Bitcoin Forum
December 03, 2016, 09:49:09 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: All BTC disappeared from my Mt. Gox account  (Read 2888 times)
coinminers
Full Member
***
Offline Offline

Activity: 146



View Profile WWW
June 18, 2012, 05:53:14 PM
 #1

Last week I sent a notice to Mt Gox about money that disappeared from my account.

This is the note I sent them:

--
Hello,

I'm inquiring about the transaction below:

2012/06/01 16:47:36   Withdraw    125.39000000 BTC   0.00000000 BTC
Bitcoin withdraw to 12pgtNq8A67Si6RwGa4ccjUVGJnjuiiU3z

I never initiated a transaction like that so I'm wondering where that money went?
--

This is what they replied:

--
Hello,

We are sorry for your loss. Unfortunately, we can not refund any amount of the stolen funds. While this is extremely disappointing news, it is unavoidable. Issuing a direct refund is not possible as there is no way of proving that your account was in fact compromised. As a business if Mt.Gox were to offer you a cash or bitcoin refund in compensation of this extremely unfortunate event, there would be a large increase in the number of hacking attempts to capitalize upon the possibility of financial reward.

As a further remedy, we would like to suggest that you file a police report for the stolen goods. It is preferable for the police to inspect your computer, but not necessary. Once this investigation has occurred and a copy of the police report issued, please send a copy of it along with a notarized copy of your passport or Government issued photo ID to Mt.Gox.

Please let us know how you wish to proceed, and again we apologize for the frustration and inconvenience caused.

Thanks,

MtGox.com Team
--

Is this normal??

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
1480801749
Hero Member
*
Offline Offline

Posts: 1480801749

View Profile Personal Message (Offline)

Ignore
1480801749
Reply with quote  #2

1480801749
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480801749
Hero Member
*
Offline Offline

Posts: 1480801749

View Profile Personal Message (Offline)

Ignore
1480801749
Reply with quote  #2

1480801749
Report to moderator
rgm3
Newbie
*
Offline Offline

Activity: 5


View Profile
June 18, 2012, 05:59:17 PM
 #2

make sure, that your password is changend now.

seems very unfortunate but i think someone got your password and did a payout to his own address
AndrewBUD
Sr. Member
****
Offline Offline

Activity: 336


I will Squirt you with this sprinkler :)


View Profile
June 18, 2012, 06:09:17 PM
 #3

Ouch that sucks.. I use similar passwords on sites but rarely the same... The exchange I use requires email verification everytime I log in.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 18, 2012, 06:12:43 PM
 #4

A lot of that going on.

"MtGox account got cleared out"
 - http://bitcointalk.org/index.php?topic=85533.0

Another:
 - http://bitcointalk.org/index.php?topic=80562.msg941759#msg941759

And another:
"My mtgox account got compromised, what can I do?"
 - http://bitcointalk.org/index.php?topic=84585.0

And on other services as well.  Here same thing happened to some GLBSE users:
 - http://bitcointalk.org/index.php?topic=84893.0

In none of these was the person using multi-factor authentication.  Mt. Gox has had Yubikey support for a while.  Mt. Gox accounts now support Google Authenticator:
 - https://mtgox.com/press_release_20120605.html

coinminers
Full Member
***
Offline Offline

Activity: 146



View Profile WWW
June 18, 2012, 06:27:51 PM
 #5

Thanks everyone for the input, is there no way for me to get MtGox to help out a little bit more? I mean they have IP information, logs etc., no?

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
stevegee58
Hero Member
*****
Offline Offline

Activity: 783



View Profile
June 18, 2012, 06:31:54 PM
 #6

Do what they suggested and file a police report.  Gox won't tell you the perpetrator's IP address or anything else.  They'll only divulge that with a court order or law enforcement request.  It's your only hope.

Unless you have a really compelling reason to use them, you should avoid using exchanges.

You are in a maze of twisty little passages, all alike.
coinminers
Full Member
***
Offline Offline

Activity: 146



View Profile WWW
June 18, 2012, 06:38:00 PM
 #7

I see. I will sure as hell not use Mt Gox anymore.

My computer is safe, so is my password, I did not use this password on other sites, and I see no way how someone could have obtained it through fault of my own!

This really sucks! Angry

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
June 18, 2012, 06:38:56 PM
 #8

coinminers, would you mind sharing what password you used for your Mt. Gox account? (assuming you changed your password in the mean time, if not, DO IT NOW)

I'm curious as to how (un)likely it is that somebody hacked guessed  it.


Do what they suggested and file a police report.  Gox won't tell you the perpetrator's IP address or anything else.  They'll only divulge that with a court order or law enforcement request.  It's your only hope.
That is actually pretty darn lame from them, not to mention extremely customer unfriendly Angry

If the account owner did the transaction himself, there is no reason not to share the IP (i.e. his own) from which the withdrawal was issued.
If someone else did, that's a very obvious reason (or even duty) to share the IP to the actual account owner.

Shame on you, Mt Gox. Another reason why I will trade ZERO bitcoins with you.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
mollison
Full Member
***
Offline Offline

Activity: 157



View Profile
June 18, 2012, 06:42:31 PM
 #9

Unless you have a really compelling reason to use them, you should avoid using exchanges.

Why do you say this?
stevegee58
Hero Member
*****
Offline Offline

Activity: 783



View Profile
June 18, 2012, 06:44:00 PM
 #10

If the account owner did the transaction himself, there is no reason not to share the IP (i.e. his own) from which the withdrawal was issued.
If someone else did, that's a very obvious reason (or even duty) to share the IP to the actual account owner.

They won't and they shouldn't.  Think about it.  What would you do with someone's IP address if you had it?  Suppose they told you the IP address and you somehowtracked down the perpetrator and killed him.  Think of the liability that opens Gox (or any other business) up to.

Leave law enforcement to the police.

You are in a maze of twisty little passages, all alike.
AndrewBUD
Sr. Member
****
Offline Offline

Activity: 336


I will Squirt you with this sprinkler :)


View Profile
June 18, 2012, 06:48:20 PM
 #11

Depending where you are I doubt the police will do much about it, But you will have proof you made a police report....
stevegee58
Hero Member
*****
Offline Offline

Activity: 783



View Profile
June 18, 2012, 06:53:21 PM
 #12

Depending where you are I doubt the police will do much about it, But you will have proof you made a police report....

I agree they probably won't have much chance of getting OP's BTC back.  But here's a chance to look in the mirror and do some soul searching about BTC.  Maybe OP shouldn't have put so much in BTC that it hurts to lose it.  After all we're in a Wild West phase of BTC's development.  We're seeing scalability problems already from satoshidice for instance.

When you suffer a loss like this don't expect a bail-out.  I know it seems like everyone expects to get a check every time something bad happens to them.  But like I said it's the Wild West.

You are in a maze of twisty little passages, all alike.
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
June 18, 2012, 07:07:19 PM
 #13

They won't and they shouldn't.  Think about it.  What would you do with someone's IP address if you had it?  Suppose they told you the IP address and you somehowtracked down the perpetrator and killed him.
In that case email headers shouldn't contain IP addresses either.

The probability of someone actually killing someone for stealing bitcoins, based on their IP alone, seems to be insignificantly small to me.

Quote
Leave law enforcement to the police.
Funny. I don't know where you are from, but here in Europe, the police DON'T DO SH!T about theft whatsoever. Let alone "theft" (they won't even call it that) of information which is not a tangible asset.

Crypto money, you say? Sounds like WoW gold to them. The probability of the police actually tracking down and prosecuting someone for stealing bitcoins, based on their IP, is exactly 0.000000000000000%

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
electronus
Full Member
***
Offline Offline

Activity: 145



View Profile
June 18, 2012, 07:31:44 PM
 #14

I've got the same situation. All my usd amount was traded for btc, and then btc was withdrawed  Grin
just before was used Opera with Turbo function enabled
and somebody in Sweden stole my mtgox password
consider this as unavoidable situation  Cry because I've got the same email answer from mtgox
can you publish here an IP address from where your funds was withdrawed?
and also consider to keep your btc on your pool or standalone wallet, and use mtgox only for trade and immediate withdraw for a limited amount of time, not for keeping btc or usd
jbcmine
Member
**
Offline Offline

Activity: 71



View Profile
June 18, 2012, 07:38:57 PM
 #15


My computer is safe, so is my password, I did not use this password on other sites, and I see no way how someone could have obtained it through fault of my own!


I doubt your computer is as safe as you think!
coinminers
Full Member
***
Offline Offline

Activity: 146



View Profile WWW
June 18, 2012, 08:24:43 PM
 #16

They won't and they shouldn't.  Think about it.  What would you do with someone's IP address if you had it?  Suppose they told you the IP address and you somehowtracked down the perpetrator and killed him.  Think of the liability that opens Gox (or any other business) up to.

I myself co-own a business that supplies an online service and when our customers need IPs of people who have bid in their auctions, we will supply that information every single time, no questions asked, and 0 murders so far.

If I told any of my clients that I'm afraid they may kill the person whose IP I supply, then that would likely be the last interaction I would had had with that client.

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
stevegee58
Hero Member
*****
Offline Offline

Activity: 783



View Profile
June 18, 2012, 08:30:05 PM
 #17

I myself co-own a business that supplies an online service and when our customers need IPs of people who have bid in their auctions, we will supply that information every single time, no questions asked, and 0 murders so far.

Still begs the question: what will someone do with an IP address?  It's actually a useless piece of information anyway.  It's already been decided in US courts that an IP address cannot be used to identify an individual person, only a household.

ISPs like Comcast do hold onto IP address info for some months but will only release customer info under court order, not to individuals.

You are in a maze of twisty little passages, all alike.
electronus
Full Member
***
Offline Offline

Activity: 145



View Profile
June 18, 2012, 08:44:32 PM
 #18

stevegee58 not for hunting purpose  Grin ,
but you can always use ripe or other nic to resolve country of origin
in my situation thats was Sweden and after nic tinkering I've linked leak of password with Opera Turbo mode, because they use Sweden-based servers as well  Grin
coinminers
Full Member
***
Offline Offline

Activity: 146



View Profile WWW
June 18, 2012, 09:12:12 PM
 #19


Still begs the question: what will someone do with an IP address?  It's actually a useless piece of information anyway.  It's already been decided in US courts that an IP address cannot be used to identify an individual person, only a household.

ISPs like Comcast do hold onto IP address info for some months but will only release customer info under court order, not to individuals.

Well, how about figuring out, for starters, if someone maybe logged into the computer at my office and did it from there,or if it's a complete stranger? In the former case I would be willing to accept more responsibility than in the latter.

What if they can't supply any IP records at all? Wouldn't that open MtGox up to questioning? What if someone did this stuff from THEIR backend. Wouldn't they then be liable for some kind of damage control?

I think there is a lot that can be gathered from IP records, at least much more than filing, out of all things, a POLICE report. Cheesy

http://bit.co.in - Shorten your address and make/receive payments on the go! Decentralized!!

http://www.coinjabber.com - Submit, review, discuss, and promote Bitcoin & virtual currency websites!
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
June 18, 2012, 10:28:04 PM
 #20

Anyone capable of guessing a password is probably also clever enough to use TOR + VPN + a chain of proxies to withdraw the funds. Still, it is retarded of Mt. Gox not to share this information with their customers.

Still wondering:

coinminers, would you mind sharing what password you used for your Mt. Gox account? (assuming you changed your password in the mean time, if not, DO IT NOW)

I'm curious as to how (un)likely it is that somebody hacked guessed  it.

And same for electronus:

and somebody in Sweden stole my mtgox password

Could you reveal the password that got stolen? Also, of course, assuming you changed it in the mean time.

It would be helpful for others to see what is NOT a good password (not meant to ridicule you guys but as an honest advice and lesson for others).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!