Bitcoin Forum
November 16, 2024, 12:19:26 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [SOLVED] MtGox Account Hacked & Beware Address 1ffaB9W2hj2pzp9djKupFfsaNn1L215FE  (Read 3008 times)
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 05:53:42 PM
Last edit: December 19, 2011, 10:32:58 PM by BinaryMage
 #1

My MtGox account was hacked about two hours ago this morning. Password is secure, computer uninfected. (Password changed immediately) MtGox shows a large number of support requests. Is this just my account or is something larger going on? Luckily, I didn't lose much, but I certainly would rather not have. The bitcoins were sent to address 1ffaB9W2hj2pzp9djKupFfsaNn1L215FE. Not likely that it will ever be used again, but I thought it prudent to keep record.

So, two questions. I was away from Bitcoin for awhile and have just come back, so I'm somewhat unfamiliar with the much-changed MtGox. Is it possible for me to somehow recover my Bitcoins, and if not, what security steps do I need to take to prevent this happening again, assuming the problem was on my end? My computer is firewalled and virus-protected. My password was alphanumeric, random, and long enough to make brute forcing astronomically unlikely. I use Peerblock and Tor, though not one-hundred-percent of the time. Any tips?

Oh, and I'm sorry if this is in the wrong forum; I wasn't entirely sure where to put it.

EDIT: Thanks to some helpful users, this problem has been solved. Turns out I just behaved stupidly and fell for a phishing scam. Thank you to everyone for your excellent help!

-- BinaryMage -- | OTC | PGP
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
December 19, 2011, 06:12:34 PM
 #2

Did you have the same money sitting on it while you were away?  Just seems strange, if so, that it would have sat there and then get snatched after you come back.

Sounds like you are taking appropriate steps. I assume you have an email that is used just for Gox and it is/was using a different password from your Gox account?

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 06:43:13 PM
 #3

Did you have the same money sitting on it while you were away?  Just seems strange, if so, that it would have sat there and then get snatched after you come back.

Sounds like you are taking appropriate steps. I assume you have an email that is used just for Gox and it is/was using a different password from your Gox account?

Yes, I did have it on my account, probably for about four months. It was minimal and I'd never bothered to withdraw it. My email is not used for solely Mt.Gox, but it has and always has had a different password and two-step verification, so I doubt it's been hacked. (And it's a Gmail account, not hosted locally, so as secure as Google's servers are)

-- BinaryMage -- | OTC | PGP
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
December 19, 2011, 06:44:48 PM
 #4

Did you have the same money sitting on it while you were away?  Just seems strange, if so, that it would have sat there and then get snatched after you come back.

Sounds like you are taking appropriate steps. I assume you have an email that is used just for Gox and it is/was using a different password from your Gox account?

Yes, I did have it on my account, probably for about four months. It was minimal and I'd never bothered to withdraw it. My email is not used for solely Mt.Gox, but it has and always has had a different password and two-step verification, so I doubt it's been hacked. (And it's a Gmail account, not hosted locally, so as secure as Google's servers are)

  its just weird the money would sit there for 4 months and then disappear shortly after you come back. My gut tells me you got 'sniffed' somehow.

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 06:47:46 PM
 #5

its just weird the money would sit there for 4 months and then disappear shortly after you come back. My gut tells me you got 'sniffed' somehow.

Certainly possible. If so, what steps should I take to prevent it happening again, other than changing my password, which I've already done? My computer is on wireless, but I live essentially in the middle of nowhere; no one else lives within my wireless range, and I would certainly know if anyone got close enough to access it.

-- BinaryMage -- | OTC | PGP
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 19, 2011, 06:50:20 PM
 #6

Did you have the same money sitting on it while you were away?  Just seems strange, if so, that it would have sat there and then get snatched after you come back.

Sounds like you are taking appropriate steps. I assume you have an email that is used just for Gox and it is/was using a different password from your Gox account?

Yes, I did have it on my account, probably for about four months. It was minimal and I'd never bothered to withdraw it. My email is not used for solely Mt.Gox, but it has and always has had a different password and two-step verification, so I doubt it's been hacked. (And it's a Gmail account, not hosted locally, so as secure as Google's servers are)

  its just weird the money would sit there for 4 months and then disappear shortly after you come back. My gut tells me you got 'sniffed' somehow.
Agreed.  You had to have a keylogger or spyware on your computer.  The most recent time you logged on, a hacker got your login info, then used it to steal your coins.

Just because you have an antivirus application installed does not mean you don't have a virus!  I'd throw several scanners at it (Malwarebytes included) to see if it finds anything.
ineededausername
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


bitcoin hundred-aire


View Profile
December 19, 2011, 06:59:14 PM
 #7

ha!  Whoever hacked you is a major idiot.  Rather than waiting for more money, they withdrew your 0.3 BTC and alerted you to their presence Grin

(BFL)^2 < 0
FlipPro
Legendary
*
Offline Offline

Activity: 1764
Merit: 1015


View Profile
December 19, 2011, 07:04:58 PM
 #8

Why is this on the main discussion section?

Should have guarded your account better, moving on..
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 09:09:21 PM
 #9

Just because you have an antivirus application installed does not mean you don't have a virus!  I'd throw several scanners at it (Malwarebytes included) to see if it finds anything.

Ran a full scan with Malwarebytes and ESET. Found nothing out of the ordinary. (Flagged some files in Metasploit install directory and the Ufasoft bitcoin miner, none of which were actual viruses)

ha!  Whoever hacked you is a major idiot.  Rather than waiting for more money, they withdrew your 0.3 BTC and alerted you to their presence Grin

Yeah, I agree, it wasn't a good move. Lucky me.

Why is this on the main discussion section?

Should have guarded your account better, moving on..

I must say I'm not entirely sure what the point of your post was. I put it in the general section because I wasn't sure where to put it, as I stated in the first post. If you can tell me where I should have put it, please do so, but just saying that it's in the wrong section doesn't help me much; I'm afraid I'm not psychic. I obviously didn't guard my account well enough, as it was hacked, and that is why I came for advice on how to guard it better. If you have any tips, they would be much appreciated.

-- BinaryMage -- | OTC | PGP
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 19, 2011, 09:16:35 PM
 #10

Possible that it's a new piece of malware not yet detected by A/V too... you never know.

Oh, did you receive any emails from MtGox?  Did you click on any of them?
Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1035



View Profile WWW
December 19, 2011, 09:23:58 PM
 #11

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago Tongue
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 09:30:21 PM
 #12

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago Tongue

Oh damn. That would be it. I thought that was a strange email. Had just been getting back into Bitcoins, hadn't yet read the forums, thought it was some verification program because my account had been inactive for awhile. I probably did indeed click the link in that email. Seemed to take me to their actual website. Well, I'm at least glad they only got about a dollar worth of BTC. What nature of hack was that, and should changing my password be enough?

-- BinaryMage -- | OTC | PGP
ineededausername
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


bitcoin hundred-aire


View Profile
December 19, 2011, 09:43:27 PM
 #13

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago Tongue

Oh damn. That would be it. I thought that was a strange email. Had just been getting back into Bitcoins, hadn't yet read the forums, thought it was some verification program because my account had been inactive for awhile. I probably did indeed click the link in that email. Seemed to take me to their actual website. Well, I'm at least glad they only got about a dollar worth of BTC. What nature of hack was that, and should changing my password be enough?

oh wow... so they managed to get someone with that. :\

(BFL)^2 < 0
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
December 19, 2011, 09:47:49 PM
Last edit: December 19, 2011, 10:14:49 PM by sadpandatech
 #14

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago Tongue

Oh damn. That would be it. I thought that was a strange email. Had just been getting back into Bitcoins, hadn't yet read the forums, thought it was some verification program because my account had been inactive for awhile. I probably did indeed click the link in that email. Seemed to take me to their actual website. Well, I'm at least glad they only got about a dollar worth of BTC. What nature of hack was that, and should changing my password be enough?

  Good catch, Rassah.  Yea, change your gox password and of course your email password. Do the email first. I'd probably go as far as just making a new email acct and changing that too for Gox.

  Only good advice I can give you, since you use peerblock and tor, is of course to make sure to use them that 100% of the time. And, never respond to emails. Any time you get an email informing you to do something go to the site directly and not via the email itself.  I'm suspicious of ANY email I get these days. The guys phishing spend a lot more time than they used to on making it look as legit as possible. Another option, depending on how strong your mail client is, would be to block ALL emails except those that originate from the mail host of the service/site you are using that email for. And here, I am not sure off hand which mail services check the source to rule out spoofed headers. So, check those headers, always. =)

  Cheers

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1035



View Profile WWW
December 19, 2011, 10:09:41 PM
 #15

I hope you didn't choose tobecome a "MtGox Verified User" a few days ago Tongue

Oh damn. That would be it. I thought that was a strange email. Had just been getting back into Bitcoins, hadn't yet read the forums, thought it was some verification program because my account had been inactive for awhile. I probably did indeed click the link in that email. Seemed to take me to their actual website. Well, I'm at least glad they only got about a dollar worth of BTC. What nature of hack was that, and should changing my password be enough?

The link in that email just takes you to something like mlgox.ni or something, instead of MtGox.com. Just standard phishing email with an address that looks legit if you don't look too close. Someone else was complaining about how they almost fell for it because they couldn't quite make out the url on their small mobile phone screen.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 19, 2011, 10:18:30 PM
 #16

At least we found the source of the problem... that doesn't always happen!
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 10:31:33 PM
 #17

oh wow... so they managed to get someone with that. :\

Yup. Man, do I feel stupid... First time I've ever fallen prey to that sort of thing. Ah well, losses were minor; it ended much better than it could have.

 Good catch, Rassah.  Yea, change your gox password and of course your email password. Do the email first. I'd probably go as far as just making a new email acct and changing that too for Gox.

  Only good advice I can give you, since you use peerblock and tor, is of course to make sure to use them that 100% of the time. And, never respond to emails. Any time you get an email informing you to do something go to the site directly and not via the email itself.  I'm suspicious of ANY email I get these days. The guys phishing spend a lot more time than they used to mkaing it look as legit as possible. Another option, depending on how strong your mail client is, would be to block ALL emails except those that originate from the mail host of the service/site you are using that email for. And here, I am not sure off hand which mail services check the source to rule out spoofed headers. So, check those headers, always. =)

  Cheers

Alright, thank you for the advice. I must have just not been paying attention... Usually I do check the headers, but apparently not this time... I suppose I'm also used to seeing phishing scams written in bad English. Seems Bitcoin at least has a higher class of phishers.

The link in that email just takes you to something like mlgox.ni or something, instead of MtGox.com. Just standard phishing email with an address that looks legit if you don't look too close. Someone else was complaining about how they almost fell for it because they couldn't quite make out the url on their small mobile phone screen.

Yeah, I thought it was a Japanese TLD. Or, to put it more accurately, I didn't think.... And then it redirected to the main site, so I didn't think much of it...

Thank you all for your excellent advice! It's wonderful to find the cause of this so quickly. It is quite refreshing to be back to these forums, one of the few places on the internet where you can expect civil, intelligent replies.


-- BinaryMage -- | OTC | PGP
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
December 19, 2011, 10:37:29 PM
 #18

No need to feel stupid, imho. Everyone has clicked on one of those damn things. Most people are just to proud to admit it. ;p

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA

It is being worked on by smart people.  -DamienBlack
MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
December 19, 2011, 10:42:33 PM
 #19

Btw why is that page loading fine in browsers ?

Come on everyone, you know about http://www.google.com/safebrowsing/report_phish/ right ?
BinaryMage (OP)
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500


Ad astra.


View Profile
December 19, 2011, 10:46:05 PM
 #20

No need to feel stupid, imho. Everyone has clicked on one of those damn things. Most people are just to proud to admit it. ;p

Being too proud to admit it is only one step away from being too proud to rectify it. And the latter is truly dangerous.

-- BinaryMage -- | OTC | PGP
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!