Gox has my real info, they can verify if I'm associated to another exchange or not. You're right about the seeing evidence of more 2fa heists though since my incident shouldn't be an isolated incident. For now, I have filed a police report with my local pd in addition to contacting my attorney general.

When I pumped BTCs into my account, my intention was to day trade. And I was day trading fairly well up to this point. I never had the need to withdraw any funds from my Mt. Gox account.


If this was really malware on my PC, the logs would not show the Chinese ip address of 60.166.242.186 accessing my account. After all, wouldn't it be more legitimate to simply use my own ip address to access my account?

The notion that I just 'sat' on my Yubikey sent to me by Mt. Gox is just silly. I had no other use for this piece of junk. I wish I had the wisdom to save some of the images I posted so I could use it to catch Mt. Gox on an inconsistently later but I think this is the end of the line for me on bitcoins. Now that I can't trust the largest BTC exchange, I think I'm done here. Although this might sound harsh to some, I won't be trying any other alternative cryptocurrencies since I see bitcoin as the gold standard. If I can't invest in bitcoins, I definitely can't invest in other alternatives.

Thanks for anyone that helped and believed in my case. I will be pursuing this case a bit further with my local police department but that will be it.

Duly noted, I didn't think about the need to catch them on their inconsistency like this. I guess this is one of those life lessons.

I'm out $4,000 but what else can I say to prove my case against the CEO himself? $4,000 might not seem like a lot to the wealthier folks but it is a lot to me. Why would I just sit on my Mt. Gox Yubikey that they sent me and never use it until now?  I have also sent Mt. Gox my real personal info to get the verified account so they should know me very well. The only argument I can make if this CEO keeps claiming that I didn't use my Yubikey is this:

"When you think about it, the IP address that stole my coins was from China and I am based in the US. Any half decent business would find this to be a red flag and delay the withdrawal. Maybe Mt. Gox is deliberately letting these glaring red flags slide? "

No backups since I didn't think it was needed even if I did somehow lose access to the keys. I recall Mt. Gox gave an option to unlink keys where they lock down your account for 2 weeks and repeatedly email you to verify that the real owner made the request.

https://www.mtgox.com/login/otp-unlink

As I've used my account earlier this week and never received such emails, I don't think this was the attack vector.

Well it is the weekend so it is understandable. Although having $4,000 stolen hurts, there is not much more I can do about it. I'm confident there is no mistake in granting permissions as you would have to consciously check the 'withdraw' box to grant withdraw permission. I also combed through the trading bot source code at one point looking to see if there are any malicious code.

Thank you for your insight into this.


No software installed to process OTP and my phone was never directly connected to my computer. I connect my phone to my wireless router for its internet speed when I needed to download apps like Google Authenticator. The phone itself was never used to trade, I only traded via the PC.

If Mt. Gox ran out of accounts lacking Yubikeys or a combination of other authentication methods, would they eventually grow desperate enough under financial pressure? There are also other reasons why I suspect Mt. Gox, namely the ip address being from China withdrawing from my US based account. No delays or email verifications raised to this glaring red flag. I never had an intention to harm Mt. Gox's reputation since their success would eventually equal to my success. I was trading on trends fairly well and Mt. Gox's volume helps a lot. Without Mt. Gox, I can't do what I have been doing so I lose out too.

This attack seems to be well timed since I get limited support from Mt. Gox on the weekends. I know I have been a bit aggressive with the Mt. Gox representative but I don't see any other options. For anyone interested:

http://i.imgur.com/4hvC4yq.jpg

GA app.


I will ask them right away on these specific points.

Here it is straight from my T-Mobile personal account although I had to black out my name and number:

http://i.imgur.com/2gGInBc.jpg

My cell is not rooted and I did not have any backups. I've heard of the rooting process and what it can do but I never personally had a need for it.

http://i.imgur.com/PioDmwd.jpg

Verified level 1. I did the whole verification process and sent them my info.

http://i.imgur.com/XVw29qL.jpg

I really don't think its the trade bot. Anyone can take a look at the source code https://github.com/TobbeLino/GoxTradingBotTobli.

If this was Mt. Gox's doing and was a result of their financial situation, wouldn't it still be unsafe in the short term if their financial situation got desperate enough? I'd imagine it would be something similar to Russian roulette with risks increasing every second when they have your BTCs.

Thank you guys for your input thus far. I think I will have to distance myself from BTC now since the investment portion was a big reason why I got into BTCs. When you can't even trust the largest BTC exchange with your coins, there is nothing I can do.

I've did a bit of digging into these AdWare but none of them seems to be able to take over my computer or is even related to bitcoin. I'm running MSE atm but it never recorded any attacks in its log. The logged ip address that did the transfer was from China; is this really something that originated from my PC? I'm still not sure how my Yubikey was bypassed unless it was by Mt. Gox employees.

http://i.imgur.com/2WiPhYj.jpg

My PC is located in my home but the person who withdrew had an ip address from China. Malwarebytes did not detect anything that I think would take over my computer. I'm not sure what it could be.


Holes via Google auth? Can you clarify?


Maybe someone was testing if they got around my Yubikey but I still don't know how. I am still suspecting Mt. Gox itself doing this.

http://i.imgur.com/CKuu90B.jpg

I use the TobbeLino trade bot https://github.com/TobbeLino/GoxTradingBotTobli but its API key was only granted permissions to get_info and trade. This bot was also disabled for over a week so I don't think this is the cause.

Haha, well apparently not since someone still managed to steal from my account. I added screenshots of the Yubikey. Yubikeys aren't supposed to be easy to crack are they? I can only think of Mt. Gox itself doing this so I will never trust them again.

Can you clarify? I see my Yubikey specifically under "Withdrawals".

http://i.imgur.com/DyjeYdh.jpg

http://i.imgur.com/TL1rJxc.jpg

http://i.imgur.com/J4dL01c.jpg

http://i.imgur.com/2WiPhYj.jpg

All of the trade activity in the screenshot are not mine. I originally had $4,000 in USD but the culprit converted it to BTC and withdrew.

How hard is it to bypass the Yubikey? I was not even awake at around 4 AM when this happened so I don't think it is malware or plishing. In case this is some form of delayed malware, I'm doing a full scan at the moment with Malwarebytes. I am beginning to suspect Mt.Gox internal operations of doing this especially after hearing all the news about Mt.Gox's financial problems.

When you think about it, the IP address that stole my coins was from China and I am based in the US. Any half decent business would find this to be a red flag and delay the withdrawal. Maybe Mt. Gox is deliberately letting these glaring red flags slide?

I don't want to believe it but the possibility of the largest BTC exchange stealing from its users paints a grim picture for BTC. If my suspicions are correct, I hope this serves as a warning to the rest of the BTC community.

It seems the BTC market shrugged off this downtime like it was nothing. I'm impressed at how far the BTC market has developed.