Possible false alarm: MtGox break in

[logansryche]

I think this was a remote attack, my btc are still there and I have just a smidge over one(1.6btc to be exact)

[BlockHash]

I took out my $USD and BTC out of MtGox a week or two ago after they were white-knighting for our beloved convicted fraudster Bruce. It looks as though I made the right decision,

A friend of mine was locked out of his MtGox account last night. I had assumed that his account was one of the 2000 accounts that Marc blocked due to volume trades (my friend was desperately trying to cash out), but it now looks as though his account was hijacked. He just told me that he had a unique secure password too.

CosbyCoin was pretty funny, but it couldn't have happened at a worse time. It gave MtGox and other players cover to blame some really shady stuff going on over there on it.

[hightax]

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?

[molecular]

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

It would really be nice for us if you could answer our questions. Just dumping this on us and leaving is not very helpfull.

[hugolp]

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?

Paypal and MtGox are completely different services. Bitcoin is dollars and Paypal all together.

[JonHind]

This was yesterday in the MtGox IRC channel:

17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results

[casascius]

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...

[hightax]

This was yesterday in the MtGox IRC channel:

17:31 < kinlo> there is something wrong, how can it have gone above 10 when my sell order at 8 didn't occur?
17:31 < molecular> it didnt reall go above 10, I assume
17:31 < Ymgve> kinlo: bugs, the orders didn't happen or there was something wrong in the matching algorithm
17:32 < kinlo> MagicalTux: ?
17:32 < molecular> likely has to do with the "new currency markets"
17:32 <@MagicalTux> no
17:32 <@MagicalTux> has to do with hackers trying their best to do stuff normal people wouldn't by dropping large amounts of stolen funds/coins

...

17:35 < molecular> flushing bad orders? How do I make a "bad sell order" at 30 USD? ^^
17:35 < xelister> molecular: =)
17:35 <@MagicalTux> molecular, I blocked ~2000 accounts created most likely for the purpose of killing bitcoin on 9/11
17:35 <@MagicalTux> their trades do remain however
17:35 < molecular> MagicalTux, holy moly!
17:35 <@MagicalTux> but they cannot execute, causing weird results

There we go - I knew I saw it somewhere but couldn't remember exactly where.

[gusti]

you miss the question then, correct one is : Who said paypal's worse than mtgox ?

Point taken.  Let's do the apples-to-apples comparisons:
Who said USD is worse than Bitcoin?
Who said Paypal is worse than MtGox?

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  
  

[gusti]

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...

or much simple email a confirmation code, like e-gold 

[hightax]

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  

If the only bitcoin-related-thing that works is the protocol itself, then it's still a massive failure as a whole.

[N12]

I would feel much calmer if withdrawals of BTC could be locked down by IP address and/or PGP key...

Good ideas. If you don’t have one yet, a MtGox Yubikey should do the same job.

[JonHind]

[gusti]

you're still missing the main point :
despite all trolls fuding (not implying this for you), bitcoin (not the exchanges, not the online wallets, not the service providers around it) is still working flawlessly  
and I'm beginning to think that bitcoin is unbreakable ...  

If the only bitcoin-related-thing that works is the protocol itself, then it's still a massive failure as a whole.

you may call sony "a massive failure" because it's site was hacked ... give it some time, bro, bitcoin is in the path of being a massive success   

[Raoul Duke]

I didn't say it was.  I said MagicalTux is lying to you.

Yes you did...

OH MY GOD! The same fucking mistake in another thread... You are really an awful(pun intended) troll...

You can't distinguish projects that deal with Bitcoin from Bitcoin itself.

Do yourself a favour and STFU you bescumbered ninnyhammer!

[fcmatt]

It seems Mt Gox has been broken into again. My account was just liquidated and send to a foreign address, the IP of which seems to be in the Ukraine. I assume I was targeted because I'm a Bitcoin developer.

Since I use Linux and use unique high entropy passwords, I am ruling out any nonsense like local trojans.

Everyone: Clear out your accounts if you have anything in them.

So here we have a staff member.
Linux user.
Knows to use strong passwords.
Has no reason to lie.
Had this account hacked before and right before he mentioned this on the forum shtf.
Probably did not use the same password here on the forum and on mtgox.

Help me understand why this is not more of a big deal?

[gusti]

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

[nelisky]

Yep, that's my suspicion too. Easy to cry wolf these days, everyone is already biased one way or another...

Anyone got a confirmation from DiabloD3 that he was indeed the one to post this?

[BitcoinPorn]

Help me understand why this is not more of a big deal?

It is a big deal.  Don't let the sound of these forums silence on the ordeal or many other issues currently running with Bitcoin make you think that no one cares.

I made this post for Bitcoin Media http://bitcoinmedia.com/the-bitcoin-communities-find-the-place-right and I am thinking about making a more updated and detailed post if enough people request it, as since it's posting these forums turned into CosbyCoin among other hackings and other happenings.   I would side with gusti so far on the 'maybe this isn't DiabloD3' at all way of thinking, but at this point of the day, someone associated with him would have already denied or confirmed something else if it wasn't the truth posted here.    Or not, who knows lol.

[ElectricMucus]

At this moment, I'm questioning if DiabloD3 really posted this thread, I smelll something fishy here.
Maybe the forum (or DiabloD3 account) is compromised again.

Wouldn't the staff members be the first ones to secure their accounts on the forum, even before it went back online after the hack?