Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Trading Discussion
Re: Bad News. A guy with 2FA in Mt has been stolen for $7000+
by
redtwitz
on 01/06/2013, 05:25:55 UTC
There is no unbreakable authentication method, but the problem with most methods is that they aren't fool-proof.

There are several ways to attack 2FA:

  • Break the algorithm. Google Authenticator uses SHA-HMAC, so that's not the case here.
  • The attacker discovered some exploit in Mt.Gox's server. Unless stories about hacked accounts start to pile up, that's also not the case.
  • The phone was compromised. If the phone has access to the Mt.Gox password (e.g., it's stored in a password manager), malware or somebody with physical access to the phone could obtain both the password and the secret key.
  • The device that was used to generate the secret key was compromised at the moment. Since you have to log into Mt.Gox to generate your secret key, it suffices to have a malware infection on that computer.