Java Applet Attack Wipes Out Bitcoin Accounts On Mt. Gox

The price of freedom, as they say, is eternal vigilance. A user called bitbully on the Bitcointalk Forums found himself 34 bitcoins poorer when he visited a site claiming to be a chat service connected with Mt. Gox, a popular bitcoin trading service. The site, wwwdotmtg(this is an o)x-ch(this is an a)tdotinfo (do not visit this site), apparently places a cross-site transfer order on the victim’s computer immediately upon visiting using a Java applet. Because the transactions aren’t reversible and the attackers are anonymous, the victims are out of luck.

This victim lost half of his account instantaneously. Mt.Gox does offer two-factor authentication, which is a good way to prevent illicit logins. This user did not have it activated. A Reddit thread also addresses this particular scam.

The phishing site, for what it’s worth, is currently down.

The phishing message making the rounds is something like “Mtgox are talking about adding ltc or ppc in about 4-5 hours. Guys, come on the mtgox livechat I think we should all invest in LTC. hxxp://” The link goes to the phishing site.

The writer described his sleuthing:

Being a techie, I started researching. I found out that this site is hosted here in the USA. I also found out that the withdrawal was submitted from an IP in Los Angeles even though I have been accessing mtgox from Pennsylvania / New York. I then discovered that the site is a teleport pro rip of branded with a mtgox logo, and was registered on namecheap (with bitcoins as it may be) not even 5 days ago! This is the IP resolve of the domain name.

Bitcoin phishing is not new and as more and more users enter the BTC fray it’s clear that it will be a bigger problem. As Twitter novelty account Bitcoin.txt notes, the market is frothy and full of folks who have little experience investing in anything, let alone an imaginary digital currency that could be part of a future economic engine – or could spell ruin for investors who click links.