Re: If your Mt. Gox account has been compromised, PLEASE READ.
Just a note, looking into this I tried to log in; I was using tor at the time and it said:
Which suggests somebody is staging some sort of semi-brute-force dictionary attack.
This is consistent with the hypothesis that someone is executing an attack plan along the following lines:
As has been pretty much suggested already in this thread.
Quote from: mtgox
Too many failure from your IP, temporarly blocked
Which suggests somebody is staging some sort of semi-brute-force dictionary attack.
This is consistent with the hypothesis that someone is executing an attack plan along the following lines:
- collect passwords -- or maybe just javascript-generated-hashes of passwords -- perhaps by peeking at tor exit node traffic, or perhaps by managing to secure VPSes on the same LAN segment as other popular bitcoin sites
- replay those passwords/hashes (I'm too lazy to figure out exactly how MtGox's login system works) at MtGox
- steal teh maneys
As has been pretty much suggested already in this thread.