my mtgox account has been robbed this night.

[guugll]

Hi, hope this is the right place to write to.
i am waiting for my mtgox account to be approved so i check everyday if i can finnally transfer first $ to my account.
Today i see i finnally can transfer my... wait... no money...?
So i check the history and what i see:

2014/01/30 01:51:58   Fee      0.00100000 BTC   0.00078942 BTC
Fees for Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN
2014/01/30 01:51:58   Withdraw      0.00800000 BTC   0.00178942 BTC
Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN
2014/01/30 01:46:33   Fee      0.00100000 BTC   0.00978942 BTC
Fees for Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN
2014/01/30 01:46:33   Withdraw      2.46000000 BTC   0.01078942 BTC
Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN
2014/01/30 01:45:14   Fee      0.00891422 BTC   2.47078942 BTC
BTC bought: [tid:1391042714891320] 1.48570364 BTC at $933.49998 (0.6% fee)
2014/01/30 01:45:14   In      1.48570364 BTC   2.47970364 BTC
BTC bought: [tid:1391042714891320] 1.48570364 BTC at $933.49998
2014/01/30 01:45:14   Fee      0.00600000 BTC   0.99400000 BTC
BTC bought: [tid:1391042714725595] 1.00000000 BTC at $933.49997 (0.6% fee)
2014/01/30 01:45:14   In      1.00000000 BTC   1.00000000 BTC
BTC bought: [tid:1391042714725595] 1.00000000 BTC at $933.49997


right after i went to sleep somebody started to use my $ and bought BTC in a 2 rows and then made a transfer to his BTC address.

Please can anybody help to find this guy? 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN

i contacted mtgox in order to receive the logs and maybe some IP of the attacker.

Did anybody experienced simmilar issue? Any hint except changing all password and went paranoid?

it is strange that exact at the point when i can start transfering $ to my account somebody stole it and change it back to BTC so he can rob me.

[1715138823]

1715138823

[1715138823]

1715138823

[1715138823]

1715138823

[1715138823]

1715138823

[guugll]

ok so this BTC is probably gone - no authorities to stop transaction.

its funny - i got one month mtgox account approval.
then i got another month for bank account approval.
then i got robbed but i sould make stronger security - this would probably take another month.
then i can (if not robbed) start transfering $ but that takes also some time...

this process from BTC 2 $ is very strange at least at mtgox.

will try the stronger security and see if i gen my $ at some time...

[richardweiming]

It is even more funny that your stolen payment went through.
Do you know how many of us stuck bitcoin withdraw in GOX at current time?

[guugll]

well that is confusing.

i have been robbed the exact first day i could withdraw but the robbery went before my day started.
it looks more like somebody inside mtgox is stealing this because even i did not know that i can withdraw before i logged in. and it was all gone before my login.

now people experiencing delays in withdraw but this attacker not.

mtgox could force people without additional security to get some and thus again delay withdrawals.
i was waiting for this day 2 months and insted of my money i got nothink.

this really sux guys.

how can i find the transaction? i am not sure if i see it in block chain...
any hints?

[guugll]

can you help me to find this:

Fees for Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN
2014/01/30 01:51:58   Withdraw      0.00800000 BTC   0.00178942 BTC
Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN

2014/01/30 01:46:33   Fee      0.00100000 BTC   0.00978942 BTC
Fees for Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN

2014/01/30 01:46:33   Withdraw      2.46000000 BTC   0.01078942 BTC
Bitcoin withdraw to 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN

th owner of this address 1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN is probably just stealing from others.

is there any authority to contact in order to find this SCUMBAG... od IP of the bastard, i would like to have a word with that guy. really.

[guugll]

found out the way i got robbed: thru gmail account
do not know how they got my pass yet.

11:58 AM   Signed in from Chrome (Windows)   Prague, Czech Republic
11:58 AM   Changed password   Prague, Czech Republic
2:12 AM   Changed password   Lubbock, TX, USA
2:12 AM   Removed recovery email: king2@email.cz   Lubbock, TX, USA
2:11 AM   Signed in from Firefox (Windows)   Lubbock, TX, USA
1:36 AM   Passed a sign-in challenge   Lubbock, TX, USA
Jan 27   Signed in from Chrome (Windows)

[guugll]

the IP of the bastard from Lubbock, TX, USA is 67.221.255.66 at least that states in my gmail account

[Tomatocage]

the IP of the bastard from Lubbock, TX, USA is 67.221.255.66 at least that states in my gmail account

GMail doesn't reveal IP, unless he used a 3rd party mail client like Thunderbird or Eudora or some shit.

[guugll]

the IP of the bastard from Lubbock, TX, USA is 67.221.255.66 at least that states in my gmail account

GMail doesn't reveal IP, unless he used a 3rd party mail client like Thunderbird or Eudora or some shit.

Sign in to your account at accounts.google.com.
At the top, click Security.
then Recent activity and there click View all events
then you can see something like this:

Jan 30   Signed in from Chrome (Windows)   Prague, Czech Republic
Jan 30   Changed password   Prague, Czech Republic
Jan 30   Changed password   Lubbock, TX, USA
Jan 30   Removed recovery email: king2@email.cz   Lubbock, TX, USA
Jan 30   Signed in from Firefox (Windows)   Lubbock, TX, USA
Jan 30   Passed a sign-in challenge   Lubbock, TX, USA
Jan 27   Signed in from Chrome (Windows)

then you select the line you wanna see details - for example first line where the attacker logged in
and on right side you will see some details like: Approximate location based on IP (known to gmail - it could be proxy maybe)

the details at right side look like this:

IP Address
67.221.255.66
Browser
Firefox 26.0
Platform
Windows

i searched for the IP and i got 3 different possible locations - google say one and a few whois services show another two.
i contacted mtgox, will contact gmail and based on logs i get i will probably continue to local authorities in order to claim this issue in correct way.

BTC get stolen like Gold in past so it is basically my fault that i trusted mtgox&gmail

i hope i will get more details on the connection and maybe some real location, then hopefully the local authorities - if i claim everythink right - could help

[Crystallas]

Same person hit my BTC-e Account.

1Q1Wo95FcXvrhDB5ieDMk52qDs2yNfpySN

From this burner wallet.

https://blockchain.info/address/1GwuJuR4u2pCmtF4xc7DK8JJMR5uicM3sU


1.22BTC gone.

[Crystallas]

You listed 67.221.255.66

BTC-e Gave me these IP addresses: 67.221.255.73  as the one that made the withdrawal.

And the IP address from 95.141.28.124 is the address that hacked my account.

[Crystallas]

16ZbpCEyVVdqu8VycWR8thUL2Rd9JnjzHt
https://blockchain.info/address/16ZbpCEyVVdqu8VycWR8thUL2Rd9JnjzHt


Keep following the money.  This isn't a small scammer. 36398 Bitcoins

[yannis7777]

How can we be protected by such scumbags and how do they get access to accounts guys?

[ncs0ne]

 
FUCK ?!


Whether they have an 0day exploit for btc-e and mtgox which I highly doubt or they made it somehow to infect your systems which is more likely.
Maybe trough stuff posted here like manipulated images causing bufferoverflows and similar shit..


May I ask which operating system and browser you are using ?
It *might* give a first hint into the right direction..

[adnanabbas]

Some scumbag stole some coins from my cavirtex account, got into my email account and changed password. I am so paranoid now.  Email had ID's  and all sorts.

[Rawted]

How can we be protected by such scumbags and how do they get access to accounts guys?

The above problem is not a gmail security issue. The user was dumb and clicked a link in an email, falling for the common phishing tactic. Then, because he didnt have 2fa or other protection enabled, the attacker was easily able to take control with a slight bit of social engineering.

Once again, the onus is on the user. If you are smart and take precautions, this will never happen to you.

[Kyraishi]

37k btc stolen ?
He's not even using those bitcoin .

[boumalo]

That is a bit frightening; so many bitcoins stolen from so many different accounts...

You would think he would stop stealing and start laundering the money but he doesn't, it must be pretty easy/safe to steal or it is an organisation

[trashymonkey]

How the hell do people do stuff like this

[fordlincoln]

Thats messed up! You got Fiat money stolen out of your Mt Gox account?!

Did you have 2 factor authentication enabled?
Do you use a Yubi Key/Security Card from MtGox? I don't because they charge you $ for it

Could he have obtained your log in credentials through a botnet sitting ontop of the Mtgox log in page? (Technical guys - I'm not sure if this is possible, maybe you can shed some light here?)

Perhaps there's a keylogger on your computer installed, that could be how he got into your account?

Thats crazy, sorry you went through that. I got scammed from localbitcoins.com for 1.3BTC and this was not the first time I was scammed for my bitcoins.