Were you doing any operation at the site that would require the Yubikey code?

Advanced malwares could put themselves in between you and MtGox, and if you request a withdraw to address A, they could change that to address B without you noticing, and make you authorize that via the Yubikey code. That'd be a very advanced malware though, as it would have to somehow replace your browser by a bogus one.

EDIT: Just saw your post on reddit saying that you were not awake while this happened, what rules out my supposition.


Come on. Not wanting to be mean, it's a shame that you've lost your money and I hope this mystery gets solved, but of course there was something you could have done, and you know it very well: you could have stored your coins yourself, offline.

This is to everyone who stores their money on Gox and others: Seriously people, Bitcoin empowers you to be your own bank. To have no counter-party risk. And you keep letting your money in bank-like institutions? What's to prevent MtGox servers to be hacked, and eventually even its cold wallet stolen like bitfloor? Or, even more likely, what if they're raided and all the money seized, à la Cyprus?

Store your bitcoins yourself.

If that sounds "too geeky" and you're not willing to go through the learning curve right now, then perhaps Bitcoin and you are not ready for each other for the moment. Interesting projects like Trezor are on development, and they could bring the two of you together again soon enough.

Again OP, don't take my post in a bad way, I am really sorry this has happened to you. But please don't claim that you haven't been warned - I'm definitely not the first one saying this -, or that there are no ways to hold Bitcoins safely, because you know that's not the case.