1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"How I got robbed of 34 bitcoins on Mt.Gox today!"

Discussion in 'BlackHat Lounge' started by ReALeST, Apr 12, 2013.

  1. ReALeST

    ReALeST Power Member

    Joined:
    May 16, 2012
    Messages:
    584
    Likes Received:
    399
    Interesting find...a guy got robbed of 34 BTC..nearly $10,000 by a simple browser attack...read more here if interested!
    Also share your thoughts on this guys....thanks!
     
    Last edited: Apr 12, 2013
  2. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    One word: Java.
     
  3. Checkmate

    Checkmate Elite Member

    Joined:
    Aug 9, 2010
    Messages:
    1,538
    Likes Received:
    639
    That seriously sucks! I would probably pass out.
     
  4. Known

    Known Regular Member

    Joined:
    Jan 27, 2013
    Messages:
    266
    Likes Received:
    187
    Occupation:
    IM
    Location:
    OH CANADA!!!!
    BRB gonna scan my computer :p
     
  5. manny2513

    manny2513 Junior Member

    Joined:
    Apr 4, 2011
    Messages:
    106
    Likes Received:
    42
    Yes that is one of the downsides of having your wallet online somebody can steal it from you lol.

    Is better to keep your wallet in your computer so is always safe
     
  6. Herion

    Herion Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 8, 2012
    Messages:
    289
    Likes Received:
    73
    Umm, no. Wallet data stored on your computer is steal-able. Also, the method used in this case involved the usage of a javadriveby, and most likely a stealer/RAT anyways.
     
  7. Ricky Roma

    Ricky Roma Regular Member

    Joined:
    Sep 23, 2011
    Messages:
    289
    Likes Received:
    392
    [​IMG]

    BEWARE!
     
    • Thanks Thanks x 1
  8. Paco De Lucía

    Paco De Lucía Junior Member Premium Member

    Joined:
    Feb 6, 2013
    Messages:
    130
    Likes Received:
    164
    Occupation:
    Assistant Egg Taster
    Location:
    Los Angeles
    That sucks. Keep your wallet closed and encrypted boys and girls, and look more carefully at that URL you're clicking. Also, use a browser that asks PERMISSION before using Java, and use AdBlock when possible.... difficult I know for IM, but that's what sandboxed browsers are for. I run a VM whenever I'm browsing "naked" with just the IE default to test stuff. I really hope the guy who had his funds swiped is reimbursed by Mt. Gox.
     
  9. hashimji12

    hashimji12 Registered Member

    Joined:
    Mar 10, 2013
    Messages:
    97
    Likes Received:
    16
    Now Robbers have to learn languages to steal money.
     
  10. manny2513

    manny2513 Junior Member

    Joined:
    Apr 4, 2011
    Messages:
    106
    Likes Received:
    42
    I disagree. If you have your wallet online it can be solen much more easier but if is on your computer then if you lose it is 100% your fault.

    You can use a software like Bitcloin QT Client Software and have your bitcoins there then all you gotta do is to always store a backup of your Wallet.dat file on a separate computer with no internet conection on it that way your coins are 100% safe.
     
  11. Pipelin

    Pipelin Regular Member

    Joined:
    May 31, 2011
    Messages:
    253
    Likes Received:
    124
    1. Uninstall Java.
    2. Use Lastpass for saving your passwords in the "cloud" or another alternative that will encrypt passwords localy (Lastpass recommended).
    3. Disable "remember passwords" from your browser, and any autofill option.
    4. Done, you are safe now.
     
  12. zx123

    zx123 Senior Member

    Joined:
    Feb 26, 2009
    Messages:
    1,162
    Likes Received:
    876
    Home Page:
    someone can sell me 0.5 bitcoin via Paypal??
     
  13. Herion

    Herion Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 8, 2012
    Messages:
    289
    Likes Received:
    73
    Yeah, there are ways to make it safer, but that doesn't change the fact that it is easier to steal wallets that are hosted on the person's computer. Things change when people start diving into cookies (assuming that's what e-wallets use to store login sessions?).
     
  14. Herion

    Herion Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 8, 2012
    Messages:
    289
    Likes Received:
    73
    Don't forget to patch up any other exploits your PC might have, S&D should do the trick, though I believe right now java exploits are the most popular in exploit packs.
     
  15. manny2513

    manny2513 Junior Member

    Joined:
    Apr 4, 2011
    Messages:
    106
    Likes Received:
    42
    The thing is that for the looks of it this is not a silent Java drive by because it pops the little "run" window so if you hit run then is when you actually allow it to run. Shame on you if you hit run but there is another script running around that is silent with a 30% success rate that can actually infect you computer with out you even noticing about it. Is always good to run your browsers sanboxed just to be on bit more safe.
     
  16. jammie

    jammie Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 24, 2008
    Messages:
    773
    Likes Received:
    453
    Pro tip: upgrade Java to JRE7u17.

    The exploit is old, so it's your own fault if you haven't for the lastest JRE.

    You wouldn't give someone your pin number ... why give them the opportunity to take money when it's EASILY avoided by clicking the "update" button on the JRE when your computer starts up?!

    Idiots. This expoit was fixed almost a month ago *sigh*.
     
  17. Herion

    Herion Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 8, 2012
    Messages:
    289
    Likes Received:
    73
    He fell victim to a java-drive-by, not a exploit pack.
     
    • Thanks Thanks x 1
  18. Steeky

    Steeky Regular Member

    Joined:
    Jan 13, 2007
    Messages:
    454
    Likes Received:
    163
    should of paid more attention to the url he was clicking. sucks.... i would of went apeshit