Bitcoin Forum
December 04, 2016, 02:26:19 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Bitcoins stolen from MT Gox - THEY COULD NOT CARE LESS  (Read 1414 times)
Trickle
Newbie
*
Offline Offline

Activity: 3


View Profile
May 02, 2012, 05:07:27 PM
 #1

I had around 300 Bitcoins stolen from my MT Gox account on Sep 8th/9th 2011. I found out after receiving an email to say that my account was up for review and eventually getting a working password from them that got me into my account. I reported the theft to Mt Gox and their response was to say that transactions are irreversible and the only thing they can do is to give me a free yubikey to stop it happening again. My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.

I don't expect (and surely won't receive!) any sympathy from fellow posters. I knew this was a risky business before I got in; I naively trusted the security and integrity of such a large exchange; I should have transferred the coins to an application; I could have sold at a good profit and got out quickly; I gambled and lost - learn and move on.

What remains slightly surprising however is that such a cowboy outfit should be handling so many transactions and retaining the trust of so many traders. Their website boasts of trading securely and with confidence; this apparently stated without irony. Yet, when a customer's account is hacked, it's just tough luck, one of those things....

In conclusion, if you hold bitcoins or cash with Mt Gox, be very careful. If you should suddenly find your balance is unaccountably zero, you'll wait a long time for any redress or even sympathy. Meanwhile, if anyone does have any ideas on how I might retrieve my Bitcoins, I would be very grateful.

Regards

Trickle.

 
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480861579
Hero Member
*
Offline Offline

Posts: 1480861579

View Profile Personal Message (Offline)

Ignore
1480861579
Reply with quote  #2

1480861579
Report to moderator
kokjo
Legendary
*
Offline Offline

Activity: 1050

You are WRONG!


View Profile
May 02, 2012, 05:16:09 PM
 #2

My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.
proof please!

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
tatsuchan
Full Member
***
Offline Offline

Activity: 184



View Profile
May 02, 2012, 05:17:48 PM
 #3

The exchanges are one of the worst problems with bitcoin right now.  I seen some developers working on a p2p version of an exchange, but sadly nothing has been released yet as far as I know.  There is a large opportunity out there for exchanging bitcoin into cash for anyone with the know-how and money to back it up.  The ideal use of bitcoin though is for us to exchange it as we do fiat currencies.  Keep it in your digital wallet and spend it as needed.  Investing/trading as of now is risky.

As far as MtGox....yea they suck.  It's the same reason I go to any shit store/service provider.  There are no options.
btccomm
Jr. Member
*
Offline Offline

Activity: 56


View Profile
May 02, 2012, 11:32:35 PM
 #4

The exchanges are one of the worst problems with bitcoin right now. ...

That's a big problem. 
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1092


Will read PM's. Have more time lately


View Profile
May 03, 2012, 02:27:30 AM
 #5

My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.
proof please!

This +1. I'm guessing that your own computer was compromised by a keylogger.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

jl2012
Legendary
*
Offline Offline

Activity: 1484


View Profile
May 03, 2012, 03:50:45 AM
 #6

are you sure that your computer is not compromised?

Donation address: 1CiZPrEJdN4FJcqdLdgVLzT8tgCXxT5ion
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
Bitcoin Wizards Wiki: https://8333.info/
eleven
Newbie
*
Offline Offline

Activity: 14


View Profile
May 03, 2012, 04:54:24 PM
 #7

I was going to say you were compromised as well.  Or unfortunaty it could be something slightly different.  Do you use the same password anywhere else?  Most humans are creatures of habit, so if one site with your account on it was compromised the hacker would have a good start to logging in elsewhere.  I remember back in january when slush got hacked, luckily this time the intruder did not take user/pass combos, but if he did we would all be in trouble!
Trickle
Newbie
*
Offline Offline

Activity: 3


View Profile
May 03, 2012, 05:18:53 PM
 #8

Many thanks to all for your responses.

In answer to why I waited so long: having bought at around $13 last June, I was waiting until the price got back somewhere near that until I did anything with them. I simply put them to one side as I would a company's shares. Obviously I should have kept them in a wallet, but naively thought they were safe. My password was very strong and unique to my Mt Gox account.

I take it that Mt Gox is completely accountable to no-one?

Regards

Trickle
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 03, 2012, 05:37:38 PM
 #9

I hesitate to say it but... I don't believe it.

You say you have a unique strong password.

The only possibility if that is true is that there is a serious security fault in Mt.Gox that lets an attacker log in as someone else.  Why then did they stop with you?  Why haven't they stolen from lots and lots of accounts?  Let's recall that after the break-in the full Mt.Gox user list and hashes were made public, so there is plenty of scope for abuse of such a vulnerability to go through thousands of known account names.

It's more likely that your password isn't as secure as you think it is, or you have logged in from a compromised computer at some point.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 03, 2012, 05:40:23 PM
 #10

I take it that Mt Gox is completely accountable to no-one?

They're accountable to the government of Japan.  If you think you have standing there, feel free to file a complaint.

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
DublinBrian
Full Member
***
Offline Offline

Activity: 197


View Profile
May 04, 2012, 09:59:28 AM
 #11

My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.
My guess is your password was compromised by phishing. These phishing emails are very realistic looking, I nearly fell for it myself. Check your inbox for any emails appearing to be from MtGox, and see if there are any links to .ru domains.
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
May 04, 2012, 12:38:43 PM
 #12

Keyword : June = mtgox hack

The Mtgox user/encrypted password list was stolen, and if the password wasn't changed on the account, it would be just a matter of time before a hacker cracked the password.

drknow012
Member
**
Offline Offline

Activity: 98


Fairy Tale + Fact = Unregulated Virtual Currency!


View Profile WWW
May 04, 2012, 02:04:30 PM
 #13

"no mun, no fun, your son"

"too bad, so sad, your dad"

-Sinbad Tongue

BTCChess Affiliate Program: Earn 50% on all commissions from referrals at btcchess.tk

Just sign up, post your affiliate link in your sig, and take part in the community's discussions! It's that easy!

Donations and Investors: 1F6yYdQ7rWVaH9Nqv7gbBw5FbZUuhL9smh
KGB_Bunny
Jr. Member
*
Offline Offline

Activity: 30



View Profile
May 05, 2012, 04:08:57 AM
 #14

I really am sorry for your loss. Regardless if it was there fault or yours, losing that much can really hurt and you have my sympathy. Sad
David_Benz
Donator
Jr. Member
*
Offline Offline

Activity: 56

you got hacked bitch!


View Profile
May 05, 2012, 04:37:01 AM
 #15

did you think they would?

use CampBX

I am the Bitcoinica Hacker.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
May 05, 2012, 04:56:37 AM
 #16

My account, with a strong password, was compromised due to the insecurity of their systems, but they refuse to accept any culpability or responsibility for my loss.
My guess is your password was compromised by phishing. These phishing emails are very realistic looking, I nearly fell for it myself. Check your inbox for any emails appearing to be from MtGox, and see if there are any links to .ru domains.

yep...
this:
Quote from: Trickle
.. I found out after receiving an email to say that my account was up for review...
screams phishing victim to me.

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
MoonShadow
Legendary
*
Offline Offline

Activity: 1666



View Profile
May 05, 2012, 05:21:12 AM
 #17

If you are going to keep substantial funds at a website not under your own control, such as Mt.Gox or any one of these wallet services; then please use the two-step authentication (i.e. yubikey).  If they don't have it & don't use split wallets (i.e. they keep your secret keys at the server) just don't use that service.  It's money people!  Act like there are people out there who want your personal data, because there are.  Bitcoin isn't Facebook!  There really is something to be gained from stealing your data!

"The powers of financial capitalism had another far-reaching aim, nothing less than to create a world system of financial control in private hands able to dominate the political system of each country and the economy of the world as a whole. This system was to be controlled in a feudalist fashion by the central banks of the world acting in concert, by secret agreements arrived at in frequent meetings and conferences. The apex of the systems was to be the Bank for International Settlements in Basel, Switzerland, a private bank owned and controlled by the world's central banks which were themselves private corporations. Each central bank...sought to dominate its government by its ability to control Treasury loans, to manipulate foreign exchanges, to influence the level of economic activity in the country, and to influence cooperative politicians by subsequent economic rewards in the business world."

- Carroll Quigley, CFR member, mentor to Bill Clinton, from 'Tragedy And Hope'
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 05, 2012, 05:26:31 AM
 #18

I had around 300 Bitcoins stolen from my MT Gox account on Sep 8th/9th 2011. I found out after receiving an email to say that my account was up for review and eventually getting a working password from them that got me into my account.
Oops.  Sounds like you fell for a phish.  Sad  Sorry, that definitely sucks.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
May 05, 2012, 06:16:56 AM
 #19

Quote
If you are going to keep substantial funds at a website not under your own control, such as Mt.Gox or any one of these wallet services; then please use the two-step authentication (i.e. yubikey).  If they don't have it & don't use split wallets (i.e. they keep your secret keys at the server) just don't use that service.  It's money people!  Act like there are people out there who want your personal data, because there are.  Bitcoin isn't Facebook!  There really is something to be gained from stealing your data!

Bears repeating.


Bitcoin is freedom, and freedom requires responsibility.

1.
Assume your computer -any computer- is infected with a trojan. Don't use those computers for important things. Use your laptop or desktop to boot a Live session of Ubuntu. I've gone so far as to run the live session from a 4GB SD card on my laptop and it operates without a hard drive. Every time I boot my machine its clean. The SD card is read only, and everything the OS loads goes to RAM which is also wiped when you power off. Its basically a banking terminal Smiley

Learn how to boot a live session here:
http://www.ubuntu.com/download/help/try-ubuntu-before-you-install

This is the only means I use to do any banking business online.
There are windows options that can do similar things but I believe this is cheapest and easiest.

2.
Make strong passwords. strong passwords don't have to be hard to remember.



Further, DO NOT USE THE SAME PASSWORD FOR EVERYTHING.

3.
Don't give your passwords out. Not even to your mother.
Foxpup
Legendary
*
Offline Offline

Activity: 1694



View Profile
May 05, 2012, 07:43:44 AM
 #20

Further, DO NOT USE THE SAME PASSWORD FOR EVERYTHING.
You forgot the relevant XKCD comic:


Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!