Bitcoin Theft: Mt. Gox Attack Pillages Investor’s Bitcoin Account
Will Bitcoin theft call into question trust and confidence in the system?
A Mt. Gox user bitbully was surprised to see his account suddenly pillaged, later learning that the Java chat client he had enabled was actually an exploit to steal Bitcoins. He reported his experience on the Bitcoin Forum.
There are mixed opinions on the web about who is to blame for this.
On Bitcoin Forum, there’s an empathetic view that suggests Mt. Gox should reimburse the loss.
I expect Mt. Gox to come up with an analysis and refund him and any other affected clients.
bitbully – I advise emailing a link to this thread to Mt. Gox support.
In the tech communities, they blame the user. Here’s one point of view from Hacker News.
Since I don’t have an mtgox account, and I have a fair degree of confidence that the code posted can’t possibly escape the Java sandbox, I decided to live dangerously and try loading the page.
Here’s the warning screen that comes up when you load it: http://i.imgur.com/sXDoFLt.png Note the self-signed certificate from “North Sumatra”.
Gotta say, I have no sympathy for someone who clicks through that warning screen and then complains that their credentials got stolen.
On Reddit, some users give advice about browser configurations.
1) Disable Java, it’s crap. 2) Enable 2-factor authentification.
Don’t use IE.
Here’s the challenge with this type of theft. It’s anonymous and irreversible by nature of the Bitcoin system. bitbully’s funds are gone.
But a bigger issue is trust and confidence. If an early adopter techie can be exploited, what about a regular retail investor? Exchanges like Mt. Gox will need to prove that they are safe for trading if they hope to grow.
[...] comes on the heels of Bitcoin theft and DDoS attacks on the [...]
[…] The biggest risk to Bitcoin is theft. If someone gets your private key, you will be robbed. See Bitcoin Theft: Mt. Gox Attack Pillages Investor’s Bitcoin Account as an example of how a Java chat applet was used to pillage a Mt.Gox user’s […]