Thank you vladimer for your support and kind words from all. These are the emails to mtgox.
Jeb,
I've contacted Liberty Reserve abuse and recieved their standard shpeal. I'm really
upset, I've been collecting these bitcoins for over a year. I think this is unfortunate
because MTGOX is one of the primary sources for liquidity and market price, but this type
of insecurity is a vulnerability to the bitcoin community. This was not caused by
complete neglegence on my part. My computer was not compromised. My username and
password are specific to this site. This is a specific attack that was directed at
mtgox. My password may have been weak ( 8 characters, numbers and letters), but it was a
vulnerability on your end that allowed someone to use a dictionary attack. It is
important to know that mtgox is willing to make their best efforts to reconcile a
compromise of this nature. If there is anyway you can replace some if not all of the
900+ bitcoins that were stolen from me, I think it would stand as a gesture of support
from mtgox and instill some faith in mtgox from the bitcoin community.
Quoting Jed McCaleb <
admin@mtgox.com>:
[Hide Quoted Text]
I'm not sure how they got your username. From the bitcoin forum maybe?
Are you going to make a statement on the bitcoin forum with some information?
I'm not sure what I would say there. I made the attack impossible now and I don't think anyone else's account was compromised.
Are you going to contact Liberty Reserve?
I can but you should also. The more people complaining about that account the better.
On Mon, Jan 31, 2011 at 6:19 PM, <XXXXXXXXXXXXX> wrote:
I understand this is somewhat out of your control and I should not have had
a password that started with a, but how did they know my username? Are you
going to make a statement on the bitcoin forum with some information? Are
you going to contact Liberty Reserve?
Quoting Jed McCaleb <
admin@mtgox.com>:
I checked that IP and that was from the person running the attack. So
he must have guessed your password. I'm sorry...
How do you know someone was running a dictionary attack?
I saw the repeated login attempts. But I changed the login page so
they can't do it now.
Liberty Reserve has a contact form on their site.
On Mon, Jan 31, 2011 at 5:14 PM, <XXXXXXXXXXXX> wrote:
How do you know someone was running a dictionary attack? On your end?
Do
you know how I can get in touch with liberty reserve?
Quoting Jed McCaleb <
admin@mtgox.com>:
This will tell you:
http://www.ip2location.com/demo.aspxWell someone was running a dictionary attack so if your password was
simple he may have gotten it.
You could try writing Liberty Reserve and see if they can help since
they have the money now.
Sorry,
Jed.
On Mon, Jan 31, 2011 at 5:06 PM, <XXXXXXXXXXXX> wrote:
Anything's possible, this seems like a rather specific attack. I can't
believe this. Can you tell where these Ip addresses are?
Quoting Jed McCaleb <
admin@mtgox.com>:
Could someone have got your password somehow?
XXX.XXX.64.10
77.222.42.204
XXX.XXX.64.10
XXX.XXX.56.44
These are the IPs that have logged into your account
Jed.
On Mon, Jan 31, 2011 at 4:54 PM, <XXXXXXXXX> wrote:
Someone hacked my account and did this.
Quoting Jed McCaleb <
admin@mtgox.com>:
Looks like you sold them and sent them to Liberty reserve account:
U0764959
On Mon, Jan 31, 2011 at 4:45 PM, <###########> wrote:
XXXXXXX
Quoting Jed McCaleb <
admin@mtgox.com>:
What is your username?
On Mon, Jan 31, 2011 at 4:22 PM, <##########> wrote:
I just logged into mtgox and all my bitcoins are gone. I'm
freaking
out.
What happened, please respond.