There is a weakness if the Google Authenticator seed was somehow compromised. I'm not sure if a session cookie could had been stolen to login without the YubiKey then using Google Authenticator for withdrawal. That would explain the external IP but I'm not sure if stealing your cookie would work.
there should be a way to reverse these type of transactions when something unauthorized occurs. that's the weakness of BTC right now.
Yeah, that's the same reason why nobody in the world uses cash... huge weakness.
@OP: sorry for your loss. Also, thank you for sharing the information here. It is important that we get to the bottom of this. It's mind boggling. Even if your PC was completely compromised, and you were logged into gox that night, the hacker still needed to long press the yubikey. This is assuming your settings did not leave any holes via API or google auth, etc.
Cash payments are reversible it is called small claims court.
Op i dont shit about the issue you are having but it is screwed up. Goes to show you cant trust institutions.
It makes me sick that this happened to you.
Thank you guys for your input thus far. I think I will have to distance myself from BTC since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.