Thanks for answering all the questions. I'm not sure how those funds were taken. It seems you had taken all steps to avoid being hacked, and all the obvious (and some non-obvious) attack vectors were covered.
Will
Thank you for your insight into this.
If Mt. Gox allows withdrawals using either the OTP -or- the Yubikey, Google Authenticator OTP is the far more likely vulnerability.
That would be the case if, when setting up the OTP, you typed its key details into a file on your computer or smartphone (how else would you recover it if there's a problem?) ... or if you ever installed software on your trading computer to process the OTP (instead of or in addition to Google Authenticator on the phone) ... or if you ever connect the phone to the computer. All these scenarios assume a compromised computer, and not necessarily any user error.
Or, the smartphone with GA could itself be compromised. If the phone was used to trade, or if the Mt. Gox account name & password were kept on it, then the PC need not be involved.
An inside theft by Mt. Gox employees would seem more likely to involve accounts lacking Yubikey withdrawal restrictions, to keep a lower profile, unless the intention of the theft was to visibly harm the exchange's reputation in an especially newsworthy way.
No software installed to process OTP and my phone was never directly connected to my computer. I connect my phone to my wireless router for its internet speed when I needed to download apps like Google Authenticator. The phone itself was never used to trade, I only traded via the PC.
If Mt. Gox ran out of accounts lacking Yubikeys or a combination of other authentication methods, would they eventually grow desperate enough under financial pressure? There are also other reasons why I suspect Mt. Gox, namely the ip address being from China withdrawing from my US based account. No delays or email verifications raised to this glaring red flag. I never had an intention to harm Mt. Gox's reputation since their success would eventually equal to my success. I was trading on trends fairly well and Mt. Gox's volume helps a lot. Without Mt. Gox, I can't do what I have been doing so I lose out too.
This attack seems to be well timed since I get limited support from Mt. Gox on the weekends. I know I have been a bit aggressive with the Mt. Gox representative but I don't see any other options. For anyone interested:
http://i.imgur.com/4hvC4yq.jpg