Comments are now closed due to spamming and personal attacks.


Breaking News

Bitcoin Accounts On Mt. Gox Wiped Out By Java Applet Attack By Geremy Giggs

Posted on Thursday, 18th April 2013 @ 10:20 PM by Text Size A | A | A

The price of freedom, as they say, is eternal vigilance. A user called bitbully on the Bitcointalk Forums found himself 34 bitcoins poorer when he visited a site claiming to be a chat service connected with Mt. Gox, a popular bitcoin trading service. The site, wwwdotmtg(this is an o)x-ch(this is an a)tdotinfo (do not visit this site), apparently places a cross-site transfer order on the victim’s computer immediately upon visiting using a Java applet. Because the transactions aren’t reversible and the attackers are anonymous, the victims are out of luck.

This victim lost half of his account instantaneously. Mt.Gox does offer two-factor authentication, which is a good way to prevent illicit logins. This user did not have it activated. A Reddit thread also addresses this particular scam.

The phishing site, for what it’s worth, is currently down.

The phishing message making the rounds is something like “Mtgox are talking about adding ltc or ppc in about 4-5 hours. Guys, come on the mtgox livechat I think we should all invest in LTC. hxxp://” The link goes to the phishing site.

The writer described his sleuthing:

Being a techie, I started researching. I found out that this site is hosted here in the USA. I also found out that the withdrawal was submitted from an IP in Los Angeles even though I have been accessing mtgox from Pennsylvania / New York. I then discovered that the site is a teleport pro rip of branded with a mtgox logo, and was registered on namecheap (with bitcoins as it may be) not even 5 days ago! This is the IP resolve of the domain name.

Bitcoin phishing is not new and as more and more users enter the BTC fray it’s clear that it will be a bigger problem. As Twitter novelty account Bitcoin.txt notes, the market is frothy and full of folks who have little experience investing in anything, let alone an imaginary digital currency that could be part of a future economic engine – or could spell ruin for investors who click links.

Related News On HPUB:

... post your own so far 0 comments


No comments yet.

Leave a Comment

You must be logged in to post a comment.


Breaking News