Bitcoin Forum
December 07, 2016, 10:55:50 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4] 5 6 7 8 9 »  All
  Print  
Author Topic: MtGox account compromised  (Read 108223 times)
Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
February 01, 2011, 07:43:08 PM
 #61

Just to add another statement: I too am seeing the Payment Process united transaction, with exactly the same time, looks a lot more like a cron job to me. If the database were compromised as some people suggested there would not be any entry, they'd just sent the money off without being so polite as to inform the users where the money went. Same for the platform compromised discussion.

My best guess is that it was in fact a dictionary attack. Could the affected people please share the strength of their password using http://www.passwordmeter.com/ to not publish real passwords on the Forum?

My account doesn't seem to be compromised since it still shows me my dollar balance like I left it a few weeks ago.

Still waiting for an official statement by MtGox Cheesy

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
1481108150
Hero Member
*
Offline Offline

Posts: 1481108150

View Profile Personal Message (Offline)

Ignore
1481108150
Reply with quote  #2

1481108150
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
February 01, 2011, 07:48:41 PM
 #62

My account is one that was compromised. My password is randomly generated and strength is 100% according to that site.

My password is above and beyond safer than necessary. A dictionary attack is very unlikely.

Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
February 01, 2011, 07:51:28 PM
 #63

My account is one that was compromised. My password is randomly generated and strength is 100% according to that site.

My password is above and beyond safer than necessary. A dictionary attack is very unlikely.
Next best guess: sniffing traffic. Are you using the HTTP or the HTTPS URL to log in?

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
cryptofo
Newbie
*
Offline Offline

Activity: 28


View Profile
February 01, 2011, 07:54:09 PM
 #64

Thank you vladimer for your support and kind words from all.  These are the emails to mtgox.

Jeb,
I've contacted Liberty Reserve abuse and recieved their standard shpeal.  I'm really
upset, I've been collecting these bitcoins for over a year.  I think this is unfortunate
because MTGOX is one of the primary sources for liquidity and market price, but this type
of insecurity is a vulnerability to the bitcoin community.  This was not caused by
complete neglegence on my part.  My computer was not compromised.  My username and
password are specific to this site.  This is a specific attack that was directed at
mtgox.  My password may have been weak ( 8 characters, numbers and letters), but it was a
vulnerability on your end that allowed someone to use a dictionary attack.  It is
important to know that mtgox is willing to make their best efforts to reconcile a
compromise of this nature.  If there is anyway you can replace some if not all of the
900+ bitcoins that were stolen from me, I think it would stand as a gesture of support
from mtgox and instill some faith in mtgox from the bitcoin community.


Quoting Jed McCaleb <admin@mtgox.com>:

[Hide Quoted Text]
I'm not sure how they got your username. From the bitcoin forum maybe?
Are you going to make a statement on the bitcoin forum with some  information?
I'm not sure what I would say there. I made the attack impossible now and I don't think anyone else's account was compromised.
Are you going to contact Liberty Reserve?
I can but you should also. The more people complaining about that account the better.



On Mon, Jan 31, 2011 at 6:19 PM,  <XXXXXXXXXXXXX> wrote:
I understand this is somewhat out of your control and I should not have had
a password that started with a, but how did they know my username?  Are you
going to make a statement on the bitcoin forum with some information?  Are
you going to contact Liberty Reserve?

Quoting Jed McCaleb <admin@mtgox.com>:
I checked that IP and that was from the person running the attack. So
he must have guessed your password. I'm sorry...
How do you know someone was running a dictionary attack?
I saw the repeated login attempts. But I changed the login page so
they can't do it now.

Liberty Reserve has a contact form on their site.



On Mon, Jan 31, 2011 at 5:14 PM,  <XXXXXXXXXXXX> wrote:

How do you know someone was running a dictionary attack?  On your end?
 Do
you know how I can get in touch with liberty reserve?

Quoting Jed McCaleb <admin@mtgox.com>:
This will tell you:
http://www.ip2location.com/demo.aspx

Well someone was running a dictionary attack so if your password was
simple he may have gotten it.
You could try writing Liberty Reserve and see if they can help since
they have the money now.
Sorry,
Jed.

On Mon, Jan 31, 2011 at 5:06 PM,  <XXXXXXXXXXXX> wrote:

Anything's possible, this seems like a rather specific attack.  I can't
believe this.  Can you tell where these Ip addresses are?

Quoting Jed McCaleb <admin@mtgox.com>:
Could someone have got your password somehow?

XXX.XXX.64.10
77.222.42.204
XXX.XXX.64.10
XXX.XXX.56.44

These are the IPs that have logged into your account
Jed.

On Mon, Jan 31, 2011 at 4:54 PM,  <XXXXXXXXX> wrote:

Someone hacked my account and did this.

Quoting Jed McCaleb <admin@mtgox.com>:
Looks like you sold them and sent them to Liberty reserve account:
U0764959

On Mon, Jan 31, 2011 at 4:45 PM,  <###########> wrote:

XXXXXXX

Quoting Jed McCaleb <admin@mtgox.com>:
What is your username?

On Mon, Jan 31, 2011 at 4:22 PM,  <##########> wrote:

I just logged into mtgox and all my bitcoins are gone.  I'm
freaking
out.
 What happened, please respond.
DarkMatter
Member
**
Offline Offline

Activity: 86


Stop breeding! Save the Earth! www.vhemt.org


View Profile WWW
February 01, 2011, 07:55:06 PM
 #65

My account is one that was compromised. My password is randomly generated and strength is 100% according to that site.

My password is above and beyond safer than necessary. A dictionary attack is very unlikely.
Next best guess: sniffing traffic. Are you using the HTTP or the HTTPS URL to log in?

You are automatically redirected to https, just checked.

Feed The Troll!! | 1JKdTyUjxo5VJoaQKjp4oUnXqdSSErC1mp
rebuilder
Legendary
*
Offline Offline

Activity: 1618



View Profile
February 01, 2011, 07:56:16 PM
 #66

Whoa, whoa, whoa. Are we sure those odd "united" transactions on the 24th have anything to do with the unauthorized access? I have that too, as pretty much everyone seems to, but haven't lost any BTC or USD. Cryptofo, on the other hand, did have funds stolen, and that happened on the 28th, 4 days later. Everyone who's saying their accounts were compromised, did you lose something or are you referring to the odd transaction on the 24th. I'd like to hear what mtgox has to say on the events on the 24th before concluding those are related to any kind of foul play at all. For all we know it was some kind of cleanup operation related to the rounding errors reported before. I know I had a negative balance on mtgox at some point due to those.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
February 01, 2011, 08:00:27 PM
 #67

I'm only referring to the Jan 24th incident personally. Sorry for the confusion. And yes, I always use HTTPS as you are redirected automatically.

kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 01, 2011, 08:04:48 PM
 #68

I'm only referring to the Jan 24th incident personally. Sorry for the confusion. And yes, I always use HTTPS as you are redirected automatically.

They are merely fishing for names.

fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
February 01, 2011, 08:06:09 PM
 #69

I have a 7 random(Generated) + a salt of at least 5 chars and I still see an odd transaction. The good thing is that I didn't had any funds at that time. So, anything official about what happened yet?

Cdecker
Hero Member
*****
Offline Offline

Activity: 487



View Profile WWW
February 01, 2011, 08:07:38 PM
 #70

So until now we have 1 confirmed compromised account (cryptofo) and several other reporting some strange transaction 4 days earlier.

IMHO that transaction has nothing to do with the attack at all. Could cryptofo please check the strength of the used password?

Just trying to keep panic down and get the matter resolved Cheesy

Want to see what developers are chatting about? http://bitcoinstats.com/irc/bitcoin-dev/logs/
Bitcoin-OTC Rating
fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
February 01, 2011, 08:13:37 PM
 #71

Dunno, maybe you can get a sell on short while you have chance. Tongue

As of the 24th incident it could show that there was indeed a compromise or MtGox checking something.

mtgox
Full Member
***
Offline Offline

Activity: 185


View Profile WWW
February 01, 2011, 08:20:55 PM
 #72

Almost everyone had transactions from "united". It does NOT mean that your account was compromised. It does mean that the attacker has your username. It was just them using the merchant API to send you 0 BTC.

There were only two accounts that had money stolen from them as far as I can tell.

It was a dictionary attack since I saw it happening.

I plugged the vulnerability that allowed them to run the attack so your weak passwords will be safe again.

I'm still working out with cryptofo if/how to reimburse him.

Ideally Liberty Reserve would help us since they can easily fix the issue. But they don't seem to be cooperating. Anyone have ideas there?

DarkMatter
Member
**
Offline Offline

Activity: 86


Stop breeding! Save the Earth! www.vhemt.org


View Profile WWW
February 01, 2011, 08:24:41 PM
 #73

Almost everyone had transactions from "united". It does NOT mean that your account was compromised. It does mean that the attacker has your username. It was just them using the merchant API to send you 0 BTC.

There were only two accounts that had money stolen from them as far as I can tell.

It was a dictionary attack since I saw it happening.

I plugged the vulnerability that allowed them to run the attack so your weak passwords will be safe again.

I'm still working out with cryptofo if/how to reimburse him.

Ideally Liberty Reserve would help us since they can easily fix the issue. But they don't seem to be cooperating. Anyone have ideas there?


Finally, your answer is much appreciated.
Guess you both share the responsibility for the story, vulnerability+weakpassword= 50:50

Feed The Troll!! | 1JKdTyUjxo5VJoaQKjp4oUnXqdSSErC1mp
Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
February 01, 2011, 08:46:40 PM
 #74

Sorry for the ones that lost coins.

But weak passwords on a site that has ANYTHING to do with finances?

http://lastpass.com/
http://keepass.info/
http://strongpasswordgenerator.com/
http://www.passwordchart.com/


They all work great, depending on what you need.

fabianhjr
Sr. Member
****
Offline Offline

Activity: 322


Do The Evolution


View Profile
February 01, 2011, 08:55:53 PM
 #75

So, has anyone identified the attacker? I had been checking the IP with no luck.

nanotube
Hero Member
*****
Offline Offline

Activity: 485


View Profile WWW
February 01, 2011, 08:58:54 PM
 #76

Almost everyone had transactions from "united". It does NOT mean that your account was compromised. It does mean that the attacker has your username. It was just them using the merchant API to send you 0 BTC.

There were only two accounts that had money stolen from them as far as I can tell.

It was a dictionary attack since I saw it happening.

I plugged the vulnerability that allowed them to run the attack so your weak passwords will be safe again.

I'm still working out with cryptofo if/how to reimburse him.

Ideally Liberty Reserve would help us since they can easily fix the issue. But they don't seem to be cooperating. Anyone have ideas there?


libertyreserve doesn't ever reverse transactions. they're trying to be a 'hard currency'. so you're pretty much SOL there.

Join #bitcoin-market on freenode for real-time market updates.
Join #bitcoin-otc - an over-the-counter trading market. http://bitcoin-otc.com
OTC web of trust: http://bitcoin-otc.com/trust.php
My trust rating: http://bitcoin-otc.com/viewratingdetail.php?nick=nanotube
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 01, 2011, 09:02:06 PM
 #77


libertyreserve doesn't ever reverse transactions. they're trying to be a 'hard currency'. so you're pretty much SOL there.

Don't forget what paypal did to mtgox and to the bitcoin economy. Hard currency are a better alternative.

kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
February 01, 2011, 09:04:00 PM
 #78

So, has anyone identified the attacker? I had been checking the IP with no luck.

What we're going to do? Call the police?

cryptofo
Newbie
*
Offline Offline

Activity: 28


View Profile
February 01, 2011, 09:10:23 PM
 #79

I don't know, but they're in st. petersberg Russia.  I'm boycotting Vodka!!
DarkMatter
Member
**
Offline Offline

Activity: 86


Stop breeding! Save the Earth! www.vhemt.org


View Profile WWW
February 01, 2011, 09:13:00 PM
 #80

I don't know, but they're in st. petersberg Russia.  I'm boycotting Vodka!!

Yep, that ip address is shared by some russian websites.
http://bgp.he.net/net/77.222.40.0/22
spaceweb.ru, russian web space provider.

Feed The Troll!! | 1JKdTyUjxo5VJoaQKjp4oUnXqdSSErC1mp
Pages: « 1 2 3 [4] 5 6 7 8 9 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!