mtgox account compromised...anyone else?

[Dropkickdragout]

so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own.  they cleaned me out.  they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me.  was wondering if anyone else had been compromised today?

[Franktank]

Did you use 2FA?

[Dropkickdragout]

not even sure what 2fa is, im guessing you mean an authenticator of some sort.  i did not have one in place because my phone does not support the google authenticator and i dont have a yubikey.

[Dropkickdragout]

is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.

[Dropkickdragout]

You're kidding?  Call the police?  Yea because that's going to do so much good vs a Chinese hacker.  If that's really their solution then I'm done with them.

[Hawkix]

is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.

Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.

My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.

LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.

The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.

Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.

[Dropkickdragout]

Yea, the funds were sent to what i assume is an offsite address, possibly belonging to another exchange, no way for me to know, its just a devastating loss for me.  Guess i should have known better than to leave usd on my account without a yubikey.

But im not accepting all the blame here.  Maybe if Mt. Gox had some sort of ip address lock this wouldn't have happened.  because after all, like i said i am a US customer and the hacker's ip was chinese....this should have instantly raised a red flag to some system somewhere, but Mt. Gox in it's infinite wisdom apparently has no such system.  Now i suppose i just have to wait for the classic "call the authorities and report this and we will cooperate with them.  which clearly im not going to do because it wont accomplish anything.

[Stephen Gornick]

not even sure what 2fa is, im guessing you mean an authenticator of some sort.  i did not have one in place because my phone does not support the google authenticator and i dont have a yubikey.

How to use 2-factor auth on mtgox, even without a smartphone
 - http://bitcointalk.org/index.php?topic=111943.0


This type of loss happens a lot:

MtGox account got cleared out
 - http://bitcointalk.org/index.php?topic=85533.0

All BTC disappeared from my Mt. Gox account
 - http://bitcointalk.org/index.php?topic=88368.0

Another:
 - http://bitcointalk.org/index.php?topic=80562.msg941759#msg941759

And another: My mtgox account got compromised, what can I do?
 - http://bitcointalk.org/index.php?topic=84585.0

Yet more: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.
 - http://bitcointalk.org/index.php?topic=89142.0

And more again: Bitcoins stolen from MtGox
 - http://www.reddit.com/r/Bitcoin/comments/x8lcv/bitcoins_stolen_from_mtgox

And yet more: Stolen from Mt.Gox coins. Help return the coins.
 - http://bitcointalk.org/index.php?topic=119816.0

Or more here: Email from Mt.Gox this morning.
 - http://www.reddit.com/r/Bitcoin/comments/z0na5/email_from_mtgox_this_morning

And even more here: I just had $715 stolen out of my Mt. Gox account.
 - http://www.reddit.com/r/Bitcoin/comments/12j9gi/i_just_had_715_stolen_out_of_my_mt_gox_account

And the biggie: Bitcoinica MtGox account compromised
 - http://bitcointalk.org/index.php?topic=93074.0

With more here: Unauthorized Account Activity on my Mt.Gox Account - Account Compromised/Hacked?
 - http://bitcointalk.org/index.php?topic=94140.0

And even more: *MY* Mt Gox Account was Hacked - lost it all today... now what!?
 - http://bitcointalk.org/index.php?topic=137795.0

Ditto: My MtGox account was just exploited - 3 BTC stolen
 - http://bitcointalk.org/index.php?topic=141816.0

Ditto on the ditto: Just lost 190 bitcoins through Mt. Gox
 - http://bitcointalk.org/index.php?topic=141831.0

And other ones get added to the list: Unauthorized withdrawal on Mt. Gox
 - http://bitcointalk.org/index.php?topic=147070.0

And then here: How I got robbed of 34 btc on Mt.Gox today
 - http://bitcointalk.org/index.php?topic=173227.0

And recently this: My MTGOX account was hacked!
 - http://bitcointalk.org/index.php?topic=186422.0

And now yours: mtgox account compromised...anyone else?
 - http://bitcointalk.org/index.php?topic=229300.0

And another fairly recent one: My funds and BTC have just disappeared from my Gox account!
 - http://bitcointalk.org/index.php?topic=174556

And on other services as well. Here same thing happened to some GLBSE users:
 - http://bitcointalk.org/index.php?topic=84893.0

And elsewhere, BitMarket.eu in this instance:
 - http://bitcointalk.org/index.php?topic=5441.msg1259168#msg1259168

And on bitcoin.de as well: Bitcoins stolen from bitcoin.de.
 - http://bitcointalk.org/index.php?topic=130264.0


In none of these was the person using multi-factor authentication. Mt. Gox has had Yubikey support for a while. Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

If the exchange you are storing funds with doesn't provide OTP, consider using a different exchange:
 - http://bitcoin.stackexchange.com/questions/4113/which-two-factor-authentication-methods-are-available-at-which-exchanges

If you are storing funds in an EWallet, consider using a paper wallet.

Again, here is a fantastic guide: How to use 2-factor auth on mtgox, even without a smartphone (from a second device, of course, not from the same computer you log in on).
 - http://bitcointalk.org/index.php?topic=111943.0

[zhcy123]

so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own.  they cleaned me out.  they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me.  was wondering if anyone else had been compromised today?

me too $7700

[zhcy123]

so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own.  they cleaned me out.  they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me.  was wondering if anyone else had been compromised today?

I suspect their internal operations, because I have 2FA,And MTGOX very many stolen

[zhcy123]

so today i got an email written in japanese from mtgox, after running it through a translator i realized someone had accessed my mtgox account from an IP address clearly not my own.  they cleaned me out.  they walked with $700+ USD which i know isnt a lot for some of you but its a whole hell of a lot for me.  was wondering if anyone else had been compromised today?

I suspect their internal operations, because I have 2FA,And MTGOX very many stolen

You are not the first with 2fa to be ,,hacked,,

I also suspect their internal ops doing it, or them being hacked.

The same time also someone stolen $10000 but he didn't 2FA, my 2FA is cancelled,

In my reply
https://bitcointalk.org/index.php?topic=221098.80

[Branzig]

is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.

Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.

My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.

LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.

The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.

Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.

My 4BTC didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take my BTC out because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.

-Branzig
 

[zhcy123]

is there any chance they will actually do something about it? the ip from which the transaction originated was based in china...im based in usa....i dont know how they didnt flag it as suspicious.

Sorry to hear that. If the funds leaved MtGox (through BTC withdrawal, I guess), there is probably no way MtGox or police could help you.

My account was target of similar attack about 2 weeks ago. The attacker (originating from China based IP) requested password recovery on my MtGox account, hijacked my e-mail account, so that message about this did not get into my mailbox and he could change my password without me noticing that.

LUCKILY for me, I tried to login several hours later after this attack. And I could not. I alarmed MtGox support and they helped me to resolve the situation, and in fact, save my funds. MtGox freezes withdrawals for 24 hours after e-mail and/or password change.

The problem was my e-mail account, which was leaked during mid 2011 MtGox database hack. This e-mail account had weak password (at least to nowadays standards), so it may become known to some hacker group. I was not realizing the security implications of using insecure e-mail address.

Of course, first thing I did, after securing my e-mail again, was to activate Google Authenticator on MtGox account. Now I can, hopefully, sleep better again.

My 4BTC didn't make the 60 minutes it was to available in my wallet, I have been having a hard time getting verified, I found them on the blockchain, and in the notes left side still says. unclaimed, and on the right side it has references to Verify, So, I am assuming they would not allow me to take my BTC out because I am still waitingg verification, it is still the weekend (JST) time, so I have to assume that they have frozen the transaction, it was easy to track down and it was obviously them because I have pretty much no activity on my personal wallet and I have been using the Google Authenticator, But, I figured I had better mention something, plus look at all of the volume, I was watching it climb as the US markets opened and it is still high, as soon as it starts to drop the price will for sure rise, it can't sustain that activity for good, and if it does then 100.00 will be the solid price? I hope I helped somebody even if I am still lost.

-Branzig
 

 

[DoomDumas]

I dont understand whay so many user are still using MtGox.. the volume is one point, but not enought interesting IMO.  I do trade on other smaller exchange, and I'm quite happy.  Let the bot trade between themselve and get out of this ASAP !

[Branzig]

       I thought my Mt. Gox account was comprimised, it wasn't, I traced it back to a "Hero" member her on Bitcoin Forum, I still have not heard a word back from this Forum admin regarding the theft. I just received a free Yubikey coupon from Mt. Gox, even though it wasn't their fault.

       The member who stole my BTC is still here and getting more and more BTC everyday, and even posts here that nobody will help anyone who gets their bitcoin taken in the USA, My BTC is in Germany now. Like I said Bitcoin Forum admin are ignoring me, as is bitcoinwallet.in. I am not going to mention who it is that has taken it, as I am pretty sure it is a group of people, dealing in the XRP (Ripple) Forum. Get free XRP, people want to 'buy' your XRP with BTC, then they get access to your account and empty out your wallet. I have reported this to the proper people and it is up to them if they want to allow crypto to continue to allow criminals to plunder at will, as for me, I am through with crypto currency due to this. Life is too short to constantly worry about getting ripped off, and that how it will be as long as there is no recourse for being the victim of crime. If anyone can help me get my BTC back, I would appreciate it. my email is gbrandyngarcia@gmail.com , if you can return my 4.02 BTC, please deposit into my Mt. Gox Account: M87178081X
 Here is the Bitcoin Wallet address from where it was stolen, 1Vkaz6jgQkbLuGT72ewkwhYkf5nsmcSMJ it is not hard to find figure out, 4.02 deposit, 4.02 sent(Not by me)

https://blockchain.info/tx/489ec924a4162259a940946f4fa1001abe77f7f5430e38bb500d1c358654605d

I am a nice person, and nice people finish last, time is on my side and I know I will finish.

-Branzig

[danympp81]

my account has been compromissed and after 12h nobody from mtgox got in contact with me, it seems that the address kept the BTC for a while so maybe there was something to do but they are to lazy and i am not that important.

i didn´t have the 2FA because i don´t have android mobile but that doesn´t mean that mtgox should clean their hand and do nothing. they should have some responsabilties. other exchanges request you to click a link on the email they send to confirm the transaction. if it was like that i wouldn´t been hack because my email hasn´t beeen compromissed.

i know one that will not use mtgox again and will try to do my best to expando my experience around the forums so people is aware about mtgox