|
Ghostofkobra (OP)
|
 |
June 22, 2012, 11:42:10 PM |
|
Dear all,
I lost roughly 2000 USD from my MT.Gox account at 08:40 JST on the 31th of may 2012.
BTC was bought for all cash and they were sent to 1JHbG9rHS6dm4oTB4mK4umsWw936zarVNX
where they still are.
When i found out (2 weeks later) i asked MT.GOX for the login times and a login IP-addresses.
First i got the logs to another account (also mine), but no IP-adresses since they could not provide them.
I then got the right logs, but there was no login matching the withdrawal.
Sat Jun 09 2012
21:21:28User logging in
21:21:28Password verified successfully
Fri Jun 01 2012
14:44:40User logging in
14:44:40Password verified successfully
Tue May 29 2012
05:16:25User logging in
05:16:25Password verified successfully
The login on May 29 was mine since i deposited ~1000 USD that day and there was only one login.
When i asked for IP-addresses again (to track the thief) and if they understood no login matched the withdraw
i got the answer:
> Unfortunately, more detailed information can only be provided by our management group to the police for further
> investigation. We apologize for any inconvenience caused. Please file a police report if you wish regarding this case.
I am filing a police report now when i have all information they will give me.
DOES ANYONE HAVE ANY RECOMMENDATION ON WHAT I CAN DO???
//GoK
|
|
|
|
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
proudhon
Legendary
 Offline
Activity: 2198
Merit: 1311
|
|
June 23, 2012, 12:45:51 AM |
|
Do you use two-factor auth? Yubikey? How do you think this happened?
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
bitcoinBull
Legendary
Offline
Activity: 826
Merit: 1001
rippleFanatic
|
|
June 23, 2012, 12:47:07 AM |
|
Sorry to hear this.
MtGox automatically sends an email when a withdrawal is made, and that includes the ip address used. So check your email.
|
College of Bucking Bulls Knowledge
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
June 23, 2012, 12:47:09 AM |
|
DOES ANYONE HAVE ANY RECOMMENDATION ON WHAT I CAN DO???
File a police report. |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
June 23, 2012, 01:03:11 AM |
|
Hey Stephen, I always wonder, how do you do what you do?  |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
Ghostofkobra (OP)
|
|
June 23, 2012, 01:06:22 AM |
|
I do not use 2 factor Auth, although i do not think it would matter since there is no login to match the withdraw. I checked my email account it was sent to a few days back but i was unlucky, 50.0.92.83 belongs to the dynamic pool of sonic.net. Sonic.net saves the IP's for 14 days, so they claim they no longer know. Thats why i wanted to know the IP's of all later logins to see if any of them were less than 14 days old. But, since no login matches the theft! Im not sure if knowing the login IP's would do me any good. But then again MT.Gox wont share them and when/if the police get around to it sonic.net will have removed their logs.  |
|
|
|
Raize
Donator
Legendary
Offline
Activity: 1419
Merit: 1015
|
|
June 23, 2012, 01:14:27 AM |
|
If you trade more than $150 USD it is worth it to invest in a Yubikey, IMHO. I have other issues with MtGox, but getting hacked is the least of my concerns.
|
|
|
|
|
|
Ghostofkobra (OP)
|
|
June 23, 2012, 01:46:21 AM |
|
I agree with you IF they could show that someone logged in and transferred the money out.
Yet the log they sent me did not include a login prior to the withdraw (and im not sure if it
shows one after since they wont share the IP's).
And they ignore my question about why this is the case.
//GoK
|
|
|
|
Phraust
Full Member
Offline
Activity: 206
Merit: 100
Mostly Harmless...
|
|
June 23, 2012, 01:46:53 AM |
|
If you trade more than $150 USD it is worth it to invest in a Yubikey, IMHO. I have other issues with MtGox, but getting hacked is the least of my concerns.
This. Not using Multifactor Authentication for withdrawals is silly. |
|
|
|
|
|
finway
|
|
June 23, 2012, 02:20:32 AM |
|
I agree with you IF they could show that someone logged in and transferred the money out.
Yet the log they sent me did not include a login prior to the withdraw (and im not sure if it
shows one after since they wont share the IP's).
And they ignore my question about why this is the case.
//GoK
Maybe you just forgot to logout on some computers. |
|
|
|
bitcoinBull
Legendary
Offline
Activity: 826
Merit: 1001
rippleFanatic
|
|
June 23, 2012, 03:42:34 AM |
|
Not seeing a login on the 31st is weird.
What about the other two logins on June 1st and 9th? Was that you?
|
College of Bucking Bulls Knowledge
|
|
|
bitcoinBull
Legendary
Offline
Activity: 826
Merit: 1001
rippleFanatic
|
|
June 23, 2012, 03:50:49 AM |
|
A lot of that going on.
I'm willing to bet these are all windows users. What will it take to dispel the belief that running an Anti-Virus program protects them from trojans.. Even in the reddit AMA with the botnet operator, the guy said he uses techniques to keep his bots FUD (fully un-detectable) from AV programs. Going after mtgox passwords (or passwords for other bitcoin services) from trojan keyloggers is the absolute easiest way for them to get money, easier than credit card numbers, bank logins, or anything else. Probably wasn't that common last year, but by now it must be the first thing any botnet operator would search for in their logs. |
College of Bucking Bulls Knowledge
|
|
|
|
Ghostofkobra (OP)
|
|
June 23, 2012, 12:57:19 PM |
|
Not seeing a login on the 31st is weird.
What about the other two logins on June 1st and 9th? Was that you?
Both logins are after the withdraw was made, and i do not know if it was me, since they wont give me the IP's and i do not remember if i logged on at at those dates or not. And no, no one else can log on to the computer i use, automatic screen lock after 3 minutes inactivity, (defense contract) industrial strength security, from disk encryption to whatnot. |
|
|
|
|
Ghostofkobra (OP)
|
|
June 23, 2012, 12:57:40 PM |
|
This. Not using Multifactor Authentication for withdrawals is silly.
Making this comment is silly since, according to Mt.Gox, noone was logged on at the time of the withdraw. //GoK |
|
|
|
Phraust
Full Member
Offline
Activity: 206
Merit: 100
Mostly Harmless...
|
|
June 24, 2012, 01:30:34 AM |
|
Making this comment is silly since, according to Mt.Gox, noone was logged on at the time of the withdraw.
//GoK
It would have forced whomever got in, however they got in, to use multiple auth's to transfer anything out. It looks like you still had a live login (since logouts are not shown) and someone hijacked those credentials (or session) and initiated the transfer. If there had been another auth required at withdrawal (like google, or yubikey), it would have been much more difficult to pull off. Whatever the case, I'd say Gox owes you a bit more information. |
|
|
|
|
|
Ghostofkobra (OP)
|
|
June 24, 2012, 09:23:57 PM |
|
Ok Phraust,
I was a bit quick to write that comment, you do have a point.
I am just frustrated that i do not know how the thiefs got in.
And they, for some reason, protect whomever did it by not
even revealing to me which logins i made and which someone
else might have done (IP-addresses).
Anyway there is no login at the time of the withdraw so
all are probably mine?
//GoK
|
|
|
|
Phraust
Full Member
Offline
Activity: 206
Merit: 100
Mostly Harmless...
|
|
June 25, 2012, 12:09:41 AM |
|
No worries, I'd be just as pissed if it happened to me. Without complete logs, it's really hard to say. I hope they are working with you on this.
|
|
|
|
|
|
Ghostofkobra (OP)
|
|
June 27, 2012, 06:54:21 AM |
|
Thats one of they problems,
They are NOT working with me on this, and do not answer any question about why there is no login at the time of the transfer.
I get the same reply from MT.Gox every time:
> Unfortunately, more detailed information can only be provided by our management group to the police for further
> investigation. We apologize for any inconvenience caused. Please file a police report if you wish regarding this case.
Its very frustrating and very - unprofessional -
//GoK
|
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
June 27, 2012, 07:46:34 AM |
|
When i asked for IP-addresses again (to track the thief) and if they understood no login matched the withdraw
i got the answer:
> Unfortunately, more detailed information can only be provided by our management group to the police for further
> investigation. We apologize for any inconvenience caused. Please file a police report if you wish regarding this case.
This is silly. GMail allows me to see every IP I use to log in to their service. Facebook makes me go through extra identity checks when I log with an unusual IP. Why can't MtGox do the same? Btw, saying "file a police report" to me is like saying "you got screwed and we won't help you anyhow, move over". I've seen police being utterly useless for much more serious cases. |
|
|
|
|
|
