Bitcoin Forum
November 10, 2024, 07:23:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
Author Topic: MtGox account compromised  (Read 110455 times)
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
March 06, 2011, 09:39:25 PM
 #161

I generate passwords with:

Code:
dd bs=32 count=1 if=/dev/random | sha256sum

Cheesy

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
randomguy7
Hero Member
*****
Offline Offline

Activity: 527
Merit: 500


View Profile
March 06, 2011, 10:23:53 PM
 #162

I prefer pwgen -s 60 (less to type) Smiley
we6jbo
Newbie
*
Offline Offline

Activity: 42
Merit: 0



View Profile
March 07, 2011, 12:28:34 AM
 #163

This thread was quite an interesting read. One thing that seems to have become unnoticed is Liberty Reserve's part in the stolen Bitcoins. I think that in the case of large transactions like the ones that happened in this thread there really needs to be an obligation to check whether the Bitcoins are stolen or not. MtGox took the right approach to trace how the funds were stolen and where they went. In fact I think that if Liberty Reserve was not so quick to trade the Bitcoins into cash then there would have been a larger chance to catch the thief with the Bitcoins.

I think in the end all avenues need to be checked and not simply the ones that deal with password security or server security. Simply sweeping this problem under the rug isn't going to solve anything and when problems like these do happen they need to be documented in their fullest. This is the second time I've read a thread where a lot of money was stolen and I can only imagine this problem escalating as Bitcoin becomes more known to the general people and especially to those that do not take security seriously.
carp
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
March 07, 2011, 02:48:06 PM
 #164

I generate passwords with:

Code:
dd bs=32 count=1 if=/dev/random | sha256sum

Cheesy

I started using mnemonics for passwords years ago. Take some phrase from a song, movie, or anything you like.... then make a string out of it. Something like "I started using mnemonics years ago"

Can become a string like:
I<um4PYA

Reduces the time it takes before I can type them from memory, and makes it much easier to recall them later, sometimes even years later.
error
Hero Member
*****
Offline Offline

Activity: 588
Merit: 500



View Profile
March 07, 2011, 05:19:23 PM
 #165

Ah, but all of the password I generate are stored on my encrypted drive, and the drive password is, well, longer than my screen. That one I remember completely. Cheesy

3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
bitcoincop
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 22, 2011, 04:06:19 AM
 #166

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses. Someone would make an entry into such a database and provide contact information or other community based details, perhaps sign them with a key that they use as a part of transactions on bitcoin-otc/IRC.  Then, when someone else who cares and receives a payment with these bitcoins from someone else, they can contact the original person to get details and perhaps deny the sender the goods/services they're trying to purchase with the stolen bitcoins.

Yes, it would take an outside database, and yes it would take a strong community with reputation and social trust, but it could be helpful.

One example of such a database for Laptops/computers is: http://www.stolencomputers.org/home.html

Access to a database for bitcoins would come as a plugin or add on for a user to install on their bitcoin server.

mndrix
Michael Hendricks
VIP
Sr. Member
*
Offline Offline

Activity: 447
Merit: 258


View Profile
March 22, 2011, 06:25:53 PM
 #167

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses.

It's nearly impossible to mark certain Bitcoins as stolen or dirty because they can be so easily laundered.  For example, send the stolen coins to an account at MyBitcoin.com, withdraw the coins to a new Bitcoin address.  The withdrawn coins are completely clean and other MyBitcoin.com users end up with the "dirty" coins.
carp
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
March 22, 2011, 08:22:49 PM
 #168

So this all makes me wonder if there is a way to create a central database about fraudulent transactions, and associated addresses.

It's nearly impossible to mark certain Bitcoins as stolen or dirty because they can be so easily laundered.  For example, send the stolen coins to an account at MyBitcoin.com, withdraw the coins to a new Bitcoin address.  The withdrawn coins are completely clean and other MyBitcoin.com users end up with the "dirty" coins.

Though, realize if "bitcoincop" is a real "cop" then he may be thinking that is easy. Once you find one of those users, you question him, and when he tells you that he uses mybitcoin, then you go to mybitcoin and try to get them to release their records, afterall, they should be able to make the connection with the account that they were deposited into.

That said, if mybitcoin can be convinced (or compelled) to help, then this should be a trivial step. Of course, since you can access them as a location hidden service, and they require no real information to sign up, it could easily be a dead end too.... and that is before we even consider other possibilities.... like coin tumbler (or similar). Unless the thief was the only person using it at the time, and not particularly clever about it, simply going from one service like mybitcoin or mtgox to another, through coin tumbler with multiple addresses well... I hope you get the picture.

hell, I recall even seeing someone on Silk Road who was offering pre-laundered bitcoins for sale. They claim to do some sort of escrow, so its not even like that person could cheat and send back the same coins (not that it would be hard to determine, but as a scam, i bet would work most of the time) and wouldn't even know the buyers real name.... though, I guess if you were sure that he did it, again, its no better or worst than mybitcoin in terms of, you could at least ask him to help you pick the trail back up. (assuming that he keeps records)

Though, how you convince an anonymous people, running services intended to gaurd your anonymity, to voluntarily cooperate in compromising someones anonymity, even in an indeterminate way like this, is an open question. I guess its possible that accusations of thievery may sway them to help, but, they may want you to prove it before they are willing to help.

Afterall, its not like you can pull them into an interrogation room and get out the rubber hoses. That is, unless you can compromise their identities first.

eMansipater
Sr. Member
****
Offline Offline

Activity: 294
Merit: 273



View Profile WWW
March 22, 2011, 09:28:37 PM
 #169

Tracing bitcoins is basically the same as tracing cash:  if you catch the original person spending the cash directly you have them, otherwise the bills will just show up at banks after having been passed through multiple organisations with no way to track them.  A smart enough criminal can keep from getting caught after a cash heist, and similarly a smart enough criminal can keep from getting caught after a bitcoin heist.  Fortunately, many criminals are stupid and get caught anyways through some small slip-up.  Gaining expertise in the entire system and how to catch those tiny slipups will give law enforcement the same edge with regards to bitcoin that they have with cash.  Some criminals will get away, and some will get caught; expertise on the part of law enforcement will increase the proportion caught.

If you found my post helpful, feel free to send a small tip to 1QGukeKbBQbXHtV6LgkQa977LJ3YHXXW8B
Visit the BitCoin Q&A Site to ask questions or share knowledge.
0.009 BTC too confusing?  Use mBTC instead!  Details at www.em-bit.org or visit the project thread to help make Bitcoin prices more human-friendly.
Xiong Zhuang
Member
**
Offline Offline

Activity: 102
Merit: 10


View Profile
June 10, 2011, 11:08:15 AM
 #170

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.
mrb
Legendary
*
Offline Offline

Activity: 1512
Merit: 1028


View Profile WWW
June 20, 2011, 02:26:44 AM
 #171

Not a really good comparison since you'd have to have the hash of the password, and we could compile a rainbow table for almost anything. One way to defeat Rainbow tables is salting the password hashes (you are salting your passwords MtGox aren't you?) Cheesy

Now, we know that 1765 of the MtGox password hashes leaked today were not salted. :-(
Vladimir
Hero Member
*****
Offline Offline

Activity: 812
Merit: 1001


-


View Profile
June 20, 2011, 03:24:09 AM
Last edit: June 20, 2011, 04:28:24 AM by Vladimir
 #172

well... my mtgox password was ªç!¼:Üý\†€BZ*Š”TbŠòê  unique for this site, moreover I never sent them a single penny, bit or fiat.

Learn from the pros, kids.

I am still pissed off by finding my email in that damn list.

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.




-
Coinbuck @ BTCLot
Hero Member
*****
Offline Offline

Activity: 540
Merit: 500

The future begins today


View Profile WWW
June 20, 2011, 03:27:04 AM
 #173

well... my mtgox password was ªç!¼:Üý\†€BZ*Š”TbŠòê  unique for this site, moreover I never sent them a single penny, bit or fiat.

Learn from the pros, kids.

I am still pissed off by finding my email in that damn list.

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.





Same here, getting some really fucked up spam now.

Bitcoin is the future !
jatajuta
Sr. Member
****
Offline Offline

Activity: 365
Merit: 250



View Profile
June 20, 2011, 03:28:25 AM
 #174

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.

So true.

For security, your account has been locked. Email acctcomp15@theymos.e4ward.com
iCEBREAKER
Legendary
*
Offline Offline

Activity: 2156
Merit: 1072


Crypto is the separation of Power and State.


View Profile WWW
June 20, 2011, 03:40:50 AM
 #175

This mtgox biz and many other things which we are witnessing with bitcoin will be in history books.

History books?  Hell, I feel like I've been living inside a Bruce Sterling sci-fi novel for the last month.

Today topped them all, as an especially Islands-In-The-Net kind of day.  Damn those data pirates!

/wants razorgirl bodyguard


██████████
█████████████████
██████████████████████
█████████████████████████
████████████████████████████
████
████████████████████████
█████
███████████████████████████
█████
███████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
████████████████████████████
██████
███████████████████████████
██████
██████████████████████████
█████
███████████████████████████
█████████████
██████████████
████████████████████████████
█████████████████████████
██████████████████████
█████████████████
██████████

Monero
"The difference between bad and well-developed digital cash will determine
whether we have a dictatorship or a real democracy." 
David Chaum 1996
"Fungibility provides privacy as a side effect."  Adam Back 2014
Buy and sell XMR near you
P2P Exchange Network
Buy XMR with fiat
Is Dash a scam?
S3052
Legendary
*
Offline Offline

Activity: 2100
Merit: 1000


View Profile
June 21, 2011, 04:52:45 PM
 #176

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.


How can you log into your MtGox account? I thought is is still closed?

imperi
Full Member
***
Offline Offline

Activity: 196
Merit: 101


View Profile
June 21, 2011, 04:54:37 PM
 #177

The same thing happened to me too. I login my account today and found I lost 42.9$ in my account, and I have no idea about the latest two trade in my trade history. I mean even my account is week, the hacker shouldn't know my username. Someone in the office must be leaking user's information.


How can you log into your MtGox account? I thought is is still closed?

HIS POST IS FROM JUNE 10.

you fail.
S3052
Legendary
*
Offline Offline

Activity: 2100
Merit: 1000


View Profile
June 21, 2011, 04:58:25 PM
 #178

mea culpa.

Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!