cupo (OP)
Newbie
 Offline
Activity: 44
Merit: 0
|
 |
June 01, 2013, 04:02:21 AM |
|
It's amazing that an account under 2FA in Mt.gox can be hacked. This guy found his money withdrawn on May 31, 2013. Someone changed his password and cancelled all 2FA in Security Center. He says he didn't use his mobile phone to get on Mt.gox. How did the hacker get his private key of 2FA?? I don't know whether there is someone experience the same.
It's so terrible which means the 2FA maybe not safe.
Link to this post:https://bitcointalk.org/index.php?topic=221098.0
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
YaCoinYeah
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 01, 2013, 04:05:16 AM |
|
Wish I could read gibberish in the original thread.
|
|
|
|
|
cupo (OP)
Newbie
Offline
Activity: 44
Merit: 0
|
|
June 01, 2013, 04:19:14 AM |
|
The point is whether it's possible to break 2FA protection and how?
|
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
June 01, 2013, 06:48:07 AM |
|
Stop spreading FUD, you already posted this in trading discussion. I've already explained it, but I'll explain it again possible compromises:
1) Physical compromise - someone got access to his phone, used it, or saved the 2FA secret so he can generate new 2FAs at any time
2) Malware on mobile phone
3) Special malware on computer - sends transaction when someone logs in and enters 2FA code.
You sure this is $7000 USD or 7000 yuan (which is $1110)
|
|
|
|
|
cupo (OP)
Newbie
Offline
Activity: 44
Merit: 0
|
|
June 01, 2013, 07:08:40 AM |
|
$7000+, USD definitely
|
|
|
|
|
sinx91
Newbie
Offline
Activity: 34
Merit: 0
|
|
June 01, 2013, 02:39:17 PM |
|
Happened to me to, but i was a idiot and thought a long and complex password were enough, but at this time i didnt know about the security problems at mtgox.
Now iam using google authenticator on everything on mtgox, withdrawal, security center etc., so my password cant be changed.
Also i dont let more then for some hours my money on mtgox.
I lost over 50 bitcoins.
If the "hacker" made a normal withdrawal you can cancel it if you tell it the support fast.
|
|
|
|
|
TheOrri
Member
Offline
Activity: 89
Merit: 10
|
|
June 02, 2013, 10:46:57 AM |
|
Couldn't read the comments other post, perhaps someone can give an update so we all may learn. In the case of a withdrawel MTGOX sends out an email confirming it. You still have some time to cancel it if you're fast.
Like mentioned before 2FA is very secure, but if someone has physical access to your phone or malware is installed you're still at risk. Personally, I use a cheap phone without any 3rd party software installed, solely for the purpose of google authenticator. Of course, nothing is 100% secure.
Still it would be nice if it's possible to get a sms alert from mtgox if a withdraw is made, just as an extra measure.
|
|
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
June 02, 2013, 11:06:07 AM |
|
As tradefortress told you, 2FA is safe as long as your pc,mobile etc are safe. I use mtgox without 2FA like a boss.. Why?? Because it's empty.  |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
June 03, 2013, 01:26:09 AM |
|
As long as your computer is not compromised, you don't even "need" 2FA. It's a good idea, just in case.
|
|
|
|
|
