Bitcoin Forum
December 13, 2024, 05:50:01 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I got phished :'(  (Read 1283 times)
redrider (OP)
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 27, 2012, 08:47:44 PM
Last edit: February 27, 2012, 09:07:02 PM by redrider
 #1

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.  i lost the daily limit to:

17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

after getting phished at:

htrv5.tmweb.ru

I sent mt gox an email saying if they had a 5 min waiting period people could stop this as its obvious you have been phished when the site doesn't change after you log in.  I know its up to the user to keep their stuffs safe, but this is really too easy for perverts to get your money.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
February 27, 2012, 08:54:33 PM
 #2

Sorry you got phished.

Many people have proposed a optional user defined waiting period.

I mean MtGox notifies you by email when a transaction occurs but if you account is compromised what good does that do.

Attacker attempts to make withdrawal.
User gets email w/ link to cancel to withdrawal.
User cancels.  No funds lost and Mt.Gox gets early notification of a potential attack. 
Withdrawal & Cancel loop on large number of accounts may indicating a more serious vulnerability.

Even if attacker changes password by having an cancel link in email prevents attacker from locking user out.  Changing email and changing "withdrawal delay" could be on a 24 hour delay.
dropboxexpander
Member
**
Offline Offline

Activity: 63
Merit: 10



View Profile
February 27, 2012, 08:57:14 PM
 #3

Always check the domain names of the links you are clicking before logging in.

Increase your Dropbox account storage
https://bitcointalk.org/index.php?topic=68059.0
jake262144
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
February 27, 2012, 08:58:41 PM
 #4

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.

Did you not check the url?
It's better never to click on links in emails but if you need to use one, make sure you and up at the expected webpage.

Sorry for your loss.

...and would you please remove the link to the phishing server from your message?
You can't know whether the fake site only collects data or also tries to infect the visiting machines and somenoob might be curious enough to actually follow your link there.

If that link was automatically discovered and formatted, do something to fool the algorithm, e.g. change replace dots with [dot]. The http:// part isn't necessary either.
fizzisist
Hero Member
*****
Offline Offline

Activity: 720
Merit: 528



View Profile WWW
February 27, 2012, 09:03:12 PM
 #5

Many people have proposed a optional user defined waiting period.

I mean MtGox notifies you by email when a transaction occurs but if you account is compromised what good does that do.

Attacker attempts to make withdrawal.
User gets email w/ link to cancel to withdrawal.
User cancels.  No funds lost and Mt.Gox gets early notification of a potential attack. 
Withdrawal & Cancel loop on large number of accounts may indicating a more serious vulnerability.

Even if attacker changes password by having an cancel link in email prevents attacker from locking user out.  Changing email and changing "withdrawal delay" could be on a 24 hour delay.

Yeah, I would like to see more security on Mt Gox based around email approval. There could be three options:

1) Require all withdrawals to get approval via email.
2) Require withdrawals to new locations (BTC address, Dwolla account, etc.) to get approval via email.
3) No approval needed (this would not be default, and would only be recommended for people with two-factor authentication).

Also, I love the Google based two-factor authentication that Bitcoinica uses. Much more appealing than a $30 Yubikey. If Mt Gox gave me the option to use Google Authenticator, I would enable that in a heartbeat.

redrider (OP)
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 27, 2012, 09:06:42 PM
 #6

The bot also sold the coins to market that it couldn't withdraw.  I thought that was strange but maybe it would have transferred that to a bank which I could then get some better detail on.  Probably not worth the hassle.
redrider (OP)
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 29, 2012, 02:52:50 PM
 #7

When Mt Gox got "hacked" it was curiously at a sharp bitcoin increase.  They sold everything they had at this huge increase, knowing news of them getting "hacked" would drop the prices where they and their cohorts could re-buy at pennies on the dollar.  Conveniently, this also allowed them to release all of their users email addresses, so when you buy a ton of coin, or violate their stupid terms of service they can tell their friends with your email address so they can phish you all the while having plausible deniability.  Nice scam gox fucts.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
February 29, 2012, 04:15:43 PM
Last edit: February 29, 2012, 04:28:52 PM by deepceleron
 #8

It looks like they got 21.8 BTC out of someone else's MtGox too: http://blockexplorer.com/address/17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

BTW Yubikey makes phishing pretty darn hard. That won't keep scumbags from trying.

http://pastebin.com/dqQQvW9a
We see the whole domain is criminals and has been for a while.

Now, what Bitcoin sites have you given that email address to?
farfiman
Legendary
*
Offline Offline

Activity: 1449
Merit: 1001



View Profile
February 29, 2012, 04:36:03 PM
 #9

since this is becoming more and more of an issue gox really should give security to people who are asking for it...



BIP16 for mt.gox


"We are just fools. We insanely believe that we can replace one politician with another and something will really change. The ONLY possible way to achieve change is to change the very system of how government functions. Until we are prepared to do that, suck it up for your future belongs to the madness and corruption of politicians."
Martin Armstrong
redrider (OP)
Newbie
*
Offline Offline

Activity: 19
Merit: 0


View Profile
February 29, 2012, 06:22:37 PM
 #10

It looks like they got 21.8 BTC out of someone else's MtGox too: http://blockexplorer.com/address/17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

BTW Yubikey makes phishing pretty darn hard. That won't keep scumbags from trying.

http://pastebin.com/dqQQvW9a
We see the whole domain is criminals and has been for a while.

Now, what Bitcoin sites have you given that email address to?

Good find.  I have given that email to no other bitcoin sites.  It was released to mt goxs cohorts when mt gox was "hacked" (said they were so they could fraud people and deny it).

Does russia not care if people are committing real crimes against people in their cuntry?  How has this host not been shut down and someone held accountable?
max in montreal
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


View Profile
February 29, 2012, 06:48:50 PM
 #11

when I get emails like this that I think may be legit, i will click on the link and try using a bad password and see what happens...but normally legit companies never send links in an email, especially out of the blue. They ask you to just go to their site and log in from there.

as for checking the links, some are too complicated or long to be certain that it is the right one.

Read the email, close it and get on to the site like you  would normally, never use the link in an email.
neo_rage
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
February 29, 2012, 09:09:09 PM
 #12

Every time check address in address bar of your browser.

B4THC4t
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
February 29, 2012, 11:02:09 PM
 #13

So I thought I might have logged into mt gox through tor and i read they will deactivate your account if you do so.  So when i got an email today saying my account was under review, my emotions took over and i immediately signed in somewhat expecting this.  not a second later i looked up and saw i was logging into a different site, so i got in as quick as i could and changed my pw.... but too late.  i lost the daily limit to:

17u8TRJjidQjEsf1nePbBaGcBUsRUrMwpQ

after getting phished at:

htrv5.tmweb.ru

I sent mt gox an email saying if they had a 5 min waiting period people could stop this as its obvious you have been phished when the site doesn't change after you log in.  I know its up to the user to keep their stuffs safe, but this is really too easy for perverts to get your money.

IS Mt. Gox a wallet site or what???

How common is phishing??
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
March 01, 2012, 12:43:30 AM
 #14

mtgox.com is Bitcoin's largest currency exchange. Under it's previous ownership, it was hacked and the intruder stole email lists which were posted (along with simpler passwords being cracked) and made tons of fraudulent trades that had to be backed out of the system. This highlights why it is best to use one disposable email address per site (along with a unique username and password), so you can throw the address away if it gets leaked, instead of being stuck receiving spam and phishing attempts eight months later, and so there are no other accounts on other sites the hacker can compromise with the username and password.
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
March 01, 2012, 12:46:50 AM
 #15

since this is becoming more and more of an issue gox really should give security to people who are asking for it...



BIP16 for mt.gox



Yeah. By the looks of things as they stand now, I will be grateful if we have this damn BIP before 2013 block reward drop Roll Eyes

A form of multi-sig or 2 factor authentication for Bitcoin itself really would be neat but Deepbit needs to approve it first Tongue
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!