MyBitcoin Username/Password Breach: Difference between revisions
(→What Happened: Adding timeline table.) |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/mybitcoinusernamepasswordbreach.php}} | |||
A file containing usernames and passwords from the large Mt. Gox cryptocurrency exchange was accessed, and this allowed multiple breaches to occur of around 1% of the users on the ''MyBitcoins'' exchange. | A file containing usernames and passwords from the large Mt. Gox cryptocurrency exchange was accessed, and this allowed multiple breaches to occur of around 1% of the users on the ''MyBitcoins'' exchange. | ||
Revision as of 13:10, 20 January 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
A file containing usernames and passwords from the large Mt. Gox cryptocurrency exchange was accessed, and this allowed multiple breaches to occur of around 1% of the users on the MyBitcoins exchange.
Ultimately, MyBitcoins sought to cover the losses for users.
About MyBitcoin
More information needs to be added.
The Reality
More information needs to be added.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss.
| Date | Event | Description |
|---|---|---|
| June 20th, 2011 | Passwords Breached | Users with the same password on Mt. Gox and the MyBitcoin platform started to see their accounts breached. This reportedly continued through June 21st. |
Total Amount Lost
The loss was estimated at the time to be 4,019 BTC (worth roughly $72k USD at the time).
Immediate Reactions
The pseudonymous operator of MyBitcoin acknowledged at the time:
“We’ve concluded that around 1% of the users on the leaked Mt[G]ox password file had their Bitcoins stolen on MyBitcoin.”
Ultimate Outcome
Affected users were reimbursed the total value of their losses on the MyBitcoin platform. Those who withdrew from the platform could have kept them after the platform ultimately collapsed.
Total Amount Recovered
All 4,019 BTC (worth $72k USD) were ultimately reimbursed to users.
Ongoing Developments
None.
Prevention Policies
This loss affected only those users who reused passwords across multiple exchange accounts. It could have been prevented if users avoided password reuse.
Platforms can protect against the breach of user accounts by requiring a second factor of authentication. Other common characteristics to look for to detect an account breach would be access from a different IP address (particularly one in another region of the world, a VPN, or a Tor exit node), accessing multiple accounts from the same IP address, proceeding immediately to initiate a full withdrawal on the account, changing passwords, or a large and unexpected cluster of account logins at times they don't normally log in. When an account breach is suspected, delaying the withdrawal of cryptocurrencies is key to prevent loss, as it allows the real account owner time to secure their account.
References
A section with the references where information came from.
https://bitcointalk.org/index.php?topic=83794.msg923918#msg923918