bhy (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
October 17, 2013, 03:00:22 PM |
|
My friend received an email saying a Germany IP address 188.93.8.82 logged into his Mtgox account and made withdrawal. He then came into the account and saw several withdrawals like this: https://i.imgur.com/zgPYK4Z.jpgThe hacker made several 1 satoshi withdrawal but very high withdrawal fee like 2 or 4 BTC. All withdrawal fee are paid as network transaction fees to miner. You could see the satoshis gone to this address: http://blockchain.info/address/14WPGYVtrVTVWuBsNFArXvXXpxWKJ676yvMy friend has 2FA. But he stored a backup of the 2FA barcode in his harddisk. He emailed Mtgox. But Mtgox basically say it's not their fault. Several questions: Does the hacker laundering the stolen BTCs by transaction fee? Then how could the hacker make sure he got the block mined? How could Mtgox even allow this to happen? At the Mtgox withdrawal page there's "Pay 0.005BTC Fee For Faster Processing (Required for Transactions below 0.01 BTC)", but that doesn't mean such huge fee could be paid. The mining fee all went to BTC Guild. We are trying to contact BTC Guild and hope to get some coin back...
|
|
|
|
murraypaul
|
|
October 17, 2013, 03:02:10 PM |
|
Does the hacker laundering the stolen BTCs by transaction fee? Then how could the hacker make sure he got the block mined? Isn't it more likely that he just screwed up, and meant to send the 2BTC to himself rather than as a fee?
|
BTC: 16TgAGdiTSsTWSsBDphebNJCFr1NT78xFW SRC: scefi1XMhq91n3oF5FrE3HqddVvvCZP9KB
|
|
|
Birdy
|
|
October 17, 2013, 03:11:10 PM |
|
As they were all included in a block by BTC Guild - the biggest mining pool, I don't think the hacker got those coins. Maybe the hacker screwed up the script of his walletstealer?
|
|
|
|
bhy (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
October 17, 2013, 03:13:02 PM |
|
Isn't it more likely that he just screwed up, and meant to send the 2BTC to himself rather than as a fee?
You mean the hacker screwed up? Maybe. However the transactions are sent by Mtgox. And how could Mtgox sent transaction with such a huge fee?
|
|
|
|
kik1977
|
|
October 17, 2013, 03:34:38 PM |
|
Isn't it more likely that he just screwed up, and meant to send the 2BTC to himself rather than as a fee?
You mean the hacker screwed up? Maybe. However the transactions are sent by Mtgox. And how could Mtgox sent transaction with such a huge fee? No, I guess he means if your friend made a mistake and put the 2BTC as a fee while what he wanted to do was sending 2BTC..
|
We are like butterflies who flutter for a day and think it is forever
|
|
|
bhy (OP)
Newbie
Offline
Activity: 15
Merit: 0
|
|
October 17, 2013, 03:39:23 PM |
|
No, I guess he means if your friend made a mistake and put the 2BTC as a fee while what he wanted to do was sending 2BTC..
Note that these transactions are all made from Mtgox. And in the Mtgox withdrawal interface there's no way for you to set a 2BTC fee. I think there could be some buggy problem in Mtgox to allow this happen.
|
|
|
|
Birdy
|
|
October 17, 2013, 04:04:02 PM |
|
No, I guess he means if your friend made a mistake and put the 2BTC as a fee while what he wanted to do was sending 2BTC..
7 times in a row? And in the Mtgox withdrawal interface there's no way for you to set a 2BTC fee.
I think there could be some buggy problem in Mtgox to allow this happen. Maybe it was sent over the Api or something like that. (I don't use Gox, so I don't know what's possible there, but I've read they have some kind of api feature)
|
|
|
|
ninjaboon
Legendary
Offline
Activity: 2128
Merit: 1002
|
|
October 18, 2013, 09:43:17 AM |
|
Did your friend install antivirus or a firewall on his PC?
Did your friend use Windows or Linux?
There seems to be plenty of malware going around and we need to be vigilant.
|
|
|
|
Leehoya
|
|
October 18, 2013, 10:59:48 AM |
|
Tell your friend to use linux or install a anti virus. I dont really think anyone who wants the bitcoin would use such a huge amount of transaction fees, he might be fooling around and trolling.
|
|
|
|
MadHasher
Newbie
Offline
Activity: 30
Merit: 0
|
|
October 18, 2013, 07:55:00 PM |
|
If your "friend" wants to shed some light on a possible hack on MtGox that could have gone unnoticed, EVERYONE would appreciate it. Otherwise, not much else you can do (I guess) since, as pointed out, the only way this seems possible is by MtGox being hacked, which would mean he would be entitled to get his BTC back from them.
|
|
|
|
joesmoe2012
|
|
October 18, 2013, 09:01:21 PM |
|
Maybe it can be submitted via the API somehow, but there's not a way in the web interface to even specify a fee that high. Have you contacted gox support? What did they say?
|
|
|
|
MAbtc
|
|
October 18, 2013, 11:51:27 PM |
|
Maybe it can be submitted via the API somehow, but there's not a way in the web interface to even specify a fee that high. Have you contacted gox support? What did they say?
This is what I am confused about. I don't trade on Gox, so excuse my noobish sentiment, but do you have a choice re the fee you pay on BTC withdrawal there? Like, on Bitstamp, there is no fee on BTC withdrawals, and on BTC-E, it is like .001 fee.
|
|
|
|
vm1990
Legendary
Offline
Activity: 1540
Merit: 1002
|
|
October 19, 2013, 05:26:29 PM |
|
sounds like they went trough the API this would allow them to mess up the transaction fees.. the only transaction fee you can choose is a tick box of 0.005 so its either a server exploit of API exploit both of which could or couldnt be your friends fault but should be serious concern to mtgox..
|
|
|
|
Dougie
Full Member
Offline
Activity: 211
Merit: 100
You are not special.
|
|
October 20, 2013, 07:38:53 AM |
|
Tell him to contact BTC Guild with proof of what happened and they should give him his coins back. Generally pools pay back accidentally high transaction fees and this is a similar situation only the hackers mistake works in his favour.
|
Lurking since 2011... 1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
|
|
|
Delerium
Newbie
Offline
Activity: 18
Merit: 0
|
|
October 20, 2013, 10:49:21 AM |
|
sounds like they went trough the API this would allow them to mess up the transaction fees.. the only transaction fee you can choose is a tick box of 0.005 so its either a server exploit of API exploit both of which could or couldnt be your friends fault but should be serious concern to mtgox..
This - website does not allow you to change the amount of the trading fee. You've had your key and secret stolen somehow from your local machine. 2FA will not help in this instance unfortunatley.
|
|
|
|
|