MyBitcoin Username/Password Breach: Difference between revisions
No edit summary |
|||
| Line 11: | Line 11: | ||
== What Happened == | == What Happened == | ||
The specific events of the loss and how it came about. What actually happened to cause the loss. | The specific events of the loss and how it came about. What actually happened to cause the loss. | ||
{| class="wikitable" | |||
|+Key Event Timeline - [Case Name] | |||
!Date | |||
!Event | |||
!Description | |||
|- | |||
|January 14th, 2023 8:16 AM | |||
|First Event | |||
|This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here. | |||
|- | |||
| | |||
| | |||
| | |||
|- | |||
| | |||
| | |||
| | |||
|} | |||
== Total Amount Lost == | == Total Amount Lost == | ||
Revision as of 13:22, 17 January 2023
A file containing usernames and passwords from the large Mt. Gox cryptocurrency exchange was accessed, and this allowed multiple breaches to occur of around 1% of the users on the MyBitcoins exchange.
Ultimately, MyBitcoins sought to cover the losses for users.
About MyBitcoin
More information needs to be added.
The Reality
More information needs to be added.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss.
| Date | Event | Description |
|---|---|---|
| January 14th, 2023 8:16 AM | First Event | This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here. |
Total Amount Lost
The loss was estimated at the time to be 4,019 BTC (worth roughly $72k USD at the time).
Immediate Reactions
The pseudonymous operator of MyBitcoin acknowledged at the time:
“We’ve concluded that around 1% of the users on the leaked Mt[G]ox password file had their Bitcoins stolen on MyBitcoin.”
Ultimate Outcome
Affected users were reimbursed the total value of their losses on the MyBitcoin platform. Those who withdrew from the platform could have kept them after the platform ultimately collapsed.
Total Amount Recovered
All 4,019 BTC (worth $72k USD) were ultimately reimbursed to users.
Ongoing Developments
None.
Prevention Policies
This loss affected only those users who reused passwords across multiple exchange accounts. It could have been prevented if users avoided password reuse.
Platforms can protect against the breach of user accounts by requiring a second factor of authentication. Other common characteristics to look for to detect an account breach would be access from a different IP address (particularly one in another region of the world, a VPN, or a Tor exit node), accessing multiple accounts from the same IP address, proceeding immediately to initiate a full withdrawal on the account, changing passwords, or a large and unexpected cluster of account logins at times they don't normally log in. When an account breach is suspected, delaying the withdrawal of cryptocurrencies is key to prevent loss, as it allows the real account owner time to secure their account.
References
A section with the references where information came from.
https://bitcointalk.org/index.php?topic=83794.msg923918#msg923918