2-factor security, otherwise it's just a matter of time before a password you use somewhere else is stolen and tested on MtGox for validity.  Sorry for your loss.
escrow.ms
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
May 27, 2013, 07:31:08 AM
 #12

You really gotta turn on the 2-factor security, otherwise it's just a matter of time before a password you use somewhere else is stolen and tested on MtGox for validity.  Sorry for your loss.

Well on mtgox there is no email based 2 factor security, they have a device based 2factor authentication and if you don't have any smartphone you can't use that.
number37
Sr. Member
****
Offline Offline

Activity: 658
Merit: 250



View Profile
May 27, 2013, 07:42:36 AM
 #13

this is too common happens at MtGox. My 2 friends accts hacked too. My account has no money, so doesn't really matter.

one of my friend is a computer security guru, he said it's a joke, he suspect that someone inside the MtGox did it. Anyway I will not use it. I'd prefer to pay more at ebay to buy bitcoins.
umairsaleem008
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile WWW
May 27, 2013, 08:02:00 AM
 #14

Are you installing alt coins wallet lately? Someone is reporting that yacoin and gldcoin has trojans on it.
bitchaos
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
May 27, 2013, 08:07:40 AM
 #15

I feel sorry for you for losing your coins, I've seen enough of this type of messages to urge me not to leave any funds on any exchange too long (more then one reason not to do that).
I am not an IT security expert but I do read security related blogs and news sites on a daily basis just out of interest.
From what i can see, it is mind blowing to see how many threats are out there, that are known and found by the good guys.
Now add to that your own estimation of the amount of threats that have not been detected and rest assured, the risk of getting infected is very real, even for security conscious ppl.
I urge everyone to think about how safe their funds are and what extra steps they could take to secure them some more, the risk is very real, you'll be sorry for not taking a few hours now that could have saved you a lot of money.....
Find out about some of the things you can do to secure your btc better, like paper wallets and two factor authentication, and play around with them with small amounts until you feel comfortbale using them.

Luciddd
Member
**
Offline Offline

Activity: 84
Merit: 10



View Profile
May 27, 2013, 08:10:37 AM
 #16

I would run some scans on your PC.. Malwarebytes is free and can help keep it clean.

Sandstorm
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
May 27, 2013, 08:18:22 AM
 #17

That sucks mate.

But yeah not much you can do now obviously.

Most people involved with BTC get scammed/hacked sooner or later....i'm just sad yours was 15BTC.....
mjc
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500


Available on Kindle


View Profile WWW
May 27, 2013, 08:33:15 AM
 #18

You really gotta turn on the 2-factor security, otherwise it's just a matter of time before a password you use somewhere else is stolen and tested on MtGox for validity.  Sorry for your loss.

Well on mtgox there is no email based 2 factor security, they have a device based 2factor authentication and if you don't have any smartphone you can't use that.


Yubikey works to.  $30 would have saved you 15 BTC.

Kindle : Bitcoin Step by Step (2nd Ed) : http://www.amazon.com/Bitcoin-Step-by-ebook/dp/B00A1CUQQU
Kindle : Bitcoin Mining Step by Step : http://www.amazon.com/Bitcoin-Step-by-ebook/dp/B00A1CUQQU
Facebook :  https://www.facebook.com/BitcoinStepByStep     Twitter : @BitcoinSbS
firstlast
Full Member
***
Offline Offline

Activity: 159
Merit: 100



View Profile
May 27, 2013, 08:37:52 AM
 #19

An ipod touch or ipad (WIFI off!) with Google Authenticator works, too. That's what I use to log in to mtgox.

And I use a different one time password for withdrawals and security center settings.

If they somehow break into my account, they can trade all they want but can't withdraw!
luffy
Hero Member
*****
Offline Offline

Activity: 607
Merit: 500



View Profile
May 27, 2013, 08:52:36 AM
 #20

2FA is a must for these kind of sites!
i hope MTGOX will implement the email authentication at least for BTC withdraws as BTC-e does Wink
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!