Tag Archives: Java

Bitcoin Theft: Mt. Gox Attack Pillages Investor’s Bitcoin Account

Like this? Share it.TwitterFacebookGoogle+LinkedInReddittumblrbufferEmail

Bitcoin Theft Mt. Gox

Will Bitcoin theft call into question trust and confidence in the system?

A Mt. Gox user bitbully was surprised to see his account suddenly pillaged, later learning that the Java chat client he had enabled was actually an exploit to steal Bitcoins. He reported his experience on the Bitcoin Forum.

There are mixed opinions on the web about who is to blame for this.

On Bitcoin Forum, there’s an empathetic view that suggests Mt. Gox should reimburse the loss.

I expect Mt. Gox to come up with an analysis and refund him and any other affected clients.
bitbully – I advise emailing a link to this thread to Mt. Gox support.

In the tech communities, they blame the user. Here’s one point of view from Hacker News.

Since I don’t have an mtgox account, and I have a fair degree of confidence that the code posted can’t possibly escape the Java sandbox, I decided to live dangerously and try loading the page.

Here’s the warning screen that comes up when you load it: http://i.imgur.com/sXDoFLt.png Note the self-signed certificate from “North Sumatra”.

Gotta say, I have no sympathy for someone who clicks through that warning screen and then complains that their credentials got stolen.

On Reddit, some users give advice about browser configurations.

1) Disable Java, it’s crap. 2) Enable 2-factor authentification.

Don’t use IE.

Here’s the challenge with this type of theft. It’s anonymous and irreversible by nature of the Bitcoin system. bitbully’s funds are gone.

But a bigger issue is trust and confidence. If an early adopter techie can be exploited, what about a regular retail investor? Exchanges like Mt. Gox will need to prove that they are safe for trading if they hope to grow.

 

Like this? Share it.TwitterFacebookGoogle+LinkedInReddittumblrbufferEmail