Bitcoin Forum
December 03, 2016, 07:51:27 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: MT.Gox account hacked - lost 2k USD - MT.GOX will not explain how.  (Read 10504 times)
zvs
Legendary
*
Offline Offline

Activity: 1386



View Profile WWW
September 24, 2012, 01:46:06 AM
 #41

I have a feeling the ID/AML request is because of reporting a loss of over $2,000.

In this modern age, using just a password to secure anything of value is unwise.

I use 2 factor for any account that has over $10 dollars in it. Except those protected by the FDIC.
For my MtGox Account I use (Two) 2 factor accounts on two different devices, they would have to have access to both devices or crack 2 factor.

I also use 2 factor on all email accounts, to prevent password resets.

Did you access your account from a Desktop Or Laptop?

Was it running Windows? Are you up to date?
What AntiVirus are you using? is it up to date?

Have you ever accessed your account using WIFI? Unsecured? WEP?

Most likely your password was stolen from a Keylogger or They were able to login into MtGox by routing thru your Computer Remotely.

Do you download any software from torrents?

Just be aware there is also a virus that has appeared in Asia mostly,that can survive a format of the HD, by hiding inside your BIOS and reinfecting your system after reinstall.


File a police report,Verify your AML with MtGox(I don't think it will do any good),and Redeem Free Yubikey Offer

Until I see an account that has 2 factor used get stolen from, your security was the cause of your loss because you were easy picking.

An unsecured connection would just be too ez....  my guess is it had to do with some porn and malicious javascript

i haven't used any antivirus software in about 15 yrs (when they started to all become incredibly intrusive), though i do scan about once a month with malwarebytes.

sites that pop up a lot of windows = bad

emails with links in them that go to hxxxxxxxxxxxp://us.battle.net.login.en.ei-login.com/login/en/login.html    are bad  (fresh from the junk mail folder, hours old!... wtf, edited link just in case someone was going to click on it)

Dacentec, best deals for US dedicated servers. They regularly restock $20-$25 Opterons with 8-16GB RAM & 2x1-2TB HDD's (ofc, usually lots of other good stuff to choose from).  I did a Serverbear benchmark of one of my $20/mo Opteron (June last year), it's here.  Have had about a half dozen different servers with Dacentec, & none have failed to sustain at least 40MB/s (burst higher). My favorite is a 12-month rent-to-own ZT Systems 2XL5520 16GB 2x2TB SATA for $40/month (got lucky with the 'off-brand', haven't seen a RTO 2xL5520 for under $50/mo since -- at least for monthly contracts).  wholesaleinternet.com has some ancient 2-core intel CPUs @ $10/mo sometimes (I got an Intel Core 2 6300 @ 1.86GHz, with a 250GB HDD with 46000 hours on it, LOL. $20 @ Dacentec is much better, if you can grab one). joesdatacenter.com (same location as Wholesale Internet) also occasionally has specials (or if you don't want to wait, it has an AMD Opteron 170 @ $16/mo).
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480794687
Hero Member
*
Offline Offline

Posts: 1480794687

View Profile Personal Message (Offline)

Ignore
1480794687
Reply with quote  #2

1480794687
Report to moderator
1480794687
Hero Member
*
Offline Offline

Posts: 1480794687

View Profile Personal Message (Offline)

Ignore
1480794687
Reply with quote  #2

1480794687
Report to moderator
1480794687
Hero Member
*
Offline Offline

Posts: 1480794687

View Profile Personal Message (Offline)

Ignore
1480794687
Reply with quote  #2

1480794687
Report to moderator
bitcoinBull
Legendary
*
Offline Offline

Activity: 826


rippleFanatic


View Profile
September 24, 2012, 04:00:02 AM
 #42

Use 2-factor to help prevent this from happening to YOU. Its not hard, see my guide here.

College of Bucking Bulls Knowledge
fabrizziop
Hero Member
*****
Offline Offline

Activity: 602



View Profile
September 26, 2012, 08:46:10 PM
 #43

It could have to do with the cuevana plugin leak. Anyways google authenticator is really really nice.
Marco Polo
Newbie
*
Offline Offline

Activity: 29



View Profile
October 08, 2012, 06:49:31 PM
 #44

If you trade more than $150 USD it is worth it to invest in a Yubikey, IMHO. I have other issues with MtGox, but getting hacked is the least of my concerns.
i don't have a yubikey, but my password is something similar to jfdsaMFDasjm#R$MnVMXCL:m43mMVL:XJOP%$#mvc
Thats not enough for alot of attacks. You need to use 2-factor authentication
sippsnapp
Sr. Member
****
Offline Offline

Activity: 322


View Profile
October 08, 2012, 07:14:27 PM
 #45

I would bet it was a keylogger on your pc. Malicius software is easy to FUD for about 1-2 weeks. The topic about popup windows is that they could redirect to exploit kits which spawn a keylogger or bot.
If thats true most probably all passwords in your broser have been logged in the time your machine has been compromised.
I see no other option as if mtgox would have been hacked the damage would be known by now, it defenetly seems to be on your end.
Cant often enough recommend to use a virtualbox/vmware for any untrusted applications.

Concerning the reaction from mtgox i dont have an optinion.

Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
Ghostofkobra
Full Member
***
Offline Offline

Activity: 167



View Profile
October 12, 2012, 09:02:03 PM
 #46

I would bet it was a keylogger on your pc. Malicius software is easy to FUD for about 1-2 weeks. The topic about popup windows is that they could redirect to exploit kits which spawn a keylogger or bot.
If thats true most probably all passwords in your broser have been logged in the time your machine has been compromised.
I see no other option as if mtgox would have been hacked the damage would be known by now, it defenetly seems to be on your end.
Cant often enough recommend to use a virtualbox/vmware for any untrusted applications.

Concerning the reaction from mtgox i dont have an optinion.

Please try to understand: mtGox says noone logged on to my account around the transfer of the money.
So it doesnt matter how much my password was logged or spread out or whatever...

How can it be on my end if mtGox logs doesnt show a login?


Please explain to me: How can someone transfer my funds w/o loggin on??


If mtGox could show that someone from antarctica, or even from my pc, logged on - it would be different.


/GoK

Coin Reaper @ http://coinreaper.com - Your expressway to FREE Bitcoins!
Bunny Run @ http://bunnyrun.us and win every time. No Bets required
Ghostofkobra
Full Member
***
Offline Offline

Activity: 167



View Profile
October 12, 2012, 09:06:03 PM
 #47


I have to disagree with you saying its not a fair request to disclose how your funds got removed because if there "an easy way" or undisclosed hack they shouldn't release that information to protect other accounts.For the Greater Good of all.

The Lowest hanging fruit are always picked first. Accounts only protected by passwords are easy targets.

Plus sometimes the Japanese to English might not have translated correctly from the people you talked to.

So the account "not logged in" part might be a mistranslated, i've talked with alot of non-native english speakers and sometimes it just comes out wrong.

If this was a hack, the hacker would be getting as many accounts emptied as possible before the hole was closed.


Per MtGox As a reminder we assume no responsibility should your funds be stolen by someone using your own password.


Sorry for the late reply.

I disagree with you, if there is a hack they should plug it and then admit it...

The account logged on was not misstranslated since they sent me the login logs (no Ip's but time and dates) for the weeks around the withdrawal.
After i pointed out that there were no login at the time of the withdrawal, they started answering:
  We only talk to the police.

I think it talks for itself that something is not right.

Coin Reaper @ http://coinreaper.com - Your expressway to FREE Bitcoins!
Bunny Run @ http://bunnyrun.us and win every time. No Bets required
Ghostofkobra
Full Member
***
Offline Offline

Activity: 167



View Profile
October 12, 2012, 09:17:56 PM
 #48

If you have a police report you can request us to forward the details to the police. We'll need a case number and details on the law enforcement in charge (person in charge, etc) to forward the appropriate details.

I am sorry that i answered this post so late,
But i am so disgusted with this issue that i done look at this thread.

I filed a police report and got a decision back 2 days before your post.

It is nice of you to offer to forward information but the police did not open an investigation because:

             "The crime can obviously not be investigated."


But if you read this could you please tell me how the money was removed when noone logged on to my account (according to the logs mtGox) sent to me?
And why the support never answered that question and just started referring to "we only give information to the police" as soon as i asked it?
Which is the same as you are doing.


/GoK

Coin Reaper @ http://coinreaper.com - Your expressway to FREE Bitcoins!
Bunny Run @ http://bunnyrun.us and win every time. No Bets required
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
October 12, 2012, 09:21:02 PM
 #49

These may be trades executed with the API: https://en.bitcoin.it/wiki/MtGox/API/Streaming

One should investigate if API trades do not show a login, and if they don't, then that is likely the method used.

It is very possible that someone found a way to exploit persistent data, cookies, or some other way that a users session or identity can be hijacked in the MtGox interface.

yuhannl
Jr. Member
*
Offline Offline

Activity: 33


View Profile
October 15, 2012, 10:55:44 AM
 #50

My account was somehow hacked in on the 5th of Oct, where a large number of transactions (2600) occurred within a 30 min window. All of these transactions were for buy & sell orders that ultimately cleared my account down to less than 1c.

As per OP, notifying Mt Gox yields a response requesting me to file  report with police,etc.,and we all know what means.

Except for logging onto the account, 2 factor auth have been used.

I suspect there's some serious flaw in the APIs that could have caused this.

I'm requesting login logs from mt Gox to see what they come back with.

/edit - just to note that I do not have any API keys and have 2 factor auth for withdraw and security center. So if they could execute trades via API without being able to create an API Key then there are some serious flaws!
sippsnapp
Sr. Member
****
Offline Offline

Activity: 322


View Profile
October 15, 2012, 11:42:59 AM
 #51

Beside the api thing, did you guys use a wireless lan connection?
If somebody logged in from your ip its just logical that there cant be logs except for the mac address and even that can be spoofed.
An attacker can indeed hack the wlan network and from there into your pc, and no, this is not fiction.

Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
yuhannl
Jr. Member
*
Offline Offline

Activity: 33


View Profile
October 15, 2012, 11:48:55 AM
 #52

Beside the api thing, did you guys use a wireless lan connection?
If somebody logged in from your ip its just logical that there cant be logs except for the mac address and even that can be spoofed.
An attacker can indeed hack the wlan network and from there into your pc, and no, this is not fiction.

Totally agree that's no fiction, and whilst I cannot comment for the OP, I find it hard to understand how someone could hack my pc (no PC anyway), hack my iphone, hack google authenticator, change API security, create API keys and then execute 2600 transactions.
yuhannl
Jr. Member
*
Offline Offline

Activity: 33


View Profile
October 15, 2012, 11:49:35 AM
 #53

These may be trades executed with the API: https://en.bitcoin.it/wiki/MtGox/API/Streaming

One should investigate if API trades do not show a login, and if they don't, then that is likely the method used.

It is very possible that someone found a way to exploit persistent data, cookies, or some other way that a users session or identity can be hijacked in the MtGox interface.

Marcus from Mt Gox have responded back saying they are not able to differentiate whether trades are executed via API or not. Given there were 2600 transactions on my account over a mere 30 mins, I cannot see that being executed manually.

I have also asked for login logs for my own account (without saying whether I need to see IP addresses or not), and have been declined due to their privacy policy.

I'm seeking further clarification on exactly which part of the privacy policy is he referring to.
yuhannl
Jr. Member
*
Offline Offline

Activity: 33


View Profile
October 15, 2012, 11:56:19 AM
 #54

These may be trades executed with the API: https://en.bitcoin.it/wiki/MtGox/API/Streaming

One should investigate if API trades do not show a login, and if they don't, then that is likely the method used.

It is very possible that someone found a way to exploit persistent data, cookies, or some other way that a users session or identity can be hijacked in the MtGox interface.

Marcus from Mt Gox have responded back saying they are not able to differentiate whether trades are executed via API or not. Given there were 2600 transactions on my account over a mere 30 mins, I cannot see that being executed manually.

I have also asked for login logs for my own account (without saying whether I need to see IP addresses or not), and have been declined due to their privacy policy.

I'm seeking further clarification on exactly which part of the privacy policy is he referring to.

After I posed the question on which part of the privacy policy he's referring to, he's now replied saying he's going to have this checked with their developer and get back to me.


Marcus, Oct 15 20:51 (JST):
Hello Yuhann,

I will have this checked with our developer and we will get back to you.

Thanks,

MtGox.com Team


Yuhann Liu, Oct 15 20:28 (JST):
Hi Marcus,

Sorry to dig further.

This appears to be very inconsistent to others who requested for this information and have received them.

Can you refer me to which part of the privacy policy that states you cannot disclose the login times of my own account? I have it open right now.


Regards,


Sent from my iPad


Marcus, Oct 15 20:10 (JST):
Hello Yuhann,

We will not be able to provide the information as per our privacy policy and we will not be able to differentiate the API trades and you have also advised that this you have not used an API before.

Thanks,

MtGox.com Team


Yuhann Liu, Oct 15 20:04 (JST):
Marcus, are you able to advise reason behind not being able to supply me with access logs of my own account?
Meizirkki
Hero Member
*****
Offline Offline

Activity: 616



View Profile
October 15, 2012, 12:38:44 PM
 #55

Why isn't anybody saying it??

Mt.Gox is the "hacker" here.
Desolator
Sr. Member
****
Offline Offline

Activity: 392



View Profile
October 15, 2012, 01:15:44 PM
 #56

Beside the api thing, did you guys use a wireless lan connection?
If somebody logged in from your ip its just logical that there cant be logs except for the mac address and even that can be spoofed.
An attacker can indeed hack the wlan network and from there into your pc, and no, this is not fiction.
Your MAC isn't exactly exposed to websites you connect to.  That's how network work.  If someone logged in from his IP, it would show that someone logged in from his IP, which did not happen.  Also, that is stupid to say that someone can get control of someone's PC just because they "hacked" the wireless network, which you said wasn't secured in this example so not a lot of hacking would go on, lol.  Windows 7 has network discovery and file sharing turned off by default so no, it's not quite that simple.  Plus, the PC would still have an antivirus.  Plus, two people that live within wireless range of each and one being a "hacker" and both using bitcoins is astronomically improbable.
sippsnapp
Sr. Member
****
Offline Offline

Activity: 322


View Profile
October 15, 2012, 04:52:51 PM
 #57

Beside the api thing, did you guys use a wireless lan connection?
If somebody logged in from your ip its just logical that there cant be logs except for the mac address and even that can be spoofed.
An attacker can indeed hack the wlan network and from there into your pc, and no, this is not fiction.
Your MAC isn't exactly exposed to websites you connect to.  That's how network work.  If someone logged in from his IP, it would show that someone logged in from his IP, which did not happen.  Also, that is stupid to say that someone can get control of someone's PC just because they "hacked" the wireless network, which you said wasn't secured in this example so not a lot of hacking would go on, lol.  Windows 7 has network discovery and file sharing turned off by default so no, it's not quite that simple.  Plus, the PC would still have an antivirus.  Plus, two people that live within wireless range of each and one being a "hacker" and both using bitcoins is astronomically improbable.
Havent been into this soo much but not so long ago you could exploit wps routers with a reaver attack bruteforcing the key what exactly took 16 hours. WEP takes 15 minutes, idk but i can imagine there are ways nowadays to bruteforce wpa2 effectively. One minute on google got me this: http://technicdynamic.com/2011/12/hacking-wpa-2-key-evil-twin-no-bruteforce/

So much about win 7 is safe: http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/


Πάντα ῥεῖ
Bitcoin + Altcoin node pool setup - pm
Desolator
Sr. Member
****
Offline Offline

Activity: 392



View Profile
October 18, 2012, 02:31:02 PM
 #58

There have been Mac and Linux viruses.  There have been Firefox and Chrome vulnerabilities.  If you're not an idiot, you won't catch a virus in Windows.  I use Firefox with noscript for most surfing and keep my plugins updated.  I actually disabled the Adobe Reader plugin completely so it uses FTP to load a PDF file like it should.  If a virus does manage to jump onto my system, my AV will likely catch it as it executes.  If it doesn't, I pretty much remove viruses for a living so no problem there.  If it damages my system irreparably in the process, I have a system image backup that's never very old.  Tada, safe.
Zeeks
Member
**
Offline Offline

Activity: 76



View Profile
October 21, 2012, 09:15:39 AM
 #59

This smells like a borrowed browser session. Someone is probably getting access to your sessions using a virus (or less likely over your own wireless connection) and therefore they never did log in to your account, you logged in and they held onto that session and then used it later. Because of this, for all intents and purposes as far as MtGox could possibly tell it was you who withdrew the funds.

Most sites which deal with money (like online banking) protect against this by having forced log off of your account if you are inactive for more than a few minutes. That way even if someone tried to hijack your session it would be far too late to actually use it.
yuhannl
Jr. Member
*
Offline Offline

Activity: 33


View Profile
October 23, 2012, 01:31:13 PM
 #60

After a bit of back & forth eventually MtGox gave in and shown me the login logs. Whoever hacked in has managed to logon after 3 attempts, so I suspect they've drawn from the passwords I have used on one of the Bitcoin sites which I won't name here. It seems that they could either 1) withdraw funds from my account if it wasn't protected or 2) use my account to somehow manipulate the market or 3) simply to trade the account "out".  (2600 transactions in 30 mins can't be manual).

I haven't really dug into the info that much, but can someone tell me whether it's possible to trade using API without generating an API code on Mt Gox?
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!