I am extremely shocked that MtGox does not have one simple security feature that I have asked for more than a year ago (when I still was willing to do business with MtGox):
Allow users to lock withdrawals to a single bitcoin address
And allow changes only with a signed message (PGP or a signed message from the current address) EDIT: or (per another suggestion in this thread) after waiting out a lockout period long enough for the real account owner to contest a request initiated by a hacker
This would virtually eliminate ALL the theft without ANY groundbreaking innovation (other than a small modicum of easily acquired common sense)
There might still be theft if the person gets their wallet stolen, but that's a burden that sits squarely on the user, and moves the risk completely out of MtGox's sphere of concern.
+21000000
-21000000 MSFT shares
It will not solve the problem if the Bitcoin address is in a wallet that is in a compromised Microsoft Windows computer. One must keep in mind that is the theft is caused by malware on the user's computer in the first place. How is locking the account to a Bitcoin address on the same infected computer going to solve the problem? It only serves to create a false sense of security for the user.