Buffcorp (OP)
Member
Offline
Activity: 101
Merit: 10
|
|
June 01, 2012, 03:15:23 AM |
|
My mtgox account was comprised. The individual used $599 I had to buy btc and then sent the btc to himself. Is there anything mtgox can do?
|
|
|
|
|
|
|
|
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
June 01, 2012, 03:20:09 AM |
|
They can send you a free yubikey to prevent this from happening in the future, but that's about it. Sorry.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 01, 2012, 03:32:52 AM |
|
Not that it will help or anything, but you could post transaction info so that it could be traced thru the blockchain.
Was your password total crap? And was it used on other sites?
Have you checked for viruses on your computer?
|
|
|
|
Liberty Payout
|
|
June 01, 2012, 03:35:02 AM |
|
Yes, please post some more info so other members know the source of the phisher. They also can't do anything from what I know BTC is irreversible.
|
|
|
|
Buffcorp (OP)
Member
Offline
Activity: 101
Merit: 10
|
|
June 01, 2012, 03:36:42 AM |
|
My password was strong, the computer is clean and no I did not use the same pass on other sites.
2012/05/29 02:59:48 Spent $298.99994 $0.26022 BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 2012/05/29 02:57:40 Spent $113.63315 $299.26016 BTC bought: [tid:1338260260509217] 22.28144636 BTC at $5.09990 2012/05/29 02:57:40 Spent $24.53052 $412.89331 BTC bought: [tid:1338260260480565] 4.81000000 BTC at $5.09990 2012/05/29 02:57:40 Spent $99.55005 $437.42383 BTC bought: [tid:1338260260448265] 19.52000000 BTC at $5.09990 2012/05/29 02:57:40 Spent $0.05080 $536.97388 BTC bought: [tid:1338260260262724] 0.01000000 BTC at $5.08000 2012/05/29 02:57:40 Spent $62.86950 $537.02468 BTC bought: [tid:1338260260204812] 12.37615364 BTC at $5.07989
2012/05/29 03:00:56 Withdraw 28.30900000 BTC 0.00006095 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 03:00:41 Withdraw 30.00000000 BTC 28.30906095 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 02:59:48 Fee 0.32245345 BTC 58.30906095 BTC BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 (0.55% fee) 2012/05/29 02:59:48 In 58.62790000 BTC 58.63151440 BTC BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 2012/05/29 02:58:45 Withdraw 28.64000000 BTC 0.00361440 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 02:58:31 Withdraw 30.00000000 BTC 28.64361440 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
|
|
|
|
Liberty Payout
|
|
June 01, 2012, 03:39:33 AM |
|
My password was strong, the computer is clean and no I did not use the same pass on other sites.
2012/05/29 02:59:48 Spent $298.99994 $0.26022 BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 2012/05/29 02:57:40 Spent $113.63315 $299.26016 BTC bought: [tid:1338260260509217] 22.28144636 BTC at $5.09990 2012/05/29 02:57:40 Spent $24.53052 $412.89331 BTC bought: [tid:1338260260480565] 4.81000000 BTC at $5.09990 2012/05/29 02:57:40 Spent $99.55005 $437.42383 BTC bought: [tid:1338260260448265] 19.52000000 BTC at $5.09990 2012/05/29 02:57:40 Spent $0.05080 $536.97388 BTC bought: [tid:1338260260262724] 0.01000000 BTC at $5.08000 2012/05/29 02:57:40 Spent $62.86950 $537.02468 BTC bought: [tid:1338260260204812] 12.37615364 BTC at $5.07989
2012/05/29 03:00:56 Withdraw 28.30900000 BTC 0.00006095 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 03:00:41 Withdraw 30.00000000 BTC 28.30906095 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 02:59:48 Fee 0.32245345 BTC 58.30906095 BTC BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 (0.55% fee) 2012/05/29 02:59:48 In 58.62790000 BTC 58.63151440 BTC BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 2012/05/29 02:58:45 Withdraw 28.64000000 BTC 0.00361440 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez 2012/05/29 02:58:31 Withdraw 30.00000000 BTC 28.64361440 BTC Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
The money is gone, right now the best thing is to establish how it was stolen in the first place. Otherwise you may still be at risk. When did you notice it was missing, have you visited any suspicious sites/ clicked any links recently?
|
|
|
|
MtGox_Dylan
Newbie
Offline
Activity: 18
Merit: 0
|
|
June 01, 2012, 03:39:57 AM |
|
If you haven't already, please lodge a support request with us so we can investigate. Unfortunately, once BTC has left our system we have no control over it, but we can at least return the account to your control (if that hasn't been done yet) and investigate what happened here.
We're very sorry for the negative experience you've had with our service, and hope we can do something to help.
|
|
|
|
the joint
Legendary
Offline
Activity: 1834
Merit: 1020
|
|
June 01, 2012, 03:43:25 AM |
|
What about your email password? Is that strong? Maybe your email account was hacked and they used it to recover your Mt. Gox password?
|
|
|
|
Buffcorp (OP)
Member
Offline
Activity: 101
Merit: 10
|
|
June 01, 2012, 03:49:12 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
|
|
|
|
Lumpy
|
|
June 01, 2012, 04:18:47 AM |
|
Does your browser remember passwords for you? Is your computer physically accessible by any other party?
|
|
|
|
Andrew Bitcoiner
|
|
June 01, 2012, 04:20:45 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
I've been ripped off similar amounts, these things happen and it is best to not dwell on it to much. I would suggest adding two factor authentication to all the services you intend to have access to your account information including the mtgox yubikey which would of saved you in this situation.
|
|
|
|
edd
Donator
Legendary
Offline
Activity: 1414
Merit: 1001
|
|
June 01, 2012, 04:58:37 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
Do you believe Mt Gox was responsible for this? If so, what leads you to this conclusion?
|
Still around.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 01, 2012, 12:03:13 PM |
|
Opening more accounts won't help you if you don't fix the problem(s) that caused the issue in the first place. So if you have a strong password and computer has no viruses etc, there are other ways this could have happened that could just as easily happen again if you don't take precautions.
So do you have any other clues?
|
|
|
|
bitdragon
|
|
June 01, 2012, 12:12:39 PM |
|
please do share so that we can learn from this. What was your password ? have you always used the same computer to access MTGOX?
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 02, 2012, 11:16:07 AM Last edit: June 02, 2012, 08:33:36 PM by Stephen Gornick |
|
could just as easily happen again if you don't take precautions.
Exactly. I'ld switch to the assumption that my system was compromised unless I could prove otherwise. That usually would mean a reinstall and proper security. I'ld like to see some measures made for those whose account value is too small to justify the cost of a Yubikey. Like offering to have a separate password for doing a withdrawal, or the ability to set a grace period on all BTC or redeemable code withdrawals (e.g., an e-mail gets sent out, and the withdraw can be cancelled up to NN hour hours before the BTC gets sent or the code gets created.)
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 02, 2012, 07:42:55 PM |
|
possibly bad link - circular link to this thread
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
TT
Member
Offline
Activity: 77
Merit: 10
|
|
June 02, 2012, 07:46:30 PM |
|
Withdrawal to bitcoin address is the exchange function/API call that is most prone to theft. Other withdrawal methods have at least some level of traceability and/or reversibility.
Therefore, I propose the following solution: 1) create a completely separate right for both the web and the API for withdrawal to bitcoin address, separate from all the other withdrawal methods. 2) allow the owner of the account to have a whitelist of bitcoin addresses to which it is allowed to withdraw from both the web AND the API. 3) require two-factor authentication for adding or removing addresses to and from the whitelist.
This simple feature means that even in the event of an attacker gaining access to the user's web dashboard or the user's API keys, the attacker will not be able to withdraw bitcoins to addresses of his choice.
Simple fix to a significant security risk.
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
June 02, 2012, 08:00:18 PM |
|
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 05, 2012, 10:56:30 AM |
|
|
|
|
|
EuSouBitcoin
|
|
June 05, 2012, 12:02:54 PM |
|
could just as easily happen again if you don't take precautions.
I'ld like to see some measures made for those whose account value is too small to justify the cost of a Yubikey. I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator. The following Bitcoin exchanges currently do offer optional two-factor authentication BitFloor Camp BX Crypto X Change Mercado Bitcoin Mt Gox I think this is a nice optional layer of security to offer for your clients. The 3 methods offered are: Google Authenticator SMS Text Message Yubikey Of the 3 methods listed above, personally, I prefer Google Authenticator http://en.wikipedia.org/wiki/Google_AuthenticatorI don't like the yubikey because I don't want another piece of hardware. SMS text message is OK, but I use a prepaid cellphone and have to pay for every text I receive. Being somewhat of a tightwad, I don't like that. Google Authenticator works on my iPod touch and it's free. If the cost is free even small accounts can afford to be secure. While it's probably best to just make this an optional level of security, Bitcoin exchanges could make it mandatory for accounts above a certain BTC or fiat currency balance.
|
You can't win if you don't play. But you can't play if you lose all your chips. First I found bitcoin (BTC). Then I found something better, Monero (XMR). See GetMonero.org
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
June 05, 2012, 04:53:12 PM |
|
I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator.
As of a few hours before your post, they do.
|
|
|
|
Unacceptable
Legendary
Offline
Activity: 2212
Merit: 1001
|
|
June 05, 2012, 07:07:30 PM |
|
I got hacked too.So did a new guy that PM'ed me. This is something to do with MTgox
|
"If you run into an asshole in the morning, you ran into an asshole. If you run into assholes all day long, you are the asshole." -Raylan Givens Got GOXXED ?? https://www.youtube.com/watch?v=9KiqRpPiJAU&feature=youtu.be"An ASIC being late is perfectly normal, predictable, and legal..."Hashfast & BFL slogan
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 05, 2012, 07:08:20 PM |
|
I got hacked too.So did a new guy that PM'ed me. This is something to do with MTgox It was a poor password choice.
|
|
|
|
Unacceptable
Legendary
Offline
Activity: 2212
Merit: 1001
|
|
June 05, 2012, 07:32:26 PM |
|
I got hacked too.So did a new guy that PM'ed me. This is something to do with MTgox It was a poor password choice. Maybe so,but I use something similar with banks & had no problems ever.............putting on flame retardent suit It just dawned on me that Deepbit always sends an email with a confirm link when changing info or withdrawing coins,MTgox needs something similar.
|
"If you run into an asshole in the morning, you ran into an asshole. If you run into assholes all day long, you are the asshole." -Raylan Givens Got GOXXED ?? https://www.youtube.com/watch?v=9KiqRpPiJAU&feature=youtu.be"An ASIC being late is perfectly normal, predictable, and legal..."Hashfast & BFL slogan
|
|
|
EuSouBitcoin
|
|
June 05, 2012, 07:52:04 PM |
|
I'd like to see Mt Gox and other bitcoin exchanges offer the free two-factor authentication, Google Authenticator.
As of a few hours before your post, they do. Sweet! Ask and ye shall receive. I'm going to set up authentication now.
|
You can't win if you don't play. But you can't play if you lose all your chips. First I found bitcoin (BTC). Then I found something better, Monero (XMR). See GetMonero.org
|
|
|
ludo0777
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 10, 2012, 09:00:08 PM |
|
It sucks people are getting hacked, but nobody can do anything about it so just try make sure it never happens again.
|
|
|
|
zvs
Legendary
Offline
Activity: 1680
Merit: 1000
https://web.archive.org/web/*/nogleg.com
|
|
June 10, 2012, 11:22:47 PM |
|
i use piece of paper and password kfdJO$3jO:CXZMnfkcxM$L#@:!
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 11, 2012, 12:18:48 AM |
|
It sucks people are getting hacked, but nobody can do anything about it so just try make sure it never happens again. Of course people can do things to prevent it, but sometimes it takes getting hacked to knock some common sense into them.
|
|
|
|
Unacceptable
Legendary
Offline
Activity: 2212
Merit: 1001
|
|
June 11, 2012, 01:46:26 AM |
|
It sucks people are getting hacked, but nobody can do anything about it so just try make sure it never happens again. Of course people can do things to prevent it, but sometimes it takes getting hacked to knock some common sense into them. Well,with nothing backing BTC like the dollar or other fiat (police or fed gov think BTC is "play" money & don't care),you have no recourse in getting your coins or cash back.Its a hackers paradise (they can suffer no conciqences)& will continue to be so.Illegal activities are too easy to get away with in the make believe land of BTC. If the exchanges were to make it mandatory for PW's to be ________________(insert digit amount) or something to that effect,maybe it would make it harder for hackers.Most folks aren't cryoto phreaks or super software savvy like alot of you on this forum.Sorry for me/most of us "outsiders" being so ignorant.............. Hell,even exchanges are getting hacked for very large amounts & you'll never see a penny recovered.Will the local gov come & help,yeah right. Chalk it up to experience You bet,I don't trust anyone or anyplace anymore..............My coins stay on my PC & if I do go to trade,it's only long enough for that trade............
|
"If you run into an asshole in the morning, you ran into an asshole. If you run into assholes all day long, you are the asshole." -Raylan Givens Got GOXXED ?? https://www.youtube.com/watch?v=9KiqRpPiJAU&feature=youtu.be"An ASIC being late is perfectly normal, predictable, and legal..."Hashfast & BFL slogan
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 11, 2012, 01:49:39 AM |
|
Reminds me, it's about time that I rotated my main passwords. I'm starting to use LastPass more with generated passwords, but the master password for LastPass is a few years old at this point. Although it is more than 20 characters with caps and numbers, it's still based on a phrase and doesn't have symbols. I'll need to come up with a suitable replacement.
|
|
|
|
Ghostofkobra
|
|
June 23, 2012, 01:20:15 AM |
|
My money on MT.Gox was transferred out ~2k USD on the 31th of may. And there are no logins that match the withdraw. Did you check if the logins to your account match the withdraws before you beat yourself up about your password? My thread: https://bitcointalk.org/index.php?topic=89142.0//GoK
|
|
|
|
|