Bitcoin Accounts On Mt. Gox Wiped Out By Java Applet Attack By Geremy Giggs

Posted on Thursday, 18th April 2013 @ 10:20 PM by Text Size A | A | A

Spread the love

The price of freedom, as they say, is eternal vigilance. A user called bitbully on the Bitcointalk Forums found himself 34 bitcoins poorer when he visited a site claiming to be a chat service connected with Mt. Gox, a popular bitcoin trading service. The site, wwwdotmtg(this is an o)x-ch(this is an a)tdotinfo (do not visit this site), apparently places a cross-site transfer order on the victim’s computer immediately upon visiting using a Java applet. Because the transactions aren’t reversible and the attackers are anonymous, the victims are out of luck.

This victim lost half of his account instantaneously. Mt.Gox does offer two-factor authentication, which is a good way to prevent illicit logins. This user did not have it activated. A Reddit thread also addresses this particular scam.

The phishing site, for what it’s worth, is currently down.

The phishing message making the rounds is something like “Mtgox are talking about adding ltc or ppc in about 4-5 hours. Guys, come on the mtgox livechat I think we should all invest in LTC. hxxp://” The link goes to the phishing site.

The writer described his sleuthing:

Being a techie, I started researching. I found out that this site is hosted here in the USA. I also found out that the withdrawal was submitted from an IP in Los Angeles even though I have been accessing mtgox from Pennsylvania / New York. I then discovered that the site is a teleport pro rip of branded with a mtgox logo, and was registered on namecheap (with bitcoins as it may be) not even 5 days ago! This is the IP resolve of the domain name.

Bitcoin phishing is not new and as more and more users enter the BTC fray it’s clear that it will be a bigger problem. As Twitter novelty account Bitcoin.txt notes, the market is frothy and full of folks who have little experience investing in anything, let alone an imaginary digital currency that could be part of a future economic engine – or could spell ruin for investors who click links.

Related News On HuffPo Club

  • David Gerard is a Bitcoin Fraud

    Spread the love
    Spread the loveI am calling out so-called bitcoin expert ??? David Gerard for the fraud that he is. . All he does is trash bitcoin, trash ethereum and trash any other blockchain idea on wikipedia,…

  • Last Call to be the World Leader in Outer Space. by Daniel Bruno

    Spread the love
    Spread the loveLast Call to be World Leader First posted: 03/18/2010 at Huffpo “Where is that moon, that leads to your soul?” – Aromabar     Legend has it that Kaguya descended from a race…

  • Electoral Science: The Winner of the 2016 Election Will be a Republican

    Spread the love
    Spread the loveOriginally published at Washington’s Blog in April, 2016   by Daniel Bruno   Electoral Science: The Winner of the 2016 Election Will be a Republican I was the first person in the world…

  • Report from Rio

    Spread the love
    Spread the loveReport from Rio Daniel “No Passport” Bruno, reporting from Rio de Janeiro. Daniel is from Manhattan, is an author, inventor, specialist in 9/11 studies, and the interview host at which publishes over…

Disqus Comments

Specify a Disqus shortname at Social Comments options page in admin panel

Facebook Comments

G+ Comments

Default Comments

  • Hpub asks

    • Sorry, there are no polls available at the moment.