Buffcorp (OP)
Member
 Offline
Activity: 101
Merit: 10
|
 |
June 01, 2012, 03:15:23 AM |
|
My mtgox account was comprised. The individual used $599 I had to buy btc and then sent the btc to himself. Is there anything mtgox can do?
|
|
|
|
|
Maged
Legendary
Offline
Activity: 1204
Merit: 1015
|
|
June 01, 2012, 03:20:09 AM |
|
They can send you a free yubikey to prevent this from happening in the future, but that's about it. Sorry.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 01, 2012, 03:32:52 AM |
|
Not that it will help or anything, but you could post transaction info so that it could be traced thru the blockchain.
Was your password total crap? And was it used on other sites?
Have you checked for viruses on your computer?
|
|
|
|
|
Liberty Payout
|
|
June 01, 2012, 03:35:02 AM |
|
Yes, please post some more info so other members know the source of the phisher. They also can't do anything from what I know BTC is irreversible.
|
|
|
|
|
Buffcorp (OP)
Member
Offline
Activity: 101
Merit: 10
|
|
June 01, 2012, 03:36:42 AM |
|
My password was strong, the computer is clean and no I did not use the same pass on other sites.
2012/05/29 02:59:48 Spent $298.99994 $0.26022
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996
2012/05/29 02:57:40 Spent $113.63315 $299.26016
BTC bought: [tid:1338260260509217] 22.28144636 BTC at $5.09990
2012/05/29 02:57:40 Spent $24.53052 $412.89331
BTC bought: [tid:1338260260480565] 4.81000000 BTC at $5.09990
2012/05/29 02:57:40 Spent $99.55005 $437.42383
BTC bought: [tid:1338260260448265] 19.52000000 BTC at $5.09990
2012/05/29 02:57:40 Spent $0.05080 $536.97388
BTC bought: [tid:1338260260262724] 0.01000000 BTC at $5.08000
2012/05/29 02:57:40 Spent $62.86950 $537.02468
BTC bought: [tid:1338260260204812] 12.37615364 BTC at $5.07989
2012/05/29 03:00:56 Withdraw 28.30900000 BTC 0.00006095 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 03:00:41 Withdraw 30.00000000 BTC 28.30906095 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 02:59:48 Fee 0.32245345 BTC 58.30906095 BTC
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 (0.55% fee)
2012/05/29 02:59:48 In 58.62790000 BTC 58.63151440 BTC
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996
2012/05/29 02:58:45 Withdraw 28.64000000 BTC 0.00361440 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 02:58:31 Withdraw 30.00000000 BTC 28.64361440 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
|
|
|
|
|
|
Liberty Payout
|
|
June 01, 2012, 03:39:33 AM |
|
My password was strong, the computer is clean and no I did not use the same pass on other sites.
2012/05/29 02:59:48 Spent $298.99994 $0.26022
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996
2012/05/29 02:57:40 Spent $113.63315 $299.26016
BTC bought: [tid:1338260260509217] 22.28144636 BTC at $5.09990
2012/05/29 02:57:40 Spent $24.53052 $412.89331
BTC bought: [tid:1338260260480565] 4.81000000 BTC at $5.09990
2012/05/29 02:57:40 Spent $99.55005 $437.42383
BTC bought: [tid:1338260260448265] 19.52000000 BTC at $5.09990
2012/05/29 02:57:40 Spent $0.05080 $536.97388
BTC bought: [tid:1338260260262724] 0.01000000 BTC at $5.08000
2012/05/29 02:57:40 Spent $62.86950 $537.02468
BTC bought: [tid:1338260260204812] 12.37615364 BTC at $5.07989
2012/05/29 03:00:56 Withdraw 28.30900000 BTC 0.00006095 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 03:00:41 Withdraw 30.00000000 BTC 28.30906095 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 02:59:48 Fee 0.32245345 BTC 58.30906095 BTC
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996 (0.55% fee)
2012/05/29 02:59:48 In 58.62790000 BTC 58.63151440 BTC
BTC bought: [tid:1338260388928667] 58.62790000 BTC at $5.09996
2012/05/29 02:58:45 Withdraw 28.64000000 BTC 0.00361440 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
2012/05/29 02:58:31 Withdraw 30.00000000 BTC 28.64361440 BTC
Bitcoin withdraw to 1FLVVbi22zeuEz5JRRuZvAqSeeA5PcYfez
The money is gone, right now the best thing is to establish how it was stolen in the first place. Otherwise you may still be at risk. When did you notice it was missing, have you visited any suspicious sites/ clicked any links recently? |
|
|
|
|
MtGox_Dylan
Newbie
Offline
Activity: 18
Merit: 0
|
|
June 01, 2012, 03:39:57 AM |
|
If you haven't already, please lodge a support request with us so we can investigate. Unfortunately, once BTC has left our system we have no control over it, but we can at least return the account to your control (if that hasn't been done yet) and investigate what happened here.
We're very sorry for the negative experience you've had with our service, and hope we can do something to help.
|
|
|
|
|
the joint
Legendary
Offline
Activity: 1834
Merit: 1020
|
|
June 01, 2012, 03:43:25 AM |
|
What about your email password? Is that strong? Maybe your email account was hacked and they used it to recover your Mt. Gox password?
|
|
|
|
|
Buffcorp (OP)
Member
Offline
Activity: 101
Merit: 10
|
|
June 01, 2012, 03:49:12 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
|
|
|
|
|
|
Lumpy
|
|
June 01, 2012, 04:18:47 AM |
|
Does your browser remember passwords for you? Is your computer physically accessible by any other party?
|
|
|
|
|
|
Andrew Bitcoiner
|
|
June 01, 2012, 04:20:45 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
I've been ripped off similar amounts, these things happen and it is best to not dwell on it to much. I would suggest adding two factor authentication to all the services you intend to have access to your account information including the mtgox yubikey which would of saved you in this situation. |
|
|
|
edd
Donator
Legendary
Offline
Activity: 1414
Merit: 1002
|
|
June 01, 2012, 04:58:37 AM |
|
I have submitted a request to mtgox but considering how nothing can be done based on mtgox_dylan's comments and I am now out $599, I highly doubt I want to try and recover an account that was comprised... if anything I'd just open a new one but with this experience I highly doubt I will ever touch mtgox again. I am just completely devastated.
Do you believe Mt Gox was responsible for this? If so, what leads you to this conclusion? |
Still around.
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
June 01, 2012, 12:03:13 PM |
|
Opening more accounts won't help you if you don't fix the problem(s) that caused the issue in the first place. So if you have a strong password and computer has no viruses etc, there are other ways this could have happened that could just as easily happen again if you don't take precautions.
So do you have any other clues?
|
|
|
|
|
bitdragon
|
|
June 01, 2012, 12:12:39 PM |
|
please do share so that we can learn from this.
What was your password ?
have you always used the same computer to access MTGOX?
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 02, 2012, 11:16:07 AM
Last edit: June 02, 2012, 08:33:36 PM by Stephen Gornick |
|
could just as easily happen again if you don't take precautions.
Exactly. I'ld switch to the assumption that my system was compromised unless I could prove otherwise. That usually would mean a reinstall and proper security. I'ld like to see some measures made for those whose account value is too small to justify the cost of a Yubikey. Like offering to have a separate password for doing a withdrawal, or the ability to set a grace period on all BTC or redeemable code withdrawals (e.g., an e-mail gets sent out, and the withdraw can be cancelled up to NN hour hours before the BTC gets sent or the code gets created.) |
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 02, 2012, 07:42:55 PM |
|
possibly bad link - circular link to this thread |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
TT
Member
Offline
Activity: 77
Merit: 10
|
|
June 02, 2012, 07:46:30 PM |
|
Withdrawal to bitcoin address is the exchange function/API call that is most prone to theft.
Other withdrawal methods have at least some level of traceability and/or reversibility.
Therefore, I propose the following solution:
1) create a completely separate right for both the web and the API for withdrawal to bitcoin address, separate from all the other withdrawal methods.
2) allow the owner of the account to have a whitelist of bitcoin addresses to which it is allowed to withdraw from both the web AND the API.
3) require two-factor authentication for adding or removing addresses to and from the whitelist.
This simple feature means that even in the event of an attacker gaining access to the user's web dashboard or the user's API keys,
the attacker will not be able to withdraw bitcoins to addresses of his choice.
Simple fix to a significant security risk.
|
|
|
|
|
Kluge
Donator
Legendary
Offline
Activity: 1218
Merit: 1015
|
|
June 02, 2012, 08:00:18 PM |
|
|
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
June 05, 2012, 10:56:30 AM |
|
|
|
|
|
|
