MtGox not stole my Bitcoins ! - 2nd part

[vlada.bgw]

One day a could not logg on my account on MtGox with sam username and password .

I contacted support and get this email :

Hello,
We sincerely regret for the inconvenience.
As per your account records, can see that your Mt-GoX password and mail address has been changed now.
Someone got an access to your Mt.Gox account and made a withdraw of 4.90400000 BTC.
How someone get your login and password ?
- Change your mailbox password
- Protect your mailbox and mtgox account with OTP
- Scan your computer with an antivirus
- Victim of physhing ?
Please file a police report and have them contact us, and we will gladly provide any documentation for the investigation. We apologize for any inconvenience caused.
Get back to us for further assistance.
Best regards,
Mt.Gox Team

Afther that i mailed them again :


Dear Marion ,
I did not log on account , and didn't do any withdraw in any time , i
have just few paying to MtGox , 4 times ...
Is there any posibility to back 4.9 btc , or to trace , contact that
person , block that person or something like that ?
Best regards

Vlada


and answer :

Hello,

Mt.Gox cannot do anything to get back the money. The money was withdrawn to a wallet external to Mt.Gox.
Only the police is able to launch an investigation and do something outside of Mt.Gox property.
Of course, Mt.Gox cooperate with police investigations.

Your account is compromised since the 14th June 2013. Your account was locked the 16th June for abnormal activity.
You did not get mail, because the robber change your mail, then your password.
He had an access to your login and password, he never made a mistake...
Fri Jun 14 2013
3:53:38 AM GMT+09:00Password has been changed
3:53:38 AM GMT+09:00Email changed from vlada@xxxxxxxxxxxx.net to makesha@mail.com
3:53:37 AM GMT+09:00Password verified successfully
3:49:37 AM GMT+09:00Password verified successfully
Apologies, we cannot give you back this account, we can propose you to create a new account on Mtgox and we will move the remaining balance on the new account.
What do you think of this proposal ?
Please, in order to strongly protect your account, use an OTP.
Best regards,

Mt.Gox Team


After that i start to investigate about mail account that i have . Mail server is in Belgrade , on my luck , and my friend is hosting server .

He send me all logs to mail account ( that i used for registration on MtGox ) and there is no logs of third person on my mail account for all this month  :


maillog.processed.10.gz:Jun 10 03:38:05 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:03 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:48:11 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.10.gz:Jun 10 03:49:15 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.122]
maillog.processed.2.gz:Jun 18 02:39:30 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:40:16 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:41:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:46:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 02:56:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:23 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:06:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:07:01 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:16:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:23:41 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:26:29 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:27:33 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.2.gz:Jun 18 03:32:59 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.2.gz:Jun 18 03:33:13 s2 pop3d: IMAP connect from @ [::ffff:24.135.200.127]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:24.135.200.127]
maillog.processed.8.gz:Jun 11 18:50:55 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.8.gz:Jun 11 18:51:17 s2 pop3d: IMAP connect from @ [::ffff:178.250.142.131]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.250.142.311]
maillog.processed.9.gz:Jun 10 21:06:56 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:07:31 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 21:16:55 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:27:35 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:37:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:47:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 22:57:34 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:18:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:28:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:38:04 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:48:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 10 23:58:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:08:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 00:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:28:13 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:48:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 01:58:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:08:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:18:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:28:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]
maillog.processed.9.gz:Jun 11 02:38:12 s2 pop3d: IMAP connect from @ [::ffff:178.148.140.30]INFO: LOGIN, user=vlada@xxxxxxxxxxx.net, ip=[::ffff:178.148.140.36]

You wil see by the date , that there is not any conenction to my mail account on 13.6 and 14.6  , they sad that is time when pass and mail changed ...

Also you know , that on mail changing , you HAVE TO GET mail on old mail IN ANY CASE !

You know also that when you change mail on MtGox , you can not withdraw anything next 24 hours !!!





After my question to MtGox  :

Dear Marion ,

You just said  : robber change your mail, then your password.

Than this :

3:49:37 AM GMT+09:00Password verified successfully
3:53:37 AM GMT+09:00Password verified successfully
3:53:38 AM GMT+09:00Email changed from vlada@xxxxxxxxxxx.net to makesha@mail.com
3:53:38 AM GMT+09:00Password has been changed

All this in two seconds ?

If you change mail to new one , automaticly mail has to be sent to old mail ?

Then , how he can do withdraw ? that is impossible 24 h after making change of email ?

Also i have list of connection to this mail , there is no any connection that is not familiar to me , no strange conections any time , or from other place than Belgrade . Serbia .

Can you please give me all information about withdraw , or ip , so i can present to police  in my country  ?
best regards ,

Vlada



Afher this THEY DO NOT answer ,

So my conclusion is that MtGox  ( or someone who works there ) STOLE MY 5 BTC   that i have earning 5 months !!!

Please share this to all people you know mining and using MtGox




 

[greyhawk]

and my friend is hosting server

and there you have it.

[Fear]

Stole*

[RodeoX]

First off, sorry to hear this.  

However, It does not make sense that a multi-million dollar business risked it all to steal your 5 BTC. It looks like your account was hacked. I am going to guess that you are not using two factor authentication. Without that in place stealing your btc is as easy as breaking into a facebook account.

[Fear]

First off, sorry to hear this.  

However, It does not make sense that a multi-million dollar business risked it all to steal your 5 BTC. It looks like your account was hacked. I am going to guess that you are not using two factor authentication. Without that in place stealing your btc is as easy as breaking into a facebook account.

+1

[Jakewell]

Never store bitcoins in exchange wallets.. exchanges are for what they are only, to exchange currencies. not to store them

[Zanatos666]

Coins are stolen all the time from Gox.  If your password was phished, or if someone got access to Gox (again) and did a mass withdrawal of a bunch of accounts.  Happened to me about this time last year actually, 12 coins gone just like that.  No way of getting them back either.  I used to still use Gox until they shut down Dwolla transfers.  But, I did get a YubiKey for 2-factor authentication so my account wouldnt be compromised again, but I echo the sayings of others here, dont store your coins on an exchange, use a local wallet, or something like a blockchain.info wallet and use 2-factor security.

[WuLabsWuTecH]

Sorry about your luck, but I'm really, really certain tat mtgox didn't steal your 5btc.  Most likely your account was hacked as they tried to explain to you.  There is nothing they can do about this.

[vlada.bgw]

Coins are stolen all the time from Gox.  If your password was phished, or if someone got access to Gox (again) and did a mass withdrawal of a bunch of accounts.

If somebody do that , do you get a least one mail ?  I did not get any

[LiLeilei]

You are out of luck. And the police can't do jack for ya.

[pro]

ask your friend/email-hoster 

[vlada.bgw]

ask your friend/email-hoster 

No way that hapened !

[legitnick]

Sorry to hear that this happend,

as much as I dislike mtgox I doubt they ripped you off, although its possible. Ussually million dollar companies dont get into selective scamming, just to big of a risk.

[relixx]

i'm a newbie here.
sorry for what happened.

[legitnick]

Unfortunately there really isnt any 100% trustworthy Bitcoin exchanges right now.

[Oldsport]

Stole*. The past tense of steal is stole.

[Red_Wolf_2]

I also run a mail server similar to that setup (I've seen those sorts of logs before)... By default user emails are NOT encrypted on disk, anyone who compromised the server could lift details/info directly from it without accessing IMAP or POP3. So long as they got filesystem access to /var/spool/mail they could see anything that came in easily.

I modified my mailserver config a bit when I realised that was a potential issue... Might want to get your friend to review their server security just to be sure.

[vlada.bgw]

Stole stole stole  ... edited .. My bad english ...

Hmmm i tried few tricky thing ...

Make new account - get confirmation on mail 1
password reset - get confirmation on mail 1

then , when logged in change email to email 2 - no confirmation on any mail  !!!
change password - also no confirmation on mail 1 or mail 2

Just this : '"Warning: As a security measure, you will be unable to make any
withdrawals for 24 hours after changing your email address or
password. "

That means , that they not even sent mail , when mail changed ??  O_o    I can't beleive that this is true ...  I have to do one more time to be shure ...

[bsuperior2]

Sorry to hear that man

[notalawyer]

I don't know how I feel about this, it is interesting nonetheless