One day a could not logg on my account on MtGox with sam username and password .
I contacted support and get this email :
Hello,
We sincerely regret for the inconvenience.
As per your account records, can see that your Mt-GoX password and mail address has been changed now.
Someone got an access to your Mt.Gox account and made a withdraw of 4.90400000 BTC.
How someone get your login and password ?
- Change your mailbox password
- Protect your mailbox and mtgox account with OTP
- Scan your computer with an antivirus
- Victim of physhing ?
Please file a police report and have them contact us, and we will gladly provide any documentation for the investigation. We apologize for any inconvenience caused.
Get back to us for further assistance.
Best regards,
Mt.Gox Team
Afther that i mailed them again :
Dear Marion ,
I did not log on account , and didn't do any withdraw in any time , i
have just few paying to MtGox , 4 times ...
Is there any posibility to back 4.9 btc , or to trace , contact that
person , block that person or something like that ?
Best regards
Vlada
and answer :
Hello,
Mt.Gox cannot do anything to get back the money. The money was withdrawn to a wallet external to Mt.Gox.
Only the police is able to launch an investigation and do something outside of Mt.Gox property.
Of course, Mt.Gox cooperate with police investigations.
Your account is compromised since the 14th June 2013. Your account was locked the 16th June for abnormal activity.
You did not get mail, because the robber change your mail, then your password.
He had an access to your login and password, he never made a mistake...
Fri Jun 14 2013
3:53:38 AM GMT+09:00Password has been changed
3:53:38 AM GMT+09:00Email changed from
vlada@xxxxxxxxxxxx.net to
makesha@mail.com3:53:37 AM GMT+09:00Password verified successfully
3:49:37 AM GMT+09:00Password verified successfully
Apologies, we cannot give you back this account, we can propose you to create a new account on Mtgox and we will move the remaining balance on the new account.
What do you think of this proposal ?
Please, in order to strongly protect your account, use an OTP.
Best regards,
Mt.Gox Team
After that i start to investigate about mail account that i have . Mail server is in Belgrade , on my luck , and my friend is hosting server .
He send me all logs to mail account ( that i used for registration on MtGox ) and there is no logs of third person on my mail account for all this month :
maillog.processed.10.gz:Jun 10 03:38:05 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:03 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:11 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:49:15 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.2.gz:Jun 18 02:39:30 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:40:16 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:41:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:46:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:56:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:23 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:07:01 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:16:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:23:41 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:26:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:27:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:32:59 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.2.gz:Jun 18 03:33:13 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.8.gz:Jun 11 18:50:55 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.8.gz:Jun 11 18:51:17 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.9.gz:Jun 10 21:06:56 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:07:31 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:16:55 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:27:35 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:37:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:47:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:57:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:18:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:28:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:38:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:48:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:58:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:08:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:28:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
You wil see by the date , that there is not any conenction to my mail account on 13.6 and 14.6 , they sad that is time when pass and mail changed ...
Also you know , that on mail changing , you HAVE TO GET mail on old mail IN ANY CASE !
You know also that when you change mail on MtGox , you can not withdraw anything next 24 hours !!!
After my question to MtGox :
Dear Marion ,
You just said : robber change your mail, then your password.
Than this :
3:49:37 AM GMT+09:00Password verified successfully
3:53:37 AM GMT+09:00Password verified successfully
3:53:38 AM GMT+09:00Email changed from
vlada@xxxxxxxxxxx.net to
makesha@mail.com3:53:38 AM GMT+09:00Password has been changed
All this in two seconds ?
If you change mail to new one , automaticly mail has to be sent to old mail ?
Then , how he can do withdraw ? that is impossible 24 h after making change of email ?
Also i have list of connection to this mail , there is no any connection that is not familiar to me , no strange conections any time , or from other place than Belgrade . Serbia .
Can you please give me all information about withdraw , or ip , so i can present to police in my country ?
best regards ,
Vlada
Afher this THEY DO NOT answer ,
So my conclusion is that MtGox ( or someone who works there ) STOLE MY 5 BTC that i have earning 5 months !!!
Please share this to all people you know mining and using MtGox
