Re: Mt.Gox Account secured with Yubikey but still had 29 BTCs stolen
Well it's officially a scam now:
The OP shows both OTP and Yubikey enabled.
End of story for me.
Quote
BtcDrak
@btcdrak
@MagicalTux Yeah, funny
ref the other case, was the Yubikey also off? He lists Google Auth and Yubikey. Peopl need to know for confidence - 17 Sep
Mark Karpeles
@MagicalTux
@btcdrak what I can say for sure right now is that the currently enabled otps were enabled after the withdrawals.
@btcdrak
@MagicalTux Yeah, funny
ref the other case, was the Yubikey also off? He lists Google Auth and Yubikey. Peopl need to know for confidence - 17 SepMark Karpeles
@MagicalTux
@btcdrak what I can say for sure right now is that the currently enabled otps were enabled after the withdrawals.
The OP shows both OTP and Yubikey enabled.
End of story for me.
Nope, based on EVERYTHING that both parties have asserted as FACT so far (i.e. not including any of their speculations), they could both be telling the truth if the attacker disabled, then re-enabled 2fa. Now if Karpeles were to clarify that 2fa was never enabled until after the hack, then one of them is no longer telling the truth, or is at least factually incorrect. Mark's careful language here, "currently enabled otps", suggests that there may have been previously enabled otps as well. He ought to clarify.
+1 clarification is needed here.